openstack/devstack
Code Issues Proposed changes

Remove some keystone resource parsers

Browse Source 
Current "keystone" command can parse the specified resources(tenant,
user, role, service) by itself. Then it is unnecessary to translate
resource names to resource ids in devstack.

This patch removes these resource parsers from devstack for cleanup.

Change-Id: Ibae06581b471f02168b559b4ca0c10f14996d661
This commit is contained in:
Ken'ichi Ohmichi 2013-12-27 19:08:26 +09:00
parent 6fbb28d021
commit 9aadec3806
1 changed files with 51 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
files/keystone_data.sh
View File

@ -28,16 +28,6 @@ export SERVICE_TOKEN=$SERVICE_TOKEN
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
function get_id () {
echo `"$@" | awk '/ id / { print $4 }'`
}
# Lookups
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
# Roles
# -----
@ -45,53 +35,52 @@ MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
# The admin role in swift allows a user to act as an admin for their tenant,
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
# role is also configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone role-create --name=ResellerAdmin
# Service role, so service users do not have to be admins
SERVICE_ROLE=$(get_id keystone role-create --name=service)
keystone role-create --name=service
# Services
# --------
if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" || "$ENABLED_SERVICES" =~ "swift" ]]; then
NOVA_USER=$(keystone user-list | awk "/ nova / { print \$2 }")
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api.
keystone user-role-add \
--tenant-id $SERVICE_TENANT \
--user-id $NOVA_USER \
--role-id $RESELLER_ROLE
--tenant $SERVICE_TENANT_NAME \
--user nova \
--role ResellerAdmin
fi
# Heat
if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then
HEAT_USER=$(get_id keystone user-create --name=heat \
keystone user-create --name=heat \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=heat@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $HEAT_USER \
--role-id $SERVICE_ROLE
--tenant $SERVICE_TENANT_NAME \
--email=heat@example.com
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
--user heat \
--role service
# heat_stack_user role is for users created by Heat
keystone role-create --name heat_stack_user
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
HEAT_CFN_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=heat-cfn \
--type=cloudformation \
--description="Heat CloudFormation Service")
--description="Heat CloudFormation Service"
keystone endpoint-create \
--region RegionOne \
--service_id $HEAT_CFN_SERVICE \
--service heat-cfn \
--publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
--adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
--internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1"
HEAT_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=heat \
--type=orchestration \
--description="Heat Service")
--description="Heat Service"
keystone endpoint-create \
--region RegionOne \
--service_id $HEAT_SERVICE \
--service heat \
--publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
@ -100,23 +89,23 @@ fi
# Glance
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
GLANCE_USER=$(get_id keystone user-create \
keystone user-create \
--name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=glance@example.com)
--tenant $SERVICE_TENANT_NAME \
--email=glance@example.com
keystone user-role-add \
--tenant-id $SERVICE_TENANT \
--user-id $GLANCE_USER \
--role-id $ADMIN_ROLE
--tenant $SERVICE_TENANT_NAME \
--user glance \
--role admin
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
GLANCE_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=glance \
--type=image \
--description="Glance Image Service")
--description="Glance Image Service"
keystone endpoint-create \
--region RegionOne \
--service_id $GLANCE_SERVICE \
--service glance \
--publicurl "http://$SERVICE_HOST:9292" \
--adminurl "http://$SERVICE_HOST:9292" \
--internalurl "http://$SERVICE_HOST:9292"
@ -125,25 +114,25 @@ fi
# Ceilometer
if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \
keystone user-create --name=ceilometer \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=ceilometer@example.com)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $CEILOMETER_USER \
--role-id $ADMIN_ROLE
--tenant $SERVICE_TENANT_NAME \
--email=ceilometer@example.com
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
--user ceilometer \
--role admin
# Ceilometer needs ResellerAdmin role to access swift account stats.
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $CEILOMETER_USER \
--role-id $RESELLER_ROLE
keystone user-role-add --tenant $SERVICE_TENANT_NAME \
--user ceilometer \
--role ResellerAdmin
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
CEILOMETER_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=ceilometer \
--type=metering \
--description="Ceilometer Service")
--description="Ceilometer Service"
keystone endpoint-create \
--region RegionOne \
--service_id $CEILOMETER_SERVICE \
--service ceilometer \
--publicurl "http://$SERVICE_HOST:8777" \
--adminurl "http://$SERVICE_HOST:8777" \
--internalurl "http://$SERVICE_HOST:8777"
@ -153,13 +142,13 @@ fi
# EC2
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
EC2_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=ec2 \
--type=ec2 \
--description="EC2 Compatibility Layer")
--description="EC2 Compatibility Layer"
keystone endpoint-create \
--region RegionOne \
--service_id $EC2_SERVICE \
--service ec2 \
--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
--adminurl "http://$SERVICE_HOST:8773/services/Admin" \
--internalurl "http://$SERVICE_HOST:8773/services/Cloud"
@ -169,13 +158,13 @@ fi
# S3
if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift3" ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
S3_SERVICE=$(get_id keystone service-create \
keystone service-create \
--name=s3 \
--type=s3 \
--description="S3")
--description="S3"
keystone endpoint-create \
--region RegionOne \
--service_id $S3_SERVICE \
--service s3 \
--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT"
@ -185,14 +174,14 @@ fi
if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
# Tempest has some tests that validate various authorization checks
# between two regular users in separate tenants
ALT_DEMO_TENANT=$(get_id keystone tenant-create \
--name=alt_demo)
ALT_DEMO_USER=$(get_id keystone user-create \
keystone tenant-create \
--name=alt_demo
keystone user-create \
--name=alt_demo \
--pass="$ADMIN_PASSWORD" \
--email=alt_demo@example.com)
--email=alt_demo@example.com
keystone user-role-add \
--tenant-id $ALT_DEMO_TENANT \
--user-id $ALT_DEMO_USER \
--role-id $MEMBER_ROLE
--tenant alt_demo \
--user alt_demo \
--role Member
fi