Browse code
Uses keystone client instead of keystone-manage
* Depends on https://review.openstack.org/#change,3948
* Depends on https://review.openstack.org/#change,3945
* Fixes bug 928558
Change-Id: I83c337e3b92a9ab0dac254afe83673185867b7b0
Vishvananda Ishaya authored on 2012/02/09 12:50:57Showing 3 changed files
| ... | ... |
@@ -1,112 +1,86 @@ |
| 1 | 1 |
#!/bin/bash |
| 2 |
-BIN_DIR=${BIN_DIR:-.}
|
|
| 3 | 2 |
# Tenants |
| 4 |
-ADMIN_TENANT=`$BIN_DIR/keystone-manage tenant --id-only create \ |
|
| 5 |
- tenant_name=admin` |
|
| 6 |
-DEMO_TENANT=`$BIN_DIR/keystone-manage tenant --id-only create \ |
|
| 7 |
- tenant_name=demo` |
|
| 8 |
-INVIS_TENANT=`$BIN_DIR/keystone-manage tenant --id-only create \ |
|
| 9 |
- tenant_name=invisible_to_admin` |
|
| 3 |
+export SERVICE_TOKEN=$SERVICE_TOKEN |
|
| 4 |
+export SERVICE_ENDPOINT=$SERVICE_ENDPOINT |
|
| 5 |
+ |
|
| 6 |
+function get_id () {
|
|
| 7 |
+ echo `$@ | grep id | awk '{print $4}'`
|
|
| 8 |
+} |
|
| 9 |
+ |
|
| 10 |
+ADMIN_TENANT=`get_id keystone tenant-create --name=admin` |
|
| 11 |
+DEMO_TENANT=`get_id keystone tenant-create --name=demo` |
|
| 12 |
+INVIS_TENANT=`get_id keystone tenant-create --name=invisible_to_admin` |
|
| 10 | 13 |
|
| 11 | 14 |
|
| 12 | 15 |
# Users |
| 13 |
-ADMIN_USER=`$BIN_DIR/keystone-manage user --id-only create \ |
|
| 14 |
- name=admin \ |
|
| 15 |
- "password=%ADMIN_PASSWORD%" \ |
|
| 16 |
- email=admin@example.com` |
|
| 17 |
-DEMO_USER=`$BIN_DIR/keystone-manage user --id-only create \ |
|
| 18 |
- name=demo \ |
|
| 19 |
- "password=%ADMIN_PASSWORD%" \ |
|
| 20 |
- email=demo@example.com` |
|
| 16 |
+ADMIN_USER=`get_id keystone user-create \ |
|
| 17 |
+ --name=admin \ |
|
| 18 |
+ --pass="$ADMIN_PASSWORD" \ |
|
| 19 |
+ --email=admin@example.com` |
|
| 20 |
+DEMO_USER=`get_id keystone user-create \ |
|
| 21 |
+ --name=demo \ |
|
| 22 |
+ --pass="$ADMIN_PASSWORD" \ |
|
| 23 |
+ --email=admin@example.com` |
|
| 21 | 24 |
|
| 22 | 25 |
# Roles |
| 23 |
-ADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ |
|
| 24 |
- name=admin` |
|
| 25 |
-MEMBER_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ |
|
| 26 |
- name=Member` |
|
| 27 |
-KEYSTONEADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ |
|
| 28 |
- name=KeystoneAdmin` |
|
| 29 |
-KEYSTONESERVICE_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ |
|
| 30 |
- name=KeystoneServiceAdmin` |
|
| 31 |
-SYSADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ |
|
| 32 |
- name=sysadmin` |
|
| 33 |
-NETADMIN_ROLE=`$BIN_DIR/keystone-manage role --id-only create \ |
|
| 34 |
- name=netadmin` |
|
| 26 |
+ADMIN_ROLE=`get_id keystone role-create --name=admin` |
|
| 27 |
+MEMBER_ROLE=`get_id keystone role-create --name=Member` |
|
| 28 |
+KEYSTONEADMIN_ROLE=`get_id keystone role-create --name=KeystoneAdmin` |
|
| 29 |
+KEYSTONESERVICE_ROLE=`get_id keystone role-create --name=KeystoneServiceAdmin` |
|
| 30 |
+SYSADMIN_ROLE=`get_id keystone role-create --name=sysadmin` |
|
| 31 |
+NETADMIN_ROLE=`get_id keystone role-create --name=netadmin` |
|
| 35 | 32 |
|
| 36 | 33 |
|
| 37 | 34 |
# Add Roles to Users in Tenants |
| 38 | 35 |
|
| 39 |
-$BIN_DIR/keystone-manage role add_user_role \ |
|
| 40 |
- role=$ADMIN_ROLE \ |
|
| 41 |
- user=$ADMIN_USER \ |
|
| 42 |
- tenant=$ADMIN_TENANT |
|
| 43 |
-$BIN_DIR/keystone-manage role add_user_role \ |
|
| 44 |
- role=$MEMBER_ROLE \ |
|
| 45 |
- user=$DEMO_USER \ |
|
| 46 |
- tenant=$DEMO_TENANT |
|
| 47 |
-$BIN_DIR/keystone-manage role add_user_role \ |
|
| 48 |
- role=$SYSADMIN_ROLE \ |
|
| 49 |
- user=$DEMO_USER \ |
|
| 50 |
- tenant=$DEMO_TENANT |
|
| 51 |
-$BIN_DIR/keystone-manage role add_user_role \ |
|
| 52 |
- role=$NETADMIN_ROLE \ |
|
| 53 |
- user=$DEMO_USER \ |
|
| 54 |
- tenant=$DEMO_TENANT |
|
| 55 |
-$BIN_DIR/keystone-manage role add_user_role \ |
|
| 56 |
- role=$MEMBER_ROLE \ |
|
| 57 |
- user=$DEMO_USER \ |
|
| 58 |
- tenant=$INVIS_TENANT |
|
| 59 |
-$BIN_DIR/keystone-manage role add_user_role \ |
|
| 60 |
- role=$ADMIN_ROLE \ |
|
| 61 |
- user=$ADMIN_USER \ |
|
| 62 |
- tenant=$DEMO_TENANT |
|
| 36 |
+keystone add-user-role $ADMIN_USER $ADMIN_ROLE $ADMIN_TENANT |
|
| 37 |
+keystone add-user-role $DEMO_USER $MEMBER_ROLE $DEMO_TENANT |
|
| 38 |
+keystone add-user-role $DEMO_USER $SYSADMIN_ROLE $DEMO_TENANT |
|
| 39 |
+keystone add-user-role $DEMO_USER $NETADMIN_ROLE $DEMO_TENANT |
|
| 40 |
+keystone add-user-role $DEMO_USER $MEMBER_ROLE $INVIS_TENANT |
|
| 41 |
+keystone add-user-role $ADMIN_USER $ADMIN_ROLE $DEMO_TENANT |
|
| 63 | 42 |
|
| 64 | 43 |
# TODO(termie): these two might be dubious |
| 65 |
-$BIN_DIR/keystone-manage role add_user_role \ |
|
| 66 |
- role=$KEYSTONEADMIN_ROLE \ |
|
| 67 |
- user=$ADMIN_USER \ |
|
| 68 |
- tenant=$ADMIN_TENANT |
|
| 69 |
-$BIN_DIR/keystone-manage role add_user_role \ |
|
| 70 |
- role=$KEYSTONESERVICE_ROLE \ |
|
| 71 |
- user=$ADMIN_USER \ |
|
| 72 |
- tenant=$ADMIN_TENANT |
|
| 44 |
+keystone add-user-role $ADMIN_USER $KEYSTONEADMIN_ROLE $ADMIN_TENANT |
|
| 45 |
+keystone add-user-role $ADMIN_USER $KEYSTONESERVICE_ROLE $ADMIN_TENANT |
|
| 73 | 46 |
|
| 74 | 47 |
# Services |
| 75 |
-$BIN_DIR/keystone-manage service create \ |
|
| 76 |
- name=nova \ |
|
| 77 |
- service_type=compute \ |
|
| 78 |
- "description=Nova Compute Service" |
|
| 79 |
- |
|
| 80 |
-$BIN_DIR/keystone-manage service create \ |
|
| 81 |
- name=ec2 \ |
|
| 82 |
- service_type=ec2 \ |
|
| 83 |
- "description=EC2 Compatibility Layer" |
|
| 84 |
- |
|
| 85 |
-$BIN_DIR/keystone-manage service create \ |
|
| 86 |
- name=glance \ |
|
| 87 |
- service_type=image \ |
|
| 88 |
- "description=Glance Image Service" |
|
| 89 |
- |
|
| 90 |
-$BIN_DIR/keystone-manage service create \ |
|
| 91 |
- name=keystone \ |
|
| 92 |
- service_type=identity \ |
|
| 93 |
- "description=Keystone Identity Service" |
|
| 48 |
+keystone service-create \ |
|
| 49 |
+ --name=nova \ |
|
| 50 |
+ --type=compute \ |
|
| 51 |
+ --description="Nova Compute Service" |
|
| 52 |
+ |
|
| 53 |
+keystone service-create \ |
|
| 54 |
+ --name=ec2 \ |
|
| 55 |
+ --type=ec2 \ |
|
| 56 |
+ --description="EC2 Compatibility Layer" |
|
| 57 |
+ |
|
| 58 |
+keystone service-create \ |
|
| 59 |
+ --name=glance \ |
|
| 60 |
+ --type=image \ |
|
| 61 |
+ --description="Glance Image Service" |
|
| 62 |
+ |
|
| 63 |
+keystone service-create \ |
|
| 64 |
+ --name=keystone \ |
|
| 65 |
+ --type=identity \ |
|
| 66 |
+ --description="Keystone Identity Service" |
|
| 94 | 67 |
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then |
| 95 |
- $BIN_DIR/keystone-manage service create \ |
|
| 96 |
- name=swift \ |
|
| 97 |
- service_type=object-store \ |
|
| 98 |
- "description=Swift Service" |
|
| 68 |
+ keystone service-create \ |
|
| 69 |
+ --name=swift \ |
|
| 70 |
+ --type="object-store" \ |
|
| 71 |
+ --description="Swift Service" |
|
| 99 | 72 |
fi |
| 100 | 73 |
|
| 101 | 74 |
# create ec2 creds and parse the secret and access key returned |
| 102 |
-RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$ADMIN_USER tenant_id=$ADMIN_TENANT` |
|
| 103 |
-ADMIN_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"` |
|
| 104 |
-ADMIN_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"` |
|
| 75 |
+RESULT=`keystone ec2-create-credentials --tenant_id=$ADMIN_TENANT --user_id=$ADMIN_USER` |
|
| 76 |
+ echo `$@ | grep id | awk '{print $4}'`
|
|
| 77 |
+ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
|
|
| 78 |
+ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
|
|
| 105 | 79 |
|
| 106 | 80 |
|
| 107 |
-RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$DEMO_USER tenant_id=$DEMO_TENANT` |
|
| 108 |
-DEMO_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"` |
|
| 109 |
-DEMO_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"` |
|
| 81 |
+RESULT=`keystone ec2-create-credentials --tenant_id=$DEMO_TENANT --user_id=$DEMO_USER` |
|
| 82 |
+DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
|
|
| 83 |
+DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
|
|
| 110 | 84 |
|
| 111 | 85 |
# write the secret and access to ec2rc |
| 112 | 86 |
cat > $DEVSTACK_DIR/ec2rc <<EOF |
| ... | ... |
@@ -115,37 +89,3 @@ ADMIN_SECRET=$ADMIN_SECRET |
| 115 | 115 |
DEMO_ACCESS=$DEMO_ACCESS |
| 116 | 116 |
DEMO_SECRET=$DEMO_SECRET |
| 117 | 117 |
EOF |
| 118 |
- |
|
| 119 |
- |
|
| 120 |
-#endpointTemplates |
|
| 121 |
-#$BIN_DIR/keystone-manage $* endpointTemplates add \ |
|
| 122 |
-# RegionOne nova |
|
| 123 |
-# http://%SERVICE_HOST%:8774/v1.1/%tenant_id% |
|
| 124 |
-# http://%SERVICE_HOST%:8774/v1.1/%tenant_id% |
|
| 125 |
-# http://%SERVICE_HOST%:8774/v1.1/%tenant_id% 1 1 |
|
| 126 |
-#$BIN_DIR/keystone-manage $* endpointTemplates add |
|
| 127 |
-# RegionOne ec2 |
|
| 128 |
-# http://%SERVICE_HOST%:8773/services/Cloud |
|
| 129 |
-# http://%SERVICE_HOST%:8773/services/Admin |
|
| 130 |
-# http://%SERVICE_HOST%:8773/services/Cloud 1 1 |
|
| 131 |
-#$BIN_DIR/keystone-manage $* endpointTemplates add |
|
| 132 |
-# RegionOne glance |
|
| 133 |
-# http://%SERVICE_HOST%:9292/v1 |
|
| 134 |
-# http://%SERVICE_HOST%:9292/v1 |
|
| 135 |
-# http://%SERVICE_HOST%:9292/v1 1 1 |
|
| 136 |
-#$BIN_DIR/keystone-manage $* endpointTemplates add |
|
| 137 |
-# RegionOne keystone |
|
| 138 |
-# http://%SERVICE_HOST%:5000/v2.0 |
|
| 139 |
-# http://%SERVICE_HOST%:35357/v2.0 |
|
| 140 |
-# http://%SERVICE_HOST%:5000/v2.0 1 1 |
|
| 141 |
-#if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then |
|
| 142 |
-# $BIN_DIR/keystone-manage $* endpointTemplates add |
|
| 143 |
-# RegionOne swift |
|
| 144 |
-# http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% |
|
| 145 |
-# http://%SERVICE_HOST%:8080/ |
|
| 146 |
-# http://%SERVICE_HOST%:8080/v1/AUTH_%tenant_id% 1 1 |
|
| 147 |
-#fi |
|
| 148 |
- |
|
| 149 |
-# Tokens |
|
| 150 |
-#$BIN_DIR/keystone-manage token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00 |
|
| 151 |
- |
| ... | ... |
@@ -42,7 +42,7 @@ export OS_PASSWORD=${NOVA_PASSWORD}
|
| 42 | 42 |
# |
| 43 | 43 |
# *NOTE*: Using the 2.0 *auth api* does not mean that compute api is 2.0. We |
| 44 | 44 |
# will use the 1.1 *compute api* |
| 45 |
-export NOVA_URL=${NOVA_URL:-http://$SERVICE_HOST:5000/v2.0/}
|
|
| 45 |
+export NOVA_URL=${NOVA_URL:-http://$SERVICE_HOST:5000/v2.0}
|
|
| 46 | 46 |
export OS_AUTH_URL=${NOVA_URL}
|
| 47 | 47 |
|
| 48 | 48 |
# Currently novaclient needs you to specify the *compute api* version. This |
| ... | ... |
@@ -1380,26 +1380,14 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then |
| 1380 | 1380 |
exit 1 |
| 1381 | 1381 |
fi |
| 1382 | 1382 |
|
| 1383 |
- # keystone_data.sh creates our admin user and our ``SERVICE_TOKEN``. |
|
| 1384 |
- KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh |
|
| 1385 |
- cp $FILES/keystone_data.sh $KEYSTONE_DATA |
|
| 1386 |
- sudo sed -e " |
|
| 1387 |
- s,%KEYSTONE_AUTH_HOST%,$KEYSTONE_AUTH_HOST,g; |
|
| 1388 |
- s,%KEYSTONE_AUTH_PORT%,$KEYSTONE_AUTH_PORT,g; |
|
| 1389 |
- s,%KEYSTONE_AUTH_PROTOCOL%,$KEYSTONE_AUTH_PROTOCOL,g; |
|
| 1390 |
- s,%KEYSTONE_SERVICE_HOST%,$KEYSTONE_SERVICE_HOST,g; |
|
| 1391 |
- s,%KEYSTONE_SERVICE_PORT%,$KEYSTONE_SERVICE_PORT,g; |
|
| 1392 |
- s,%KEYSTONE_SERVICE_PROTOCOL%,$KEYSTONE_SERVICE_PROTOCOL,g; |
|
| 1393 |
- s,%SERVICE_HOST%,$SERVICE_HOST,g; |
|
| 1394 |
- s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g; |
|
| 1395 |
- s,%ADMIN_PASSWORD%,$ADMIN_PASSWORD,g; |
|
| 1396 |
- " -i $KEYSTONE_DATA |
|
| 1397 |
- |
|
| 1398 | 1383 |
# initialize keystone with default users/endpoints |
| 1399 | 1384 |
pushd $KEYSTONE_DIR |
| 1400 | 1385 |
$KEYSTONE_DIR/bin/keystone-manage db_sync |
| 1401 |
- DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA |
|
| 1402 | 1386 |
popd |
| 1387 |
+ |
|
| 1388 |
+ # keystone_data.sh creates services, admin and demo users, and roles. |
|
| 1389 |
+ SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0 |
|
| 1390 |
+ ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES bash $FILES/keystone_data.sh |
|
| 1403 | 1391 |
fi |
| 1404 | 1392 |
|
| 1405 | 1393 |
|