Browse code
Finish configuring ceilometer authentication
Copy the policy.json file for ceilometer into place
and configure the API service to find it.
Create a service user for ceilometer when the service
is enabled.
Use the service user for the admin_user and admin_password
in the ceilometer config file so the middleware can
verify tokens.
Change-Id: I39be13da0c86704d35e0ce3dc3d27fd38d787058
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>
Doug Hellmann authored on 2012/11/02 05:23:52Showing 2 changed files
| ... | ... |
@@ -2,18 +2,19 @@ |
| 2 | 2 |
# |
| 3 | 3 |
# Initial data for Keystone using python-keystoneclient |
| 4 | 4 |
# |
| 5 |
-# Tenant User Roles |
|
| 5 |
+# Tenant User Roles |
|
| 6 | 6 |
# ------------------------------------------------------------------ |
| 7 |
-# admin admin admin |
|
| 8 |
-# service glance admin |
|
| 9 |
-# service nova admin, [ResellerAdmin (swift only)] |
|
| 10 |
-# service quantum admin # if enabled |
|
| 11 |
-# service swift admin # if enabled |
|
| 12 |
-# service cinder admin # if enabled |
|
| 13 |
-# service heat admin # if enabled |
|
| 14 |
-# demo admin admin |
|
| 15 |
-# demo demo Member, anotherrole |
|
| 16 |
-# invisible_to_admin demo Member |
|
| 7 |
+# admin admin admin |
|
| 8 |
+# service glance admin |
|
| 9 |
+# service nova admin, [ResellerAdmin (swift only)] |
|
| 10 |
+# service quantum admin # if enabled |
|
| 11 |
+# service swift admin # if enabled |
|
| 12 |
+# service cinder admin # if enabled |
|
| 13 |
+# service heat admin # if enabled |
|
| 14 |
+# service ceilometer admin # if enabled |
|
| 15 |
+# demo admin admin |
|
| 16 |
+# demo demo Member, anotherrole |
|
| 17 |
+# invisible_to_admin demo Member |
|
| 17 | 18 |
# Tempest Only: |
| 18 | 19 |
# alt_demo alt_demo Member |
| 19 | 20 |
# |
| ... | ... |
@@ -262,7 +263,14 @@ if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then |
| 262 | 262 |
fi |
| 263 | 263 |
fi |
| 264 | 264 |
|
| 265 |
-if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then |
|
| 265 |
+if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then |
|
| 266 |
+ CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \ |
|
| 267 |
+ --pass="$SERVICE_PASSWORD" \ |
|
| 268 |
+ --tenant_id $SERVICE_TENANT \ |
|
| 269 |
+ --email=ceilometer@example.com) |
|
| 270 |
+ keystone user-role-add --tenant_id $SERVICE_TENANT \ |
|
| 271 |
+ --user_id $CEILOMETER_USER \ |
|
| 272 |
+ --role_id $ADMIN_ROLE |
|
| 266 | 273 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| 267 | 274 |
CEILOMETER_SERVICE=$(get_id keystone service-create \ |
| 268 | 275 |
--name=ceilometer \ |
| ... | ... |
@@ -345,4 +353,3 @@ if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then |
| 345 | 345 |
--internalurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s" |
| 346 | 346 |
fi |
| 347 | 347 |
fi |
| 348 |
- |
| ... | ... |
@@ -6,8 +6,9 @@ |
| 6 | 6 |
|
| 7 | 7 |
# Dependencies: |
| 8 | 8 |
# - functions |
| 9 |
-# - OS_USERNAME, OS_PASSWORD, OS_TENANT_NAME, OS_AUTH_URL set for admin credentials |
|
| 9 |
+# - OS_AUTH_URL for auth in api |
|
| 10 | 10 |
# - DEST set to the destination directory |
| 11 |
+# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api |
|
| 11 | 12 |
|
| 12 | 13 |
# stack.sh |
| 13 | 14 |
# --------- |
| ... | ... |
@@ -61,7 +62,15 @@ function configure_ceilometer() {
|
| 61 | 61 |
iniset $CEILOMETER_CONF DEFAULT rabbit_password $RABBIT_PASSWORD |
| 62 | 62 |
iniset $CEILOMETER_CONF DEFAULT sql_connection $BASE_SQL_CONN/nova?charset=utf8 |
| 63 | 63 |
|
| 64 |
+ # Install the policy file for the API server |
|
| 65 |
+ cp $CEILOMETER_DIR/etc/ceilometer/policy.json $CEILOMETER_CONF_DIR |
|
| 66 |
+ iniset $CEILOMETER_CONF DEFAULT policy_file $CEILOMETER_CONF_DIR/policy.json |
|
| 67 |
+ |
|
| 64 | 68 |
iniset $CEILOMETER_CONF keystone_authtoken auth_protocol http |
| 69 |
+ iniset $CEILOMETER_CONF keystone_authtoken admin_user ceilometer |
|
| 70 |
+ iniset $CEILOMETER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD |
|
| 71 |
+ iniset $CEILOMETER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
| 72 |
+ |
|
| 65 | 73 |
cleanup_ceilometer |
| 66 | 74 |
} |
| 67 | 75 |
|
| ... | ... |
@@ -73,7 +82,7 @@ function install_ceilometer() {
|
| 73 | 73 |
# start_ceilometer() - Start running processes, including screen |
| 74 | 74 |
function start_ceilometer() {
|
| 75 | 75 |
screen_it ceilometer-acompute "cd $CEILOMETER_DIR && sg libvirtd \"$CEILOMETER_BIN_DIR/ceilometer-agent-compute --config-file $CEILOMETER_CONF\"" |
| 76 |
- screen_it ceilometer-acentral "export OS_USERNAME=$OS_USERNAME OS_PASSWORD=$OS_PASSWORD OS_TENANT_NAME=$OS_TENANT_NAME OS_AUTH_URL=$OS_AUTH_URL && cd $CEILOMETER_DIR && $CEILOMETER_BIN_DIR/ceilometer-agent-central --config-file $CEILOMETER_CONF" |
|
| 76 |
+ screen_it ceilometer-acentral "export OS_USERNAME=ceilometer OS_PASSWORD=$SERVICE_PASSWORD OS_TENANT_NAME=$SERVICE_TENANT_NAME OS_AUTH_URL=$OS_AUTH_URL && cd $CEILOMETER_DIR && $CEILOMETER_BIN_DIR/ceilometer-agent-central --config-file $CEILOMETER_CONF" |
|
| 77 | 77 |
screen_it ceilometer-collector "cd $CEILOMETER_DIR && $CEILOMETER_BIN_DIR/ceilometer-collector --config-file $CEILOMETER_CONF" |
| 78 | 78 |
screen_it ceilometer-api "cd $CEILOMETER_DIR && $CEILOMETER_BIN_DIR/ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF" |
| 79 | 79 |
} |