1 In-house patch to the sample_data.sh script installed in

     2 /usr/demo/openstack/keystone in order to support all of the standard

     3 services and to allow customization of the individual service

     4 endpoints.  Solaris-specific patch and is not suitable for upstream

     5 

     6 It also includes a change to use the standard Solaris tr(1) rather than

     7 GNU sed.

     8 

     9 --- keystone-2013.2.3/tools/sample_data.sh.orig	2014-05-27 09:17:02.379736817 -0700

    10 +++ keystone-2013.2.3/tools/sample_data.sh	2014-05-27 11:09:25.741756254 -0700

    11 @@ -2,6 +2,8 @@

    12  

    13  # Copyright 2013 OpenStack Foundation

    14  #

    15 +# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.

    16 +#

    17  # Licensed under the Apache License, Version 2.0 (the "License"); you may

    18  # not use this file except in compliance with the License. You may obtain

    19  # a copy of the License at

    20 @@ -23,8 +25,8 @@

    21  # and the administrative API.  It will get the admin_token (SERVICE_TOKEN)

    22  # and admin_port from keystone.conf if available.

    23  #

    24 -# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.

    25 -# Use this with the Catalog Templated backend.

    26 +# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment

    27 +# variable.  Use this with the Catalog Templated backend.

    28  #

    29  # A EC2-compatible credential is created for the admin user and

    30  # placed in etc/ec2rc.

    31 @@ -36,22 +38,48 @@

    32  # service              nova      admin

    33  # service              ec2       admin

    34  # service              swift     admin

    35 +# service              cinder    admin

    36 +# service              neutron   admin

    37 +

    38 +# By default, passwords used are those in the OpenStack Install and Deploy

    39 +# Manual.  One can override these (publicly known, and hence, insecure)

    40 +# passwords by setting the appropriate environment variables. A common default

    41 +# password for all the services can be used by setting the "SERVICE_PASSWORD"

    42 +# environment variable.

    43  

    44 -# By default, passwords used are those in the OpenStack Install and Deploy Manual.

    45 -# One can override these (publicly known, and hence, insecure) passwords by setting the appropriate

    46 -# environment variables. A common default password for all the services can be used by

    47 -# setting the "SERVICE_PASSWORD" environment variable.

    48 +PATH=/usr/bin

    49  

    50  ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}

    51  NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}}

    52  GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}}

    53  EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}

    54  SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}

    55 +CINDER_PASSWORD=${CINDER_PASSWORD:-${SERVICE_PASSWORD:-cinder}}

    56 +NEUTRON_PASSWORD=${NEUTRON_PASSWORD:-${SERVICE_PASSWORD:-neutron}}

    57  

    58  CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}

    59  CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}

    60  CONTROLLER_INTERNAL_ADDRESS=${CONTROLLER_INTERNAL_ADDRESS:-localhost}

    61  

    62 +NOVA_PUBLIC_ADDRESS=${NOVA_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    63 +NOVA_ADMIN_ADDRESS=${NOVA_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    64 +NOVA_INTERNAL_ADDRESS=${NOVA_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    65 +GLANCE_PUBLIC_ADDRESS=${GLANCE_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    66 +GLANCE_ADMIN_ADDRESS=${GLANCE_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    67 +GLANCE_INTERNAL_ADDRESS=${GLANCE_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    68 +EC2_PUBLIC_ADDRESS=${EC2_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    69 +EC2_ADMIN_ADDRESS=${EC2_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    70 +EC2_INTERNAL_ADDRESS=${EC2_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    71 +SWIFT_PUBLIC_ADDRESS=${SWIFT_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    72 +SWIFT_ADMIN_ADDRESS=${SWIFT_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    73 +SWIFT_INTERNAL_ADDRESS=${SWIFT_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    74 +CINDER_PUBLIC_ADDRESS=${CINDER_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    75 +CINDER_ADMIN_ADDRESS=${CINDER_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    76 +CINDER_INTERNAL_ADDRESS=${CINDER_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    77 +NEUTRON_PUBLIC_ADDRESS=${NEUTRON_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    78 +NEUTRON_ADMIN_ADDRESS=${NEUTRON_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    79 +NEUTRON_INTERNAL_ADDRESS=${NEUTRON_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    80 +

    81  TOOLS_DIR=$(cd $(dirname "$0") && pwd)

    82  KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}

    83  if [[ -r "$KEYSTONE_CONF" ]]; then

    84 @@ -67,8 +95,8 @@

    85  

    86  # Extract some info from Keystone's configuration file

    87  if [[ -r "$KEYSTONE_CONF" ]]; then

    88 -    CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)

    89 -    CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)

    90 +    CONFIG_SERVICE_TOKEN=$(tr -d '[\t ]' < $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)

    91 +    CONFIG_ADMIN_PORT=$(tr -d '[\t ]' < $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)

    92  fi

    93  

    94  export SERVICE_TOKEN=${SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}

    95 @@ -136,6 +164,22 @@

    96                         --role-id $ADMIN_ROLE \

    97                         --tenant-id $SERVICE_TENANT

    98  

    99 +CINDER_USER=$(get_id keystone user-create --name=cinder \

   100 +                                          --pass="${CINDER_PASSWORD}" \

   101 +                                          --tenant-id $SERVICE_TENANT)

   102 +

   103 +keystone user-role-add --user-id $CINDER_USER \

   104 +                       --role-id $ADMIN_ROLE \

   105 +                       --tenant-id $SERVICE_TENANT

   106 +

   107 +NEUTRON_USER=$(get_id keystone user-create --name=neutron \

   108 +                                           --pass="${NEUTRON_PASSWORD}" \

   109 +                                           --tenant-id $SERVICE_TENANT)

   110 +

   111 +keystone user-role-add --user-id $NEUTRON_USER \

   112 +                       --role-id $ADMIN_ROLE \

   113 +                       --tenant-id $SERVICE_TENANT

   114 +

   115  #

   116  # Keystone service

   117  #

   118 @@ -159,23 +203,23 @@

   119                          --description="Nova Compute Service")

   120  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   121      keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \

   122 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \

   123 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \

   124 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"

   125 +        --publicurl "http://$NOVA_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \

   126 +        --adminurl "http://$NOVA_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \

   127 +        --internalurl "http://$NOVA_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"

   128  fi

   129  

   130  #

   131  # Volume service

   132  #

   133  VOLUME_SERVICE=$(get_id \

   134 -keystone service-create --name=volume \

   135 +keystone service-create --name=cinder \

   136                          --type=volume \

   137 -                        --description="Nova Volume Service")

   138 +                        --description="Cinder Volume Service")

   139  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   140      keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \

   141 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \

   142 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \

   143 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"

   144 +        --publicurl "http://$CINDER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \

   145 +        --adminurl "http://$CINDER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \

   146 +        --internalurl "http://$CINDER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"

   147  fi

   148  

   149  #

   150 @@ -187,9 +231,9 @@

   151                          --description="Glance Image Service")

   152  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   153      keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \

   154 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \

   155 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \

   156 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"

   157 +        --publicurl "http://$GLANCE_PUBLIC_ADDRESS:9292" \

   158 +        --adminurl "http://$GLANCE_ADMIN_ADDRESS:9292" \

   159 +        --internalurl "http://$GLANCE_INTERNAL_ADDRESS:9292"

   160  fi

   161  

   162  #

   163 @@ -201,9 +245,9 @@

   164                          --description="EC2 Compatibility Layer")

   165  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   166      keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \

   167 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \

   168 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \

   169 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"

   170 +        --publicurl "http://$EC2_PUBLIC_ADDRESS:8773/services/Cloud" \

   171 +        --adminurl "http://$EC2_ADMIN_ADDRESS:8773/services/Admin" \

   172 +        --internalurl "http://$EC2_INTERNAL_ADDRESS:8773/services/Cloud"

   173  fi

   174  

   175  #

   176 @@ -212,15 +256,34 @@

   177  SWIFT_SERVICE=$(get_id \

   178  keystone service-create --name=swift \

   179                          --type="object-store" \

   180 -                        --description="Swift Service")

   181 +                        --description="Swift Object Store Service")

   182  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   183      keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \

   184 -        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \

   185 -        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \

   186 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"

   187 +        --publicurl "http://$SWIFT_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \

   188 +        --adminurl "http://$SWIFT_ADMIN_ADDRESS:8080/v1" \

   189 +        --internalurl "http://$SWIFT_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"

   190 +fi

   191 +

   192 +#

   193 +# Neutron service

   194 +#

   195 +NEUTRON_SERVICE=$(get_id \

   196 +keystone service-create --name=neutron \

   197 +                        --type=network \

   198 +                        --description="Neutron Network Service")

   199 +if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   200 +    keystone endpoint-create --region RegionOne --service-id $NEUTRON_SERVICE \

   201 +        --publicurl "http://$NEUTRON_PUBLIC_ADDRESS:9696/" \

   202 +        --adminurl "http://$NEUTRON_ADMIN_ADDRESS:9696/" \

   203 +        --internalurl "http://$NEUTRON_INTERNAL_ADDRESS:9696/"

   204  fi

   205  

   206  # create ec2 creds and parse the secret and access key returned

   207 +unset SERVICE_ENDPOINT SERVICE_TOKEN

   208 +export OS_AUTH_URL=http://localhost:5000/v2.0

   209 +export OS_PASSWORD="${ADMIN_PASSWORD}"

   210 +export OS_TENANT_NAME=demo

   211 +export OS_USERNAME=admin

   212  RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)

   213  ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`

   214  ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`