summaryrefslogtreecommitdiffstats
path: root/tools/sample_data.sh
diff options
context:
space:
mode:
authorDean Troyer <dtroyer@gmail.com>2012-03-01 12:34:08 -0600
committerDean Troyer <dtroyer@gmail.com>2012-03-01 15:33:38 -0600
commitfc63c5ddb56693dbbc8301509c6c61b94d47e86a (patch)
treee8aaf82c0a57407433a4efe4df8167763de6174d /tools/sample_data.sh
parentf8ba5af130b7ec2d2ec8c0abcadbc27275467ab8 (diff)
downloadkeystone-fc63c5ddb56693dbbc8301509c6c61b94d47e86a.tar.gz
keystone-fc63c5ddb56693dbbc8301509c6c61b94d47e86a.tar.xz
keystone-fc63c5ddb56693dbbc8301509c6c61b94d47e86a.zip
Add service accounts to sample_data.sh
Updated sample_data.sh to create the service accounts now required for services (Nova/Swift/etc) to use Keystone. Swift and Quantum are now enabled by setting ENABLE_SWIFT and/or ENABLE_QUANTUM. This corresponds to the auth_token middleware rewrite in https://review.openstack.org/4675 Change-Id: I327c593a53f3ac06e2ed0c1543d2974728e70e03
Diffstat (limited to 'tools/sample_data.sh')
-rwxr-xr-xtools/sample_data.sh68
1 files changed, 59 insertions, 9 deletions
diff --git a/tools/sample_data.sh b/tools/sample_data.sh
index 500da48a..49aacc14 100755
--- a/tools/sample_data.sh
+++ b/tools/sample_data.sh
@@ -1,13 +1,21 @@
#!/usr/bin/env bash
#
-# Sample data for Keystone using python-keystoneclient
+# Sample initial data for Keystone using python-keystoneclient
+#
+# This script is based on the original DevStack keystone_data.sh script.
#
-# This is based on the origina sample configuration created by DevStack.
# It demonstrates how to bootstrap Keystone with an administrative user
# using the SERVICE_TOKEN and SERVICE_ENDPOINT environment variables
-# and the administrative API. It need not be run on the node running
-# Keystone, but will get the admin_token (SERVICE_TOKEN) and admin_port
-# from keystone.conf if available.
+# and the administrative API. It will get the admin_token (SERVICE_TOKEN)
+# and admin_port from keystone.conf if available.
+#
+# There are two environment variables to set passwords that should be set
+# prior to running this script. Warnings will appear if they are unset.
+# * ADMIN_PASSWORD is used to set the password for the admin and demo accounts.
+# * SERVICE_PASSWORD is used to set the password for the service accounts.
+#
+# Enable the Swift and Quantum accounts by setting ENABLE_SWIFT and/or
+# ENABLE_QUANTUM environment variables.
#
# A set of EC2-compatible credentials is created for both admin and demo
# users and placed in etc/ec2rc.
@@ -15,18 +23,27 @@
# Tenant User Roles
# -------------------------------------------------------
# admin admin admin
+# service glance admin
+# service nova admin
+# service quantum admin # if enabled
+# service swift admin # if enabled
# demo admin admin
# demo demo Member,sysadmin,netadmin
# invisible_to_admin demo Member
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
-# Please set this, it is ONLY A SAMPLE PASSWORD!
+# Please set these, they are ONLY SAMPLE PASSWORDS!
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
if [[ "$ADMIN_PASSWORD" == "secrete" ]]; then
echo "The default admin password has been detected. Please consider"
echo "setting an actual password in environment variable ADMIN_PASSWORD"
fi
+SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
+if [[ "$SERVICE_PASSWORD" == "$ADMIN_PASSWORD" ]]; then
+ echo "The default service password has been detected. Please consider"
+ echo "setting an actual password in environment variable SERVICE_PASSWORD"
+fi
# Extract some info from Keystone's configuration file
if [[ -r $TOOLS_DIR/../etc/keystone.conf ]]; then
@@ -50,6 +67,7 @@ function get_id () {
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
+SERVICE_TENANT=$(get_id keystone tenant-create --name=service)
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
@@ -89,6 +107,13 @@ keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_
keystone service-create --name=nova \
--type=compute \
--description="Nova Compute Service"
+NOVA_USER=$(get_id keystone user-create --name=nova \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=nova@example.com)
+keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $NOVA_USER \
+ --role $ADMIN_ROLE
keystone service-create --name=ec2 \
--type=ec2 \
@@ -97,25 +122,50 @@ keystone service-create --name=ec2 \
keystone service-create --name=glance \
--type=image \
--description="Glance Image Service"
+GLANCE_USER=$(get_id keystone user-create --name=glance \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=glance@example.com)
+keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $GLANCE_USER \
+ --role $ADMIN_ROLE
keystone service-create --name=keystone \
--type=identity \
--description="Keystone Identity Service"
-keystone service-create --name=swift \
+keystone service-create --name=volume \
--type="nova-volume" \
--description="Nova Volume Service"
-if [[ -d "$TOOLS_DIR/../../swift" ]]; then
+keystone service-create --name="horizon" \
+ --type=dashboard \
+ --description="OpenStack Dashboard"
+
+if [[ -n "$ENABLE_SWIFT" ]]; then
keystone service-create --name=swift \
--type="object-store" \
--description="Swift Service"
+ SWIFT_USER=$(get_id keystone user-create --name=swift \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=swift@example.com)
+ keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $SWIFT_USER \
+ --role $ADMIN_ROLE
fi
-if [[ -d "$TOOLD_DIR/../../quantum" ]]; then
+if [[ -n "$ENABLE_QUANTUM" ]]; then
keystone service-create --name=quantum \
--type=network \
--description="Quantum Service"
+ QUANTUM_USER=$(get_id keystone user-create --name=quantum \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=quantum@example.com)
+ keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $QUANTUM_USER \
+ --role $ADMIN_ROLE
fi