adding ec2 roles to keystone_init.sh. w/o those runinstances fails.

conf/templates/keystone/keystone_init.sh

@@ -64,6 +64,8 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
 ADMIN_ROLE=$(get_id keystone role-create --name=admin)
 KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
 KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
+SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
+NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
 # ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
 # TODO(sleepsonthefloor): show how this can be used for rbac in the future!
 ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)
@@ -78,6 +80,11 @@ keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_
 keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
 keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
 
+keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
+keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
+keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
+keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
+
 
 # The Member role is used by Horizon and Swift so we need to keep it:
 MEMBER_ROLE=$(get_id keystone role-create --name=Member)