Merge "Adds support for multi-region"

This commit is contained in:
Jenkins 2014-07-04 16:53:01 +00:00 committed by Gerrit Code Review
commit cfcd8cf2f8
18 changed files with 392 additions and 397 deletions

View File

@ -330,6 +330,25 @@ which includes the following, with the IP address of the above controller node:
Q_HOST=$SERVICE_HOST Q_HOST=$SERVICE_HOST
MATCHMAKER_REDIS_HOST=$SERVICE_HOST MATCHMAKER_REDIS_HOST=$SERVICE_HOST
# Multi-Region Setup
We want to setup two devstack (RegionOne and RegionTwo) with shared keystone
(same users and services) and horizon.
Keystone and Horizon will be located in RegionOne.
Full spec is available at:
https://wiki.openstack.org/wiki/Heat/Blueprints/Multi_Region_Support_for_Heat.
In RegionOne:
REGION_NAME=RegionOne
In RegionTwo:
disable_service horizon
KEYSTONE_SERVICE_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
KEYSTONE_AUTH_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
REGION_NAME=RegionTwo
# Cells # Cells
Cells is a new scaling option with a full spec at: Cells is a new scaling option with a full spec at:

View File

@ -719,6 +719,109 @@ function policy_add {
mv ${tmpfile} ${policy_file} mv ${tmpfile} ${policy_file}
} }
# Gets or creates user
# Usage: get_or_create_user <username> <password> <project> <email>
function get_or_create_user {
# Gets user id
USER_ID=$(
# Gets user id
openstack user show $1 -f value -c id 2>/dev/null ||
# Creates new user
openstack user create \
$1 \
--password "$2" \
--project $3 \
--email $4 \
-f value -c id
)
echo $USER_ID
}
# Gets or creates project
# Usage: get_or_create_project <name>
function get_or_create_project {
# Gets project id
PROJECT_ID=$(
# Gets project id
openstack project show $1 -f value -c id 2>/dev/null ||
# Creates new project if not exists
openstack project create $1 -f value -c id
)
echo $PROJECT_ID
}
# Gets or creates role
# Usage: get_or_create_role <name>
function get_or_create_role {
ROLE_ID=$(
# Gets role id
openstack role show $1 -f value -c id 2>/dev/null ||
# Creates role if not exists
openstack role create $1 -f value -c id
)
echo $ROLE_ID
}
# Gets or adds user role
# Usage: get_or_add_user_role <role> <user> <project>
function get_or_add_user_role {
# Gets user role id
USER_ROLE_ID=$(openstack user role list \
$2 \
--project $3 \
--column "ID" \
--column "Name" \
| grep " $1 " | get_field 1)
if [[ -z "$USER_ROLE_ID" ]]; then
# Adds role to user
USER_ROLE_ID=$(openstack role add \
$1 \
--user $2 \
--project $3 \
| grep " id " | get_field 2)
fi
echo $USER_ROLE_ID
}
# Gets or creates service
# Usage: get_or_create_service <name> <type> <description>
function get_or_create_service {
# Gets service id
SERVICE_ID=$(
# Gets service id
openstack service show $1 -f value -c id 2>/dev/null ||
# Creates new service if not exists
openstack service create \
$1 \
--type=$2 \
--description="$3" \
-f value -c id
)
echo $SERVICE_ID
}
# Gets or creates endpoint
# Usage: get_or_create_endpoint <service> <region> <publicurl> <adminurl> <internalurl>
function get_or_create_endpoint {
# Gets endpoint id
ENDPOINT_ID=$(openstack endpoint list \
--column "ID" \
--column "Region" \
--column "Service Name" \
| grep " $2 " \
| grep " $1 " | get_field 1)
if [[ -z "$ENDPOINT_ID" ]]; then
# Creates new endpoint
ENDPOINT_ID=$(openstack endpoint create \
$1 \
--region $2 \
--publicurl $3 \
--adminurl $4 \
--internalurl $5 \
| grep " id " | get_field 2)
fi
echo $ENDPOINT_ID
}
# Package Functions # Package Functions
# ================= # =================

View File

@ -84,35 +84,22 @@ create_ceilometer_accounts() {
# Ceilometer # Ceilometer
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
CEILOMETER_USER=$(openstack user create \ CEILOMETER_USER=$(get_or_create_user "ceilometer" \
ceilometer \ "$SERVICE_PASSWORD" $SERVICE_TENANT "ceilometer@example.com")
--password "$SERVICE_PASSWORD" \ get_or_add_user_role $ADMIN_ROLE $CEILOMETER_USER $SERVICE_TENANT
--project $SERVICE_TENANT \
--email ceilometer@example.com \
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $SERVICE_TENANT \
--user $CEILOMETER_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
CEILOMETER_SERVICE=$(openstack service create \ CEILOMETER_SERVICE=$(get_or_create_service "ceilometer" \
ceilometer \ "metering" "OpenStack Telemetry Service")
--type=metering \ get_or_create_endpoint $CEILOMETER_SERVICE \
--description="OpenStack Telemetry Service" \ "$REGION_NAME" \
| grep " id " | get_field 2) "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
openstack endpoint create \ "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
$CEILOMETER_SERVICE \ "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/"
--region RegionOne \
--publicurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
--adminurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
--internalurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/"
fi fi
if is_service_enabled swift; then if is_service_enabled swift; then
# Ceilometer needs ResellerAdmin role to access swift account stats. # Ceilometer needs ResellerAdmin role to access swift account stats.
openstack role add \ get_or_add_user_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME
--project $SERVICE_TENANT_NAME \
--user ceilometer \
ResellerAdmin
fi fi
fi fi
} }

View File

@ -339,39 +339,26 @@ function create_cinder_accounts {
# Cinder # Cinder
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
CINDER_USER=$(openstack user create \
cinder \ CINDER_USER=$(get_or_create_user "cinder" \
--password "$SERVICE_PASSWORD" \ "$SERVICE_PASSWORD" $SERVICE_TENANT "cinder@example.com")
--project $SERVICE_TENANT \ get_or_add_user_role $ADMIN_ROLE $CINDER_USER $SERVICE_TENANT
--email cinder@example.com \
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $SERVICE_TENANT \
--user $CINDER_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
CINDER_SERVICE=$(openstack service create \
cinder \ CINDER_SERVICE=$(get_or_create_service "cinder" \
--type=volume \ "volume" "Cinder Volume Service")
--description="Cinder Volume Service" \ get_or_create_endpoint $CINDER_SERVICE "$REGION_NAME" \
| grep " id " | get_field 2) "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
openstack endpoint create \ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
$CINDER_SERVICE \ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
--region RegionOne \
--publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ CINDER_V2_SERVICE=$(get_or_create_service "cinderv2" \
--adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \ "volumev2" "Cinder Volume Service V2")
--internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" get_or_create_endpoint $CINDER_V2_SERVICE "$REGION_NAME" \
CINDER_V2_SERVICE=$(openstack service create \ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
cinderv2 \ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
--type=volumev2 \ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
--description="Cinder Volume Service V2" \
| grep " id " | get_field 2)
openstack endpoint create \
$CINDER_V2_SERVICE \
--region RegionOne \
--publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
--adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
--internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
fi fi
fi fi
} }

View File

@ -164,36 +164,28 @@ function configure_glance {
function create_glance_accounts { function create_glance_accounts {
if is_service_enabled g-api; then if is_service_enabled g-api; then
openstack user create \
--password "$SERVICE_PASSWORD" \ GLANCE_USER=$(get_or_create_user "glance" \
--project $SERVICE_TENANT_NAME \ "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance@example.com")
glance get_or_add_user_role service $GLANCE_USER $SERVICE_TENANT_NAME
openstack role add \
--project $SERVICE_TENANT_NAME \
--user glance \
service
# required for swift access # required for swift access
if is_service_enabled s-proxy; then if is_service_enabled s-proxy; then
openstack user create \
--password "$SERVICE_PASSWORD" \ GLANCE_SWIFT_USER=$(get_or_create_user "glance-swift" \
--project $SERVICE_TENANT_NAME \ "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance-swift@example.com")
glance-swift get_or_add_user_role "ResellerAdmin" $GLANCE_SWIFT_USER $SERVICE_TENANT_NAME
openstack role add \
--project $SERVICE_TENANT_NAME \
--user glance-swift \
ResellerAdmin
fi fi
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
openstack service create \
--type image \ GLANCE_SERVICE=$(get_or_create_service "glance" \
--description "Glance Image Service" \ "image" "Glance Image Service")
glance get_or_create_endpoint $GLANCE_SERVICE \
openstack endpoint create \ "$REGION_NAME" \
--region RegionOne \ "http://$GLANCE_HOSTPORT" \
--publicurl "http://$GLANCE_HOSTPORT" \ "http://$GLANCE_HOSTPORT" \
--adminurl "http://$GLANCE_HOSTPORT" \ "http://$GLANCE_HOSTPORT"
--internalurl "http://$GLANCE_HOSTPORT" \
glance
fi fi
fi fi
} }

View File

@ -98,6 +98,8 @@ function configure_heat {
iniset $HEAT_CONF database connection `database_connection_url heat` iniset $HEAT_CONF database connection `database_connection_url heat`
iniset $HEAT_CONF DEFAULT auth_encryption_key `hexdump -n 16 -v -e '/1 "%02x"' /dev/urandom` iniset $HEAT_CONF DEFAULT auth_encryption_key `hexdump -n 16 -v -e '/1 "%02x"' /dev/urandom`
iniset $HEAT_CONF DEFAULT region_name_for_services "$REGION_NAME"
# logging # logging
iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
@ -214,57 +216,44 @@ function create_heat_accounts {
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
HEAT_USER=$(openstack user create \ HEAT_USER=$(get_or_create_user "heat" \
heat \ "$SERVICE_PASSWORD" $SERVICE_TENANT "heat@example.com")
--password "$SERVICE_PASSWORD" \ get_or_add_user_role $ADMIN_ROLE $HEAT_USER $SERVICE_TENANT
--project $SERVICE_TENANT \
--email heat@example.com \
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $SERVICE_TENANT \
--user $HEAT_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
HEAT_SERVICE=$(openstack service create \
heat \ HEAT_SERVICE=$(get_or_create_service "heat" \
--type=orchestration \ "orchestration" "Heat Orchestration Service")
--description="Heat Orchestration Service" \ get_or_create_endpoint $HEAT_SERVICE \
| grep " id " | get_field 2) "$REGION_NAME" \
openstack endpoint create \ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
$HEAT_SERVICE \ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--region RegionOne \ "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
--publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ HEAT_CFN_SERVICE=$(get_or_create_service "heat-cfn" \
--internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" "cloudformation" "Heat CloudFormation Service")
HEAT_CFN_SERVICE=$(openstack service create \ get_or_create_endpoint $HEAT_CFN_SERVICE \
heat \ "$REGION_NAME" \
--type=cloudformation \ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
--description="Heat CloudFormation Service" \ "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
| grep " id " | get_field 2) "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
openstack endpoint create \
$HEAT_CFN_SERVICE \
--region RegionOne \
--publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
--adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
--internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
fi fi
# heat_stack_user role is for users created by Heat # heat_stack_user role is for users created by Heat
openstack role create heat_stack_user get_or_create_role "heat_stack_user"
if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
# heat_stack_owner role is given to users who create Heat stacks, # heat_stack_owner role is given to users who create Heat stacks,
# it's the default role used by heat to delegate to the heat service # it's the default role used by heat to delegate to the heat service
# user (for performing deferred operations via trusts), see heat.conf # user (for performing deferred operations via trusts), see heat.conf
HEAT_OWNER_ROLE=$(openstack role create \ HEAT_OWNER_ROLE=$(get_or_create_role "heat_stack_owner")
heat_stack_owner \
| grep " id " | get_field 2)
# Give the role to the demo and admin users so they can create stacks # Give the role to the demo and admin users so they can create stacks
# in either of the projects created by devstack # in either of the projects created by devstack
openstack role add $HEAT_OWNER_ROLE --project demo --user demo get_or_add_user_role $HEAT_OWNER_ROLE demo demo
openstack role add $HEAT_OWNER_ROLE --project demo --user admin get_or_add_user_role $HEAT_OWNER_ROLE admin demo
openstack role add $HEAT_OWNER_ROLE --project admin --user admin get_or_add_user_role $HEAT_OWNER_ROLE admin admin
iniset $HEAT_CONF DEFAULT deferred_auth_method trusts iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
fi fi
@ -272,6 +261,11 @@ function create_heat_accounts {
# Note we have to pass token/endpoint here because the current endpoint and # Note we have to pass token/endpoint here because the current endpoint and
# version negotiation in OSC means just --os-identity-api-version=3 won't work # version negotiation in OSC means just --os-identity-api-version=3 won't work
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3" KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3"
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
--os-identity-api-version=3 domain list | grep ' heat ' | get_field 1)
if [[ -z "$D_ID" ]]; then
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
--os-identity-api-version=3 domain create heat \ --os-identity-api-version=3 domain create heat \
--description "Owns users and projects created by heat" \ --description "Owns users and projects created by heat" \
@ -288,6 +282,7 @@ function create_heat_accounts {
iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
fi fi
fi
} }
# Restore xtrace # Restore xtrace

View File

@ -223,28 +223,21 @@ function create_ironic_accounts {
# Ironic # Ironic
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
IRONIC_USER=$(openstack user create \ # Get ironic user if exists
ironic \
--password "$SERVICE_PASSWORD" \ IRONIC_USER=$(get_or_create_user "ironic" \
--project $SERVICE_TENANT \ "$SERVICE_PASSWORD" $SERVICE_TENANT "ironic@example.com")
--email ironic@example.com \ get_or_add_user_role $ADMIN_ROLE $IRONIC_USER $SERVICE_TENANT
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $SERVICE_TENANT \
--user $IRONIC_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
IRONIC_SERVICE=$(openstack service create \
ironic \ IRONIC_SERVICE=$(get_or_create_service "ironic" \
--type=baremetal \ "baremetal" "Ironic baremetal provisioning service")
--description="Ironic baremetal provisioning service" \ get_or_create_endpoint $IRONIC_SERVICE \
| grep " id " | get_field 2) "$REGION_NAME" \
openstack endpoint create \ "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
$IRONIC_SERVICE \ "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
--region RegionOne \ "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
--publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
--adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
--internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
fi fi
fi fi
} }

View File

@ -278,6 +278,8 @@ function configure_keystone {
iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(process)d TRACE %(name)s %(instance)s" iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(process)d TRACE %(name)s %(instance)s"
_config_keystone_apache_wsgi _config_keystone_apache_wsgi
fi fi
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
} }
function configure_keystone_extensions { function configure_keystone_extensions {
@ -316,79 +318,55 @@ function configure_keystone_extensions {
function create_keystone_accounts { function create_keystone_accounts {
# admin # admin
ADMIN_TENANT=$(openstack project create \ ADMIN_TENANT=$(get_or_create_project "admin")
admin \ ADMIN_USER=$(get_or_create_user "admin" \
| grep " id " | get_field 2) "$ADMIN_PASSWORD" "$ADMIN_TENANT" "admin@example.com")
ADMIN_USER=$(openstack user create \ ADMIN_ROLE=$(get_or_create_role "admin")
admin \ get_or_add_user_role $ADMIN_ROLE $ADMIN_USER $ADMIN_TENANT
--project "$ADMIN_TENANT" \
--email admin@example.com \
--password "$ADMIN_PASSWORD" \
| grep " id " | get_field 2)
ADMIN_ROLE=$(openstack role create \
admin \
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $ADMIN_TENANT \
--user $ADMIN_USER
# Create service project/role # Create service project/role
openstack project create $SERVICE_TENANT_NAME get_or_create_project "$SERVICE_TENANT_NAME"
# Service role, so service users do not have to be admins # Service role, so service users do not have to be admins
openstack role create service get_or_create_role service
# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it. # The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
# The admin role in swift allows a user to act as an admin for their tenant, # The admin role in swift allows a user to act as an admin for their tenant,
# but ResellerAdmin is needed for a user to act as any tenant. The name of this # but ResellerAdmin is needed for a user to act as any tenant. The name of this
# role is also configurable in swift-proxy.conf # role is also configurable in swift-proxy.conf
openstack role create ResellerAdmin get_or_create_role ResellerAdmin
# The Member role is used by Horizon and Swift so we need to keep it: # The Member role is used by Horizon and Swift so we need to keep it:
MEMBER_ROLE=$(openstack role create \ MEMBER_ROLE=$(get_or_create_role "Member")
Member \
| grep " id " | get_field 2)
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used # ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
# TODO(sleepsonthefloor): show how this can be used for rbac in the future! # TODO(sleepsonthefloor): show how this can be used for rbac in the future!
ANOTHER_ROLE=$(openstack role create \
anotherrole \ ANOTHER_ROLE=$(get_or_create_role "anotherrole")
| grep " id " | get_field 2)
# invisible tenant - admin can't see this one # invisible tenant - admin can't see this one
INVIS_TENANT=$(openstack project create \ INVIS_TENANT=$(get_or_create_project "invisible_to_admin")
invisible_to_admin \
| grep " id " | get_field 2)
# demo # demo
DEMO_TENANT=$(openstack project create \ DEMO_TENANT=$(get_or_create_project "demo")
demo \ DEMO_USER=$(get_or_create_user "demo" \
| grep " id " | get_field 2) "$ADMIN_PASSWORD" "$DEMO_TENANT" "demo@example.com")
DEMO_USER=$(openstack user create \
demo \
--project $DEMO_TENANT \
--email demo@example.com \
--password "$ADMIN_PASSWORD" \
| grep " id " | get_field 2)
openstack role add --project $DEMO_TENANT --user $DEMO_USER $MEMBER_ROLE get_or_add_user_role $MEMBER_ROLE $DEMO_USER $DEMO_TENANT
openstack role add --project $DEMO_TENANT --user $ADMIN_USER $ADMIN_ROLE get_or_add_user_role $ADMIN_ROLE $ADMIN_USER $DEMO_TENANT
openstack role add --project $DEMO_TENANT --user $DEMO_USER $ANOTHER_ROLE get_or_add_user_role $ANOTHER_ROLE $DEMO_USER $DEMO_TENANT
openstack role add --project $INVIS_TENANT --user $DEMO_USER $MEMBER_ROLE get_or_add_user_role $MEMBER_ROLE $DEMO_USER $INVIS_TENANT
# Keystone # Keystone
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
KEYSTONE_SERVICE=$(openstack service create \
keystone \ KEYSTONE_SERVICE=$(get_or_create_service "keystone" \
--type identity \ "identity" "Keystone Identity Service")
--description "Keystone Identity Service" \ get_or_create_endpoint $KEYSTONE_SERVICE \
| grep " id " | get_field 2) "$REGION_NAME" \
openstack endpoint create \ "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
$KEYSTONE_SERVICE \ "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
--region RegionOne \ "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
--publicurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
--adminurl "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
--internalurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
fi fi
} }

View File

@ -178,29 +178,19 @@ function create_marconi_accounts {
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
MARCONI_USER=$(openstack user create \ MARCONI_USER=$(get_or_create_user "marconi" \
marconi \ "$SERVICE_PASSWORD" $SERVICE_TENANT "marconi@example.com")
--password "$SERVICE_PASSWORD" \ get_or_add_user_role $ADMIN_ROLE $MARCONI_USER $SERVICE_TENANT
--project $SERVICE_TENANT \
--email marconi@example.com \
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $SERVICE_TENANT \
--user $MARCONI_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
MARCONI_SERVICE=$(openstack service create \
marconi \ MARCONI_SERVICE=$(get_or_create_service "marconi" \
--type=queuing \ "queuing" "Marconi Service")
--description="Marconi Service" \ get_or_create_endpoint $MARCONI_SERVICE \
| grep " id " | get_field 2) "$REGION_NAME" \
openstack endpoint create \ "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
$MARCONI_SERVICE \ "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
--region RegionOne \ "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT"
--publicurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
--adminurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
--internalurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT"
fi fi
} }

View File

@ -307,7 +307,7 @@ function create_nova_conf_neutron {
iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0" iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY" iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME" iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME"
iniset $NOVA_CONF neutron region_name "RegionOne" iniset $NOVA_CONF neutron region_name "$REGION_NAME"
iniset $NOVA_CONF neutron url "http://$Q_HOST:$Q_PORT" iniset $NOVA_CONF neutron url "http://$Q_HOST:$Q_PORT"
if [[ "$Q_USE_SECGROUP" == "True" ]]; then if [[ "$Q_USE_SECGROUP" == "True" ]]; then
@ -350,28 +350,20 @@ function create_neutron_accounts {
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
NEUTRON_USER=$(openstack user create \
neutron \ NEUTRON_USER=$(get_or_create_user "neutron" \
--password "$SERVICE_PASSWORD" \ "$SERVICE_PASSWORD" $SERVICE_TENANT "neutron@example.com")
--project $SERVICE_TENANT \ get_or_add_user_role $ADMIN_ROLE $NEUTRON_USER $SERVICE_TENANT
--email neutron@example.com \
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $SERVICE_TENANT \
--user $NEUTRON_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
NEUTRON_SERVICE=$(openstack service create \
neutron \ NEUTRON_SERVICE=$(get_or_create_service "neutron" \
--type=network \ "network" "Neutron Service")
--description="Neutron Service" \ get_or_create_endpoint $NEUTRON_SERVICE \
| grep " id " | get_field 2) "$REGION_NAME" \
openstack endpoint create \ "http://$SERVICE_HOST:9696/" \
$NEUTRON_SERVICE \ "http://$SERVICE_HOST:9696/" \
--region RegionOne \ "http://$SERVICE_HOST:9696/"
--publicurl "http://$SERVICE_HOST:9696/" \
--adminurl "http://$SERVICE_HOST:9696/" \
--internalurl "http://$SERVICE_HOST:9696/"
fi fi
fi fi
} }

View File

@ -333,39 +333,28 @@ create_nova_accounts() {
# Nova # Nova
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
NOVA_USER=$(openstack user create \
nova \ NOVA_USER=$(get_or_create_user "nova" \
--password "$SERVICE_PASSWORD" \ "$SERVICE_PASSWORD" $SERVICE_TENANT "nova@example.com")
--project $SERVICE_TENANT \ get_or_add_user_role $ADMIN_ROLE $NOVA_USER $SERVICE_TENANT
--email nova@example.com \
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $SERVICE_TENANT \
--user $NOVA_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
NOVA_SERVICE=$(openstack service create \
nova \ NOVA_SERVICE=$(get_or_create_service "nova" \
--type=compute \ "compute" "Nova Compute Service")
--description="Nova Compute Service" \ get_or_create_endpoint $NOVA_SERVICE \
| grep " id " | get_field 2) "$REGION_NAME" \
openstack endpoint create \ "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
$NOVA_SERVICE \ "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
--region RegionOne \ "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
--publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
--adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \ NOVA_V3_SERVICE=$(get_or_create_service "novav3" \
--internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" "computev3" "Nova Compute Service V3")
NOVA_V3_SERVICE=$(openstack service create \ get_or_create_endpoint $NOVA_V3_SERVICE \
novav3 \ "$REGION_NAME" \
--type=computev3 \ "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
--description="Nova Compute Service V3" \ "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
| grep " id " | get_field 2) "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3"
openstack endpoint create \
$NOVA_V3_SERVICE \
--region RegionOne \
--publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
--adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
--internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3"
fi fi
fi fi
@ -374,40 +363,32 @@ create_nova_accounts() {
if is_service_enabled swift; then if is_service_enabled swift; then
# Nova needs ResellerAdmin role to download images when accessing # Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api. # swift through the s3 api.
openstack role add \ get_or_add_user_role ResellerAdmin nova $SERVICE_TENANT_NAME
--project $SERVICE_TENANT_NAME \
--user nova \
ResellerAdmin
fi fi
# EC2 # EC2
if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
openstack service create \
--type ec2 \ EC2_SERVICE=$(get_or_create_service "ec2" \
--description "EC2 Compatibility Layer" \ "ec2" "EC2 Compatibility Layer")
ec2 get_or_create_endpoint $EC2_SERVICE \
openstack endpoint create \ "$REGION_NAME" \
--region RegionOne \ "http://$SERVICE_HOST:8773/services/Cloud" \
--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \ "http://$SERVICE_HOST:8773/services/Admin" \
--adminurl "http://$SERVICE_HOST:8773/services/Admin" \ "http://$SERVICE_HOST:8773/services/Cloud"
--internalurl "http://$SERVICE_HOST:8773/services/Cloud" \
ec2
fi fi
fi fi
# S3 # S3
if is_service_enabled n-obj swift3; then if is_service_enabled n-obj swift3; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
openstack service create \
--type s3 \ S3_SERVICE=$(get_or_create_service "s3" "s3" "S3")
--description "S3" \ get_or_create_endpoint $S3_SERVICE \
s3 "$REGION_NAME" \
openstack endpoint create \ "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--region RegionOne \ "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \ "http://$SERVICE_HOST:$S3_SERVICE_PORT"
--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
s3
fi fi
fi fi
} }

View File

@ -60,29 +60,19 @@ function create_sahara_accounts {
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
SAHARA_USER=$(openstack user create \ SAHARA_USER=$(get_or_create_user "sahara" \
sahara \ "$SERVICE_PASSWORD" $SERVICE_TENANT "sahara@example.com")
--password "$SERVICE_PASSWORD" \ get_or_add_user_role $ADMIN_ROLE $SAHARA_USER $SERVICE_TENANT
--project $SERVICE_TENANT \
--email sahara@example.com \
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $SERVICE_TENANT \
--user $SAHARA_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
SAHARA_SERVICE=$(openstack service create \
sahara \ SAHARA_SERVICE=$(get_or_create_service "sahara" \
--type=data_processing \ "data_processing" "Sahara Data Processing")
--description="Sahara Data Processing" \ get_or_create_endpoint $SAHARA_SERVICE \
| grep " id " | get_field 2) "$REGION_NAME" \
openstack endpoint create \ "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
$SAHARA_SERVICE \ "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
--region RegionOne \ "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s"
--publicurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
--adminurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
--internalurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s"
fi fi
} }

View File

@ -547,50 +547,40 @@ function create_swift_accounts {
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
SWIFT_USER=$(openstack user create \ SWIFT_USER=$(get_or_create_user "swift" \
swift \ "$SERVICE_PASSWORD" $SERVICE_TENANT "swift@example.com")
--password "$SERVICE_PASSWORD" \ get_or_add_user_role $ADMIN_ROLE $SWIFT_USER $SERVICE_TENANT
--project $SERVICE_TENANT \
--email=swift@example.com \
| grep " id " | get_field 2)
openstack role add \
$ADMIN_ROLE \
--project $SERVICE_TENANT \
--user $SWIFT_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
SWIFT_SERVICE=$(openstack service create \
swift \ SWIFT_SERVICE=$(get_or_create_service "swift" \
--type="object-store" \ "object-store" "Swift Service")
--description="Swift Service" \ get_or_create_endpoint $SWIFT_SERVICE \
| grep " id " | get_field 2) "$REGION_NAME" \
openstack endpoint create \ "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
$SWIFT_SERVICE \ "http://$SERVICE_HOST:8080" \
--region RegionOne \ "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
--publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
--adminurl "http://$SERVICE_HOST:8080" \
--internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
fi fi
SWIFT_TENANT_TEST1=$(openstack project create swifttenanttest1 | grep " id " | get_field 2) SWIFT_TENANT_TEST1=$(get_or_create_project swifttenanttest1)
die_if_not_set $LINENO SWIFT_TENANT_TEST1 "Failure creating SWIFT_TENANT_TEST1" die_if_not_set $LINENO SWIFT_TENANT_TEST1 "Failure creating SWIFT_TENANT_TEST1"
SWIFT_USER_TEST1=$(openstack user create swiftusertest1 --password=$SWIFTUSERTEST1_PASSWORD \ SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $SWIFTUSERTEST1_PASSWORD \
--project "$SWIFT_TENANT_TEST1" --email=test@example.com | grep " id " | get_field 2) "$SWIFT_TENANT_TEST1" "test@example.com")
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1" die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
openstack role add --user $SWIFT_USER_TEST1 --project $SWIFT_TENANT_TEST1 $ADMIN_ROLE get_or_add_user_role $ADMIN_ROLE $SWIFT_USER_TEST1 $SWIFT_TENANT_TEST1
SWIFT_USER_TEST3=$(openstack user create swiftusertest3 --password=$SWIFTUSERTEST3_PASSWORD \ SWIFT_USER_TEST3=$(get_or_create_user swiftusertest3 $SWIFTUSERTEST3_PASSWORD \
--project "$SWIFT_TENANT_TEST1" --email=test3@example.com | grep " id " | get_field 2) "$SWIFT_TENANT_TEST1" "test3@example.com")
die_if_not_set $LINENO SWIFT_USER_TEST3 "Failure creating SWIFT_USER_TEST3" die_if_not_set $LINENO SWIFT_USER_TEST3 "Failure creating SWIFT_USER_TEST3"
openstack role add --user $SWIFT_USER_TEST3 --project $SWIFT_TENANT_TEST1 $ANOTHER_ROLE get_or_add_user_role $ANOTHER_ROLE $SWIFT_USER_TEST3 $SWIFT_TENANT_TEST1
SWIFT_TENANT_TEST2=$(openstack project create swifttenanttest2 | grep " id " | get_field 2) SWIFT_TENANT_TEST2=$(get_or_create_project swifttenanttest2)
die_if_not_set $LINENO SWIFT_TENANT_TEST2 "Failure creating SWIFT_TENANT_TEST2" die_if_not_set $LINENO SWIFT_TENANT_TEST2 "Failure creating SWIFT_TENANT_TEST2"
SWIFT_USER_TEST2=$(openstack user create swiftusertest2 --password=$SWIFTUSERTEST2_PASSWORD \ SWIFT_USER_TEST2=$(get_or_create_user swiftusertest2 $SWIFTUSERTEST2_PASSWORD \
--project "$SWIFT_TENANT_TEST2" --email=test2@example.com | grep " id " | get_field 2) "$SWIFT_TENANT_TEST2" "test2@example.com")
die_if_not_set $LINENO SWIFT_USER_TEST2 "Failure creating SWIFT_USER_TEST2" die_if_not_set $LINENO SWIFT_USER_TEST2 "Failure creating SWIFT_USER_TEST2"
openstack role add --user $SWIFT_USER_TEST2 --project $SWIFT_TENANT_TEST2 $ADMIN_ROLE get_or_add_user_role $ADMIN_ROLE $SWIFT_USER_TEST2 $SWIFT_TENANT_TEST2
} }
# init_swift() - Initialize rings # init_swift() - Initialize rings

View File

@ -397,16 +397,9 @@ function create_tempest_accounts {
if is_service_enabled tempest; then if is_service_enabled tempest; then
# Tempest has some tests that validate various authorization checks # Tempest has some tests that validate various authorization checks
# between two regular users in separate tenants # between two regular users in separate tenants
openstack project create \ get_or_create_project alt_demo
alt_demo get_or_create_user alt_demo "$ADMIN_PASSWORD" alt_demo "alt_demo@example.com"
openstack user create \ get_or_add_user_role Member alt_demo alt_demo
--project alt_demo \
--password "$ADMIN_PASSWORD" \
alt_demo
openstack role add \
--project alt_demo \
--user alt_demo \
Member
fi fi
} }

View File

@ -81,28 +81,20 @@ function create_trove_accounts {
SERVICE_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") SERVICE_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
TROVE_USER=$(openstack user create \
trove \ TROVE_USER=$(get_or_create_user "trove" \
--password "$SERVICE_PASSWORD" \ "$SERVICE_PASSWORD" $SERVICE_TENANT "trove@example.com")
--project $SERVICE_TENANT \ get_or_add_user_role $SERVICE_ROLE $TROVE_USER $SERVICE_TENANT
--email trove@example.com \
| grep " id " | get_field 2)
openstack role add \
$SERVICE_ROLE \
--project $SERVICE_TENANT \
--user $TROVE_USER
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
TROVE_SERVICE=$(openstack service create \
trove \ TROVE_SERVICE=$(get_or_create_service "trove" \
--type=database \ "database" "Trove Service")
--description="Trove Service" \ get_or_create_endpoint $TROVE_SERVICE \
| grep " id " | get_field 2) "$REGION_NAME" \
openstack endpoint create \ "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
$TROVE_SERVICE \ "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
--region RegionOne \ "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
--publicurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
--adminurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
--internalurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
fi fi
fi fi
} }

6
openrc
View File

@ -53,12 +53,16 @@ export OS_PASSWORD=${ADMIN_PASSWORD:-secrete}
# easier with this off. # easier with this off.
export OS_NO_CACHE=${OS_NO_CACHE:-1} export OS_NO_CACHE=${OS_NO_CACHE:-1}
# Region
export OS_REGION_NAME=${REGION_NAME:-RegionOne}
# Set api HOST_IP endpoint. SERVICE_HOST may also be used to specify the endpoint, # Set api HOST_IP endpoint. SERVICE_HOST may also be used to specify the endpoint,
# which is convenient for some localrc configurations. # which is convenient for some localrc configurations.
HOST_IP=${HOST_IP:-127.0.0.1} HOST_IP=${HOST_IP:-127.0.0.1}
SERVICE_HOST=${SERVICE_HOST:-$HOST_IP} SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http} SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL} KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
# Some exercises call glance directly. On a single-node installation, Glance # Some exercises call glance directly. On a single-node installation, Glance
# should be listening on HOST_IP. If its running elsewhere, it can be set here # should be listening on HOST_IP. If its running elsewhere, it can be set here
@ -72,7 +76,7 @@ export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
# the user/tenant has access to - including nova, glance, keystone, swift, ... # the user/tenant has access to - including nova, glance, keystone, swift, ...
# We currently recommend using the 2.0 *identity api*. # We currently recommend using the 2.0 *identity api*.
# #
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:5000/v${OS_IDENTITY_API_VERSION} export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
# Set the pointer to our CA certificate chain. Harmless if TLS is not used. # Set the pointer to our CA certificate chain. Harmless if TLS is not used.
export OS_CACERT=${OS_CACERT:-$INT_CA_DIR/ca-chain.pem} export OS_CACERT=${OS_CACERT:-$INT_CA_DIR/ca-chain.pem}

View File

@ -729,9 +729,11 @@ git_clone $OPENSTACKCLIENT_REPO $OPENSTACKCLIENT_DIR $OPENSTACKCLIENT_BRANCH
setup_develop $OPENSTACKCLIENT_DIR setup_develop $OPENSTACKCLIENT_DIR
if is_service_enabled key; then if is_service_enabled key; then
if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
install_keystone install_keystone
configure_keystone configure_keystone
fi fi
fi
if is_service_enabled s-proxy; then if is_service_enabled s-proxy; then
install_swift install_swift
@ -929,8 +931,11 @@ fi
if is_service_enabled key; then if is_service_enabled key; then
echo_summary "Starting Keystone" echo_summary "Starting Keystone"
if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
init_keystone init_keystone
start_keystone start_keystone
fi
# Set up a temporary admin URI for Keystone # Set up a temporary admin URI for Keystone
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
@ -971,6 +976,7 @@ if is_service_enabled key; then
export OS_TENANT_NAME=admin export OS_TENANT_NAME=admin
export OS_USERNAME=admin export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASSWORD export OS_PASSWORD=$ADMIN_PASSWORD
export OS_REGION_NAME=$REGION_NAME
fi fi

View File

@ -19,6 +19,9 @@ else
STACK_USER=$(whoami) STACK_USER=$(whoami)
fi fi
# Specify region name Region
REGION_NAME=${REGION_NAME:-RegionOne}
# Specify which services to launch. These generally correspond to # Specify which services to launch. These generally correspond to
# screen tabs. To change the default list, use the ``enable_service`` and # screen tabs. To change the default list, use the ``enable_service`` and
# ``disable_service`` functions in ``local.conf``. # ``disable_service`` functions in ``local.conf``.