Merge "Remove some keystone resource parsers"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
84f9c35020
@ -28,16 +28,6 @@ export SERVICE_TOKEN=$SERVICE_TOKEN
|
|||||||
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
|
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
|
||||||
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
|
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
|
||||||
|
|
||||||
function get_id () {
|
|
||||||
echo `"$@" | awk '/ id / { print $4 }'`
|
|
||||||
}
|
|
||||||
|
|
||||||
# Lookups
|
|
||||||
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
|
||||||
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
|
|
||||||
MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
|
|
||||||
|
|
||||||
|
|
||||||
# Roles
|
# Roles
|
||||||
# -----
|
# -----
|
||||||
|
|
||||||
@ -45,53 +35,52 @@ MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
|
|||||||
# The admin role in swift allows a user to act as an admin for their tenant,
|
# The admin role in swift allows a user to act as an admin for their tenant,
|
||||||
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
|
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
|
||||||
# role is also configurable in swift-proxy.conf
|
# role is also configurable in swift-proxy.conf
|
||||||
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
|
keystone role-create --name=ResellerAdmin
|
||||||
# Service role, so service users do not have to be admins
|
# Service role, so service users do not have to be admins
|
||||||
SERVICE_ROLE=$(get_id keystone role-create --name=service)
|
keystone role-create --name=service
|
||||||
|
|
||||||
|
|
||||||
# Services
|
# Services
|
||||||
# --------
|
# --------
|
||||||
|
|
||||||
if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" || "$ENABLED_SERVICES" =~ "swift" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" || "$ENABLED_SERVICES" =~ "swift" ]]; then
|
||||||
NOVA_USER=$(keystone user-list | awk "/ nova / { print \$2 }")
|
|
||||||
# Nova needs ResellerAdmin role to download images when accessing
|
# Nova needs ResellerAdmin role to download images when accessing
|
||||||
# swift through the s3 api.
|
# swift through the s3 api.
|
||||||
keystone user-role-add \
|
keystone user-role-add \
|
||||||
--tenant-id $SERVICE_TENANT \
|
--tenant $SERVICE_TENANT_NAME \
|
||||||
--user-id $NOVA_USER \
|
--user nova \
|
||||||
--role-id $RESELLER_ROLE
|
--role ResellerAdmin
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Heat
|
# Heat
|
||||||
if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then
|
||||||
HEAT_USER=$(get_id keystone user-create --name=heat \
|
keystone user-create --name=heat \
|
||||||
--pass="$SERVICE_PASSWORD" \
|
--pass="$SERVICE_PASSWORD" \
|
||||||
--tenant_id $SERVICE_TENANT \
|
--tenant $SERVICE_TENANT_NAME \
|
||||||
--email=heat@example.com)
|
--email=heat@example.com
|
||||||
keystone user-role-add --tenant-id $SERVICE_TENANT \
|
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
|
||||||
--user-id $HEAT_USER \
|
--user heat \
|
||||||
--role-id $SERVICE_ROLE
|
--role service
|
||||||
# heat_stack_user role is for users created by Heat
|
# heat_stack_user role is for users created by Heat
|
||||||
keystone role-create --name heat_stack_user
|
keystone role-create --name heat_stack_user
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
HEAT_CFN_SERVICE=$(get_id keystone service-create \
|
keystone service-create \
|
||||||
--name=heat-cfn \
|
--name=heat-cfn \
|
||||||
--type=cloudformation \
|
--type=cloudformation \
|
||||||
--description="Heat CloudFormation Service")
|
--description="Heat CloudFormation Service"
|
||||||
keystone endpoint-create \
|
keystone endpoint-create \
|
||||||
--region RegionOne \
|
--region RegionOne \
|
||||||
--service_id $HEAT_CFN_SERVICE \
|
--service heat-cfn \
|
||||||
--publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
|
--publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
|
||||||
--adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
|
--adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
|
||||||
--internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1"
|
--internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1"
|
||||||
HEAT_SERVICE=$(get_id keystone service-create \
|
keystone service-create \
|
||||||
--name=heat \
|
--name=heat \
|
||||||
--type=orchestration \
|
--type=orchestration \
|
||||||
--description="Heat Service")
|
--description="Heat Service"
|
||||||
keystone endpoint-create \
|
keystone endpoint-create \
|
||||||
--region RegionOne \
|
--region RegionOne \
|
||||||
--service_id $HEAT_SERVICE \
|
--service heat \
|
||||||
--publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
--publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
||||||
--adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
--adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
||||||
--internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
|
--internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
|
||||||
@ -100,23 +89,23 @@ fi
|
|||||||
|
|
||||||
# Glance
|
# Glance
|
||||||
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
|
||||||
GLANCE_USER=$(get_id keystone user-create \
|
keystone user-create \
|
||||||
--name=glance \
|
--name=glance \
|
||||||
--pass="$SERVICE_PASSWORD" \
|
--pass="$SERVICE_PASSWORD" \
|
||||||
--tenant_id $SERVICE_TENANT \
|
--tenant $SERVICE_TENANT_NAME \
|
||||||
--email=glance@example.com)
|
--email=glance@example.com
|
||||||
keystone user-role-add \
|
keystone user-role-add \
|
||||||
--tenant-id $SERVICE_TENANT \
|
--tenant $SERVICE_TENANT_NAME \
|
||||||
--user-id $GLANCE_USER \
|
--user glance \
|
||||||
--role-id $ADMIN_ROLE
|
--role admin
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
GLANCE_SERVICE=$(get_id keystone service-create \
|
keystone service-create \
|
||||||
--name=glance \
|
--name=glance \
|
||||||
--type=image \
|
--type=image \
|
||||||
--description="Glance Image Service")
|
--description="Glance Image Service"
|
||||||
keystone endpoint-create \
|
keystone endpoint-create \
|
||||||
--region RegionOne \
|
--region RegionOne \
|
||||||
--service_id $GLANCE_SERVICE \
|
--service glance \
|
||||||
--publicurl "http://$SERVICE_HOST:9292" \
|
--publicurl "http://$SERVICE_HOST:9292" \
|
||||||
--adminurl "http://$SERVICE_HOST:9292" \
|
--adminurl "http://$SERVICE_HOST:9292" \
|
||||||
--internalurl "http://$SERVICE_HOST:9292"
|
--internalurl "http://$SERVICE_HOST:9292"
|
||||||
@ -125,25 +114,25 @@ fi
|
|||||||
|
|
||||||
# Ceilometer
|
# Ceilometer
|
||||||
if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
|
||||||
CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \
|
keystone user-create --name=ceilometer \
|
||||||
--pass="$SERVICE_PASSWORD" \
|
--pass="$SERVICE_PASSWORD" \
|
||||||
--tenant_id $SERVICE_TENANT \
|
--tenant $SERVICE_TENANT_NAME \
|
||||||
--email=ceilometer@example.com)
|
--email=ceilometer@example.com
|
||||||
keystone user-role-add --tenant-id $SERVICE_TENANT \
|
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
|
||||||
--user-id $CEILOMETER_USER \
|
--user ceilometer \
|
||||||
--role-id $ADMIN_ROLE
|
--role admin
|
||||||
# Ceilometer needs ResellerAdmin role to access swift account stats.
|
# Ceilometer needs ResellerAdmin role to access swift account stats.
|
||||||
keystone user-role-add --tenant-id $SERVICE_TENANT \
|
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
|
||||||
--user-id $CEILOMETER_USER \
|
--user ceilometer \
|
||||||
--role-id $RESELLER_ROLE
|
--role ResellerAdmin
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
CEILOMETER_SERVICE=$(get_id keystone service-create \
|
keystone service-create \
|
||||||
--name=ceilometer \
|
--name=ceilometer \
|
||||||
--type=metering \
|
--type=metering \
|
||||||
--description="Ceilometer Service")
|
--description="Ceilometer Service"
|
||||||
keystone endpoint-create \
|
keystone endpoint-create \
|
||||||
--region RegionOne \
|
--region RegionOne \
|
||||||
--service_id $CEILOMETER_SERVICE \
|
--service ceilometer \
|
||||||
--publicurl "http://$SERVICE_HOST:8777" \
|
--publicurl "http://$SERVICE_HOST:8777" \
|
||||||
--adminurl "http://$SERVICE_HOST:8777" \
|
--adminurl "http://$SERVICE_HOST:8777" \
|
||||||
--internalurl "http://$SERVICE_HOST:8777"
|
--internalurl "http://$SERVICE_HOST:8777"
|
||||||
@ -153,13 +142,13 @@ fi
|
|||||||
# EC2
|
# EC2
|
||||||
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
EC2_SERVICE=$(get_id keystone service-create \
|
keystone service-create \
|
||||||
--name=ec2 \
|
--name=ec2 \
|
||||||
--type=ec2 \
|
--type=ec2 \
|
||||||
--description="EC2 Compatibility Layer")
|
--description="EC2 Compatibility Layer"
|
||||||
keystone endpoint-create \
|
keystone endpoint-create \
|
||||||
--region RegionOne \
|
--region RegionOne \
|
||||||
--service_id $EC2_SERVICE \
|
--service ec2 \
|
||||||
--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
|
--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
|
||||||
--adminurl "http://$SERVICE_HOST:8773/services/Admin" \
|
--adminurl "http://$SERVICE_HOST:8773/services/Admin" \
|
||||||
--internalurl "http://$SERVICE_HOST:8773/services/Cloud"
|
--internalurl "http://$SERVICE_HOST:8773/services/Cloud"
|
||||||
@ -169,13 +158,13 @@ fi
|
|||||||
# S3
|
# S3
|
||||||
if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift3" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift3" ]]; then
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
S3_SERVICE=$(get_id keystone service-create \
|
keystone service-create \
|
||||||
--name=s3 \
|
--name=s3 \
|
||||||
--type=s3 \
|
--type=s3 \
|
||||||
--description="S3")
|
--description="S3"
|
||||||
keystone endpoint-create \
|
keystone endpoint-create \
|
||||||
--region RegionOne \
|
--region RegionOne \
|
||||||
--service_id $S3_SERVICE \
|
--service s3 \
|
||||||
--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
|
--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
|
||||||
--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
|
--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
|
||||||
--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT"
|
--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT"
|
||||||
@ -185,14 +174,14 @@ fi
|
|||||||
if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
|
||||||
# Tempest has some tests that validate various authorization checks
|
# Tempest has some tests that validate various authorization checks
|
||||||
# between two regular users in separate tenants
|
# between two regular users in separate tenants
|
||||||
ALT_DEMO_TENANT=$(get_id keystone tenant-create \
|
keystone tenant-create \
|
||||||
--name=alt_demo)
|
--name=alt_demo
|
||||||
ALT_DEMO_USER=$(get_id keystone user-create \
|
keystone user-create \
|
||||||
--name=alt_demo \
|
--name=alt_demo \
|
||||||
--pass="$ADMIN_PASSWORD" \
|
--pass="$ADMIN_PASSWORD" \
|
||||||
--email=alt_demo@example.com)
|
--email=alt_demo@example.com
|
||||||
keystone user-role-add \
|
keystone user-role-add \
|
||||||
--tenant-id $ALT_DEMO_TENANT \
|
--tenant alt_demo \
|
||||||
--user-id $ALT_DEMO_USER \
|
--user alt_demo \
|
||||||
--role-id $MEMBER_ROLE
|
--role Member
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user