From d6f7cbc484868bdec3eeb9d4b0f45b10ce536e79 Mon Sep 17 00:00:00 2001 From: David Höppner <0xffea@gmail.com> Date: Mon, 18 Feb 2013 19:07:36 +0100 Subject: Update sample_data.sh to match docs Confirm more with the "OpenStack Install and Deploy Manual." Change-Id: I46ab7e8e5ccdf389cbc60fee84c063f289155781 Fixes: bug #1073291 --- tools/sample_data.sh | 264 +++++++++++++++++++++------------------------------ 1 file changed, 108 insertions(+), 156 deletions(-) (limited to 'tools/sample_data.sh') diff --git a/tools/sample_data.sh b/tools/sample_data.sh index 7262c8da..08a1dba5 100755 --- a/tools/sample_data.sh +++ b/tools/sample_data.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright 2012 OpenStack LLC +# Copyright 2013 OpenStack LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain @@ -23,31 +23,19 @@ # and the administrative API. It will get the admin_token (SERVICE_TOKEN) # and admin_port from keystone.conf if available. # -# There are two environment variables to set passwords that should be set -# prior to running this script. Warnings will appear if they are unset. -# * ADMIN_PASSWORD is used to set the password for the admin and demo accounts. -# * SERVICE_PASSWORD is used to set the password for the service accounts. +# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable. +# Use this with the Catalog Templated backend. # -# Enable the Swift and Quantum accounts by setting ENABLE_SWIFT and/or -# ENABLE_QUANTUM environment variables. -# -# Enable creation of endpoints by setting ENABLE_ENDPOINTS environment variable. -# Works with Catalog SQL backend. Do not use with Catalog Templated backend -# (default). -# -# A set of EC2-compatible credentials is created for both admin and demo -# users and placed in etc/ec2rc. +# A EC2-compatible credential is created for the admin user and +# placed in etc/ec2rc. # # Tenant User Roles # ------------------------------------------------------- -# admin admin admin +# demo admin admin # service glance admin # service nova admin -# service quantum admin # if enabled -# service swift admin # if enabled -# demo admin admin -# demo demo Member,sysadmin,netadmin -# invisible_to_admin demo Member +# service ec2 admin +# service swift admin CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost} CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost} @@ -66,18 +54,6 @@ else EC2RC="ec2rc" fi -# Please set these, they are ONLY SAMPLE PASSWORDS! -ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete} -if [[ "$ADMIN_PASSWORD" == "secrete" ]]; then - echo "The default admin password has been detected. Please consider" - echo "setting an actual password in environment variable ADMIN_PASSWORD" -fi -SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD} -if [[ "$SERVICE_PASSWORD" == "$ADMIN_PASSWORD" ]]; then - echo "The default service password has been detected. Please consider" - echo "setting an actual password in environment variable SERVICE_PASSWORD" -fi - # Extract some info from Keystone's configuration file if [[ -r "$KEYSTONE_CONF" ]]; then CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2) @@ -97,173 +73,149 @@ function get_id () { echo `"$@" | grep ' id ' | awk '{print $4}'` } +# +# Default tenant +# +DEMO_TENANT=$(get_id keystone tenant-create --name=demo \ + --description "Default Tenant") -# Tenants -ADMIN_TENANT=$(get_id keystone tenant-create --name=admin) -SERVICE_TENANT=$(get_id keystone tenant-create --name=service) -DEMO_TENANT=$(get_id keystone tenant-create --name=demo) -INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin) - - -# Users ADMIN_USER=$(get_id keystone user-create --name=admin \ - --pass="$ADMIN_PASSWORD" \ - --email=admin@example.com) -DEMO_USER=$(get_id keystone user-create --name=demo \ - --pass="$ADMIN_PASSWORD" \ - --email=admin@example.com) + --pass=secrete) - -# Roles ADMIN_ROLE=$(get_id keystone role-create --name=admin) -MEMBER_ROLE=$(get_id keystone role-create --name=Member) -KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) -KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin) -SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin) -NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin) +keystone user-role-add --user-id $ADMIN_USER \ + --role-id $ADMIN_ROLE \ + --tenant-id $DEMO_TENANT -# Add Roles to Users in Tenants -keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT -keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $DEMO_TENANT -keystone user-role-add --user-id $DEMO_USER --role-id $SYSADMIN_ROLE --tenant-id $DEMO_TENANT -keystone user-role-add --user-id $DEMO_USER --role-id $NETADMIN_ROLE --tenant-id $DEMO_TENANT -keystone user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $INVIS_TENANT -keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $DEMO_TENANT +# +# Service tenant +# +SERVICE_TENANT=$(get_id keystone tenant-create --name=service \ + --description "Service Tenant") -# TODO(termie): these two might be dubious -keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT -keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT +GLANCE_USER=$(get_id keystone user-create --name=glance \ + --pass=glance) +keystone user-role-add --user-id $GLANCE_USER \ + --role-id $ADMIN_ROLE \ + --tenant-id $SERVICE_TENANT -# Services -NOVA_SERVICE=$(get_id \ -keystone service-create --name=nova \ - --type=compute \ - --description="Nova Compute Service") NOVA_USER=$(get_id keystone user-create --name=nova \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=nova@example.com) -keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $NOVA_USER \ - --role-id $ADMIN_ROLE -if [[ -n "$ENABLE_ENDPOINTS" ]]; then - keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \ - --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \ - --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \ - --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" -fi + --pass=nova \ + --tenant-id $SERVICE_TENANT) -EC2_SERVICE=$(get_id \ -keystone service-create --name=ec2 \ - --type=ec2 \ - --description="EC2 Compatibility Layer") -if [[ -n "$ENABLE_ENDPOINTS" ]]; then - keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \ - --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \ - --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \ - --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud" -fi +keystone user-role-add --user-id $NOVA_USER \ + --role-id $ADMIN_ROLE \ + --tenant-id $SERVICE_TENANT -GLANCE_SERVICE=$(get_id \ -keystone service-create --name=glance \ - --type=image \ - --description="Glance Image Service") -GLANCE_USER=$(get_id keystone user-create --name=glance \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=glance@example.com) -keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $GLANCE_USER \ - --role-id $ADMIN_ROLE -if [[ -n "$ENABLE_ENDPOINTS" ]]; then - keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \ - --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292/v1" \ - --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292/v1" \ - --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292/v1" -fi +EC2_USER=$(get_id keystone user-create --name=ec2 \ + --pass=ec2 \ + --tenant-id $SERVICE_TENANT) + +keystone user-role-add --user-id $EC2_USER \ + --role-id $ADMIN_ROLE \ + --tenant-id $SERVICE_TENANT +SWIFT_USER=$(get_id keystone user-create --name=swift \ + --pass=swiftpass \ + --tenant-id $SERVICE_TENANT) + +keystone user-role-add --user-id $SWIFT_USER \ + --role-id $ADMIN_ROLE \ + --tenant-id $SERVICE_TENANT + +# +# Keystone service +# KEYSTONE_SERVICE=$(get_id \ keystone service-create --name=keystone \ --type=identity \ --description="Keystone Identity Service") -if [[ -n "$ENABLE_ENDPOINTS" ]]; then +if [[ -z "$DISABLE_ENDPOINTS" ]]; then keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0" fi +# +# Nova service +# +NOVA_SERVICE=$(get_id \ +keystone service-create --name=nova \ + --type=compute \ + --description="Nova Compute Service") +if [[ -z "$DISABLE_ENDPOINTS" ]]; then + keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \ + --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \ + --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \ + --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" +fi + +# +# Volume service +# VOLUME_SERVICE=$(get_id \ -keystone service-create --name="nova-volume" \ +keystone service-create --name=volume \ --type=volume \ --description="Nova Volume Service") -if [[ -n "$ENABLE_ENDPOINTS" ]]; then +if [[ -z "$DISABLE_ENDPOINTS" ]]; then keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \ --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \ --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \ --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" fi -keystone service-create --name="horizon" \ - --type=dashboard \ - --description="OpenStack Dashboard" - -if [[ -n "$ENABLE_SWIFT" ]]; then - SWIFT_SERVICE=$(get_id \ - keystone service-create --name=swift \ - --type="object-store" \ - --description="Swift Service") - SWIFT_USER=$(get_id keystone user-create --name=swift \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=swift@example.com) - keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $SWIFT_USER \ - --role-id $ADMIN_ROLE - if [[ -n "$ENABLE_ENDPOINTS" ]]; then - keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \ - --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \ - --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \ - --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" - fi +# +# Image service +# +GLANCE_SERVICE=$(get_id \ +keystone service-create --name=glance \ + --type=image \ + --description="Glance Image Service") +if [[ -z "$DISABLE_ENDPOINTS" ]]; then + keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \ + --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \ + --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \ + --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292" fi -if [[ -n "$ENABLE_QUANTUM" ]]; then - QUANTUM_SERVICE=$(get_id \ - keystone service-create --name=quantum \ - --type=network \ - --description="Quantum Service") - QUANTUM_USER=$(get_id keystone user-create --name=quantum \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=quantum@example.com) - keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $QUANTUM_USER \ - --role-id $ADMIN_ROLE - if [[ -n "$ENABLE_ENDPOINTS" ]]; then - keystone endpoint-create --region RegionOne --service-id $QUANTUM_SERVICE \ - --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \ - --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9696" \ - --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696" - fi +# +# EC2 service +# +EC2_SERVICE=$(get_id \ +keystone service-create --name=ec2 \ + --type=ec2 \ + --description="EC2 Compatibility Layer") +if [[ -z "$DISABLE_ENDPOINTS" ]]; then + keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \ + --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \ + --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \ + --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud" fi +# +# Swift service +# +SWIFT_SERVICE=$(get_id \ +keystone service-create --name=swift \ + --type="object-store" \ + --description="Swift Service") +if [[ -z "$DISABLE_ENDPOINTS" ]]; then + keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \ + --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8888/v1/AUTH_\$(tenant_id)s" \ + --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8888/v1" \ + --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8888/v1/AUTH_\$(tenant_id)s" +fi # create ec2 creds and parse the secret and access key returned -RESULT=$(keystone ec2-credentials-create --tenant-id=$ADMIN_TENANT --user-id=$ADMIN_USER) +RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER) ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'` ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'` -RESULT=$(keystone ec2-credentials-create --tenant-id=$DEMO_TENANT --user-id=$DEMO_USER) -DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'` -DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'` - # write the secret and access to ec2rc cat > $EC2RC <