Skip to content

Commit c4849e7

Browse files
Jenkinsopenstack-gerrit
Jenkins
authored and
openstack-gerrit
committed
Merge "Cleanup keystone_data.sh"
2 parents 5c4e974 + b7d1fbb commit c4849e7

File tree

1 file changed

+117
-133
lines changed

1 file changed

+117
-133
lines changed

files/keystone_data.sh

Lines changed: 117 additions & 133 deletions
Original file line numberDiff line numberDiff line change
@@ -1,165 +1,149 @@
11
#!/bin/bash
2-
# Tenants
2+
#
3+
# Initial data for Keystone using python-keystoneclient
4+
#
5+
# A set of EC2-compatible credentials is created for both admin and demo
6+
# users and placed in $DEVSTACK_DIR/ec2rc.
7+
#
8+
# Tenant User Roles
9+
# -------------------------------------------------------
10+
# admin admin admin
11+
# service glance admin
12+
# service nova admin
13+
# service quantum admin # if enabled
14+
# service swift admin # if enabled
15+
# demo admin admin
16+
# demo demo Member,sysadmin,netadmin
17+
# invisible_to_admin demo Member
18+
#
19+
# Variables set before calling this script:
20+
# SERVICE_TOKEN - aka admin_token in keystone.conf
21+
# SERVICE_ENDPOINT - local Keystone admin endpoint
22+
# SERVICE_TENANT_NAME - name of tenant containing service accounts
23+
# ENABLED_SERVICES - stack.sh's list of services to start
24+
# DEVSTACK_DIR - Top-level DevStack directory
25+
26+
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
27+
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
328
export SERVICE_TOKEN=$SERVICE_TOKEN
429
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
30+
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
531

632
function get_id () {
7-
echo `$@ | grep ' id ' | awk '{print $4}'`
33+
echo `$@ | awk '/ id / { print $4 }'`
834
}
935

10-
# Detect if the keystone cli binary has the command names changed
11-
# in https://review.openstack.org/4375
12-
# FIXME(dtroyer): Remove the keystone client command checking
13-
# after a suitable transition period. add-user-role
14-
# and ec2-create-credentials were renamed
15-
if keystone help | grep -q user-role-add; then
16-
KEYSTONE_COMMAND_4375=1
17-
fi
18-
19-
ADMIN_TENANT=`get_id keystone tenant-create --name=admin`
20-
SERVICE_TENANT=`get_id keystone tenant-create --name=$SERVICE_TENANT_NAME`
21-
DEMO_TENANT=`get_id keystone tenant-create --name=demo`
22-
INVIS_TENANT=`get_id keystone tenant-create --name=invisible_to_admin`
36+
# Tenants
37+
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
38+
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
39+
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
40+
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
2341

2442

2543
# Users
26-
ADMIN_USER=`get_id keystone user-create \
27-
--name=admin \
28-
--pass="$ADMIN_PASSWORD" \
29-
--email=admin@example.com`
30-
DEMO_USER=`get_id keystone user-create \
31-
--name=demo \
32-
--pass="$ADMIN_PASSWORD" \
33-
--email=admin@example.com`
44+
ADMIN_USER=$(get_id keystone user-create --name=admin \
45+
--pass="$ADMIN_PASSWORD" \
46+
--email=admin@example.com)
47+
DEMO_USER=$(get_id keystone user-create --name=demo \
48+
--pass="$ADMIN_PASSWORD" \
49+
--email=demo@example.com)
3450

3551
# Roles
36-
ADMIN_ROLE=`get_id keystone role-create --name=admin`
37-
MEMBER_ROLE=`get_id keystone role-create --name=Member`
38-
KEYSTONEADMIN_ROLE=`get_id keystone role-create --name=KeystoneAdmin`
39-
KEYSTONESERVICE_ROLE=`get_id keystone role-create --name=KeystoneServiceAdmin`
40-
SYSADMIN_ROLE=`get_id keystone role-create --name=sysadmin`
41-
NETADMIN_ROLE=`get_id keystone role-create --name=netadmin`
42-
43-
44-
if [[ -n "$KEYSTONE_COMMAND_4375" ]]; then
45-
# Add Roles to Users in Tenants
46-
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
47-
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
48-
keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
49-
keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
50-
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
51-
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
52-
53-
# TODO(termie): these two might be dubious
54-
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
55-
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
56-
else
57-
### compat
58-
# Add Roles to Users in Tenants
59-
keystone add-user-role $ADMIN_USER $ADMIN_ROLE $ADMIN_TENANT
60-
keystone add-user-role $DEMO_USER $MEMBER_ROLE $DEMO_TENANT
61-
keystone add-user-role $DEMO_USER $SYSADMIN_ROLE $DEMO_TENANT
62-
keystone add-user-role $DEMO_USER $NETADMIN_ROLE $DEMO_TENANT
63-
keystone add-user-role $DEMO_USER $MEMBER_ROLE $INVIS_TENANT
64-
keystone add-user-role $ADMIN_USER $ADMIN_ROLE $DEMO_TENANT
65-
66-
# TODO(termie): these two might be dubious
67-
keystone add-user-role $ADMIN_USER $KEYSTONEADMIN_ROLE $ADMIN_TENANT
68-
keystone add-user-role $ADMIN_USER $KEYSTONESERVICE_ROLE $ADMIN_TENANT
69-
###
70-
fi
52+
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
53+
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
54+
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
55+
SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
56+
NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
57+
58+
59+
# Add Roles to Users in Tenants
60+
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
61+
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
62+
keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
63+
keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
64+
65+
# TODO(termie): these two might be dubious
66+
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
67+
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
68+
69+
70+
# The Member role is used by Horizon and Swift so we need to keep it:
71+
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
72+
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
73+
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
74+
7175

7276
# Services
73-
keystone service-create \
74-
--name=nova \
75-
--type=compute \
76-
--description="Nova Compute Service"
77-
NOVA_USER=`get_id keystone user-create \
78-
--name=nova \
79-
--pass="$SERVICE_PASSWORD" \
80-
--tenant_id $SERVICE_TENANT \
81-
--email=nova@example.com`
77+
keystone service-create --name=keystone \
78+
--type=identity \
79+
--description="Keystone Identity Service"
80+
81+
keystone service-create --name=nova \
82+
--type=compute \
83+
--description="Nova Compute Service"
84+
NOVA_USER=$(get_id keystone user-create --name=nova \
85+
--pass="$SERVICE_PASSWORD" \
86+
--tenant_id $SERVICE_TENANT \
87+
--email=nova@example.com)
8288
keystone user-role-add --tenant_id $SERVICE_TENANT \
83-
--user $NOVA_USER \
84-
--role $ADMIN_ROLE
85-
86-
keystone service-create \
87-
--name=ec2 \
88-
--type=ec2 \
89-
--description="EC2 Compatibility Layer"
90-
91-
keystone service-create \
92-
--name=glance \
93-
--type=image \
94-
--description="Glance Image Service"
95-
GLANCE_USER=`get_id keystone user-create \
96-
--name=glance \
97-
--pass="$SERVICE_PASSWORD" \
98-
--tenant_id $SERVICE_TENANT \
99-
--email=glance@example.com`
89+
--user $NOVA_USER \
90+
--role $ADMIN_ROLE
91+
92+
keystone service-create --name=ec2 \
93+
--type=ec2 \
94+
--description="EC2 Compatibility Layer"
95+
96+
keystone service-create --name=glance \
97+
--type=image \
98+
--description="Glance Image Service"
99+
GLANCE_USER=$(get_id keystone user-create --name=glance \
100+
--pass="$SERVICE_PASSWORD" \
101+
--tenant_id $SERVICE_TENANT \
102+
--email=glance@example.com)
100103
keystone user-role-add --tenant_id $SERVICE_TENANT \
101-
--user $GLANCE_USER \
102-
--role $ADMIN_ROLE
103-
104-
keystone service-create \
105-
--name=keystone \
106-
--type=identity \
107-
--description="Keystone Identity Service"
104+
--user $GLANCE_USER \
105+
--role $ADMIN_ROLE
108106

109107
if [[ "$ENABLED_SERVICES" =~ "n-vol" ]]; then
110-
keystone service-create \
111-
--name="nova-volume" \
112-
--type=volume \
113-
--description="Nova Volume Service"
108+
keystone service-create --name="nova-volume" \
109+
--type=volume \
110+
--description="Nova Volume Service"
114111
fi
115112

116113
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
117-
keystone service-create \
118-
--name=swift \
119-
--type="object-store" \
120-
--description="Swift Service"
121-
SWIFT_USER=`get_id keystone user-create \
122-
--name=swift \
123-
--pass="$SERVICE_PASSWORD" \
124-
--tenant_id $SERVICE_TENANT \
125-
--email=swift@example.com`
114+
keystone service-create --name=swift \
115+
--type="object-store" \
116+
--description="Swift Service"
117+
SWIFT_USER=$(get_id keystone user-create --name=swift \
118+
--pass="$SERVICE_PASSWORD" \
119+
--tenant_id $SERVICE_TENANT \
120+
--email=swift@example.com)
126121
keystone user-role-add --tenant_id $SERVICE_TENANT \
127-
--user $SWIFT_USER \
128-
--role $ADMIN_ROLE
122+
--user $SWIFT_USER \
123+
--role $ADMIN_ROLE
129124
fi
125+
130126
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
131-
keystone service-create \
132-
--name=quantum \
133-
--type=network \
134-
--description="Quantum Service"
135-
QUANTUM_USER=`get_id keystone user-create \
136-
--name=quantum \
137-
--pass="$SERVICE_PASSWORD" \
138-
--tenant_id $SERVICE_TENANT \
139-
--email=quantum@example.com`
127+
keystone service-create --name=quantum \
128+
--type=network \
129+
--description="Quantum Service"
130+
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
131+
--pass="$SERVICE_PASSWORD" \
132+
--tenant_id $SERVICE_TENANT \
133+
--email=quantum@example.com)
140134
keystone user-role-add --tenant_id $SERVICE_TENANT \
141-
--user $QUANTUM_USER \
142-
--role $ADMIN_ROLE
135+
--user $QUANTUM_USER \
136+
--role $ADMIN_ROLE
143137
fi
144138

145139
# create ec2 creds and parse the secret and access key returned
146-
if [[ -n "$KEYSTONE_COMMAND_4375" ]]; then
147-
RESULT=`keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER`
148-
else
149-
RESULT=`keystone ec2-create-credentials --tenant_id=$ADMIN_TENANT --user_id=$ADMIN_USER`
150-
fi
151-
echo `$@ | grep id | awk '{print $4}'`
152-
ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
153-
ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
140+
RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER)
141+
ADMIN_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
142+
ADMIN_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
154143

155-
156-
if [[ -n "$KEYSTONE_COMMAND_4375" ]]; then
157-
RESULT=`keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER`
158-
else
159-
RESULT=`keystone ec2-create-credentials --tenant_id=$DEMO_TENANT --user_id=$DEMO_USER`
160-
fi
161-
DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
162-
DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
144+
RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER)
145+
DEMO_ACCESS=$(echo "$RESULT" | awk '/ access / { print $4 }')
146+
DEMO_SECRET=$(echo "$RESULT" | awk '/ secret / { print $4 }')
163147

164148
# write the secret and access to ec2rc
165149
cat > $DEVSTACK_DIR/ec2rc <<EOF

0 commit comments

Comments
 (0)