0bd2410d46
* Remove credential creation from files/keystone_data.sh * Remove EC2 cert setup from openrc * Remove sourcing of ec2rc from stackrc * Collect the above in eucarc * Allow rc files to be sourced from other directories; based on Chmouel's 4881 proposal but is simpler and doesn't actually change the directory * Create S3 endpoint * Get EC2 and S3 endpoints from Keystone service catalog * Add EC2 credential checks to exercises/client-env.sh * exercises/bundle.sh and exercises/euca.sh use eucarc Updates: * remove readlink -f to stay bash 3 compatible * use service catalog * create S3 endpoint Fixes bug 949528 Change-Id: I58caea8cecbbd10661779bc2d150d241f4a5822e
136 lines
5.8 KiB
Bash
Executable File
136 lines
5.8 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Initial data for Keystone using python-keystoneclient
|
|
#
|
|
# Tenant User Roles
|
|
# -------------------------------------------------------
|
|
# admin admin admin
|
|
# service glance admin
|
|
# service nova admin
|
|
# service quantum admin # if enabled
|
|
# service swift admin # if enabled
|
|
# demo admin admin
|
|
# demo demo Member,sysadmin,netadmin
|
|
# invisible_to_admin demo Member
|
|
#
|
|
# Variables set before calling this script:
|
|
# SERVICE_TOKEN - aka admin_token in keystone.conf
|
|
# SERVICE_ENDPOINT - local Keystone admin endpoint
|
|
# SERVICE_TENANT_NAME - name of tenant containing service accounts
|
|
# ENABLED_SERVICES - stack.sh's list of services to start
|
|
# DEVSTACK_DIR - Top-level DevStack directory
|
|
|
|
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
|
|
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
|
|
export SERVICE_TOKEN=$SERVICE_TOKEN
|
|
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
|
|
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
|
|
|
|
function get_id () {
|
|
echo `$@ | awk '/ id / { print $4 }'`
|
|
}
|
|
|
|
# Tenants
|
|
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
|
|
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
|
|
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
|
|
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
|
|
|
|
|
|
# Users
|
|
ADMIN_USER=$(get_id keystone user-create --name=admin \
|
|
--pass="$ADMIN_PASSWORD" \
|
|
--email=admin@example.com)
|
|
DEMO_USER=$(get_id keystone user-create --name=demo \
|
|
--pass="$ADMIN_PASSWORD" \
|
|
--email=demo@example.com)
|
|
|
|
|
|
# Roles
|
|
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
|
|
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
|
|
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
|
|
SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
|
|
NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
|
|
|
|
|
|
# Add Roles to Users in Tenants
|
|
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
|
|
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
|
|
keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
|
|
keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
|
|
|
|
# TODO(termie): these two might be dubious
|
|
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
|
|
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
|
|
|
|
|
|
# The Member role is used by Horizon and Swift so we need to keep it:
|
|
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
|
|
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
|
|
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
|
|
|
|
|
|
# Services
|
|
keystone service-create --name=keystone \
|
|
--type=identity \
|
|
--description="Keystone Identity Service"
|
|
|
|
keystone service-create --name=nova \
|
|
--type=compute \
|
|
--description="Nova Compute Service"
|
|
NOVA_USER=$(get_id keystone user-create --name=nova \
|
|
--pass="$SERVICE_PASSWORD" \
|
|
--tenant_id $SERVICE_TENANT \
|
|
--email=nova@example.com)
|
|
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
|
--user $NOVA_USER \
|
|
--role $ADMIN_ROLE
|
|
|
|
keystone service-create --name=ec2 \
|
|
--type=ec2 \
|
|
--description="EC2 Compatibility Layer"
|
|
|
|
keystone service-create --name=glance \
|
|
--type=image \
|
|
--description="Glance Image Service"
|
|
GLANCE_USER=$(get_id keystone user-create --name=glance \
|
|
--pass="$SERVICE_PASSWORD" \
|
|
--tenant_id $SERVICE_TENANT \
|
|
--email=glance@example.com)
|
|
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
|
--user $GLANCE_USER \
|
|
--role $ADMIN_ROLE
|
|
|
|
if [[ "$ENABLED_SERVICES" =~ "n-vol" ]]; then
|
|
keystone service-create --name="nova-volume" \
|
|
--type=volume \
|
|
--description="Nova Volume Service"
|
|
fi
|
|
|
|
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
|
|
keystone service-create --name=swift \
|
|
--type="object-store" \
|
|
--description="Swift Service"
|
|
SWIFT_USER=$(get_id keystone user-create --name=swift \
|
|
--pass="$SERVICE_PASSWORD" \
|
|
--tenant_id $SERVICE_TENANT \
|
|
--email=swift@example.com)
|
|
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
|
--user $SWIFT_USER \
|
|
--role $ADMIN_ROLE
|
|
fi
|
|
|
|
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
|
|
keystone service-create --name=quantum \
|
|
--type=network \
|
|
--description="Quantum Service"
|
|
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
|
|
--pass="$SERVICE_PASSWORD" \
|
|
--tenant_id $SERVICE_TENANT \
|
|
--email=quantum@example.com)
|
|
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
|
--user $QUANTUM_USER \
|
|
--role $ADMIN_ROLE
|
|
fi
|