openstack/keystone
Code Issues Proposed changes

Update sample_data.sh to match docs

Browse Source 
Confirm more with the "OpenStack Install and Deploy Manual."

Change-Id: I46ab7e8e5ccdf389cbc60fee84c063f289155781
Fixes: bug #1073291
This commit is contained in:
David Höppner
2013-02-18 19:07:36 +01:00
parent b1bfca2501
commit d6f7cbc484
1 changed files with 112 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
tools/sample_data.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Copyright 2012 OpenStack LLC # Copyright 2013 OpenStack LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may # Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain # not use this file except in compliance with the License. You may obtain
@@ -23,31 +23,19 @@
# and the administrative API. It will get the admin_token (SERVICE_TOKEN) # and the administrative API. It will get the admin_token (SERVICE_TOKEN)
# and admin_port from keystone.conf if available. # and admin_port from keystone.conf if available.
# #
# There are two environment variables to set passwords that should be set # Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
# prior to running this script. Warnings will appear if they are unset. # Use this with the Catalog Templated backend.
# * ADMIN_PASSWORD is used to set the password for the admin and demo accounts.
# * SERVICE_PASSWORD is used to set the password for the service accounts.
# #
# Enable the Swift and Quantum accounts by setting ENABLE_SWIFT and/or # A EC2-compatible credential is created for the admin user and
# ENABLE_QUANTUM environment variables. # placed in etc/ec2rc.
#
# Enable creation of endpoints by setting ENABLE_ENDPOINTS environment variable.
# Works with Catalog SQL backend. Do not use with Catalog Templated backend
# (default).
#
# A set of EC2-compatible credentials is created for both admin and demo
# users and placed in etc/ec2rc.
# #
# Tenant User Roles # Tenant User Roles
# ------------------------------------------------------- # -------------------------------------------------------
# admin admin admin # demo admin admin
# service glance admin # service glance admin
# service nova admin # service nova admin
# service quantum admin # if enabled # service ec2 admin
# service swift admin # if enabled # service swift admin
# demo admin admin
# demo demo Member,sysadmin,netadmin
# invisible_to_admin demo Member
CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost} CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost} CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
@@ -66,18 +54,6 @@ else
EC2RC="ec2rc" EC2RC="ec2rc"
fi fi
# Please set these, they are ONLY SAMPLE PASSWORDS!
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
if [[ "$ADMIN_PASSWORD" == "secrete" ]]; then
echo "The default admin password has been detected. Please consider"
echo "setting an actual password in environment variable ADMIN_PASSWORD"
fi
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
if [[ "$SERVICE_PASSWORD" == "$ADMIN_PASSWORD" ]]; then
echo "The default service password has been detected. Please consider"
echo "setting an actual password in environment variable SERVICE_PASSWORD"
fi
# Extract some info from Keystone's configuration file # Extract some info from Keystone's configuration file
if [[ -r "$KEYSTONE_CONF" ]]; then if [[ -r "$KEYSTONE_CONF" ]]; then
CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2) CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
@@ -97,173 +73,149 @@ function get_id () {
echo `"$@" | grep ' id ' | awk '{print $4}'` echo `"$@" | grep ' id ' | awk '{print $4}'`
} }
#
# Default tenant
#
DEMO_TENANT=$(get_id keystone tenant-create --name=demo \
--description "Default Tenant")
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=service)
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
# Users
ADMIN_USER=$(get_id keystone user-create --name=admin \ ADMIN_USER=$(get_id keystone user-create --name=admin \
--pass="$ADMIN_PASSWORD" \ --pass=secrete)
--email=admin@example.com)
DEMO_USER=$(get_id keystone user-create --name=demo \
--pass="$ADMIN_PASSWORD" \
--email=admin@example.com)
# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin) ADMIN_ROLE=$(get_id keystone role-create --name=admin)
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
keystone user-role-add --user-id $ADMIN_USER \
--role-id $ADMIN_ROLE \
--tenant-id $DEMO_TENANT
# Add Roles to Users in Tenants #
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT # Service tenant
keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $DEMO_TENANT #
keystone user-role-add --user-id $DEMO_USER --role-id $SYSADMIN_ROLE --tenant-id $DEMO_TENANT SERVICE_TENANT=$(get_id keystone tenant-create --name=service \
keystone user-role-add --user-id $DEMO_USER --role-id $NETADMIN_ROLE --tenant-id $DEMO_TENANT --description "Service Tenant")
keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $INVIS_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $DEMO_TENANT
# TODO(termie): these two might be dubious
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT
# Services
NOVA_SERVICE=$(get_id \
keystone service-create --name=nova \
--type=compute \
--description="Nova Compute Service")
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass="$SERVICE_PASSWORD" \
--tenant-id $SERVICE_TENANT \
--email=nova@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $NOVA_USER \
--role-id $ADMIN_ROLE
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"
fi
EC2_SERVICE=$(get_id \
keystone service-create --name=ec2 \
--type=ec2 \
--description="EC2 Compatibility Layer")
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
fi
GLANCE_SERVICE=$(get_id \
keystone service-create --name=glance \
--type=image \
--description="Glance Image Service")
GLANCE_USER=$(get_id keystone user-create --name=glance \ GLANCE_USER=$(get_id keystone user-create --name=glance \
--pass="$SERVICE_PASSWORD" \ --pass=glance)
--tenant-id $SERVICE_TENANT \
--email=glance@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $GLANCE_USER \
--role-id $ADMIN_ROLE
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292/v1" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292/v1" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292/v1"
fi
keystone user-role-add --user-id $GLANCE_USER \
--role-id $ADMIN_ROLE \
--tenant-id $SERVICE_TENANT
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass=nova \
--tenant-id $SERVICE_TENANT)
keystone user-role-add --user-id $NOVA_USER \
--role-id $ADMIN_ROLE \
--tenant-id $SERVICE_TENANT
EC2_USER=$(get_id keystone user-create --name=ec2 \
--pass=ec2 \
--tenant-id $SERVICE_TENANT)
keystone user-role-add --user-id $EC2_USER \
--role-id $ADMIN_ROLE \
--tenant-id $SERVICE_TENANT
SWIFT_USER=$(get_id keystone user-create --name=swift \
--pass=swiftpass \
--tenant-id $SERVICE_TENANT)
keystone user-role-add --user-id $SWIFT_USER \
--role-id $ADMIN_ROLE \
--tenant-id $SERVICE_TENANT
#
# Keystone service
#
KEYSTONE_SERVICE=$(get_id \ KEYSTONE_SERVICE=$(get_id \
keystone service-create --name=keystone \ keystone service-create --name=keystone \
--type=identity \ --type=identity \
--description="Keystone Identity Service") --description="Keystone Identity Service")
if [[ -n "$ENABLE_ENDPOINTS" ]]; then if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \ keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0" --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0"
fi fi
#
# Nova service
#
NOVA_SERVICE=$(get_id \
keystone service-create --name=nova \
--type=compute \
--description="Nova Compute Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"
fi
#
# Volume service
#
VOLUME_SERVICE=$(get_id \ VOLUME_SERVICE=$(get_id \
keystone service-create --name="nova-volume" \ keystone service-create --name=volume \
--type=volume \ --type=volume \
--description="Nova Volume Service") --description="Nova Volume Service")
if [[ -n "$ENABLE_ENDPOINTS" ]]; then if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \ keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
fi fi
keystone service-create --name="horizon" \ #
--type=dashboard \ # Image service
--description="OpenStack Dashboard" #
GLANCE_SERVICE=$(get_id \
if [[ -n "$ENABLE_SWIFT" ]]; then keystone service-create --name=glance \
SWIFT_SERVICE=$(get_id \ --type=image \
keystone service-create --name=swift \ --description="Glance Image Service")
--type="object-store" \ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
--description="Swift Service") keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
SWIFT_USER=$(get_id keystone user-create --name=swift \ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
--pass="$SERVICE_PASSWORD" \ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
--tenant-id $SERVICE_TENANT \ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
--email=swift@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $SWIFT_USER \
--role-id $ADMIN_ROLE
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
fi
fi fi
if [[ -n "$ENABLE_QUANTUM" ]]; then #
QUANTUM_SERVICE=$(get_id \ # EC2 service
keystone service-create --name=quantum \ #
--type=network \ EC2_SERVICE=$(get_id \
--description="Quantum Service") keystone service-create --name=ec2 \
QUANTUM_USER=$(get_id keystone user-create --name=quantum \ --type=ec2 \
--pass="$SERVICE_PASSWORD" \ --description="EC2 Compatibility Layer")
--tenant-id $SERVICE_TENANT \ if [[ -z "$DISABLE_ENDPOINTS" ]]; then
--email=quantum@example.com) keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
keystone user-role-add --tenant-id $SERVICE_TENANT \ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
--user-id $QUANTUM_USER \ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
--role-id $ADMIN_ROLE --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
if [[ -n "$ENABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $QUANTUM_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696"
fi
fi fi
#
# Swift service
#
SWIFT_SERVICE=$(get_id \
keystone service-create --name=swift \
--type="object-store" \
--description="Swift Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8888/v1/AUTH_\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8888/v1" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8888/v1/AUTH_\$(tenant_id)s"
fi
# create ec2 creds and parse the secret and access key returned # create ec2 creds and parse the secret and access key returned
RESULT=$(keystone ec2-credentials-create --tenant-id=$ADMIN_TENANT --user-id=$ADMIN_USER) RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'` ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'` ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
RESULT=$(keystone ec2-credentials-create --tenant-id=$DEMO_TENANT --user-id=$DEMO_USER)
DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
# write the secret and access to ec2rc # write the secret and access to ec2rc
cat > $EC2RC <<EOF cat > $EC2RC <<EOF
ADMIN_ACCESS=$ADMIN_ACCESS ADMIN_ACCESS=$ADMIN_ACCESS
ADMIN_SECRET=$ADMIN_SECRET ADMIN_SECRET=$ADMIN_SECRET
DEMO_ACCESS=$DEMO_ACCESS
DEMO_SECRET=$DEMO_SECRET
EOF EOF