Merge "Adds support for multi-region"
This commit is contained in:
commit
cfcd8cf2f8
19
README.md
19
README.md
@ -330,6 +330,25 @@ which includes the following, with the IP address of the above controller node:
|
|||||||
Q_HOST=$SERVICE_HOST
|
Q_HOST=$SERVICE_HOST
|
||||||
MATCHMAKER_REDIS_HOST=$SERVICE_HOST
|
MATCHMAKER_REDIS_HOST=$SERVICE_HOST
|
||||||
|
|
||||||
|
# Multi-Region Setup
|
||||||
|
|
||||||
|
We want to setup two devstack (RegionOne and RegionTwo) with shared keystone
|
||||||
|
(same users and services) and horizon.
|
||||||
|
Keystone and Horizon will be located in RegionOne.
|
||||||
|
Full spec is available at:
|
||||||
|
https://wiki.openstack.org/wiki/Heat/Blueprints/Multi_Region_Support_for_Heat.
|
||||||
|
|
||||||
|
In RegionOne:
|
||||||
|
|
||||||
|
REGION_NAME=RegionOne
|
||||||
|
|
||||||
|
In RegionTwo:
|
||||||
|
|
||||||
|
disable_service horizon
|
||||||
|
KEYSTONE_SERVICE_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
|
||||||
|
KEYSTONE_AUTH_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
|
||||||
|
REGION_NAME=RegionTwo
|
||||||
|
|
||||||
# Cells
|
# Cells
|
||||||
|
|
||||||
Cells is a new scaling option with a full spec at:
|
Cells is a new scaling option with a full spec at:
|
||||||
|
103
functions-common
103
functions-common
@ -719,6 +719,109 @@ function policy_add {
|
|||||||
mv ${tmpfile} ${policy_file}
|
mv ${tmpfile} ${policy_file}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Gets or creates user
|
||||||
|
# Usage: get_or_create_user <username> <password> <project> <email>
|
||||||
|
function get_or_create_user {
|
||||||
|
# Gets user id
|
||||||
|
USER_ID=$(
|
||||||
|
# Gets user id
|
||||||
|
openstack user show $1 -f value -c id 2>/dev/null ||
|
||||||
|
# Creates new user
|
||||||
|
openstack user create \
|
||||||
|
$1 \
|
||||||
|
--password "$2" \
|
||||||
|
--project $3 \
|
||||||
|
--email $4 \
|
||||||
|
-f value -c id
|
||||||
|
)
|
||||||
|
echo $USER_ID
|
||||||
|
}
|
||||||
|
|
||||||
|
# Gets or creates project
|
||||||
|
# Usage: get_or_create_project <name>
|
||||||
|
function get_or_create_project {
|
||||||
|
# Gets project id
|
||||||
|
PROJECT_ID=$(
|
||||||
|
# Gets project id
|
||||||
|
openstack project show $1 -f value -c id 2>/dev/null ||
|
||||||
|
# Creates new project if not exists
|
||||||
|
openstack project create $1 -f value -c id
|
||||||
|
)
|
||||||
|
echo $PROJECT_ID
|
||||||
|
}
|
||||||
|
|
||||||
|
# Gets or creates role
|
||||||
|
# Usage: get_or_create_role <name>
|
||||||
|
function get_or_create_role {
|
||||||
|
ROLE_ID=$(
|
||||||
|
# Gets role id
|
||||||
|
openstack role show $1 -f value -c id 2>/dev/null ||
|
||||||
|
# Creates role if not exists
|
||||||
|
openstack role create $1 -f value -c id
|
||||||
|
)
|
||||||
|
echo $ROLE_ID
|
||||||
|
}
|
||||||
|
|
||||||
|
# Gets or adds user role
|
||||||
|
# Usage: get_or_add_user_role <role> <user> <project>
|
||||||
|
function get_or_add_user_role {
|
||||||
|
# Gets user role id
|
||||||
|
USER_ROLE_ID=$(openstack user role list \
|
||||||
|
$2 \
|
||||||
|
--project $3 \
|
||||||
|
--column "ID" \
|
||||||
|
--column "Name" \
|
||||||
|
| grep " $1 " | get_field 1)
|
||||||
|
if [[ -z "$USER_ROLE_ID" ]]; then
|
||||||
|
# Adds role to user
|
||||||
|
USER_ROLE_ID=$(openstack role add \
|
||||||
|
$1 \
|
||||||
|
--user $2 \
|
||||||
|
--project $3 \
|
||||||
|
| grep " id " | get_field 2)
|
||||||
|
fi
|
||||||
|
echo $USER_ROLE_ID
|
||||||
|
}
|
||||||
|
|
||||||
|
# Gets or creates service
|
||||||
|
# Usage: get_or_create_service <name> <type> <description>
|
||||||
|
function get_or_create_service {
|
||||||
|
# Gets service id
|
||||||
|
SERVICE_ID=$(
|
||||||
|
# Gets service id
|
||||||
|
openstack service show $1 -f value -c id 2>/dev/null ||
|
||||||
|
# Creates new service if not exists
|
||||||
|
openstack service create \
|
||||||
|
$1 \
|
||||||
|
--type=$2 \
|
||||||
|
--description="$3" \
|
||||||
|
-f value -c id
|
||||||
|
)
|
||||||
|
echo $SERVICE_ID
|
||||||
|
}
|
||||||
|
|
||||||
|
# Gets or creates endpoint
|
||||||
|
# Usage: get_or_create_endpoint <service> <region> <publicurl> <adminurl> <internalurl>
|
||||||
|
function get_or_create_endpoint {
|
||||||
|
# Gets endpoint id
|
||||||
|
ENDPOINT_ID=$(openstack endpoint list \
|
||||||
|
--column "ID" \
|
||||||
|
--column "Region" \
|
||||||
|
--column "Service Name" \
|
||||||
|
| grep " $2 " \
|
||||||
|
| grep " $1 " | get_field 1)
|
||||||
|
if [[ -z "$ENDPOINT_ID" ]]; then
|
||||||
|
# Creates new endpoint
|
||||||
|
ENDPOINT_ID=$(openstack endpoint create \
|
||||||
|
$1 \
|
||||||
|
--region $2 \
|
||||||
|
--publicurl $3 \
|
||||||
|
--adminurl $4 \
|
||||||
|
--internalurl $5 \
|
||||||
|
| grep " id " | get_field 2)
|
||||||
|
fi
|
||||||
|
echo $ENDPOINT_ID
|
||||||
|
}
|
||||||
|
|
||||||
# Package Functions
|
# Package Functions
|
||||||
# =================
|
# =================
|
||||||
|
@ -84,35 +84,22 @@ create_ceilometer_accounts() {
|
|||||||
|
|
||||||
# Ceilometer
|
# Ceilometer
|
||||||
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
|
||||||
CEILOMETER_USER=$(openstack user create \
|
CEILOMETER_USER=$(get_or_create_user "ceilometer" \
|
||||||
ceilometer \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "ceilometer@example.com")
|
||||||
--password "$SERVICE_PASSWORD" \
|
get_or_add_user_role $ADMIN_ROLE $CEILOMETER_USER $SERVICE_TENANT
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--email ceilometer@example.com \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $CEILOMETER_USER
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
CEILOMETER_SERVICE=$(openstack service create \
|
CEILOMETER_SERVICE=$(get_or_create_service "ceilometer" \
|
||||||
ceilometer \
|
"metering" "OpenStack Telemetry Service")
|
||||||
--type=metering \
|
get_or_create_endpoint $CEILOMETER_SERVICE \
|
||||||
--description="OpenStack Telemetry Service" \
|
"$REGION_NAME" \
|
||||||
| grep " id " | get_field 2)
|
"$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
|
||||||
openstack endpoint create \
|
"$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
|
||||||
$CEILOMETER_SERVICE \
|
"$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/"
|
||||||
--region RegionOne \
|
|
||||||
--publicurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
|
|
||||||
--adminurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/" \
|
|
||||||
--internalurl "$CEILOMETER_SERVICE_PROTOCOL://$CEILOMETER_SERVICE_HOST:$CEILOMETER_SERVICE_PORT/"
|
|
||||||
fi
|
fi
|
||||||
if is_service_enabled swift; then
|
if is_service_enabled swift; then
|
||||||
# Ceilometer needs ResellerAdmin role to access swift account stats.
|
# Ceilometer needs ResellerAdmin role to access swift account stats.
|
||||||
openstack role add \
|
get_or_add_user_role "ResellerAdmin" "ceilometer" $SERVICE_TENANT_NAME
|
||||||
--project $SERVICE_TENANT_NAME \
|
|
||||||
--user ceilometer \
|
|
||||||
ResellerAdmin
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
51
lib/cinder
51
lib/cinder
@ -339,39 +339,26 @@ function create_cinder_accounts {
|
|||||||
|
|
||||||
# Cinder
|
# Cinder
|
||||||
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
|
||||||
CINDER_USER=$(openstack user create \
|
|
||||||
cinder \
|
CINDER_USER=$(get_or_create_user "cinder" \
|
||||||
--password "$SERVICE_PASSWORD" \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "cinder@example.com")
|
||||||
--project $SERVICE_TENANT \
|
get_or_add_user_role $ADMIN_ROLE $CINDER_USER $SERVICE_TENANT
|
||||||
--email cinder@example.com \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $CINDER_USER
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
CINDER_SERVICE=$(openstack service create \
|
|
||||||
cinder \
|
CINDER_SERVICE=$(get_or_create_service "cinder" \
|
||||||
--type=volume \
|
"volume" "Cinder Volume Service")
|
||||||
--description="Cinder Volume Service" \
|
get_or_create_endpoint $CINDER_SERVICE "$REGION_NAME" \
|
||||||
| grep " id " | get_field 2)
|
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
|
||||||
openstack endpoint create \
|
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
|
||||||
$CINDER_SERVICE \
|
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
|
||||||
--region RegionOne \
|
|
||||||
--publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
|
CINDER_V2_SERVICE=$(get_or_create_service "cinderv2" \
|
||||||
--adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s" \
|
"volumev2" "Cinder Volume Service V2")
|
||||||
--internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(tenant_id)s"
|
get_or_create_endpoint $CINDER_V2_SERVICE "$REGION_NAME" \
|
||||||
CINDER_V2_SERVICE=$(openstack service create \
|
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
|
||||||
cinderv2 \
|
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
|
||||||
--type=volumev2 \
|
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
|
||||||
--description="Cinder Volume Service V2" \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack endpoint create \
|
|
||||||
$CINDER_V2_SERVICE \
|
|
||||||
--region RegionOne \
|
|
||||||
--publicurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
|
|
||||||
--adminurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s" \
|
|
||||||
--internalurl "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(tenant_id)s"
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
44
lib/glance
44
lib/glance
@ -164,36 +164,28 @@ function configure_glance {
|
|||||||
|
|
||||||
function create_glance_accounts {
|
function create_glance_accounts {
|
||||||
if is_service_enabled g-api; then
|
if is_service_enabled g-api; then
|
||||||
openstack user create \
|
|
||||||
--password "$SERVICE_PASSWORD" \
|
GLANCE_USER=$(get_or_create_user "glance" \
|
||||||
--project $SERVICE_TENANT_NAME \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance@example.com")
|
||||||
glance
|
get_or_add_user_role service $GLANCE_USER $SERVICE_TENANT_NAME
|
||||||
openstack role add \
|
|
||||||
--project $SERVICE_TENANT_NAME \
|
|
||||||
--user glance \
|
|
||||||
service
|
|
||||||
# required for swift access
|
# required for swift access
|
||||||
if is_service_enabled s-proxy; then
|
if is_service_enabled s-proxy; then
|
||||||
openstack user create \
|
|
||||||
--password "$SERVICE_PASSWORD" \
|
GLANCE_SWIFT_USER=$(get_or_create_user "glance-swift" \
|
||||||
--project $SERVICE_TENANT_NAME \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance-swift@example.com")
|
||||||
glance-swift
|
get_or_add_user_role "ResellerAdmin" $GLANCE_SWIFT_USER $SERVICE_TENANT_NAME
|
||||||
openstack role add \
|
|
||||||
--project $SERVICE_TENANT_NAME \
|
|
||||||
--user glance-swift \
|
|
||||||
ResellerAdmin
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
openstack service create \
|
|
||||||
--type image \
|
GLANCE_SERVICE=$(get_or_create_service "glance" \
|
||||||
--description "Glance Image Service" \
|
"image" "Glance Image Service")
|
||||||
glance
|
get_or_create_endpoint $GLANCE_SERVICE \
|
||||||
openstack endpoint create \
|
"$REGION_NAME" \
|
||||||
--region RegionOne \
|
"http://$GLANCE_HOSTPORT" \
|
||||||
--publicurl "http://$GLANCE_HOSTPORT" \
|
"http://$GLANCE_HOSTPORT" \
|
||||||
--adminurl "http://$GLANCE_HOSTPORT" \
|
"http://$GLANCE_HOSTPORT"
|
||||||
--internalurl "http://$GLANCE_HOSTPORT" \
|
|
||||||
glance
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
73
lib/heat
73
lib/heat
@ -98,6 +98,8 @@ function configure_heat {
|
|||||||
iniset $HEAT_CONF database connection `database_connection_url heat`
|
iniset $HEAT_CONF database connection `database_connection_url heat`
|
||||||
iniset $HEAT_CONF DEFAULT auth_encryption_key `hexdump -n 16 -v -e '/1 "%02x"' /dev/urandom`
|
iniset $HEAT_CONF DEFAULT auth_encryption_key `hexdump -n 16 -v -e '/1 "%02x"' /dev/urandom`
|
||||||
|
|
||||||
|
iniset $HEAT_CONF DEFAULT region_name_for_services "$REGION_NAME"
|
||||||
|
|
||||||
# logging
|
# logging
|
||||||
iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
||||||
iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
|
iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
|
||||||
@ -214,57 +216,44 @@ function create_heat_accounts {
|
|||||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||||
|
|
||||||
HEAT_USER=$(openstack user create \
|
HEAT_USER=$(get_or_create_user "heat" \
|
||||||
heat \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "heat@example.com")
|
||||||
--password "$SERVICE_PASSWORD" \
|
get_or_add_user_role $ADMIN_ROLE $HEAT_USER $SERVICE_TENANT
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--email heat@example.com \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $HEAT_USER
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
HEAT_SERVICE=$(openstack service create \
|
|
||||||
heat \
|
HEAT_SERVICE=$(get_or_create_service "heat" \
|
||||||
--type=orchestration \
|
"orchestration" "Heat Orchestration Service")
|
||||||
--description="Heat Orchestration Service" \
|
get_or_create_endpoint $HEAT_SERVICE \
|
||||||
| grep " id " | get_field 2)
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
||||||
$HEAT_SERVICE \
|
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
||||||
--region RegionOne \
|
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
|
||||||
--publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
|
||||||
--adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
HEAT_CFN_SERVICE=$(get_or_create_service "heat-cfn" \
|
||||||
--internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
|
"cloudformation" "Heat CloudFormation Service")
|
||||||
HEAT_CFN_SERVICE=$(openstack service create \
|
get_or_create_endpoint $HEAT_CFN_SERVICE \
|
||||||
heat \
|
"$REGION_NAME" \
|
||||||
--type=cloudformation \
|
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
||||||
--description="Heat CloudFormation Service" \
|
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
||||||
| grep " id " | get_field 2)
|
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
|
||||||
openstack endpoint create \
|
|
||||||
$HEAT_CFN_SERVICE \
|
|
||||||
--region RegionOne \
|
|
||||||
--publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
|
||||||
--adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
|
||||||
--internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# heat_stack_user role is for users created by Heat
|
# heat_stack_user role is for users created by Heat
|
||||||
openstack role create heat_stack_user
|
get_or_create_role "heat_stack_user"
|
||||||
|
|
||||||
if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
|
if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
|
||||||
|
|
||||||
# heat_stack_owner role is given to users who create Heat stacks,
|
# heat_stack_owner role is given to users who create Heat stacks,
|
||||||
# it's the default role used by heat to delegate to the heat service
|
# it's the default role used by heat to delegate to the heat service
|
||||||
# user (for performing deferred operations via trusts), see heat.conf
|
# user (for performing deferred operations via trusts), see heat.conf
|
||||||
HEAT_OWNER_ROLE=$(openstack role create \
|
HEAT_OWNER_ROLE=$(get_or_create_role "heat_stack_owner")
|
||||||
heat_stack_owner \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
|
|
||||||
# Give the role to the demo and admin users so they can create stacks
|
# Give the role to the demo and admin users so they can create stacks
|
||||||
# in either of the projects created by devstack
|
# in either of the projects created by devstack
|
||||||
openstack role add $HEAT_OWNER_ROLE --project demo --user demo
|
get_or_add_user_role $HEAT_OWNER_ROLE demo demo
|
||||||
openstack role add $HEAT_OWNER_ROLE --project demo --user admin
|
get_or_add_user_role $HEAT_OWNER_ROLE admin demo
|
||||||
openstack role add $HEAT_OWNER_ROLE --project admin --user admin
|
get_or_add_user_role $HEAT_OWNER_ROLE admin admin
|
||||||
iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
|
iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -272,6 +261,11 @@ function create_heat_accounts {
|
|||||||
# Note we have to pass token/endpoint here because the current endpoint and
|
# Note we have to pass token/endpoint here because the current endpoint and
|
||||||
# version negotiation in OSC means just --os-identity-api-version=3 won't work
|
# version negotiation in OSC means just --os-identity-api-version=3 won't work
|
||||||
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3"
|
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3"
|
||||||
|
|
||||||
|
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
|
||||||
|
--os-identity-api-version=3 domain list | grep ' heat ' | get_field 1)
|
||||||
|
|
||||||
|
if [[ -z "$D_ID" ]]; then
|
||||||
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
|
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
|
||||||
--os-identity-api-version=3 domain create heat \
|
--os-identity-api-version=3 domain create heat \
|
||||||
--description "Owns users and projects created by heat" \
|
--description "Owns users and projects created by heat" \
|
||||||
@ -288,6 +282,7 @@ function create_heat_accounts {
|
|||||||
iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
|
iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
|
||||||
iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
|
iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Restore xtrace
|
# Restore xtrace
|
||||||
|
35
lib/ironic
35
lib/ironic
@ -223,28 +223,21 @@ function create_ironic_accounts {
|
|||||||
|
|
||||||
# Ironic
|
# Ironic
|
||||||
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
|
||||||
IRONIC_USER=$(openstack user create \
|
# Get ironic user if exists
|
||||||
ironic \
|
|
||||||
--password "$SERVICE_PASSWORD" \
|
IRONIC_USER=$(get_or_create_user "ironic" \
|
||||||
--project $SERVICE_TENANT \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "ironic@example.com")
|
||||||
--email ironic@example.com \
|
get_or_add_user_role $ADMIN_ROLE $IRONIC_USER $SERVICE_TENANT
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $IRONIC_USER
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
IRONIC_SERVICE=$(openstack service create \
|
|
||||||
ironic \
|
IRONIC_SERVICE=$(get_or_create_service "ironic" \
|
||||||
--type=baremetal \
|
"baremetal" "Ironic baremetal provisioning service")
|
||||||
--description="Ironic baremetal provisioning service" \
|
get_or_create_endpoint $IRONIC_SERVICE \
|
||||||
| grep " id " | get_field 2)
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
|
||||||
$IRONIC_SERVICE \
|
"$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
|
||||||
--region RegionOne \
|
"$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
|
||||||
--publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
|
|
||||||
--adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
|
|
||||||
--internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
82
lib/keystone
82
lib/keystone
@ -278,6 +278,8 @@ function configure_keystone {
|
|||||||
iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(process)d TRACE %(name)s %(instance)s"
|
iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(process)d TRACE %(name)s %(instance)s"
|
||||||
_config_keystone_apache_wsgi
|
_config_keystone_apache_wsgi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
|
||||||
}
|
}
|
||||||
|
|
||||||
function configure_keystone_extensions {
|
function configure_keystone_extensions {
|
||||||
@ -316,79 +318,55 @@ function configure_keystone_extensions {
|
|||||||
function create_keystone_accounts {
|
function create_keystone_accounts {
|
||||||
|
|
||||||
# admin
|
# admin
|
||||||
ADMIN_TENANT=$(openstack project create \
|
ADMIN_TENANT=$(get_or_create_project "admin")
|
||||||
admin \
|
ADMIN_USER=$(get_or_create_user "admin" \
|
||||||
| grep " id " | get_field 2)
|
"$ADMIN_PASSWORD" "$ADMIN_TENANT" "admin@example.com")
|
||||||
ADMIN_USER=$(openstack user create \
|
ADMIN_ROLE=$(get_or_create_role "admin")
|
||||||
admin \
|
get_or_add_user_role $ADMIN_ROLE $ADMIN_USER $ADMIN_TENANT
|
||||||
--project "$ADMIN_TENANT" \
|
|
||||||
--email admin@example.com \
|
|
||||||
--password "$ADMIN_PASSWORD" \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
ADMIN_ROLE=$(openstack role create \
|
|
||||||
admin \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $ADMIN_TENANT \
|
|
||||||
--user $ADMIN_USER
|
|
||||||
|
|
||||||
# Create service project/role
|
# Create service project/role
|
||||||
openstack project create $SERVICE_TENANT_NAME
|
get_or_create_project "$SERVICE_TENANT_NAME"
|
||||||
|
|
||||||
# Service role, so service users do not have to be admins
|
# Service role, so service users do not have to be admins
|
||||||
openstack role create service
|
get_or_create_role service
|
||||||
|
|
||||||
# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
|
# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
|
||||||
# The admin role in swift allows a user to act as an admin for their tenant,
|
# The admin role in swift allows a user to act as an admin for their tenant,
|
||||||
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
|
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
|
||||||
# role is also configurable in swift-proxy.conf
|
# role is also configurable in swift-proxy.conf
|
||||||
openstack role create ResellerAdmin
|
get_or_create_role ResellerAdmin
|
||||||
|
|
||||||
# The Member role is used by Horizon and Swift so we need to keep it:
|
# The Member role is used by Horizon and Swift so we need to keep it:
|
||||||
MEMBER_ROLE=$(openstack role create \
|
MEMBER_ROLE=$(get_or_create_role "Member")
|
||||||
Member \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
|
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
|
||||||
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
|
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
|
||||||
ANOTHER_ROLE=$(openstack role create \
|
|
||||||
anotherrole \
|
ANOTHER_ROLE=$(get_or_create_role "anotherrole")
|
||||||
| grep " id " | get_field 2)
|
|
||||||
|
|
||||||
# invisible tenant - admin can't see this one
|
# invisible tenant - admin can't see this one
|
||||||
INVIS_TENANT=$(openstack project create \
|
INVIS_TENANT=$(get_or_create_project "invisible_to_admin")
|
||||||
invisible_to_admin \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
|
|
||||||
# demo
|
# demo
|
||||||
DEMO_TENANT=$(openstack project create \
|
DEMO_TENANT=$(get_or_create_project "demo")
|
||||||
demo \
|
DEMO_USER=$(get_or_create_user "demo" \
|
||||||
| grep " id " | get_field 2)
|
"$ADMIN_PASSWORD" "$DEMO_TENANT" "demo@example.com")
|
||||||
DEMO_USER=$(openstack user create \
|
|
||||||
demo \
|
|
||||||
--project $DEMO_TENANT \
|
|
||||||
--email demo@example.com \
|
|
||||||
--password "$ADMIN_PASSWORD" \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
|
|
||||||
openstack role add --project $DEMO_TENANT --user $DEMO_USER $MEMBER_ROLE
|
get_or_add_user_role $MEMBER_ROLE $DEMO_USER $DEMO_TENANT
|
||||||
openstack role add --project $DEMO_TENANT --user $ADMIN_USER $ADMIN_ROLE
|
get_or_add_user_role $ADMIN_ROLE $ADMIN_USER $DEMO_TENANT
|
||||||
openstack role add --project $DEMO_TENANT --user $DEMO_USER $ANOTHER_ROLE
|
get_or_add_user_role $ANOTHER_ROLE $DEMO_USER $DEMO_TENANT
|
||||||
openstack role add --project $INVIS_TENANT --user $DEMO_USER $MEMBER_ROLE
|
get_or_add_user_role $MEMBER_ROLE $DEMO_USER $INVIS_TENANT
|
||||||
|
|
||||||
# Keystone
|
# Keystone
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
KEYSTONE_SERVICE=$(openstack service create \
|
|
||||||
keystone \
|
KEYSTONE_SERVICE=$(get_or_create_service "keystone" \
|
||||||
--type identity \
|
"identity" "Keystone Identity Service")
|
||||||
--description "Keystone Identity Service" \
|
get_or_create_endpoint $KEYSTONE_SERVICE \
|
||||||
| grep " id " | get_field 2)
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
|
||||||
$KEYSTONE_SERVICE \
|
"$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
|
||||||
--region RegionOne \
|
"$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
|
||||||
--publicurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION" \
|
|
||||||
--adminurl "$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v$IDENTITY_API_VERSION" \
|
|
||||||
--internalurl "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$IDENTITY_API_VERSION"
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
32
lib/marconi
32
lib/marconi
@ -178,29 +178,19 @@ function create_marconi_accounts {
|
|||||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||||
|
|
||||||
MARCONI_USER=$(openstack user create \
|
MARCONI_USER=$(get_or_create_user "marconi" \
|
||||||
marconi \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "marconi@example.com")
|
||||||
--password "$SERVICE_PASSWORD" \
|
get_or_add_user_role $ADMIN_ROLE $MARCONI_USER $SERVICE_TENANT
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--email marconi@example.com \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $MARCONI_USER
|
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
MARCONI_SERVICE=$(openstack service create \
|
|
||||||
marconi \
|
MARCONI_SERVICE=$(get_or_create_service "marconi" \
|
||||||
--type=queuing \
|
"queuing" "Marconi Service")
|
||||||
--description="Marconi Service" \
|
get_or_create_endpoint $MARCONI_SERVICE \
|
||||||
| grep " id " | get_field 2)
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
|
||||||
$MARCONI_SERVICE \
|
"$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
|
||||||
--region RegionOne \
|
"$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT"
|
||||||
--publicurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
|
|
||||||
--adminurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT" \
|
|
||||||
--internalurl "$MARCONI_SERVICE_PROTOCOL://$MARCONI_SERVICE_HOST:$MARCONI_SERVICE_PORT"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
|
36
lib/neutron
36
lib/neutron
@ -307,7 +307,7 @@ function create_nova_conf_neutron {
|
|||||||
iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
|
iniset $NOVA_CONF neutron admin_auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v2.0"
|
||||||
iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
|
iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
|
||||||
iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME"
|
iniset $NOVA_CONF neutron admin_tenant_name "$SERVICE_TENANT_NAME"
|
||||||
iniset $NOVA_CONF neutron region_name "RegionOne"
|
iniset $NOVA_CONF neutron region_name "$REGION_NAME"
|
||||||
iniset $NOVA_CONF neutron url "http://$Q_HOST:$Q_PORT"
|
iniset $NOVA_CONF neutron url "http://$Q_HOST:$Q_PORT"
|
||||||
|
|
||||||
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
|
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
|
||||||
@ -350,28 +350,20 @@ function create_neutron_accounts {
|
|||||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||||
|
|
||||||
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
|
||||||
NEUTRON_USER=$(openstack user create \
|
|
||||||
neutron \
|
NEUTRON_USER=$(get_or_create_user "neutron" \
|
||||||
--password "$SERVICE_PASSWORD" \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "neutron@example.com")
|
||||||
--project $SERVICE_TENANT \
|
get_or_add_user_role $ADMIN_ROLE $NEUTRON_USER $SERVICE_TENANT
|
||||||
--email neutron@example.com \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $NEUTRON_USER
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
NEUTRON_SERVICE=$(openstack service create \
|
|
||||||
neutron \
|
NEUTRON_SERVICE=$(get_or_create_service "neutron" \
|
||||||
--type=network \
|
"network" "Neutron Service")
|
||||||
--description="Neutron Service" \
|
get_or_create_endpoint $NEUTRON_SERVICE \
|
||||||
| grep " id " | get_field 2)
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"http://$SERVICE_HOST:9696/" \
|
||||||
$NEUTRON_SERVICE \
|
"http://$SERVICE_HOST:9696/" \
|
||||||
--region RegionOne \
|
"http://$SERVICE_HOST:9696/"
|
||||||
--publicurl "http://$SERVICE_HOST:9696/" \
|
|
||||||
--adminurl "http://$SERVICE_HOST:9696/" \
|
|
||||||
--internalurl "http://$SERVICE_HOST:9696/"
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
93
lib/nova
93
lib/nova
@ -333,39 +333,28 @@ create_nova_accounts() {
|
|||||||
|
|
||||||
# Nova
|
# Nova
|
||||||
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
|
||||||
NOVA_USER=$(openstack user create \
|
|
||||||
nova \
|
NOVA_USER=$(get_or_create_user "nova" \
|
||||||
--password "$SERVICE_PASSWORD" \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "nova@example.com")
|
||||||
--project $SERVICE_TENANT \
|
get_or_add_user_role $ADMIN_ROLE $NOVA_USER $SERVICE_TENANT
|
||||||
--email nova@example.com \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $NOVA_USER
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
NOVA_SERVICE=$(openstack service create \
|
|
||||||
nova \
|
NOVA_SERVICE=$(get_or_create_service "nova" \
|
||||||
--type=compute \
|
"compute" "Nova Compute Service")
|
||||||
--description="Nova Compute Service" \
|
get_or_create_endpoint $NOVA_SERVICE \
|
||||||
| grep " id " | get_field 2)
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
|
||||||
$NOVA_SERVICE \
|
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
|
||||||
--region RegionOne \
|
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
|
||||||
--publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
|
|
||||||
--adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s" \
|
NOVA_V3_SERVICE=$(get_or_create_service "novav3" \
|
||||||
--internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v2/\$(tenant_id)s"
|
"computev3" "Nova Compute Service V3")
|
||||||
NOVA_V3_SERVICE=$(openstack service create \
|
get_or_create_endpoint $NOVA_V3_SERVICE \
|
||||||
novav3 \
|
"$REGION_NAME" \
|
||||||
--type=computev3 \
|
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
|
||||||
--description="Nova Compute Service V3" \
|
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
|
||||||
| grep " id " | get_field 2)
|
"$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3"
|
||||||
openstack endpoint create \
|
|
||||||
$NOVA_V3_SERVICE \
|
|
||||||
--region RegionOne \
|
|
||||||
--publicurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
|
|
||||||
--adminurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3" \
|
|
||||||
--internalurl "$NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT/v3"
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -374,40 +363,32 @@ create_nova_accounts() {
|
|||||||
if is_service_enabled swift; then
|
if is_service_enabled swift; then
|
||||||
# Nova needs ResellerAdmin role to download images when accessing
|
# Nova needs ResellerAdmin role to download images when accessing
|
||||||
# swift through the s3 api.
|
# swift through the s3 api.
|
||||||
openstack role add \
|
get_or_add_user_role ResellerAdmin nova $SERVICE_TENANT_NAME
|
||||||
--project $SERVICE_TENANT_NAME \
|
|
||||||
--user nova \
|
|
||||||
ResellerAdmin
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# EC2
|
# EC2
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then
|
||||||
openstack service create \
|
|
||||||
--type ec2 \
|
EC2_SERVICE=$(get_or_create_service "ec2" \
|
||||||
--description "EC2 Compatibility Layer" \
|
"ec2" "EC2 Compatibility Layer")
|
||||||
ec2
|
get_or_create_endpoint $EC2_SERVICE \
|
||||||
openstack endpoint create \
|
"$REGION_NAME" \
|
||||||
--region RegionOne \
|
"http://$SERVICE_HOST:8773/services/Cloud" \
|
||||||
--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
|
"http://$SERVICE_HOST:8773/services/Admin" \
|
||||||
--adminurl "http://$SERVICE_HOST:8773/services/Admin" \
|
"http://$SERVICE_HOST:8773/services/Cloud"
|
||||||
--internalurl "http://$SERVICE_HOST:8773/services/Cloud" \
|
|
||||||
ec2
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# S3
|
# S3
|
||||||
if is_service_enabled n-obj swift3; then
|
if is_service_enabled n-obj swift3; then
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
openstack service create \
|
|
||||||
--type s3 \
|
S3_SERVICE=$(get_or_create_service "s3" "s3" "S3")
|
||||||
--description "S3" \
|
get_or_create_endpoint $S3_SERVICE \
|
||||||
s3
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"http://$SERVICE_HOST:$S3_SERVICE_PORT" \
|
||||||
--region RegionOne \
|
"http://$SERVICE_HOST:$S3_SERVICE_PORT" \
|
||||||
--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
|
"http://$SERVICE_HOST:$S3_SERVICE_PORT"
|
||||||
--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
|
|
||||||
--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
|
|
||||||
s3
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
32
lib/sahara
32
lib/sahara
@ -60,29 +60,19 @@ function create_sahara_accounts {
|
|||||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||||
|
|
||||||
SAHARA_USER=$(openstack user create \
|
SAHARA_USER=$(get_or_create_user "sahara" \
|
||||||
sahara \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "sahara@example.com")
|
||||||
--password "$SERVICE_PASSWORD" \
|
get_or_add_user_role $ADMIN_ROLE $SAHARA_USER $SERVICE_TENANT
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--email sahara@example.com \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $SAHARA_USER
|
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
SAHARA_SERVICE=$(openstack service create \
|
|
||||||
sahara \
|
SAHARA_SERVICE=$(get_or_create_service "sahara" \
|
||||||
--type=data_processing \
|
"data_processing" "Sahara Data Processing")
|
||||||
--description="Sahara Data Processing" \
|
get_or_create_endpoint $SAHARA_SERVICE \
|
||||||
| grep " id " | get_field 2)
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
|
||||||
$SAHARA_SERVICE \
|
"$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
|
||||||
--region RegionOne \
|
"$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s"
|
||||||
--publicurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
|
|
||||||
--adminurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s" \
|
|
||||||
--internalurl "$SAHARA_SERVICE_PROTOCOL://$SAHARA_SERVICE_HOST:$SAHARA_SERVICE_PORT/v1.1/\$(tenant_id)s"
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
54
lib/swift
54
lib/swift
@ -547,50 +547,40 @@ function create_swift_accounts {
|
|||||||
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
||||||
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||||
|
|
||||||
SWIFT_USER=$(openstack user create \
|
SWIFT_USER=$(get_or_create_user "swift" \
|
||||||
swift \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "swift@example.com")
|
||||||
--password "$SERVICE_PASSWORD" \
|
get_or_add_user_role $ADMIN_ROLE $SWIFT_USER $SERVICE_TENANT
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--email=swift@example.com \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$ADMIN_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $SWIFT_USER
|
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
SWIFT_SERVICE=$(openstack service create \
|
|
||||||
swift \
|
SWIFT_SERVICE=$(get_or_create_service "swift" \
|
||||||
--type="object-store" \
|
"object-store" "Swift Service")
|
||||||
--description="Swift Service" \
|
get_or_create_endpoint $SWIFT_SERVICE \
|
||||||
| grep " id " | get_field 2)
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
|
||||||
$SWIFT_SERVICE \
|
"http://$SERVICE_HOST:8080" \
|
||||||
--region RegionOne \
|
"http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
|
||||||
--publicurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" \
|
|
||||||
--adminurl "http://$SERVICE_HOST:8080" \
|
|
||||||
--internalurl "http://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
SWIFT_TENANT_TEST1=$(openstack project create swifttenanttest1 | grep " id " | get_field 2)
|
SWIFT_TENANT_TEST1=$(get_or_create_project swifttenanttest1)
|
||||||
die_if_not_set $LINENO SWIFT_TENANT_TEST1 "Failure creating SWIFT_TENANT_TEST1"
|
die_if_not_set $LINENO SWIFT_TENANT_TEST1 "Failure creating SWIFT_TENANT_TEST1"
|
||||||
SWIFT_USER_TEST1=$(openstack user create swiftusertest1 --password=$SWIFTUSERTEST1_PASSWORD \
|
SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $SWIFTUSERTEST1_PASSWORD \
|
||||||
--project "$SWIFT_TENANT_TEST1" --email=test@example.com | grep " id " | get_field 2)
|
"$SWIFT_TENANT_TEST1" "test@example.com")
|
||||||
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
|
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
|
||||||
openstack role add --user $SWIFT_USER_TEST1 --project $SWIFT_TENANT_TEST1 $ADMIN_ROLE
|
get_or_add_user_role $ADMIN_ROLE $SWIFT_USER_TEST1 $SWIFT_TENANT_TEST1
|
||||||
|
|
||||||
SWIFT_USER_TEST3=$(openstack user create swiftusertest3 --password=$SWIFTUSERTEST3_PASSWORD \
|
SWIFT_USER_TEST3=$(get_or_create_user swiftusertest3 $SWIFTUSERTEST3_PASSWORD \
|
||||||
--project "$SWIFT_TENANT_TEST1" --email=test3@example.com | grep " id " | get_field 2)
|
"$SWIFT_TENANT_TEST1" "test3@example.com")
|
||||||
die_if_not_set $LINENO SWIFT_USER_TEST3 "Failure creating SWIFT_USER_TEST3"
|
die_if_not_set $LINENO SWIFT_USER_TEST3 "Failure creating SWIFT_USER_TEST3"
|
||||||
openstack role add --user $SWIFT_USER_TEST3 --project $SWIFT_TENANT_TEST1 $ANOTHER_ROLE
|
get_or_add_user_role $ANOTHER_ROLE $SWIFT_USER_TEST3 $SWIFT_TENANT_TEST1
|
||||||
|
|
||||||
SWIFT_TENANT_TEST2=$(openstack project create swifttenanttest2 | grep " id " | get_field 2)
|
SWIFT_TENANT_TEST2=$(get_or_create_project swifttenanttest2)
|
||||||
die_if_not_set $LINENO SWIFT_TENANT_TEST2 "Failure creating SWIFT_TENANT_TEST2"
|
die_if_not_set $LINENO SWIFT_TENANT_TEST2 "Failure creating SWIFT_TENANT_TEST2"
|
||||||
|
|
||||||
SWIFT_USER_TEST2=$(openstack user create swiftusertest2 --password=$SWIFTUSERTEST2_PASSWORD \
|
SWIFT_USER_TEST2=$(get_or_create_user swiftusertest2 $SWIFTUSERTEST2_PASSWORD \
|
||||||
--project "$SWIFT_TENANT_TEST2" --email=test2@example.com | grep " id " | get_field 2)
|
"$SWIFT_TENANT_TEST2" "test2@example.com")
|
||||||
die_if_not_set $LINENO SWIFT_USER_TEST2 "Failure creating SWIFT_USER_TEST2"
|
die_if_not_set $LINENO SWIFT_USER_TEST2 "Failure creating SWIFT_USER_TEST2"
|
||||||
openstack role add --user $SWIFT_USER_TEST2 --project $SWIFT_TENANT_TEST2 $ADMIN_ROLE
|
get_or_add_user_role $ADMIN_ROLE $SWIFT_USER_TEST2 $SWIFT_TENANT_TEST2
|
||||||
}
|
}
|
||||||
|
|
||||||
# init_swift() - Initialize rings
|
# init_swift() - Initialize rings
|
||||||
|
13
lib/tempest
13
lib/tempest
@ -397,16 +397,9 @@ function create_tempest_accounts {
|
|||||||
if is_service_enabled tempest; then
|
if is_service_enabled tempest; then
|
||||||
# Tempest has some tests that validate various authorization checks
|
# Tempest has some tests that validate various authorization checks
|
||||||
# between two regular users in separate tenants
|
# between two regular users in separate tenants
|
||||||
openstack project create \
|
get_or_create_project alt_demo
|
||||||
alt_demo
|
get_or_create_user alt_demo "$ADMIN_PASSWORD" alt_demo "alt_demo@example.com"
|
||||||
openstack user create \
|
get_or_add_user_role Member alt_demo alt_demo
|
||||||
--project alt_demo \
|
|
||||||
--password "$ADMIN_PASSWORD" \
|
|
||||||
alt_demo
|
|
||||||
openstack role add \
|
|
||||||
--project alt_demo \
|
|
||||||
--user alt_demo \
|
|
||||||
Member
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
34
lib/trove
34
lib/trove
@ -81,28 +81,20 @@ function create_trove_accounts {
|
|||||||
SERVICE_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
SERVICE_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
||||||
|
|
||||||
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
|
||||||
TROVE_USER=$(openstack user create \
|
|
||||||
trove \
|
TROVE_USER=$(get_or_create_user "trove" \
|
||||||
--password "$SERVICE_PASSWORD" \
|
"$SERVICE_PASSWORD" $SERVICE_TENANT "trove@example.com")
|
||||||
--project $SERVICE_TENANT \
|
get_or_add_user_role $SERVICE_ROLE $TROVE_USER $SERVICE_TENANT
|
||||||
--email trove@example.com \
|
|
||||||
| grep " id " | get_field 2)
|
|
||||||
openstack role add \
|
|
||||||
$SERVICE_ROLE \
|
|
||||||
--project $SERVICE_TENANT \
|
|
||||||
--user $TROVE_USER
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
TROVE_SERVICE=$(openstack service create \
|
|
||||||
trove \
|
TROVE_SERVICE=$(get_or_create_service "trove" \
|
||||||
--type=database \
|
"database" "Trove Service")
|
||||||
--description="Trove Service" \
|
get_or_create_endpoint $TROVE_SERVICE \
|
||||||
| grep " id " | get_field 2)
|
"$REGION_NAME" \
|
||||||
openstack endpoint create \
|
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
|
||||||
$TROVE_SERVICE \
|
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
|
||||||
--region RegionOne \
|
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
|
||||||
--publicurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
|
|
||||||
--adminurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
|
|
||||||
--internalurl "http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
6
openrc
6
openrc
@ -53,12 +53,16 @@ export OS_PASSWORD=${ADMIN_PASSWORD:-secrete}
|
|||||||
# easier with this off.
|
# easier with this off.
|
||||||
export OS_NO_CACHE=${OS_NO_CACHE:-1}
|
export OS_NO_CACHE=${OS_NO_CACHE:-1}
|
||||||
|
|
||||||
|
# Region
|
||||||
|
export OS_REGION_NAME=${REGION_NAME:-RegionOne}
|
||||||
|
|
||||||
# Set api HOST_IP endpoint. SERVICE_HOST may also be used to specify the endpoint,
|
# Set api HOST_IP endpoint. SERVICE_HOST may also be used to specify the endpoint,
|
||||||
# which is convenient for some localrc configurations.
|
# which is convenient for some localrc configurations.
|
||||||
HOST_IP=${HOST_IP:-127.0.0.1}
|
HOST_IP=${HOST_IP:-127.0.0.1}
|
||||||
SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
|
SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
|
||||||
SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
|
SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
|
||||||
KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
|
KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
|
||||||
|
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
|
||||||
|
|
||||||
# Some exercises call glance directly. On a single-node installation, Glance
|
# Some exercises call glance directly. On a single-node installation, Glance
|
||||||
# should be listening on HOST_IP. If its running elsewhere, it can be set here
|
# should be listening on HOST_IP. If its running elsewhere, it can be set here
|
||||||
@ -72,7 +76,7 @@ export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
|
|||||||
# the user/tenant has access to - including nova, glance, keystone, swift, ...
|
# the user/tenant has access to - including nova, glance, keystone, swift, ...
|
||||||
# We currently recommend using the 2.0 *identity api*.
|
# We currently recommend using the 2.0 *identity api*.
|
||||||
#
|
#
|
||||||
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:5000/v${OS_IDENTITY_API_VERSION}
|
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
|
||||||
|
|
||||||
# Set the pointer to our CA certificate chain. Harmless if TLS is not used.
|
# Set the pointer to our CA certificate chain. Harmless if TLS is not used.
|
||||||
export OS_CACERT=${OS_CACERT:-$INT_CA_DIR/ca-chain.pem}
|
export OS_CACERT=${OS_CACERT:-$INT_CA_DIR/ca-chain.pem}
|
||||||
|
6
stack.sh
6
stack.sh
@ -729,9 +729,11 @@ git_clone $OPENSTACKCLIENT_REPO $OPENSTACKCLIENT_DIR $OPENSTACKCLIENT_BRANCH
|
|||||||
setup_develop $OPENSTACKCLIENT_DIR
|
setup_develop $OPENSTACKCLIENT_DIR
|
||||||
|
|
||||||
if is_service_enabled key; then
|
if is_service_enabled key; then
|
||||||
|
if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
|
||||||
install_keystone
|
install_keystone
|
||||||
configure_keystone
|
configure_keystone
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if is_service_enabled s-proxy; then
|
if is_service_enabled s-proxy; then
|
||||||
install_swift
|
install_swift
|
||||||
@ -929,8 +931,11 @@ fi
|
|||||||
|
|
||||||
if is_service_enabled key; then
|
if is_service_enabled key; then
|
||||||
echo_summary "Starting Keystone"
|
echo_summary "Starting Keystone"
|
||||||
|
|
||||||
|
if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then
|
||||||
init_keystone
|
init_keystone
|
||||||
start_keystone
|
start_keystone
|
||||||
|
fi
|
||||||
|
|
||||||
# Set up a temporary admin URI for Keystone
|
# Set up a temporary admin URI for Keystone
|
||||||
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
|
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
|
||||||
@ -971,6 +976,7 @@ if is_service_enabled key; then
|
|||||||
export OS_TENANT_NAME=admin
|
export OS_TENANT_NAME=admin
|
||||||
export OS_USERNAME=admin
|
export OS_USERNAME=admin
|
||||||
export OS_PASSWORD=$ADMIN_PASSWORD
|
export OS_PASSWORD=$ADMIN_PASSWORD
|
||||||
|
export OS_REGION_NAME=$REGION_NAME
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
3
stackrc
3
stackrc
@ -19,6 +19,9 @@ else
|
|||||||
STACK_USER=$(whoami)
|
STACK_USER=$(whoami)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Specify region name Region
|
||||||
|
REGION_NAME=${REGION_NAME:-RegionOne}
|
||||||
|
|
||||||
# Specify which services to launch. These generally correspond to
|
# Specify which services to launch. These generally correspond to
|
||||||
# screen tabs. To change the default list, use the ``enable_service`` and
|
# screen tabs. To change the default list, use the ``enable_service`` and
|
||||||
# ``disable_service`` functions in ``local.conf``.
|
# ``disable_service`` functions in ``local.conf``.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user