openstack/devstack
Code Issues Proposed changes

Merge "Remove some keystone resource parsers"

Browse Source
This commit is contained in:
Jenkins 2014-01-17 08:52:51 +00:00 committed by Gerrit Code Review
commit 84f9c35020
1 changed files with 51 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
files/keystone_data.sh
View File

@ -28,16 +28,6 @@ export SERVICE_TOKEN=$SERVICE_TOKEN
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
function get_id () {
echo `"$@" | awk '/ id / { print $4 }'`
}
# Lookups
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
# Roles
# -----
@ -45,53 +35,52 @@ MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
# The admin role in swift allows a user to act as an admin for their tenant,
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
# role is also configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone role-create --name=ResellerAdmin
# Service role, so service users do not have to be admins
SERVICE_ROLE=$(get_id keystone role-create --name=service)
keystone role-create --name=service
# Services
# --------
if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" || "$ENABLED_SERVICES" =~ "swift" ]]; then
NOVA_USER=$(keystone user-list | awk "/ nova / { print \$2 }")
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api.
keystone user-role-add \
--tenant-id $SERVICE_TENANT \
--user-id $NOVA_USER \
--role-id $RESELLER_ROLE
--tenant $SERVICE_TENANT_NAME \
--user nova \
--role ResellerAdmin
fi
# Heat
if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then
HEAT_USER=$(get_id keystone user-create --name=heat \
keystone user-create --name=heat \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=heat@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $HEAT_USER \
--role-id $SERVICE_ROLE
--tenant $SERVICE_TENANT_NAME \
--email=heat@example.com
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
--user heat \
--role service
# heat_stack_user role is for users created by Heat
keystone role-create --name heat_stack_user
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
HEAT_CFN_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=heat-cfn \
--type=cloudformation \
--description="Heat CloudFormation Service")
--description="Heat CloudFormation Service"
keystone endpoint-create \
--region RegionOne \
--service_id $HEAT_CFN_SERVICE \
--service heat-cfn \
--publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
--adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
--internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1"
HEAT_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=heat \
--type=orchestration \
--description="Heat Service")
--description="Heat Service"
keystone endpoint-create \
--region RegionOne \
--service_id $HEAT_SERVICE \
--service heat \
--publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
@ -100,23 +89,23 @@ fi
# Glance
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
GLANCE_USER=$(get_id keystone user-create \
keystone user-create \
--name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=glance@example.com)
--tenant $SERVICE_TENANT_NAME \
--email=glance@example.com
keystone user-role-add \
--tenant-id $SERVICE_TENANT \
--user-id $GLANCE_USER \
--role-id $ADMIN_ROLE
--tenant $SERVICE_TENANT_NAME \
--user glance \
--role admin
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
GLANCE_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=glance \
--type=image \
--description="Glance Image Service")
--description="Glance Image Service"
keystone endpoint-create \
--region RegionOne \
--service_id $GLANCE_SERVICE \
--service glance \
--publicurl "http://$SERVICE_HOST:9292" \
--adminurl "http://$SERVICE_HOST:9292" \
--internalurl "http://$SERVICE_HOST:9292"
@ -125,25 +114,25 @@ fi
# Ceilometer
if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \
keystone user-create --name=ceilometer \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=ceilometer@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $CEILOMETER_USER \
--role-id $ADMIN_ROLE
--tenant $SERVICE_TENANT_NAME \
--email=ceilometer@example.com
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
--user ceilometer \
--role admin
# Ceilometer needs ResellerAdmin role to access swift account stats.
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $CEILOMETER_USER \
--role-id $RESELLER_ROLE
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
--user ceilometer \
--role ResellerAdmin
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
CEILOMETER_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=ceilometer \
--type=metering \
--description="Ceilometer Service")
--description="Ceilometer Service"
keystone endpoint-create \
--region RegionOne \
--service_id $CEILOMETER_SERVICE \
--service ceilometer \
--publicurl "http://$SERVICE_HOST:8777" \
--adminurl "http://$SERVICE_HOST:8777" \
--internalurl "http://$SERVICE_HOST:8777"
@ -153,13 +142,13 @@ fi
# EC2
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
EC2_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=ec2 \
--type=ec2 \
--description="EC2 Compatibility Layer")
--description="EC2 Compatibility Layer"
keystone endpoint-create \
--region RegionOne \
--service_id $EC2_SERVICE \
--service ec2 \
--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
--adminurl "http://$SERVICE_HOST:8773/services/Admin" \
--internalurl "http://$SERVICE_HOST:8773/services/Cloud"
@ -169,13 +158,13 @@ fi
# S3
if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift3" ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
S3_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=s3 \
--type=s3 \
--description="S3")
--description="S3"
keystone endpoint-create \
--region RegionOne \
--service_id $S3_SERVICE \
--service s3 \
--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT"
@ -185,14 +174,14 @@ fi
if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
# Tempest has some tests that validate various authorization checks
# between two regular users in separate tenants
ALT_DEMO_TENANT=$(get_id keystone tenant-create \
--name=alt_demo)
ALT_DEMO_USER=$(get_id keystone user-create \
keystone tenant-create \
--name=alt_demo
keystone user-create \
--name=alt_demo \
--pass="$ADMIN_PASSWORD" \
--email=alt_demo@example.com)
--email=alt_demo@example.com
keystone user-role-add \
--tenant-id $ALT_DEMO_TENANT \
--user-id $ALT_DEMO_USER \
--role-id $MEMBER_ROLE
--tenant alt_demo \
--user alt_demo \
--role Member
fi