From c7593c10415bcbc613b3b2b9d5dc7f2a19b88f24 Mon Sep 17 00:00:00 2001
From: Mihai Prica <prica.mihai@gmail.com>
Date: Tue, 11 Jun 2013 14:33:50 +0300
Subject: python-keystone: Initialized Identity Service

The identity.sh script creates all the users and other
configurations for the openstack services. The openrc
file contains some environment variables that are used
by the openstack CLI commands.

Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
---
 .../python/python-keystone/identity.sh             | 70 ++++++++++++++++++++++
 .../python/python-keystone/keystone.conf           |  2 +-
 .../recipes-devtools/python/python-keystone/openrc |  6 ++
 .../python/python-keystone_2013.1.bb               | 12 ++++
 4 files changed, 89 insertions(+), 1 deletion(-)
 create mode 100644 meta-openstack/recipes-devtools/python/python-keystone/identity.sh
 create mode 100644 meta-openstack/recipes-devtools/python/python-keystone/openrc

(limited to 'meta-openstack/recipes-devtools/python')

diff --git a/meta-openstack/recipes-devtools/python/python-keystone/identity.sh b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh
new file mode 100644
index 0000000..78d5099
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-keystone/identity.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Modify these variables as needed
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}
+SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
+DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD}
+export OS_SERVICE_TOKEN="password"
+export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
+SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
+#
+MYSQL_USER=keystone
+MYSQL_DATABASE=keystone
+MYSQL_HOST=localhost
+MYSQL_PASSWORD=password
+#
+KEYSTONE_REGION=RegionOne
+KEYSTONE_HOST=localhost
+
+# Shortcut function to get a newly generated ID
+function get_field() {
+    while read data; do
+        if [ "$1" -lt 0 ]; then
+            field="(\$(NF$1))"
+        else
+            field="\$$(($1 + 1))"
+        fi
+        echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}"
+    done
+}
+
+# Tenants
+ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id " | get_field 2)
+DEMO_TENANT=$(keystone tenant-create --name=demo | grep " id " | get_field 2)
+SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME | grep " id " | get_field 2)
+
+# Users
+ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com | grep " id " | get_field 2)
+DEMO_USER=$(keystone user-create --name=demo --pass="$DEMO_PASSWORD" --email=demo@domain.com --tenant-id=$DEMO_TENANT | grep " id " | get_field 2)
+NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com | grep " id " | get_field 2)
+GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com | grep " id " | get_field 2)
+QUANTUM_USER=$(keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=quantum@domain.com | grep " id " | get_field 2)
+CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com | grep " id " | get_field 2)
+
+# Roles
+ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2)
+MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)
+
+# Add Roles to Users in Tenants
+keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
+keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
+keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
+keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE
+keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
+keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER --role-id $MEMBER_ROLE
+
+# Create services
+COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | grep " id " | get_field 2)
+VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | grep " id " | get_field 2)
+IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' | grep " id " | get_field 2)
+IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' | grep " id " | get_field 2)
+EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | grep " id " | get_field 2)
+NETWORK_SERVICE=$(keystone service-create --name quantum --type network --description 'OpenStack Networking service' | grep " id " | get_field 2)
+
+# Create endpoints
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9292/v2' --adminurl 'http://'"$KEYSTONE_HOST"':9292/v2' --internalurl 'http://'"$KEYSTONE_HOST"':9292/v2'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST"':5000/v2.0'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST"':8773/services/Cloud'
+keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':9696/' --adminurl 'http://'"$KEYSTONE_HOST"':9696/' --internalurl 'http://'"$KEYSTONE_HOST"':9696/'
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf
index c58f3d4..e25af40 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf
+++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone.conf
@@ -1,6 +1,6 @@
 [DEFAULT]
 # A "shared secret" between keystone and other openstack services
-# admin_token = ADMIN
+admin_token=password
 
 # The IP address of the network interface to listen on
 # bind_host = 0.0.0.0
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/openrc b/meta-openstack/recipes-devtools/python/python-keystone/openrc
new file mode 100644
index 0000000..b189d0e
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-keystone/openrc
@@ -0,0 +1,6 @@
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=password
+export OS_AUTH_URL="http://localhost:5000/v2.0/"
+export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
+export SERVICE_TOKEN=password
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_2013.1.bb b/meta-openstack/recipes-devtools/python/python-keystone_2013.1.bb
index efe6fec..5bc772f 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone_2013.1.bb
+++ b/meta-openstack/recipes-devtools/python/python-keystone_2013.1.bb
@@ -9,6 +9,8 @@ SRCNAME = "keystone"
 
 SRC_URI = "https://launchpad.net/keystone/grizzly/${PV}/+download/${SRCNAME}-${PV}.tar.gz \
            file://keystone.conf \
+           file://identity.sh \
+           file://openrc \
 		  "
 
 SRC_URI[md5sum] = "f82189cd7e3f0955e32c60e41f4120da"
@@ -18,13 +20,19 @@ S = "${WORKDIR}/${SRCNAME}-${PV}"
 
 inherit setuptools
 
+SERVICE_TOKEN = "password"
+
 do_install_append() {
 
     KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
 
     install -d ${KEYSTONE_CONF_DIR}
 
+    sed -e "s:^admin_token=.*:admin_token=${SERVICE_TOKEN}:g" -i ${WORKDIR}/keystone.conf
+
     install -m 600 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/
+    install -m 600 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/
+    install -m 600 ${WORKDIR}/openrc ${KEYSTONE_CONF_DIR}/
     install -m 600 ${S}/etc/logging.conf.sample ${KEYSTONE_CONF_DIR}/logging.conf
     install -m 600 ${S}/etc/policy.json ${KEYSTONE_CONF_DIR}/policy.json
 
@@ -42,6 +50,10 @@ pkg_postinst_${PN} () {
     sudo -u postgres createdb keystone
     keystone-manage db_sync
     keystone-manage pki_setup
+    # quick fix
+    echo "source /etc/keystone/openrc" > /home/root/.bashrc
+    sleep 1
+    bash /etc/keystone/identity.sh
 }
 
 FILES_${PN} += "${sysconfdir}/${SRCNAME}/*"
-- 
cgit v1.2.3-54-g00ecf