1. devstack
  2. Commit 73778e5224a7e970ee8af2d81762a2b693600872
Browse code

Merge remote-tracking branch 'upstream/master'

Dean Troyer authored on 2011/09/30 09:03:10
Showing 4 changed files
files/keystone_data.sh
History View file @ 73778e5
... ... 
@@ -3,6 +3,7 @@ BIN_DIR=${BIN_DIR:-.}
3 3 
 # Tenants
4 4 
 $BIN_DIR/keystone-manage $* tenant add admin
5 5 
 $BIN_DIR/keystone-manage $* tenant add demo
6 
+$BIN_DIR/keystone-manage $* tenant add invisible_to_admin
6 7
7 8 
 # Users
8 9 
 $BIN_DIR/keystone-manage $* user add admin secrete
... ... 
@@ -13,43 +14,28 @@ $BIN_DIR/keystone-manage $* role add Admin
13 13 
 $BIN_DIR/keystone-manage $* role add Member
14 14 
 $BIN_DIR/keystone-manage $* role add KeystoneAdmin
15 15 
 $BIN_DIR/keystone-manage $* role add KeystoneServiceAdmin
16 
-$BIN_DIR/keystone-manage $* role grant Admin admin 1
17 
-$BIN_DIR/keystone-manage $* role grant Member demo 2
18 
-$BIN_DIR/keystone-manage $* role grant Admin admin 2
16 
+$BIN_DIR/keystone-manage $* role grant Admin admin admin
17 
+$BIN_DIR/keystone-manage $* role grant Member demo demo
18 
+$BIN_DIR/keystone-manage $* role grant Member demo invisible_to_admin
19 
+$BIN_DIR/keystone-manage $* role grant Admin admin demo
19 20 
 $BIN_DIR/keystone-manage $* role grant Admin admin
20 21 
 $BIN_DIR/keystone-manage $* role grant KeystoneAdmin admin
21 22 
 $BIN_DIR/keystone-manage $* role grant KeystoneServiceAdmin admin
22 23
23 24 
 # Services
24 
-$BIN_DIR/keystone-manage $* service add nova_compat nova_compat nova_compat
25 
-$BIN_DIR/keystone-manage $* service add compute compute compute
26 
-$BIN_DIR/keystone-manage $* service add glance glance glance
27 
-$BIN_DIR/keystone-manage $* service add identity identity identity
25 
+$BIN_DIR/keystone-manage $* service add nova compute "Nova Compute Service"
26 
+$BIN_DIR/keystone-manage $* service add glance image "Glance Image Service"
27 
+$BIN_DIR/keystone-manage $* service add keystone identity "Keystone Identity Service"
28 28
29 29 
 #endpointTemplates
30 
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 1 http://%HOST_IP%:8774/v1.0/ http://%HOST_IP%:8774/v1.0  http://%HOST_IP%:8774/v1.0 1 1
31 
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 2 http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id%  http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
32 
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 3 http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
33 
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 4 http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1
30 
+$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne nova http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id%  http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
31 
+$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
32 
+$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1
34 33 
 # $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
35 34
36 35 
 # Tokens
37 
-$BIN_DIR/keystone-manage $* token add 999888777666 1 1 2015-02-05T00:00
38 
-
39 
-#Tenant endpoints
40 
-$BIN_DIR/keystone-manage $* endpoint add 1 1
41 
-$BIN_DIR/keystone-manage $* endpoint add 1 2
42 
-$BIN_DIR/keystone-manage $* endpoint add 1 3
43 
-$BIN_DIR/keystone-manage $* endpoint add 1 4
44 
-$BIN_DIR/keystone-manage $* endpoint add 1 5
45 
-$BIN_DIR/keystone-manage $* endpoint add 1 6
46 
-
47 
-$BIN_DIR/keystone-manage $* endpoint add 2 1
48 
-$BIN_DIR/keystone-manage $* endpoint add 2 2
49 
-$BIN_DIR/keystone-manage $* endpoint add 2 3
50 
-$BIN_DIR/keystone-manage $* endpoint add 2 4
51 
-$BIN_DIR/keystone-manage $* endpoint add 2 5
52 
-$BIN_DIR/keystone-manage $* endpoint add 2 6
36 
+$BIN_DIR/keystone-manage $* token add 999888777666 admin admin 2015-02-05T00:00
53 37
38 
+# EC2 related creds
54 39 
 $BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials"
55 40 
 $BIN_DIR/keystone-manage $* credentials add demo EC2 'demo:demo' demo demo || echo "no support for adding credentials"
files/pips/keystone
History View file @ 73778e5
56 41 
new file mode 100644
... ... 
@@ -0,0 +1 @@
0 
+PassLib
stackrc
History View file @ 73778e5
... ... 
@@ -16,7 +16,7 @@ NOVNC_BRANCH=master
16 16
17 17 
 # django powered web control panel for openstack
18 18 
 DASH_REPO=https://github.com/cloudbuilders/openstack-dashboard.git
19 
-DASH_BRANCH=master
19 
+DASH_BRANCH=glance_type_image
20 20
21 21 
 # add nixon, will use this to show munin graphs in dashboard
22 22 
 NIXON_REPO=https://github.com/cloudbuilders/nixon.git
tools/install_openvpn.sh
History View file @ 73778e5
23 23 
new file mode 100644
... ... 
@@ -0,0 +1,154 @@
0 
+#!/bin/bash
1 
+# install_openvpn.sh - Install OpenVPN and generate required certificates
2 
+#
3 
+# install_openvpn.sh --client name
4 
+# install_openvpn.sh --server [name]
5 
+#
6 
+# name is used on the CN of the generated cert, and the filename of
7 
+# the configuration, certificate and key files.
8 
+#
9 
+# --server mode configures the host with a running OpenVPN server instance
10 
+# --client mode creates a tarball of a client configuration for this server
11 
+
12 
+# VPN Config
13 
+VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`}  # 50.56.12.212
14 
+VPN_PROTO=${VPN_PROTO:-tcp}
15 
+VPN_PORT=${VPN_PORT:-6081}
16 
+VPN_DEV=${VPN_DEV:-tun}
17 
+VPN_CLIENT_NET=${VPN_CLIENT_NET:-172.16.28.0}
18 
+VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-255.255.255.0}
19 
+VPN_LOCAL_NET=${VPN_LOCAL_NET:-10.0.0.0}
20 
+VPN_LOCAL_MASK=${VPN_LOCAL_MASK:-255.255.0.0}
21 
+
22 
+VPN_DIR=/etc/openvpn
23 
+CA_DIR=/etc/openvpn/easy-rsa
24 
+
25 
+usage() {
26 
+    echo "$0 - OpenVPN install and certificate generation"
27 
+    echo ""
28 
+    echo "$0 --client name"
29 
+    echo "$0 --server [name]"
30 
+    echo ""
31 
+    echo " --server mode configures the host with a running OpenVPN server instance"
32 
+    echo " --client mode creates a tarball of a client configuration for this server"
33 
+    exit 1
34 
+}
35 
+
36 
+if [ -z $1 ]; then
37 
+    usage
38 
+fi
39 
+
40 
+# Install OpenVPN
41 
+if [ ! -x `which openvpn` ]; then
42 
+    apt-get install -y openvpn bridge-utils
43 
+fi
44 
+if [ ! -d $CA_DIR ]; then
45 
+    cp -pR /usr/share/doc/openvpn/examples/easy-rsa/2.0/ $CA_DIR
46 
+fi
47 
+
48 
+OPWD=`pwd`
49 
+cd $CA_DIR
50 
+source ./vars
51 
+
52 
+# Override the defaults
53 
+export KEY_COUNTRY="US"
54 
+export KEY_PROVINCE="TX"
55 
+export KEY_CITY="SanAntonio"
56 
+export KEY_ORG="Cloudbuilders"
57 
+export KEY_EMAIL="rcb@lists.rackspace.com"
58 
+
59 
+if [ ! -r $CA_DIR/keys/dh1024.pem ]; then
60 
+    # Initialize a new CA
61 
+    $CA_DIR/clean-all
62 
+    $CA_DIR/build-dh
63 
+    $CA_DIR/pkitool --initca
64 
+    openvpn --genkey --secret $CA_DIR/keys/ta.key  ## Build a TLS key
65 
+fi
66 
+
67 
+do_server() {
68 
+    NAME=$1
69 
+    # Generate server certificate
70 
+    $CA_DIR/pkitool --server $NAME
71 
+
72 
+    (cd $CA_DIR/keys;
73 
+        cp $NAME.crt $NAME.key ca.crt dh1024.pem ta.key $VPN_DIR
74 
+    )
75 
+    cat >$VPN_DIR/$NAME.conf <<EOF
76 
+proto $VPN_PROTO
77 
+port $VPN_PORT
78 
+dev $VPN_DEV
79 
+cert $NAME.crt
80 
+key $NAME.key  # This file should be kept secret
81 
+ca ca.crt
82 
+dh dh1024.pem
83 
+duplicate-cn
84 
+server $VPN_CLIENT_NET $VPN_CLIENT_MASK
85 
+ifconfig-pool-persist ipp.txt
86 
+push "route $VPN_LOCAL_NET $VPN_LOCAL_MASK"
87 
+comp-lzo
88 
+user nobody
89 
+group nobody
90 
+persist-key
91 
+persist-tun
92 
+status openvpn-status.log
93 
+EOF
94 
+    /etc/init.d/openvpn restart
95 
+}
96 
+
97 
+do_client() {
98 
+    NAME=$1
99 
+    # Generate a client certificate
100 
+    $CA_DIR/pkitool $NAME
101 
+
102 
+    TMP_DIR=`mktemp -d`
103 
+    (cd $CA_DIR/keys;
104 
+        cp -p ca.crt ta.key $NAME.key $NAME.crt $TMP_DIR
105 
+    )
106 
+    if [ -r $VPN_DIR/hostname ]; then
107 
+        HOST=`cat $VPN_DIR/hostname`
108 
+    else
109 
+        HOST=`hostname`
110 
+    fi
111 
+    cat >$TMP_DIR/$HOST.conf <<EOF
112 
+proto $VPN_PROTO
113 
+port $VPN_PORT
114 
+dev $VPN_DEV
115 
+cert $NAME.crt
116 
+key $NAME.key  # This file should be kept secret
117 
+ca ca.crt
118 
+client
119 
+remote $VPN_SERVER $VPN_PORT
120 
+resolv-retry infinite
121 
+nobind
122 
+user nobody
123 
+group nobody
124 
+persist-key
125 
+persist-tun
126 
+comp-lzo
127 
+verb 3
128 
+EOF
129 
+    (cd $TMP_DIR; tar cf $OPWD/$NAME.tar *)
130 
+    rm -rf $TMP_DIR
131 
+    echo "Client certificate and configuration is in $OPWD/$NAME.tar"
132 
+}
133 
+
134 
+# Process command line args
135 
+case $1 in
136 
+    --client)   if [ -z $2 ]; then
137 
+                    usage
138 
+                fi
139 
+                do_client $2
140 
+                ;;
141 
+    --server)   if [ -z $2 ]; then
142 
+                    NAME=`hostname`
143 
+                else
144 
+                    NAME=$2
145 
+                    # Save for --client use
146 
+                    echo $NAME >$VPN_DIR/hostname
147 
+                fi
148 
+                do_server $NAME
149 
+                ;;
150 
+    --clean)    $CA_DIR/clean-all
151 
+                ;;
152 
+    *)          usage
153 
+esac