Bringing into sync with devstack v1
This commit is contained in:
Joshua Harlow
parent
6e4382cb42
commit
e19e7de6f4
@ -1,4 +1,4 @@
|
||||
#From commit b32c876ed5e66c8971c8126432c1ae957301eb08 of devstack.sh repo.
|
||||
#From commit 770cec73146596c686405492e523fbe8861f36f7 of devstack.sh repo.
|
||||
#
|
||||
#With adjustments to make OPENSTACK_HOST a param
|
||||
|
||||
@ -44,6 +44,12 @@ HORIZON_CONFIG = {
|
||||
'user_home': 'openstack_dashboard.views.user_home',
|
||||
}
|
||||
|
||||
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
|
||||
OPENSTACK_KEYSTONE_BACKEND = {
|
||||
'name': 'native',
|
||||
'can_edit_user': True
|
||||
}
|
||||
|
||||
OPENSTACK_HOST = "%OPENSTACK_HOST%"
|
||||
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
|
||||
# FIXME: this is only needed until keystone fixes its GET /tenants call
|
||||
|
||||
@ -1,40 +1,40 @@
|
||||
# From devstack commit 5f9473e8b9bdc15f42db597d5d1e766b760f764e with no modifications
|
||||
# From devstack commit 06a09d0c33f0626379cad377b4ffa20fcda54858 with no modifications
|
||||
|
||||
# config for TemplatedCatalog, using camelCase because I don't want to do
|
||||
# translations for legacy compat
|
||||
catalog.RegionOne.identity.publicURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.adminURL = http://%SERVICE_HOST%:$(admin_port)s/v2.0
|
||||
catalog.RegionOne.identity.internalURL = http://%SERVICE_HOST%:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.name = 'Identity Service'
|
||||
catalog.RegionOne.identity.name = Identity Service
|
||||
|
||||
|
||||
catalog.RegionOne.compute.publicURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
|
||||
catalog.RegionOne.compute.adminURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
|
||||
catalog.RegionOne.compute.internalURL = http://%SERVICE_HOST%:8774/v2/$(tenant_id)s
|
||||
catalog.RegionOne.compute.name = 'Compute Service'
|
||||
catalog.RegionOne.compute.name = Compute Service
|
||||
|
||||
|
||||
catalog.RegionOne.volume.publicURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
|
||||
catalog.RegionOne.volume.adminURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
|
||||
catalog.RegionOne.volume.internalURL = http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
|
||||
catalog.RegionOne.volume.name = 'Volume Service'
|
||||
catalog.RegionOne.volume.name = Volume Service
|
||||
|
||||
|
||||
catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/services/Cloud
|
||||
catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/services/Admin
|
||||
catalog.RegionOne.ec2.internalURL = http://%SERVICE_HOST%:8773/services/Cloud
|
||||
catalog.RegionOne.ec2.name = 'EC2 Service'
|
||||
catalog.RegionOne.ec2.name = EC2 Service
|
||||
|
||||
|
||||
catalog.RegionOne.s3.publicURL = http://%SERVICE_HOST%:3333
|
||||
catalog.RegionOne.s3.adminURL = http://%SERVICE_HOST%:3333
|
||||
catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:3333
|
||||
catalog.RegionOne.s3.name = 'S3 Service'
|
||||
catalog.RegionOne.s3.name = S3 Service
|
||||
|
||||
|
||||
catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1
|
||||
catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1
|
||||
catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1
|
||||
catalog.RegionOne.image.name = 'Image Service'
|
||||
catalog.RegionOne.image.name = Image Service
|
||||
|
||||
# More might be added in (in code)
|
||||
|
||||
@ -1,13 +1,10 @@
|
||||
#!/bin/bash
|
||||
|
||||
# From devstack commit c4849e7f8f40f522541d8e1e03771edf942d851e with modifications
|
||||
# From devstack.sh commit edf59ca44331106ba895eee78ae1d8602764eb4c
|
||||
|
||||
#
|
||||
# Initial data for Keystone using python-keystoneclient
|
||||
#
|
||||
# A set of EC2-compatible credentials is created for both admin and demo
|
||||
# users and placed in $DEVSTACK_DIR/ec2rc.
|
||||
#
|
||||
# Tenant User Roles
|
||||
# -------------------------------------------------------
|
||||
# admin admin admin
|
||||
@ -20,11 +17,10 @@
|
||||
# invisible_to_admin demo Member
|
||||
#
|
||||
# Variables set before calling this script:
|
||||
#
|
||||
# SERVICE_TOKEN - aka admin_token in keystone.conf
|
||||
# AUTH_ENDPOINT - local Keystone admin endpoint
|
||||
# SERVICE_ENDPOINT - local Keystone admin endpoint
|
||||
# SERVICE_TENANT_NAME - name of tenant containing service accounts
|
||||
# ENABLED_SERVICES - devstack's list of services being activated
|
||||
# ENABLED_SERVICES - stack.sh's list of services to start
|
||||
|
||||
set -e
|
||||
|
||||
@ -54,6 +50,7 @@ SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
|
||||
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
|
||||
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
|
||||
|
||||
|
||||
# Users
|
||||
ADMIN_USER=$(get_id keystone user-create --name=admin \
|
||||
--pass="$ADMIN_PASSWORD" \
|
||||
@ -62,6 +59,7 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
|
||||
--pass="$ADMIN_PASSWORD" \
|
||||
--email=demo@example.com)
|
||||
|
||||
|
||||
# Roles
|
||||
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
|
||||
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
|
||||
@ -69,77 +67,57 @@ KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
|
||||
SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
|
||||
NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
|
||||
|
||||
|
||||
# Add Roles to Users in Tenants
|
||||
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT 2>&1 >/dev/null
|
||||
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
|
||||
keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
|
||||
keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
|
||||
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
|
||||
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
|
||||
keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
|
||||
keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
|
||||
|
||||
# TODO(termie): these two might be dubious
|
||||
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT 2>&1 >/dev/null
|
||||
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT 2>&1 >/dev/null
|
||||
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
|
||||
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
|
||||
|
||||
|
||||
# The Member role is used by Horizon and Swift so we need to keep it:
|
||||
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
|
||||
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT 2>&1 >/dev/null
|
||||
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT 2>&1 >/dev/null
|
||||
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
|
||||
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
|
||||
|
||||
# Services
|
||||
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" 2>&1 >/dev/null
|
||||
|
||||
keystone service-create --name=nova --type=compute --description="Nova Compute Service" 2>&1 >/dev/null
|
||||
# Configure service users/roles
|
||||
NOVA_USER=$(get_id keystone user-create --name=nova \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant_id $SERVICE_TENANT \
|
||||
--email=nova@example.com)
|
||||
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
||||
--user $NOVA_USER \
|
||||
--role $ADMIN_ROLE
|
||||
|
||||
NOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" \
|
||||
--tenant_id $SERVICE_TENANT --email=nova@example.com)
|
||||
|
||||
keystone user-role-add --tenant_id $SERVICE_TENANT --user $NOVA_USER --role $ADMIN_ROLE 2>&1 >/dev/null
|
||||
|
||||
keystone service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer" 2>&1 >/dev/null
|
||||
|
||||
keystone service-create --name=glance --type=image --description="Glance Image Service" 2>&1 >/dev/null
|
||||
|
||||
GLANCE_USER=$(get_id keystone user-create --name=glance --pass="$SERVICE_PASSWORD" \
|
||||
--tenant_id $SERVICE_TENANT --email=glance@example.com)
|
||||
|
||||
keystone user-role-add --tenant_id $SERVICE_TENANT --user $GLANCE_USER --role $ADMIN_ROLE 2>&1 >/dev/null
|
||||
|
||||
keystone service-create --name="nova-volume" --type=volume --description="Nova Volume Service" 2>&1 >/dev/null
|
||||
GLANCE_USER=$(get_id keystone user-create --name=glance \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant_id $SERVICE_TENANT \
|
||||
--email=glance@example.com)
|
||||
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
||||
--user $GLANCE_USER \
|
||||
--role $ADMIN_ROLE
|
||||
|
||||
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
|
||||
keystone service-create --name=swift --type="object-store" --description="Swift Service" 2>&1 >/dev/null
|
||||
SWIFT_USER=$(get_id keystone user-create --name=swift \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant_id $SERVICE_TENANT \
|
||||
--email=swift@example.com)
|
||||
keystone user-role-add --tenant_id $SERVICE_TENANT --user $SWIFT_USER --role $ADMIN_ROLE 2>&1 >/dev/null
|
||||
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
||||
--user $SWIFT_USER \
|
||||
--role $ADMIN_ROLE
|
||||
fi
|
||||
|
||||
if [[ "$ENABLED_SERVICES" =~ "quantum-server" ]]; then
|
||||
keystone service-create --name=quantum --type=network --description="Quantum Service" 2>&1 >/dev/null
|
||||
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
|
||||
--pass="$SERVICE_PASSWORD" \
|
||||
--tenant_id $SERVICE_TENANT \
|
||||
--email=quantum@example.com)
|
||||
keystone user-role-add --tenant_id $SERVICE_TENANT --user $QUANTUM_USER --role $ADMIN_ROLE 2>&1 >/dev/null
|
||||
keystone user-role-add --tenant_id $SERVICE_TENANT \
|
||||
--user $QUANTUM_USER \
|
||||
--role $ADMIN_ROLE
|
||||
fi
|
||||
|
||||
# create ec2 creds and parse the secret and access key returned
|
||||
RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER)
|
||||
ADMIN_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
|
||||
ADMIN_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
|
||||
|
||||
RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER)
|
||||
DEMO_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
|
||||
DEMO_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
|
||||
|
||||
cat <<EOF
|
||||
# EC2 access variables (ie for euca tools...)
|
||||
export EC2_ACCESS_KEY=$DEMO_ACCESS
|
||||
export EC2_SECRET_KEY=$DEMO_SECRET
|
||||
|
||||
# Not really EC2 but useful for knowing...
|
||||
export ADMIN_SECRET=$ADMIN_SECRET
|
||||
export ADMIN_ACCESS=$ADMIN_ACCESS
|
||||
export DEMO_ACCESS=$DEMO_ACCESS
|
||||
export DEMO_SECRET=$DEMO_SECRET
|
||||
EOF
|
||||
|
||||
@ -230,9 +230,7 @@ class KeystoneRuntime(comp.PythonRuntime):
|
||||
env['BIN_DIR'] = self.bindir
|
||||
setup_cmd = MANAGE_CMD_ROOT + [tgt_fn]
|
||||
LOG.info("Running (%s) command to initialize keystone." % (" ".join(setup_cmd)))
|
||||
(sysout, _) = sh.execute(*setup_cmd, env_overrides=env, run_as_root=False)
|
||||
if sysout:
|
||||
sh.write_file(sh.abspth(settings.EC2RC_FN), sysout.strip())
|
||||
sh.execute(*setup_cmd, env_overrides=env, run_as_root=False)
|
||||
LOG.debug("Removing (%s) file since we successfully initialized keystone." % (tgt_fn))
|
||||
sh.unlink(tgt_fn)
|
||||
|
||||
|
||||
@ -211,19 +211,13 @@ alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_
|
||||
lines.append('# External includes stuff')
|
||||
extern_tpl = """
|
||||
|
||||
# Use stored ec2 env variables
|
||||
if [ -f "{ec2rc_fn}" ]; then
|
||||
source "{ec2rc_fn}"
|
||||
fi
|
||||
|
||||
# Allow local overrides of env variables
|
||||
if [ -f "{localrc_fn}" ]; then
|
||||
source "{localrc_fn}"
|
||||
fi
|
||||
|
||||
"""
|
||||
extern_inc = extern_tpl.format(ec2rc_fn=sh.abspth(settings.EC2RC_FN),
|
||||
localrc_fn=sh.abspth(settings.LOCALRC_FN))
|
||||
extern_inc = extern_tpl.format(localrc_fn=sh.abspth(settings.LOCALRC_FN))
|
||||
lines.append(extern_inc.strip())
|
||||
lines.append("")
|
||||
return lines
|
||||
|
||||
@ -110,7 +110,6 @@ COMPONENT_CONFIG_DIR = "config"
|
||||
|
||||
# RC files generated / used
|
||||
RC_FN_TEMPL = "os-%s.rc"
|
||||
EC2RC_FN = RC_FN_TEMPL % ('ec2')
|
||||
LOCALRC_FN = RC_FN_TEMPL % ('local')
|
||||
OSRC_FN = RC_FN_TEMPL % ('core')
|
||||
|
||||
|
||||
42
tools/os-euca.sh
Executable file
42
tools/os-euca.sh
Executable file
@ -0,0 +1,42 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# From devstack.sh commit 0bd2410d469f11934b5965d83b57d56418e66b48
|
||||
|
||||
# Create EC2 credentials for the current user as defined by OS_TENANT_NAME:OS_USERNAME
|
||||
#
|
||||
# Optionally set the tenant/username via openrc
|
||||
|
||||
if [[ -n "$1" ]]; then
|
||||
USERNAME=$1
|
||||
fi
|
||||
|
||||
if [[ -n "$2" ]]; then
|
||||
TENANT=$2
|
||||
fi
|
||||
|
||||
# Find the other rc files
|
||||
RC_DIR=../
|
||||
CORE_RC="os-core.rc"
|
||||
|
||||
# Get user configuration
|
||||
source $RC_DIR/$CORE_RC
|
||||
|
||||
# Set the ec2 url so euca2ools works
|
||||
export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
|
||||
|
||||
# Create EC2 credentials for the current user
|
||||
CREDS=$(keystone ec2-credentials-create)
|
||||
export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
|
||||
export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
|
||||
|
||||
# Euca2ools Certificate stuff for uploading bundles
|
||||
NOVA_KEY_DIR=${NOVA_KEY_DIR:-$RC_DIR}
|
||||
export S3_URL=$(keystone catalog --service s3 | awk '/ publicURL / { print $4 }')
|
||||
export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
|
||||
export EC2_PRIVATE_KEY=${NOVA_KEY_DIR}/pk.pem
|
||||
export EC2_CERT=${NOVA_KEY_DIR}/cert.pem
|
||||
export NOVA_CERT=${NOVA_KEY_DIR}/cacert.pem
|
||||
export EUCALYPTUS_CERT=${NOVA_CERT} # euca-bundle-image seems to require this set
|
||||
alias ec2-bundle-image="ec2-bundle-image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user ${EC2_USER_ID} --ec2cert ${NOVA_CERT}"
|
||||
alias ec2-upload-bundle="ec2-upload-bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user