233 lines
8.9 KiB
Bash
Executable File
233 lines
8.9 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Copyright 2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# Sample initial data for Keystone using python-keystoneclient
|
|
#
|
|
# This script is based on the original DevStack keystone_data.sh script.
|
|
#
|
|
# It demonstrates how to bootstrap Keystone with an administrative user
|
|
# using the OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables
|
|
# and the administrative API. It will get the admin_token (OS_SERVICE_TOKEN)
|
|
# and admin_port from keystone.conf if available.
|
|
#
|
|
# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
|
|
# Use this with the Catalog Templated backend.
|
|
#
|
|
# A EC2-compatible credential is created for the admin user and
|
|
# placed in etc/ec2rc.
|
|
#
|
|
# Tenant User Roles
|
|
# -------------------------------------------------------
|
|
# demo admin admin
|
|
# service glance admin
|
|
# service nova admin
|
|
# service ec2 admin
|
|
# service swift admin
|
|
|
|
# By default, passwords used are those in the OpenStack Install and Deploy Manual.
|
|
# One can override these (publicly known, and hence, insecure) passwords by setting the appropriate
|
|
# environment variables. A common default password for all the services can be used by
|
|
# setting the "SERVICE_PASSWORD" environment variable.
|
|
|
|
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
|
|
NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}}
|
|
GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}}
|
|
EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}
|
|
SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}
|
|
|
|
CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
|
|
CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
|
|
CONTROLLER_INTERNAL_ADDRESS=${CONTROLLER_INTERNAL_ADDRESS:-localhost}
|
|
|
|
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
|
|
KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
|
|
if [[ -r "$KEYSTONE_CONF" ]]; then
|
|
EC2RC="$(dirname "$KEYSTONE_CONF")/ec2rc"
|
|
elif [[ -r "$TOOLS_DIR/../etc/keystone.conf" ]]; then
|
|
# assume git checkout
|
|
KEYSTONE_CONF="$TOOLS_DIR/../etc/keystone.conf"
|
|
EC2RC="$TOOLS_DIR/../etc/ec2rc"
|
|
else
|
|
KEYSTONE_CONF=""
|
|
EC2RC="ec2rc"
|
|
fi
|
|
|
|
# Extract some info from Keystone's configuration file
|
|
if [[ -r "$KEYSTONE_CONF" ]]; then
|
|
CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
|
|
CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
|
|
fi
|
|
|
|
export OS_SERVICE_TOKEN=${OS_SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
|
|
if [[ -z "$OS_SERVICE_TOKEN" ]]; then
|
|
echo "No service token found."
|
|
echo "Set OS_SERVICE_TOKEN manually from keystone.conf admin_token."
|
|
exit 1
|
|
fi
|
|
|
|
export OS_SERVICE_ENDPOINT=${OS_SERVICE_ENDPOINT:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
|
|
|
|
function get_id () {
|
|
echo `"$@" | grep ' id ' | awk '{print $4}'`
|
|
}
|
|
|
|
#
|
|
# Default tenant
|
|
#
|
|
DEMO_TENANT=$(get_id keystone tenant-create --name=demo \
|
|
--description "Default Tenant")
|
|
|
|
ADMIN_USER=$(get_id keystone user-create --name=admin \
|
|
--pass="${ADMIN_PASSWORD}")
|
|
|
|
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
|
|
|
|
keystone user-role-add --user-id $ADMIN_USER \
|
|
--role-id $ADMIN_ROLE \
|
|
--tenant-id $DEMO_TENANT
|
|
|
|
#
|
|
# Service tenant
|
|
#
|
|
SERVICE_TENANT=$(get_id keystone tenant-create --name=service \
|
|
--description "Service Tenant")
|
|
|
|
GLANCE_USER=$(get_id keystone user-create --name=glance \
|
|
--pass="${GLANCE_PASSWORD}")
|
|
|
|
keystone user-role-add --user-id $GLANCE_USER \
|
|
--role-id $ADMIN_ROLE \
|
|
--tenant-id $SERVICE_TENANT
|
|
|
|
NOVA_USER=$(get_id keystone user-create --name=nova \
|
|
--pass="${NOVA_PASSWORD}" \
|
|
--tenant-id $SERVICE_TENANT)
|
|
|
|
keystone user-role-add --user-id $NOVA_USER \
|
|
--role-id $ADMIN_ROLE \
|
|
--tenant-id $SERVICE_TENANT
|
|
|
|
EC2_USER=$(get_id keystone user-create --name=ec2 \
|
|
--pass="${EC2_PASSWORD}" \
|
|
--tenant-id $SERVICE_TENANT)
|
|
|
|
keystone user-role-add --user-id $EC2_USER \
|
|
--role-id $ADMIN_ROLE \
|
|
--tenant-id $SERVICE_TENANT
|
|
|
|
SWIFT_USER=$(get_id keystone user-create --name=swift \
|
|
--pass="${SWIFT_PASSWORD}" \
|
|
--tenant-id $SERVICE_TENANT)
|
|
|
|
keystone user-role-add --user-id $SWIFT_USER \
|
|
--role-id $ADMIN_ROLE \
|
|
--tenant-id $SERVICE_TENANT
|
|
|
|
#
|
|
# Keystone service
|
|
#
|
|
KEYSTONE_SERVICE=$(get_id \
|
|
keystone service-create --name=keystone \
|
|
--type=identity \
|
|
--description="Keystone Identity Service")
|
|
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
|
|
keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
|
|
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
|
|
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
|
|
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0"
|
|
fi
|
|
|
|
#
|
|
# Nova service
|
|
#
|
|
NOVA_SERVICE=$(get_id \
|
|
keystone service-create --name=nova \
|
|
--type=compute \
|
|
--description="Nova Compute Service")
|
|
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
|
|
keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
|
|
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v2/\$(tenant_id)s" \
|
|
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v2/\$(tenant_id)s" \
|
|
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v2/\$(tenant_id)s"
|
|
fi
|
|
|
|
#
|
|
# Volume service
|
|
#
|
|
VOLUME_SERVICE=$(get_id \
|
|
keystone service-create --name=volume \
|
|
--type=volume \
|
|
--description="Nova Volume Service")
|
|
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
|
|
keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
|
|
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
|
|
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
|
|
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
|
|
fi
|
|
|
|
#
|
|
# Image service
|
|
#
|
|
GLANCE_SERVICE=$(get_id \
|
|
keystone service-create --name=glance \
|
|
--type=image \
|
|
--description="Glance Image Service")
|
|
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
|
|
keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
|
|
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
|
|
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
|
|
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
|
|
fi
|
|
|
|
#
|
|
# EC2 service
|
|
#
|
|
EC2_SERVICE=$(get_id \
|
|
keystone service-create --name=ec2 \
|
|
--type=ec2 \
|
|
--description="EC2 Compatibility Layer")
|
|
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
|
|
keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
|
|
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
|
|
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
|
|
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
|
|
fi
|
|
|
|
#
|
|
# Swift service
|
|
#
|
|
SWIFT_SERVICE=$(get_id \
|
|
keystone service-create --name=swift \
|
|
--type="object-store" \
|
|
--description="Swift Service")
|
|
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
|
|
keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
|
|
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
|
|
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
|
|
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
|
|
fi
|
|
|
|
# create ec2 creds and parse the secret and access key returned
|
|
RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
|
|
ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
|
|
ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
|
|
|
|
# write the secret and access to ec2rc
|
|
cat > $EC2RC <<EOF
|
|
ADMIN_ACCESS=$ADMIN_ACCESS
|
|
ADMIN_SECRET=$ADMIN_SECRET
|
|
EOF
|