openstack/keystone
Code Issues Proposed changes

Update sample_data.sh to match docs

Browse Source 
Confirm more with the "OpenStack Install and Deploy Manual."

Change-Id: I46ab7e8e5ccdf389cbc60fee84c063f289155781
Fixes: bug #1073291
This commit is contained in:
David Höppner
2013-02-18 19:07:36 +01:00
parent b1bfca2501
commit d6f7cbc484
1 changed files with 112 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
tools/sample_data.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash
# Copyright 2012 OpenStack LLC
# Copyright 2013 OpenStack LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
@@ -23,31 +23,19 @@
# and the administrative API. It will get the admin_token (SERVICE_TOKEN)
# and admin_port from keystone.conf if available.
#
# There are two environment variables to set passwords that should be set
# prior to running this script. Warnings will appear if they are unset.
# * ADMIN_PASSWORD is used to set the password for the admin and demo accounts.
# * SERVICE_PASSWORD is used to set the password for the service accounts.
# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
# Use this with the Catalog Templated backend.
#
# Enable the Swift and Quantum accounts by setting ENABLE_SWIFT and/or
# ENABLE_QUANTUM environment variables.
#
# Enable creation of endpoints by setting ENABLE_ENDPOINTS environment variable.
# Works with Catalog SQL backend. Do not use with Catalog Templated backend
# (default).
#
# A set of EC2-compatible credentials is created for both admin and demo
# users and placed in etc/ec2rc.
# A EC2-compatible credential is created for the admin user and
# placed in etc/ec2rc.
#
# Tenant User Roles
# -------------------------------------------------------
# admin admin admin
# demo admin admin
# service glance admin
# service nova admin
# service quantum admin # if enabled
# service swift admin # if enabled
# demo admin admin
# demo demo Member,sysadmin,netadmin
# invisible_to_admin demo Member
# service ec2 admin
# service swift admin
CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
@@ -66,18 +54,6 @@ else
EC2RC="ec2rc"
fi
# Please set these, they are ONLY SAMPLE PASSWORDS!
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
if [[ "$ADMIN_PASSWORD" == "secrete" ]]; then
echo "The default admin password has been detected. Please consider"
echo "setting an actual password in environment variable ADMIN_PASSWORD"
fi
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
if [[ "$SERVICE_PASSWORD" == "$ADMIN_PASSWORD" ]]; then
echo "The default service password has been detected. Please consider"
echo "setting an actual password in environment variable SERVICE_PASSWORD"
fi
# Extract some info from Keystone's configuration file
if [[ -r "$KEYSTONE_CONF" ]]; then
CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
@@ -97,173 +73,149 @@ function get_id () {
echo `"$@" | grep ' id ' | awk '{print $4}'`
}
#
# Default tenant
#
DEMO_TENANT=$(get_id keystone tenant-create --name=demo \
--description "Default Tenant")
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=service)
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
# Users
ADMIN_USER=$(get_id keystone user-create --name=admin \
--pass="$ADMIN_PASSWORD" \
--email=admin@example.com)
DEMO_USER=$(get_id keystone user-create --name=demo \
--pass="$ADMIN_PASSWORD" \
--email=admin@example.com)
--pass=secrete)
# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
keystone user-role-add --user-id $ADMIN_USER \
--role-id $ADMIN_ROLE \
--tenant-id $DEMO_TENANT
# Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $DEMO_TENANT
keystone user-role-add --user-id $DEMO_USER --role-id $SYSADMIN_ROLE --tenant-id $DEMO_TENANT
keystone user-role-add --user-id $DEMO_USER --role-id $NETADMIN_ROLE --tenant-id $DEMO_TENANT
keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $INVIS_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $DEMO_TENANT
#
# Service tenant
#
SERVICE_TENANT=$(get_id keystone tenant-create --name=service \
--description "Service Tenant")
# TODO(termie): these two might be dubious
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT
# Services
NOVA_SERVICE=$(get_id \
keystone service-create --name=nova \
--type=compute \
--description="Nova Compute Service")
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass="$SERVICE_PASSWORD" \
--tenant-id $SERVICE_TENANT \
--email=nova@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $NOVA_USER \
--role-id $ADMIN_ROLE
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"
fi
EC2_SERVICE=$(get_id \
keystone service-create --name=ec2 \
--type=ec2 \
--description="EC2 Compatibility Layer")
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
fi
GLANCE_SERVICE=$(get_id \
keystone service-create --name=glance \
--type=image \
--description="Glance Image Service")
GLANCE_USER=$(get_id keystone user-create --name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant-id $SERVICE_TENANT \
--email=glance@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $GLANCE_USER \
--role-id $ADMIN_ROLE
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292/v1" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292/v1" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292/v1"
fi
--pass=glance)
keystone user-role-add --user-id $GLANCE_USER \
--role-id $ADMIN_ROLE \
--tenant-id $SERVICE_TENANT
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass=nova \
--tenant-id $SERVICE_TENANT)
keystone user-role-add --user-id $NOVA_USER \
--role-id $ADMIN_ROLE \
--tenant-id $SERVICE_TENANT
EC2_USER=$(get_id keystone user-create --name=ec2 \
--pass=ec2 \
--tenant-id $SERVICE_TENANT)
keystone user-role-add --user-id $EC2_USER \
--role-id $ADMIN_ROLE \
--tenant-id $SERVICE_TENANT
SWIFT_USER=$(get_id keystone user-create --name=swift \
--pass=swiftpass \
--tenant-id $SERVICE_TENANT)
keystone user-role-add --user-id $SWIFT_USER \
--role-id $ADMIN_ROLE \
--tenant-id $SERVICE_TENANT
#
# Keystone service
#
KEYSTONE_SERVICE=$(get_id \
keystone service-create --name=keystone \
--type=identity \
--description="Keystone Identity Service")
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0"
fi
#
# Nova service
#
NOVA_SERVICE=$(get_id \
keystone service-create --name=nova \
--type=compute \
--description="Nova Compute Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"
fi
#
# Volume service
#
VOLUME_SERVICE=$(get_id \
keystone service-create --name="nova-volume" \
keystone service-create --name=volume \
--type=volume \
--description="Nova Volume Service")
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
fi
keystone service-create --name="horizon" \
--type=dashboard \
--description="OpenStack Dashboard"
if [[ -n "$ENABLE_SWIFT" ]]; then
SWIFT_SERVICE=$(get_id \
keystone service-create --name=swift \
--type="object-store" \
--description="Swift Service")
SWIFT_USER=$(get_id keystone user-create --name=swift \
--pass="$SERVICE_PASSWORD" \
--tenant-id $SERVICE_TENANT \
--email=swift@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $SWIFT_USER \
--role-id $ADMIN_ROLE
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
fi
#
# Image service
#
GLANCE_SERVICE=$(get_id \
keystone service-create --name=glance \
--type=image \
--description="Glance Image Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
fi
if [[ -n "$ENABLE_QUANTUM" ]]; then
QUANTUM_SERVICE=$(get_id \
keystone service-create --name=quantum \
--type=network \
--description="Quantum Service")
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
--pass="$SERVICE_PASSWORD" \
--tenant-id $SERVICE_TENANT \
--email=quantum@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $QUANTUM_USER \
--role-id $ADMIN_ROLE
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $QUANTUM_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696"
fi
#
# EC2 service
#
EC2_SERVICE=$(get_id \
keystone service-create --name=ec2 \
--type=ec2 \
--description="EC2 Compatibility Layer")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
fi
#
# Swift service
#
SWIFT_SERVICE=$(get_id \
keystone service-create --name=swift \
--type="object-store" \
--description="Swift Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8888/v1/AUTH_\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8888/v1" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8888/v1/AUTH_\$(tenant_id)s"
fi
# create ec2 creds and parse the secret and access key returned
RESULT=$(keystone ec2-credentials-create --tenant-id=$ADMIN_TENANT --user-id=$ADMIN_USER)
RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
RESULT=$(keystone ec2-credentials-create --tenant-id=$DEMO_TENANT --user-id=$DEMO_USER)
DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
# write the secret and access to ec2rc
cat > $EC2RC <<EOF
ADMIN_ACCESS=$ADMIN_ACCESS
ADMIN_SECRET=$ADMIN_SECRET
DEMO_ACCESS=$DEMO_ACCESS
DEMO_SECRET=$DEMO_SECRET
EOF