summaryrefslogtreecommitdiffstats
path: root/tools/sample_data.sh
diff options
context:
space:
mode:
authorDavid Höppner <0xffea@gmail.com>2013-02-18 19:07:36 +0100
committerDavid Höppner <0xffea@gmail.com>2013-02-18 21:34:31 +0100
commitd6f7cbc484868bdec3eeb9d4b0f45b10ce536e79 (patch)
treef83085d3b22ca24938e2e3efa2a366cdace85214 /tools/sample_data.sh
parentb1bfca2501ad11a861c9064b97b7fa06fc6d958e (diff)
downloadkeystone-d6f7cbc484868bdec3eeb9d4b0f45b10ce536e79.tar.gz
keystone-d6f7cbc484868bdec3eeb9d4b0f45b10ce536e79.tar.xz
keystone-d6f7cbc484868bdec3eeb9d4b0f45b10ce536e79.zip
Update sample_data.sh to match docs
Confirm more with the "OpenStack Install and Deploy Manual." Change-Id: I46ab7e8e5ccdf389cbc60fee84c063f289155781 Fixes: bug #1073291
Diffstat (limited to 'tools/sample_data.sh')
-rwxr-xr-xtools/sample_data.sh264
1 files changed, 108 insertions, 156 deletions
diff --git a/tools/sample_data.sh b/tools/sample_data.sh
index 7262c8da..08a1dba5 100755
--- a/tools/sample_data.sh
+++ b/tools/sample_data.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
-# Copyright 2012 OpenStack LLC
+# Copyright 2013 OpenStack LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
@@ -23,31 +23,19 @@
# and the administrative API. It will get the admin_token (SERVICE_TOKEN)
# and admin_port from keystone.conf if available.
#
-# There are two environment variables to set passwords that should be set
-# prior to running this script. Warnings will appear if they are unset.
-# * ADMIN_PASSWORD is used to set the password for the admin and demo accounts.
-# * SERVICE_PASSWORD is used to set the password for the service accounts.
+# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
+# Use this with the Catalog Templated backend.
#
-# Enable the Swift and Quantum accounts by setting ENABLE_SWIFT and/or
-# ENABLE_QUANTUM environment variables.
-#
-# Enable creation of endpoints by setting ENABLE_ENDPOINTS environment variable.
-# Works with Catalog SQL backend. Do not use with Catalog Templated backend
-# (default).
-#
-# A set of EC2-compatible credentials is created for both admin and demo
-# users and placed in etc/ec2rc.
+# A EC2-compatible credential is created for the admin user and
+# placed in etc/ec2rc.
#
# Tenant User Roles
# -------------------------------------------------------
-# admin admin admin
+# demo admin admin
# service glance admin
# service nova admin
-# service quantum admin # if enabled
-# service swift admin # if enabled
-# demo admin admin
-# demo demo Member,sysadmin,netadmin
-# invisible_to_admin demo Member
+# service ec2 admin
+# service swift admin
CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
@@ -66,18 +54,6 @@ else
EC2RC="ec2rc"
fi
-# Please set these, they are ONLY SAMPLE PASSWORDS!
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
-if [[ "$ADMIN_PASSWORD" == "secrete" ]]; then
- echo "The default admin password has been detected. Please consider"
- echo "setting an actual password in environment variable ADMIN_PASSWORD"
-fi
-SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
-if [[ "$SERVICE_PASSWORD" == "$ADMIN_PASSWORD" ]]; then
- echo "The default service password has been detected. Please consider"
- echo "setting an actual password in environment variable SERVICE_PASSWORD"
-fi
-
# Extract some info from Keystone's configuration file
if [[ -r "$KEYSTONE_CONF" ]]; then
CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
@@ -97,173 +73,149 @@ function get_id () {
echo `"$@" | grep ' id ' | awk '{print $4}'`
}
+#
+# Default tenant
+#
+DEMO_TENANT=$(get_id keystone tenant-create --name=demo \
+ --description "Default Tenant")
-# Tenants
-ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
-SERVICE_TENANT=$(get_id keystone tenant-create --name=service)
-DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
-INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
-
-
-# Users
ADMIN_USER=$(get_id keystone user-create --name=admin \
- --pass="$ADMIN_PASSWORD" \
- --email=admin@example.com)
-DEMO_USER=$(get_id keystone user-create --name=demo \
- --pass="$ADMIN_PASSWORD" \
- --email=admin@example.com)
+ --pass=secrete)
-
-# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
-MEMBER_ROLE=$(get_id keystone role-create --name=Member)
-KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
-KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
-SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
-NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
+keystone user-role-add --user-id $ADMIN_USER \
+ --role-id $ADMIN_ROLE \
+ --tenant-id $DEMO_TENANT
-# Add Roles to Users in Tenants
-keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
-keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $DEMO_TENANT
-keystone user-role-add --user-id $DEMO_USER --role-id $SYSADMIN_ROLE --tenant-id $DEMO_TENANT
-keystone user-role-add --user-id $DEMO_USER --role-id $NETADMIN_ROLE --tenant-id $DEMO_TENANT
-keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $INVIS_TENANT
-keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $DEMO_TENANT
+#
+# Service tenant
+#
+SERVICE_TENANT=$(get_id keystone tenant-create --name=service \
+ --description "Service Tenant")
-# TODO(termie): these two might be dubious
-keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT
-keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT
+GLANCE_USER=$(get_id keystone user-create --name=glance \
+ --pass=glance)
+keystone user-role-add --user-id $GLANCE_USER \
+ --role-id $ADMIN_ROLE \
+ --tenant-id $SERVICE_TENANT
-# Services
-NOVA_SERVICE=$(get_id \
-keystone service-create --name=nova \
- --type=compute \
- --description="Nova Compute Service")
NOVA_USER=$(get_id keystone user-create --name=nova \
- --pass="$SERVICE_PASSWORD" \
- --tenant-id $SERVICE_TENANT \
- --email=nova@example.com)
-keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $NOVA_USER \
- --role-id $ADMIN_ROLE
-if [[ -n "$ENABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"
-fi
+ --pass=nova \
+ --tenant-id $SERVICE_TENANT)
-EC2_SERVICE=$(get_id \
-keystone service-create --name=ec2 \
- --type=ec2 \
- --description="EC2 Compatibility Layer")
-if [[ -n "$ENABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
-fi
+keystone user-role-add --user-id $NOVA_USER \
+ --role-id $ADMIN_ROLE \
+ --tenant-id $SERVICE_TENANT
-GLANCE_SERVICE=$(get_id \
-keystone service-create --name=glance \
- --type=image \
- --description="Glance Image Service")
-GLANCE_USER=$(get_id keystone user-create --name=glance \
- --pass="$SERVICE_PASSWORD" \
- --tenant-id $SERVICE_TENANT \
- --email=glance@example.com)
-keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $GLANCE_USER \
- --role-id $ADMIN_ROLE
-if [[ -n "$ENABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292/v1" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292/v1" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292/v1"
-fi
+EC2_USER=$(get_id keystone user-create --name=ec2 \
+ --pass=ec2 \
+ --tenant-id $SERVICE_TENANT)
+
+keystone user-role-add --user-id $EC2_USER \
+ --role-id $ADMIN_ROLE \
+ --tenant-id $SERVICE_TENANT
+SWIFT_USER=$(get_id keystone user-create --name=swift \
+ --pass=swiftpass \
+ --tenant-id $SERVICE_TENANT)
+
+keystone user-role-add --user-id $SWIFT_USER \
+ --role-id $ADMIN_ROLE \
+ --tenant-id $SERVICE_TENANT
+
+#
+# Keystone service
+#
KEYSTONE_SERVICE=$(get_id \
keystone service-create --name=keystone \
--type=identity \
--description="Keystone Identity Service")
-if [[ -n "$ENABLE_ENDPOINTS" ]]; then
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0"
fi
+#
+# Nova service
+#
+NOVA_SERVICE=$(get_id \
+keystone service-create --name=nova \
+ --type=compute \
+ --description="Nova Compute Service")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
+ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
+ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"
+fi
+
+#
+# Volume service
+#
VOLUME_SERVICE=$(get_id \
-keystone service-create --name="nova-volume" \
+keystone service-create --name=volume \
--type=volume \
--description="Nova Volume Service")
-if [[ -n "$ENABLE_ENDPOINTS" ]]; then
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
--publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
--adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
--internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
fi
-keystone service-create --name="horizon" \
- --type=dashboard \
- --description="OpenStack Dashboard"
-
-if [[ -n "$ENABLE_SWIFT" ]]; then
- SWIFT_SERVICE=$(get_id \
- keystone service-create --name=swift \
- --type="object-store" \
- --description="Swift Service")
- SWIFT_USER=$(get_id keystone user-create --name=swift \
- --pass="$SERVICE_PASSWORD" \
- --tenant-id $SERVICE_TENANT \
- --email=swift@example.com)
- keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $SWIFT_USER \
- --role-id $ADMIN_ROLE
- if [[ -n "$ENABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
- fi
+#
+# Image service
+#
+GLANCE_SERVICE=$(get_id \
+keystone service-create --name=glance \
+ --type=image \
+ --description="Glance Image Service")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
+ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
+ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
fi
-if [[ -n "$ENABLE_QUANTUM" ]]; then
- QUANTUM_SERVICE=$(get_id \
- keystone service-create --name=quantum \
- --type=network \
- --description="Quantum Service")
- QUANTUM_USER=$(get_id keystone user-create --name=quantum \
- --pass="$SERVICE_PASSWORD" \
- --tenant-id $SERVICE_TENANT \
- --email=quantum@example.com)
- keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $QUANTUM_USER \
- --role-id $ADMIN_ROLE
- if [[ -n "$ENABLE_ENDPOINTS" ]]; then
- keystone endpoint-create --region RegionOne --service-id $QUANTUM_SERVICE \
- --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
- --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
- --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696"
- fi
+#
+# EC2 service
+#
+EC2_SERVICE=$(get_id \
+keystone service-create --name=ec2 \
+ --type=ec2 \
+ --description="EC2 Compatibility Layer")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
+ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
+ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
fi
+#
+# Swift service
+#
+SWIFT_SERVICE=$(get_id \
+keystone service-create --name=swift \
+ --type="object-store" \
+ --description="Swift Service")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
+ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8888/v1/AUTH_\$(tenant_id)s" \
+ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8888/v1" \
+ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8888/v1/AUTH_\$(tenant_id)s"
+fi
# create ec2 creds and parse the secret and access key returned
-RESULT=$(keystone ec2-credentials-create --tenant-id=$ADMIN_TENANT --user-id=$ADMIN_USER)
+RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
-RESULT=$(keystone ec2-credentials-create --tenant-id=$DEMO_TENANT --user-id=$DEMO_USER)
-DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
-DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
-
# write the secret and access to ec2rc
cat > $EC2RC <<EOF
ADMIN_ACCESS=$ADMIN_ACCESS
ADMIN_SECRET=$ADMIN_SECRET
-DEMO_ACCESS=$DEMO_ACCESS
-DEMO_SECRET=$DEMO_SECRET
EOF
generated by cgit (git 2.34.1) at 2024-06-28 08:38:08 +0000