x/anvil
Code Issues Proposed changes

Bringing into sync with devstack v1

Browse Source
This commit is contained in:
Joshua Harlow
2012-03-12 21:21:48 -07:00
parent 6e4382cb42
commit e19e7de6f4
7 changed files with 94 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
conf/templates/horizon/horizon_settings.py
View File

@@ -1,4 +1,4 @@
#From commit b32c876ed5e66c8971c8126432c1ae957301eb08 of devstack.sh repo.
#From commit 770cec73146596c686405492e523fbe8861f36f7 of devstack.sh repo.
#
#With adjustments to make OPENSTACK_HOST a param
@@ -44,6 +44,12 @@ HORIZON_CONFIG = {
'user_home': 'openstack_dashboard.views.user_home',
}
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True
}
OPENSTACK_HOST = "%OPENSTACK_HOST%"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
# FIXME: this is only needed until keystone fixes its GET /tenants call

14
conf/templates/keystone/default_catalog.templates
View File

@@ -1,40 +1,40 @@
# From devstack commit 5f9473e8b9bdc15f42db597d5d1e766b760f764e with no modifications
# From devstack commit 06a09d0c33f0626379cad377b4ffa20fcda54858 with no modifications
# config for TemplatedCatalog, using camelCase because I don't want to do
# translations for legacy compat
catalog.RegionOne.identity.publicURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
catalog.RegionOne.identity.adminURL = http://%SERVICE_HOST%:$(admin_port)s/v2.0
catalog.RegionOne.identity.internalURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
catalog.RegionOne.identity.name = 'Identity Service'
catalog.RegionOne.identity.name = Identity Service
catalog.RegionOne.compute.publicURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
catalog.RegionOne.compute.adminURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
catalog.RegionOne.compute.name = 'Compute Service'
catalog.RegionOne.compute.name = Compute Service
catalog.RegionOne.volume.publicURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.adminURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.internalURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.name = 'Volume Service'
catalog.RegionOne.volume.name = Volume Service
catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/services/Cloud
catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/services/Admin
catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
catalog.RegionOne.ec2.name = 'EC2 Service'
catalog.RegionOne.ec2.name = EC2 Service
catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333
catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333
catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333
catalog.RegionOne.s3.name = 'S3 Service'
catalog.RegionOne.s3.name = S3 Service
catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1
catalog.RegionOne.image.name = 'Image Service'
catalog.RegionOne.image.name = Image Service
# More might be added in (in code)

94
conf/templates/keystone/keystone_init.sh
View File

@@ -1,13 +1,10 @@
#!/bin/bash
# From devstack commit c4849e7f8f40f522541d8e1e03771edf942d851e with modifications
# From devstack.sh commit edf59ca44331106ba895eee78ae1d8602764eb4c
#
# Initial data for Keystone using python-keystoneclient
#
# A set of EC2-compatible credentials is created for both admin and demo
# users and placed in $DEVSTACK_DIR/ec2rc.
#
# Tenant User Roles
# -------------------------------------------------------
# admin admin admin
@@ -20,11 +17,10 @@
# invisible_to_admin demo Member
#
# Variables set before calling this script:
#
# SERVICE_TOKEN - aka admin_token in keystone.conf
# AUTH_ENDPOINT - local Keystone admin endpoint
# SERVICE_ENDPOINT - local Keystone admin endpoint
# SERVICE_TENANT_NAME - name of tenant containing service accounts
# ENABLED_SERVICES - devstack's list of services being activated
# ENABLED_SERVICES - stack.sh's list of services to start
set -e
@@ -54,6 +50,7 @@ SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
# Users
ADMIN_USER=$(get_id keystone user-create --name=admin \
--pass="$ADMIN_PASSWORD" \
@@ -62,6 +59,7 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
--pass="$ADMIN_PASSWORD" \
--email=demo@example.com)
# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
@@ -69,77 +67,57 @@ KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
# Add Roles to Users in Tenants
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT 2>&1 >/dev/null
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
# TODO(termie): these two might be dubious
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT 2>&1 >/dev/null
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT 2>&1 >/dev/null
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
# The Member role is used by Horizon and Swift so we need to keep it:
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT 2>&1 >/dev/null
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
# Services
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" 2>&1 >/dev/null
keystone service-create --name=nova --type=compute --description="Nova Compute Service" 2>&1 >/dev/null
# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=nova@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $ADMIN_ROLE
NOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT --email=nova@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT --user $NOVA_USER --role $ADMIN_ROLE 2>&1 >/dev/null
keystone service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer" 2>&1 >/dev/null
keystone service-create --name=glance --type=image --description="Glance Image Service" 2>&1 >/dev/null
GLANCE_USER=$(get_id keystone user-create --name=glance --pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT --email=glance@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT --user $GLANCE_USER --role $ADMIN_ROLE 2>&1 >/dev/null
keystone service-create --name="nova-volume" --type=volume --description="Nova Volume Service" 2>&1 >/dev/null
GLANCE_USER=$(get_id keystone user-create --name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=glance@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $GLANCE_USER \
--role $ADMIN_ROLE
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
keystone service-create --name=swift --type="object-store" --description="Swift Service" 2>&1 >/dev/null
SWIFT_USER=$(get_id keystone user-create --name=swift \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=swift@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT --user $SWIFT_USER --role $ADMIN_ROLE 2>&1 >/dev/null
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $SWIFT_USER \
--role $ADMIN_ROLE
fi
if [[ "$ENABLED_SERVICES" =~ "quantum-server" ]]; then
keystone service-create --name=quantum --type=network --description="Quantum Service" 2>&1 >/dev/null
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=quantum@example.com)
keystone user-role-add --tenant_id $SERVICE_TENANT --user $QUANTUM_USER --role $ADMIN_ROLE 2>&1 >/dev/null
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $QUANTUM_USER \
--role $ADMIN_ROLE
fi
# create ec2 creds and parse the secret and access key returned
RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER)
ADMIN_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
ADMIN_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER)
DEMO_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
DEMO_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
cat <<EOF
# EC2 access variables (ie for euca tools...)
export EC2_ACCESS_KEY=$DEMO_ACCESS
export EC2_SECRET_KEY=$DEMO_SECRET
# Not really EC2 but useful for knowing...
export ADMIN_SECRET=$ADMIN_SECRET
export ADMIN_ACCESS=$ADMIN_ACCESS
export DEMO_ACCESS=$DEMO_ACCESS
export DEMO_SECRET=$DEMO_SECRET
EOF