create and store secret and access keys

This commit is contained in:
Vishvananda Ishaya 2012-02-06 22:56:37 +00:00
parent d281376de8
commit 658ac7a4cc
5 changed files with 28 additions and 9 deletions

View File

@ -37,7 +37,7 @@ driver = keystone.token.backends.kvs.Token
driver = keystone.policy.backends.simple.SimpleMatch
[ec2]
driver = keystone.contrib.ec2.backends.kvs.Ec2
driver = keystone.contrib.ec2.backends.sql.Ec2
[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory

View File

@ -98,6 +98,25 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
"description=Swift Service"
fi
# create ec2 creds and parse the secret and access key returned
RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$ADMIN_USER tenant_id=$ADMIN_TENANT`
ADMIN_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"`
ADMIN_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"`
RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$DEMO_USER tenant_id=$DEMO_TENANT`
DEMO_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"`
DEMO_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"`
# write the secret and access to ec2rc
cat > $DEVSTACK_DIR/ec2rc <<EOF
ADMIN_ACCESS=$ADMIN_ACCESS
ADMIN_SECRET=$ADMIN_SECRET
DEMO_ACCESS=$DEMO_ACCESS
DEMO_SECRET=$DEMO_SECRET
EOF
#endpointTemplates
#$BIN_DIR/keystone-manage $* endpointTemplates add \
# RegionOne nova
@ -130,8 +149,3 @@ fi
# Tokens
#$BIN_DIR/keystone-manage token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00
# EC2 related creds - note we are setting the secret key to ADMIN_PASSWORD
# but keystone doesn't parse them - it is just a blob from keystone's
# point of view
#$BIN_DIR/keystone-manage credentials add admin EC2 'admin' '%ADMIN_PASSWORD%' admin || echo "no support for adding credentials"
#$BIN_DIR/keystone-manage credentials add demo EC2 'demo' '%ADMIN_PASSWORD%' demo || echo "no support for adding credentials"

4
openrc
View File

@ -56,10 +56,10 @@ export NOVA_REGION_NAME=${NOVA_REGION_NAME:-RegionOne}
export EC2_URL=${EC2_URL:-http://$SERVICE_HOST:8773/services/Cloud}
# Access key is set in the initial keystone data to be the same as username
export EC2_ACCESS_KEY=${USERNAME:-demo}
export EC2_ACCESS_KEY=${DEMO_ACCESS}
# Secret key is set in the initial keystone data to the admin password
export EC2_SECRET_KEY=${ADMIN_PASSWORD:-secrete}
export EC2_SECRET_KEY=${DEMO_SECRET}
# Euca2ools Certificate stuff for uploading bundles
# You can get your certs using ./tools/get_certs.sh

View File

@ -1398,7 +1398,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
# initialize keystone with default users/endpoints
pushd $KEYSTONE_DIR
$KEYSTONE_DIR/bin/keystone-manage db_sync
ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
popd
fi

View File

@ -76,6 +76,11 @@ case "$LIBVIRT_TYPE" in
IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";;
esac
# use stored ec2 env variables
if [ -f ./ec2rc ]; then
source ./ec2rc
fi
# allow local overrides of env variables
if [ -f ./localrc ]; then
source ./localrc