create and store secret and access keys
This commit is contained in:
parent
d281376de8
commit
658ac7a4cc
|
@ -37,7 +37,7 @@ driver = keystone.token.backends.kvs.Token
|
|||
driver = keystone.policy.backends.simple.SimpleMatch
|
||||
|
||||
[ec2]
|
||||
driver = keystone.contrib.ec2.backends.kvs.Ec2
|
||||
driver = keystone.contrib.ec2.backends.sql.Ec2
|
||||
|
||||
[filter:debug]
|
||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
||||
|
|
|
@ -98,6 +98,25 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
|
|||
"description=Swift Service"
|
||||
fi
|
||||
|
||||
# create ec2 creds and parse the secret and access key returned
|
||||
RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$ADMIN_USER tenant_id=$ADMIN_TENANT`
|
||||
ADMIN_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"`
|
||||
ADMIN_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"`
|
||||
|
||||
|
||||
RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$DEMO_USER tenant_id=$DEMO_TENANT`
|
||||
DEMO_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"`
|
||||
DEMO_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"`
|
||||
|
||||
# write the secret and access to ec2rc
|
||||
cat > $DEVSTACK_DIR/ec2rc <<EOF
|
||||
ADMIN_ACCESS=$ADMIN_ACCESS
|
||||
ADMIN_SECRET=$ADMIN_SECRET
|
||||
DEMO_ACCESS=$DEMO_ACCESS
|
||||
DEMO_SECRET=$DEMO_SECRET
|
||||
EOF
|
||||
|
||||
|
||||
#endpointTemplates
|
||||
#$BIN_DIR/keystone-manage $* endpointTemplates add \
|
||||
# RegionOne nova
|
||||
|
@ -130,8 +149,3 @@ fi
|
|||
# Tokens
|
||||
#$BIN_DIR/keystone-manage token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00
|
||||
|
||||
# EC2 related creds - note we are setting the secret key to ADMIN_PASSWORD
|
||||
# but keystone doesn't parse them - it is just a blob from keystone's
|
||||
# point of view
|
||||
#$BIN_DIR/keystone-manage credentials add admin EC2 'admin' '%ADMIN_PASSWORD%' admin || echo "no support for adding credentials"
|
||||
#$BIN_DIR/keystone-manage credentials add demo EC2 'demo' '%ADMIN_PASSWORD%' demo || echo "no support for adding credentials"
|
||||
|
|
4
openrc
4
openrc
|
@ -56,10 +56,10 @@ export NOVA_REGION_NAME=${NOVA_REGION_NAME:-RegionOne}
|
|||
export EC2_URL=${EC2_URL:-http://$SERVICE_HOST:8773/services/Cloud}
|
||||
|
||||
# Access key is set in the initial keystone data to be the same as username
|
||||
export EC2_ACCESS_KEY=${USERNAME:-demo}
|
||||
export EC2_ACCESS_KEY=${DEMO_ACCESS}
|
||||
|
||||
# Secret key is set in the initial keystone data to the admin password
|
||||
export EC2_SECRET_KEY=${ADMIN_PASSWORD:-secrete}
|
||||
export EC2_SECRET_KEY=${DEMO_SECRET}
|
||||
|
||||
# Euca2ools Certificate stuff for uploading bundles
|
||||
# You can get your certs using ./tools/get_certs.sh
|
||||
|
|
2
stack.sh
2
stack.sh
|
@ -1398,7 +1398,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
|
|||
# initialize keystone with default users/endpoints
|
||||
pushd $KEYSTONE_DIR
|
||||
$KEYSTONE_DIR/bin/keystone-manage db_sync
|
||||
ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
|
||||
DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
|
||||
popd
|
||||
fi
|
||||
|
||||
|
|
5
stackrc
5
stackrc
|
@ -76,6 +76,11 @@ case "$LIBVIRT_TYPE" in
|
|||
IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";;
|
||||
esac
|
||||
|
||||
# use stored ec2 env variables
|
||||
if [ -f ./ec2rc ]; then
|
||||
source ./ec2rc
|
||||
fi
|
||||
|
||||
# allow local overrides of env variables
|
||||
if [ -f ./localrc ]; then
|
||||
source ./localrc
|
||||
|
|
Loading…
Reference in New Issue