openstack/devstack
Code Issues Proposed changes

Merge redux branch (keystone light)

Browse Source 
Change-Id: I2cb5b198a06848f42f919ea49e338443131e263e
This commit is contained in:
James E. Blair
2012-02-14 15:56:37 -08:00
parent 0f470d2855 258c95de09
commit bfb52735dd
8 changed files with 258 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
files/apts/keystone
View File

@@ -12,4 +12,4 @@ python-greenlet
python-routes
libldap2-dev
libsasl2-dev
python-bcrypt

30
files/default_catalog.templates Normal file
View File

@@ -0,0 +1,30 @@
# config for TemplatedCatalog, using camelCase because I don't want to do
# translations for legacy compat
catalog.RegionOne.identity.publicURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
catalog.RegionOne.identity.adminURL = http://%SERVICE_HOST%:$(admin_port)s/v2.0
catalog.RegionOne.identity.internalURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
catalog.RegionOne.identity.name = 'Identity Service'
catalog.RegionOne.compute.publicURL = http://%SERVICE_HOST%:8774/v1.1/$(tenant_id)s
catalog.RegionOne.compute.adminURL = http://%SERVICE_HOST%:8774/v1.1/$(tenant_id)s
catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v1.1/$(tenant_id)s
catalog.RegionOne.compute.name = 'Compute Service'
catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/services/Cloud
catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/services/Admin
catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
catalog.RegionOne.ec2.name = 'EC2 Service'
catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.name = 'Image Service'
catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:8080/v1/AUTH_$(tenant_id)s
catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:8080/
catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:8080/v1/AUTH_$(tenant_id)s
catalog.RegionOne.object_store.name = 'Swift Service'

180
files/keystone.conf
View File

@@ -1,112 +1,92 @@
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = False
# Show debugging output in logs (sets DEBUG log level output)
debug = False
# Which backend store should Keystone use by default.
# Default: 'sqlite'
# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
default_store = sqlite
# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
log_file = %DEST%/keystone/keystone.log
# List of backends to be configured
backends = keystone.backends.sqlalchemy
#For LDAP support, add: ,keystone.backends.ldap
# Dictionary Maps every service to a header.Missing services would get header
# X_(SERVICE_NAME) Key => Service Name, Value => Header Name
service_header_mappings = {
'nova' : 'X-Server-Management-Url',
'swift' : 'X-Storage-Url',
'cdn' : 'X-CDN-Management-Url'}
#List of extensions currently supported
extensions= osksadm,oskscatalog
# Address to bind the API server
# TODO Properties defined within app not available via pipeline.
service_host = 0.0.0.0
# Port the bind the API server to
service_port = 5000
# SSL for API server
service_ssl = False
# Address to bind the Admin API server
admin_host = 0.0.0.0
# Port the bind the Admin API server to
public_port = 5000
admin_port = 35357
admin_token = %SERVICE_TOKEN%
compute_port = 3000
verbose = True
debug = True
# commented out so devstack logs to stdout
# log_file = %DEST%/keystone/keystone.log
# SSL for API Admin server
admin_ssl = False
# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log-file`
use_syslog = False
# Keystone certificate file (modify as needed)
# Only required if *_ssl is set to True
certfile = /etc/keystone/ssl/certs/keystone.pem
# Facility to use. If unset defaults to LOG_USER.
# syslog_log_facility = LOG_LOCAL0
# Keystone private key file (modify as needed)
# Only required if *_ssl is set to True
keyfile = /etc/keystone/ssl/private/keystonekey.pem
[sql]
connection = %SQL_CONN%
idle_timeout = 30
min_pool_size = 5
max_pool_size = 10
pool_timeout = 200
# Keystone trusted CA certificates (modify as needed)
# Only required if *_ssl is set to True
ca_certs = /etc/keystone/ssl/certs/ca.pem
[identity]
driver = keystone.identity.backends.sql.Identity
# Client certificate required
# Only relevant if *_ssl is set to True
cert_required = True
[catalog]
driver = keystone.catalog.backends.templated.TemplatedCatalog
template_file = %KEYSTONE_DIR%/etc/default_catalog.templates
#Role that allows to perform admin operations.
keystone_admin_role = admin
[token]
driver = keystone.token.backends.kvs.Token
#Role that allows to perform service admin operations.
keystone_service_admin_role = KeystoneServiceAdmin
[policy]
driver = keystone.policy.backends.simple.SimpleMatch
#Tells whether password user need to be hashed in the backend
hash_password = True
[keystone.backends.sqlalchemy]
# SQLAlchemy connection string for the reference implementation registry
# server. Any valid SQLAlchemy connection string is fine.
# See: http://bit.ly/ideIpI
sql_connection = %SQL_CONN%
backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',
'User', 'Credentials', 'EndpointTemplates', 'Token',
'Service']
# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
sql_idle_timeout = 30
[pipeline:admin]
pipeline =
urlrewritefilter
admin_api
[pipeline:keystone-legacy-auth]
pipeline =
urlrewritefilter
legacy_auth
service_api
[app:service_api]
paste.app_factory = keystone.server:service_app_factory
[app:admin_api]
paste.app_factory = keystone.server:admin_app_factory
[filter:urlrewritefilter]
paste.filter_factory = keystone.middleware.url:filter_factory
[filter:legacy_auth]
paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory
[ec2]
driver = keystone.contrib.ec2.backends.sql.Ec2
[filter:debug]
paste.filter_factory = keystone.common.wsgi:debug_filter_factory
paste.filter_factory = keystone.common.wsgi:Debug.factory
[filter:token_auth]
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
[filter:admin_token_auth]
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
[filter:json_body]
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
[filter:crud_extension]
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
[app:public_service]
paste.app_factory = keystone.service:public_app_factory
[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory
[pipeline:public_api]
pipeline = token_auth admin_token_auth json_body debug ec2_extension public_service
[pipeline:admin_api]
pipeline = token_auth admin_token_auth json_body debug ec2_extension crud_extension admin_service
[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory
[app:admin_version_service]
paste.app_factory = keystone.service:admin_version_app_factory
[pipeline:public_version_api]
pipeline = public_version_service
[pipeline:admin_version_api]
pipeline = admin_version_service
[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api
[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_service

119
files/keystone_data.sh
View File

@@ -1,54 +1,91 @@
#!/bin/bash
BIN_DIR=${BIN_DIR:-.}
# Tenants
$BIN_DIR/keystone-manage tenant add admin
$BIN_DIR/keystone-manage tenant add demo
$BIN_DIR/keystone-manage tenant add invisible_to_admin
export SERVICE_TOKEN=$SERVICE_TOKEN
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
function get_id () {
echo `$@ | grep id | awk '{print $4}'`
}
ADMIN_TENANT=`get_id keystone tenant-create --name=admin`
DEMO_TENANT=`get_id keystone tenant-create --name=demo`
INVIS_TENANT=`get_id keystone tenant-create --name=invisible_to_admin`
# Users
$BIN_DIR/keystone-manage user add admin %ADMIN_PASSWORD%
$BIN_DIR/keystone-manage user add demo %ADMIN_PASSWORD%
ADMIN_USER=`get_id keystone user-create \
--name=admin \
--pass="$ADMIN_PASSWORD" \
--email=admin@example.com`
DEMO_USER=`get_id keystone user-create \
--name=demo \
--pass="$ADMIN_PASSWORD" \
--email=admin@example.com`
# Roles
$BIN_DIR/keystone-manage role add admin
$BIN_DIR/keystone-manage role add Member
$BIN_DIR/keystone-manage role add KeystoneAdmin
$BIN_DIR/keystone-manage role add KeystoneServiceAdmin
$BIN_DIR/keystone-manage role add sysadmin
$BIN_DIR/keystone-manage role add netadmin
$BIN_DIR/keystone-manage role grant admin admin admin
$BIN_DIR/keystone-manage role grant Member demo demo
$BIN_DIR/keystone-manage role grant sysadmin demo demo
$BIN_DIR/keystone-manage role grant netadmin demo demo
$BIN_DIR/keystone-manage role grant Member demo invisible_to_admin
$BIN_DIR/keystone-manage role grant admin admin demo
$BIN_DIR/keystone-manage role grant admin admin
$BIN_DIR/keystone-manage role grant KeystoneAdmin admin
$BIN_DIR/keystone-manage role grant KeystoneServiceAdmin admin
ADMIN_ROLE=`get_id keystone role-create --name=admin`
MEMBER_ROLE=`get_id keystone role-create --name=Member`
KEYSTONEADMIN_ROLE=`get_id keystone role-create --name=KeystoneAdmin`
KEYSTONESERVICE_ROLE=`get_id keystone role-create --name=KeystoneServiceAdmin`
SYSADMIN_ROLE=`get_id keystone role-create --name=sysadmin`
NETADMIN_ROLE=`get_id keystone role-create --name=netadmin`
# Add Roles to Users in Tenants
keystone add-user-role $ADMIN_USER $ADMIN_ROLE $ADMIN_TENANT
keystone add-user-role $DEMO_USER $MEMBER_ROLE $DEMO_TENANT
keystone add-user-role $DEMO_USER $SYSADMIN_ROLE $DEMO_TENANT
keystone add-user-role $DEMO_USER $NETADMIN_ROLE $DEMO_TENANT
keystone add-user-role $DEMO_USER $MEMBER_ROLE $INVIS_TENANT
keystone add-user-role $ADMIN_USER $ADMIN_ROLE $DEMO_TENANT
# TODO(termie): these two might be dubious
keystone add-user-role $ADMIN_USER $KEYSTONEADMIN_ROLE $ADMIN_TENANT
keystone add-user-role $ADMIN_USER $KEYSTONESERVICE_ROLE $ADMIN_TENANT
# Services
$BIN_DIR/keystone-manage service add nova compute "Nova Compute Service"
$BIN_DIR/keystone-manage service add ec2 ec2 "EC2 Compatability Layer"
$BIN_DIR/keystone-manage service add glance image "Glance Image Service"
$BIN_DIR/keystone-manage service add keystone identity "Keystone Identity Service"
keystone service-create \
--name=nova \
--type=compute \
--description="Nova Compute Service"
keystone service-create \
--name=ec2 \
--type=ec2 \
--description="EC2 Compatibility Layer"
keystone service-create \
--name=glance \
--type=image \
--description="Glance Image Service"
keystone service-create \
--name=keystone \
--type=identity \
--description="Keystone Identity Service"
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
$BIN_DIR/keystone-manage service add swift object-store "Swift Service"
keystone service-create \
--name=swift \
--type="object-store" \
--description="Swift Service"
fi
#endpointTemplates
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne nova http://%SERVICE_HOST%:8774/v1.1/%tenant_id% http://%SERVICE_HOST%:8774/v1.1/%tenant_id% http://%SERVICE_HOST%:8774/v1.1/%tenant_id% 1 1
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne ec2 http://%SERVICE_HOST%:8773/services/Cloud http://%SERVICE_HOST%:8773/services/Admin http://%SERVICE_HOST%:8773/services/Cloud 1 1
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%SERVICE_HOST%:9292/v1 http://%SERVICE_HOST%:9292/v1 http://%SERVICE_HOST%:9292/v1 1 1
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone %KEYSTONE_SERVICE_PROTOCOL%://%KEYSTONE_SERVICE_HOST%:%KEYSTONE_SERVICE_PORT%/v2.0 %KEYSTONE_AUTH_PROTOCOL%://%KEYSTONE_AUTH_HOST%:%KEYSTONE_AUTH_PORT%/v2.0 %KEYSTONE_SERVICE_PROTOCOL%://%KEYSTONE_SERVICE_HOST%:%KEYSTONE_SERVICE_PORT%/v2.0 1 1
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% http://%SERVICE_HOST%:8080/ http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% 1 1
fi
# create ec2 creds and parse the secret and access key returned
RESULT=`keystone ec2-create-credentials --tenant_id=$ADMIN_TENANT --user_id=$ADMIN_USER`
echo `$@ | grep id | awk '{print $4}'`
ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
# Tokens
$BIN_DIR/keystone-manage token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00
# EC2 related creds - note we are setting the secret key to ADMIN_PASSWORD
# but keystone doesn't parse them - it is just a blob from keystone's
# point of view
$BIN_DIR/keystone-manage credentials add admin EC2 'admin' '%ADMIN_PASSWORD%' admin || echo "no support for adding credentials"
$BIN_DIR/keystone-manage credentials add demo EC2 'demo' '%ADMIN_PASSWORD%' demo || echo "no support for adding credentials"
RESULT=`keystone ec2-create-credentials --tenant_id=$DEMO_TENANT --user_id=$DEMO_USER`
DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
# write the secret and access to ec2rc
cat > $DEVSTACK_DIR/ec2rc <<EOF
ADMIN_ACCESS=$ADMIN_ACCESS
ADMIN_SECRET=$ADMIN_SECRET
DEMO_ACCESS=$DEMO_ACCESS
DEMO_SECRET=$DEMO_SECRET
EOF

1
files/pips/keystone
View File

@@ -1 +1,2 @@
PassLib
pycli

6
openrc
View File

@@ -42,7 +42,7 @@ export OS_PASSWORD=${NOVA_PASSWORD}
#
# *NOTE*: Using the 2.0 *auth api* does not mean that compute api is 2.0. We
# will use the 1.1 *compute api*
export NOVA_URL=${NOVA_URL:-http://$SERVICE_HOST:5000/v2.0/}
export NOVA_URL=${NOVA_URL:-http://$SERVICE_HOST:5000/v2.0}
export OS_AUTH_URL=${NOVA_URL}
# Currently novaclient needs you to specify the *compute api* version. This
@@ -56,10 +56,10 @@ export NOVA_REGION_NAME=${NOVA_REGION_NAME:-RegionOne}
export EC2_URL=${EC2_URL:-http://$SERVICE_HOST:8773/services/Cloud}
# Access key is set in the initial keystone data to be the same as username
export EC2_ACCESS_KEY=${USERNAME:-demo}
export EC2_ACCESS_KEY=${DEMO_ACCESS}
# Secret key is set in the initial keystone data to the admin password
export EC2_SECRET_KEY=${ADMIN_PASSWORD:-secrete}
export EC2_SECRET_KEY=${DEMO_SECRET}
# Euca2ools Certificate stuff for uploading bundles
# You can get your certs using ./tools/get_certs.sh

129
stack.sh
View File

@@ -533,6 +533,7 @@ pip_install `cat $FILES/pips/* | uniq`
# compute service
git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
# python client library to nova that horizon (and others) use
git_clone $KEYSTONECLIENT_REPO $KEYSTONECLIENT_DIR $KEYSTONECLIENT_BRANCH
git_clone $NOVACLIENT_REPO $NOVACLIENT_DIR $NOVACLIENT_BRANCH
# glance, swift middleware and nova api needs keystone middleware
@@ -561,7 +562,6 @@ fi
if [[ "$ENABLED_SERVICES" =~ "horizon" ]]; then
# django powered web control panel for openstack
git_clone $HORIZON_REPO $HORIZON_DIR $HORIZON_BRANCH $HORIZON_TAG
git_clone $KEYSTONECLIENT_REPO $KEYSTONECLIENT_DIR $KEYSTONECLIENT_BRANCH
fi
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
# quantum
@@ -584,6 +584,8 @@ fi
# setup our checkouts so they are installed into python path
# allowing ``import nova`` or ``import glance.client``
cd $KEYSTONECLIENT_DIR; sudo python setup.py develop
cd $NOVACLIENT_DIR; sudo python setup.py develop
if [[ "$ENABLED_SERVICES" =~ "key" ||
"$ENABLED_SERVICES" =~ "g-api" ||
"$ENABLED_SERVICES" =~ "n-api" ||
@@ -598,10 +600,8 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ||
"$ENABLED_SERVICES" =~ "n-api" ]]; then
cd $GLANCE_DIR; sudo python setup.py develop
fi
cd $NOVACLIENT_DIR; sudo python setup.py develop
cd $NOVA_DIR; sudo python setup.py develop
if [[ "$ENABLED_SERVICES" =~ "horizon" ]]; then
cd $KEYSTONECLIENT_DIR; sudo python setup.py develop
cd $HORIZON_DIR/horizon; sudo python setup.py develop
cd $HORIZON_DIR/openstack-dashboard; sudo python setup.py develop
fi
@@ -793,28 +793,20 @@ fi
# Nova
# ----
# Put config files in /etc/nova for everyone to find
NOVA_CONF=/etc/nova
if [[ ! -d $NOVA_CONF ]]; then
sudo mkdir -p $NOVA_CONF
fi
sudo chown `whoami` $NOVA_CONF
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
# We are going to use a sample http middleware configuration based on the
# one from the keystone project to launch nova. This paste config adds
# the configuration required for nova to validate keystone tokens.
# First we add a some extra data to the default paste config from nova
cp $NOVA_DIR/etc/nova/api-paste.ini $NOVA_CONF
cp $NOVA_DIR/etc/nova/api-paste.ini $NOVA_DIR/bin/nova-api-paste.ini
# Then we add our own service token to the configuration
sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $NOVA_CONF/api-paste.ini
sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $NOVA_DIR/bin/nova-api-paste.ini
# Finally, we change the pipelines in nova to use keystone
function replace_pipeline() {
sed "/\[pipeline:$1\]/,/\[/s/^pipeline = .*/pipeline = $2/" -i $NOVA_CONF/api-paste.ini
sed "/\[pipeline:$1\]/,/\[/s/^pipeline = .*/pipeline = $2/" -i $NOVA_DIR/bin/nova-api-paste.ini
}
replace_pipeline "ec2cloud" "ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer validator ec2executor"
replace_pipeline "ec2admin" "ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor"
@@ -1101,11 +1093,11 @@ if [[ "$ENABLED_SERVICES" =~ "n-vol" ]]; then
fi
function add_nova_flag {
echo "$1" >> $NOVA_CONF/nova.conf
echo "$1" >> $NOVA_DIR/bin/nova.conf
}
# (re)create nova.conf
rm -f $NOVA_CONF/nova.conf
rm -f $NOVA_DIR/bin/nova.conf
add_nova_flag "--verbose"
add_nova_flag "--allow_admin_api"
add_nova_flag "--scheduler_driver=$SCHEDULER"
@@ -1165,7 +1157,7 @@ fi
VNCSERVER_LISTEN=${VNCSERVER_LISTEN=127.0.0.1}
add_nova_flag "--vncserver_listen=$VNCSERVER_LISTEN"
add_nova_flag "--vncserver_proxyclient_address=$VNCSERVER_PROXYCLIENT_ADDRESS"
add_nova_flag "--api_paste_config=$NOVA_CONF/api-paste.ini"
add_nova_flag "--api_paste_config=$NOVA_DIR/bin/nova-api-paste.ini"
add_nova_flag "--image_service=nova.image.glance.GlanceImageService"
add_nova_flag "--ec2_dmz_host=$EC2_DMZ_HOST"
add_nova_flag "--rabbit_host=$RABBIT_HOST"
@@ -1231,51 +1223,6 @@ if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then
fi
# Keystone
# --------
if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
# (re)create keystone database
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone;'
# Configure keystone.conf
KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf
cp $FILES/keystone.conf $KEYSTONE_CONF
sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone,g" -i $KEYSTONE_CONF
sudo sed -e "s,%DEST%,$DEST,g" -i $KEYSTONE_CONF
# keystone_data.sh creates our admin user and our ``SERVICE_TOKEN``.
KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh
cp $FILES/keystone_data.sh $KEYSTONE_DATA
sudo sed -e "
s,%KEYSTONE_AUTH_HOST%,$KEYSTONE_AUTH_HOST,g;
s,%KEYSTONE_AUTH_PORT%,$KEYSTONE_AUTH_PORT,g;
s,%KEYSTONE_AUTH_PROTOCOL%,$KEYSTONE_AUTH_PROTOCOL,g;
s,%KEYSTONE_SERVICE_HOST%,$KEYSTONE_SERVICE_HOST,g;
s,%KEYSTONE_SERVICE_PORT%,$KEYSTONE_SERVICE_PORT,g;
s,%KEYSTONE_SERVICE_PROTOCOL%,$KEYSTONE_SERVICE_PROTOCOL,g;
s,%SERVICE_HOST%,$SERVICE_HOST,g;
s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
s,%ADMIN_PASSWORD%,$ADMIN_PASSWORD,g;
" -i $KEYSTONE_DATA
# Prepare up the database
$KEYSTONE_DIR/bin/keystone-manage sync_database
# initialize keystone with default users/endpoints
ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
if [ "$SYSLOG" != "False" ]; then
sed -i -e '/^handlers=devel$/s/=devel/=production/' \
$KEYSTONE_DIR/etc/logging.cnf
sed -i -e "/^log_file/s/log_file/\#log_file/" \
$KEYSTONE_DIR/etc/keystone.conf
KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_DIR/etc/logging.cnf"
fi
fi
# Launch Services
# ===============
@@ -1317,16 +1264,54 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
fi
fi
if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
# (re)create keystone database
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone;'
# Configure keystone.conf
KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf
cp $FILES/keystone.conf $KEYSTONE_CONF
sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone,g" -i $KEYSTONE_CONF
sudo sed -e "s,%DEST%,$DEST,g" -i $KEYSTONE_CONF
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_CONF
sudo sed -e "s,%KEYSTONE_DIR%,$KEYSTONE_DIR,g" -i $KEYSTONE_CONF
KEYSTONE_CATALOG=$KEYSTONE_DIR/etc/default_catalog.templates
cp $FILES/default_catalog.templates $KEYSTONE_CATALOG
sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG
if [ "$SYSLOG" != "False" ]; then
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf
sed -i -e '/^handlers=devel$/s/=devel/=production/' \
$KEYSTONE_DIR/etc/logging.conf
sed -i -e "/^log_file/s/log_file/\#log_file/" \
$KEYSTONE_DIR/etc/keystone.conf
KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_DIR/etc/logging.conf"
fi
fi
# launch the keystone and wait for it to answer before continuing
if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d"
screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
echo "Waiting for keystone to start..."
if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT; do sleep 1; done"; then
if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/; do sleep 1; done"; then
echo "keystone did not start"
exit 1
fi
# initialize keystone with default users/endpoints
pushd $KEYSTONE_DIR
$KEYSTONE_DIR/bin/keystone-manage db_sync
popd
# keystone_data.sh creates services, admin and demo users, and roles.
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES bash $FILES/keystone_data.sh
fi
# launch the nova-api and wait for it to answer before continuing
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
screen_it n-api "cd $NOVA_DIR && $NOVA_DIR/bin/nova-api"
@@ -1459,6 +1444,10 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
# Create a directory for the downloaded image tarballs.
mkdir -p $FILES/images
ADMIN_USER=admin
ADMIN_TENANT=admin
TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$ADMIN_USER\", \"password\": \"$ADMIN_PASSWORD\"}, \"tenantName\": \"$ADMIN_TENANT\"}}" -H "Content-type: application/json" http://$HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"`
# Option to upload legacy ami-tty, which works with xenserver
if [ $UPLOAD_LEGACY_TTY ]; then
if [ ! -f $FILES/tty.tgz ]; then
@@ -1466,11 +1455,11 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
fi
tar -zxf $FILES/tty.tgz -C $FILES/images
RVAL=`glance add -A $SERVICE_TOKEN name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image`
RVAL=`glance add -A $TOKEN name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image`
KERNEL_ID=`echo $RVAL | cut -d":" -f2 | tr -d " "`
RVAL=`glance add -A $SERVICE_TOKEN name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image`
RVAL=`glance add -A $TOKEN name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image`
RAMDISK_ID=`echo $RVAL | cut -d":" -f2 | tr -d " "`
glance add -A $SERVICE_TOKEN name="tty" is_public=true container_format=ami disk_format=ami kernel_id=$KERNEL_ID ramdisk_id=$RAMDISK_ID < $FILES/images/ami-tty/image
glance add -A $TOKEN name="tty" is_public=true container_format=ami disk_format=ami kernel_id=$KERNEL_ID ramdisk_id=$RAMDISK_ID < $FILES/images/ami-tty/image
fi
for image_url in ${IMAGE_URLS//,/ }; do
@@ -1517,14 +1506,14 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
# kernel for use when uploading the root filesystem.
KERNEL_ID=""; RAMDISK_ID="";
if [ -n "$KERNEL" ]; then
RVAL=`glance add -A $SERVICE_TOKEN name="$IMAGE_NAME-kernel" is_public=true container_format=aki disk_format=aki < "$KERNEL"`
RVAL=`glance add -A $TOKEN name="$IMAGE_NAME-kernel" is_public=true container_format=aki disk_format=aki < "$KERNEL"`
KERNEL_ID=`echo $RVAL | cut -d":" -f2 | tr -d " "`
fi
if [ -n "$RAMDISK" ]; then
RVAL=`glance add -A $SERVICE_TOKEN name="$IMAGE_NAME-ramdisk" is_public=true container_format=ari disk_format=ari < "$RAMDISK"`
RVAL=`glance add -A $TOKEN name="$IMAGE_NAME-ramdisk" is_public=true container_format=ari disk_format=ari < "$RAMDISK"`
RAMDISK_ID=`echo $RVAL | cut -d":" -f2 | tr -d " "`
fi
glance add -A $SERVICE_TOKEN name="${IMAGE_NAME%.img}" is_public=true container_format=ami disk_format=ami ${KERNEL_ID:+kernel_id=$KERNEL_ID} ${RAMDISK_ID:+ramdisk_id=$RAMDISK_ID} < <(zcat --force "${IMAGE}")
glance add -A $TOKEN name="${IMAGE_NAME%.img}" is_public=true container_format=ami disk_format=ami ${KERNEL_ID:+kernel_id=$KERNEL_ID} ${RAMDISK_ID:+ramdisk_id=$RAMDISK_ID} < <(zcat --force "${IMAGE}")
done
fi

7
stackrc
View File

@@ -16,7 +16,7 @@ GLANCE_BRANCH=master
# unified auth system (manages accounts/tokens)
KEYSTONE_REPO=https://github.com/openstack/keystone.git
KEYSTONE_BRANCH=master
KEYSTONE_BRANCH=redux
# a websockets/html5 or flash powered VNC console for vm instances
NOVNC_REPO=https://github.com/cloudbuilders/noVNC.git
@@ -76,6 +76,11 @@ case "$LIBVIRT_TYPE" in
IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";;
esac
# use stored ec2 env variables
if [ -f ./ec2rc ]; then
source ./ec2rc
fi
# allow local overrides of env variables
if [ -f ./localrc ]; then
source ./localrc