1 In-house patch to the sample_data.sh script installed in

     2 /usr/demo/openstack/keystone in order to support all of the standard

     3 services and to allow customization of the individual service

     4 endpoints.  Solaris-specific patch and is not suitable for upstream

     5 

     6 It also includes a change to use the standard Solaris tr(1) rather than

     7 GNU sed.

     8 

     9 --- keystone-2013.1.4/tools/sample_data.sh.~1~	2013-10-17 11:23:46.000000000 -0700

    10 +++ keystone-2013.1.4/tools/sample_data.sh	2014-03-07 23:39:03.065369827 -0800

    11 @@ -23,8 +23,8 @@

    12  # and the administrative API.  It will get the admin_token (SERVICE_TOKEN)

    13  # and admin_port from keystone.conf if available.

    14  #

    15 -# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.

    16 -# Use this with the Catalog Templated backend.

    17 +# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment

    18 +# variable.  Use this with the Catalog Templated backend.

    19  #

    20  # A EC2-compatible credential is created for the admin user and

    21  # placed in etc/ec2rc.

    22 @@ -36,22 +36,48 @@

    23  # service              nova      admin

    24  # service              ec2       admin

    25  # service              swift     admin

    26 +# service              cinder    admin

    27 +# service              neutron   admin

    28  

    29 -# By default, passwords used are those in the OpenStack Install and Deploy Manual.

    30 -# One can override these (publicly known, and hence, insecure) passwords by setting the appropriate

    31 -# environment variables. A common default password for all the services can be used by

    32 -# setting the "SERVICE_PASSWORD" environment variable.

    33 +# By default, passwords used are those in the OpenStack Install and Deploy

    34 +# Manual.  One can override these (publicly known, and hence, insecure)

    35 +# passwords by setting the appropriate environment variables. A common default

    36 +# password for all the services can be used by setting the "SERVICE_PASSWORD"

    37 +# environment variable.

    38 +

    39 +PATH=/usr/bin

    40  

    41  ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}

    42  NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}}

    43  GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}}

    44  EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}

    45  SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}

    46 +CINDER_PASSWORD=${CINDER_PASSWORD:-${SERVICE_PASSWORD:-cinder}}

    47 +NEUTRON_PASSWORD=${NEUTRON_PASSWORD:-${SERVICE_PASSWORD:-neutron}}

    48  

    49  CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}

    50  CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}

    51  CONTROLLER_INTERNAL_ADDRESS=${CONTROLLER_INTERNAL_ADDRESS:-localhost}

    52  

    53 +NOVA_PUBLIC_ADDRESS=${NOVA_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    54 +NOVA_ADMIN_ADDRESS=${NOVA_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    55 +NOVA_INTERNAL_ADDRESS=${NOVA_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    56 +GLANCE_PUBLIC_ADDRESS=${GLANCE_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    57 +GLANCE_ADMIN_ADDRESS=${GLANCE_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    58 +GLANCE_INTERNAL_ADDRESS=${GLANCE_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    59 +EC2_PUBLIC_ADDRESS=${EC2_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    60 +EC2_ADMIN_ADDRESS=${EC2_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    61 +EC2_INTERNAL_ADDRESS=${EC2_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    62 +SWIFT_PUBLIC_ADDRESS=${SWIFT_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    63 +SWIFT_ADMIN_ADDRESS=${SWIFT_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    64 +SWIFT_INTERNAL_ADDRESS=${SWIFT_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    65 +CINDER_PUBLIC_ADDRESS=${CINDER_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    66 +CINDER_ADMIN_ADDRESS=${CINDER_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    67 +CINDER_INTERNAL_ADDRESS=${CINDER_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    68 +NEUTRON_PUBLIC_ADDRESS=${NEUTRON_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}

    69 +NEUTRON_ADMIN_ADDRESS=${NEUTRON_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}

    70 +NEUTRON_INTERNAL_ADDRESS=${NEUTRON_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

    71 +

    72  TOOLS_DIR=$(cd $(dirname "$0") && pwd)

    73  KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}

    74  if [[ -r "$KEYSTONE_CONF" ]]; then

    75 @@ -67,8 +93,8 @@

    76  

    77  # Extract some info from Keystone's configuration file

    78  if [[ -r "$KEYSTONE_CONF" ]]; then

    79 -    CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)

    80 -    CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)

    81 +    CONFIG_SERVICE_TOKEN=$(tr -d '[\t ]' < $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)

    82 +    CONFIG_ADMIN_PORT=$(tr -d '[\t ]' < $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)

    83  fi

    84  

    85  export SERVICE_TOKEN=${SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}

    86 @@ -136,6 +162,22 @@

    87                         --role-id $ADMIN_ROLE \

    88                         --tenant-id $SERVICE_TENANT

    89  

    90 +CINDER_USER=$(get_id keystone user-create --name=cinder \

    91 +                                          --pass="${CINDER_PASSWORD}" \

    92 +                                          --tenant-id $SERVICE_TENANT)

    93 +

    94 +keystone user-role-add --user-id $CINDER_USER \

    95 +                       --role-id $ADMIN_ROLE \

    96 +                       --tenant-id $SERVICE_TENANT

    97 +

    98 +NEUTRON_USER=$(get_id keystone user-create --name=neutron \

    99 +                                           --pass="${NEUTRON_PASSWORD}" \

   100 +                                           --tenant-id $SERVICE_TENANT)

   101 +

   102 +keystone user-role-add --user-id $NEUTRON_USER \

   103 +                       --role-id $ADMIN_ROLE \

   104 +                       --tenant-id $SERVICE_TENANT

   105 +

   106  #

   107  # Keystone service

   108  #

   109 @@ -159,23 +201,23 @@

   110                          --description="Nova Compute Service")

   111  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   112      keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \

   113 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \

   114 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \

   115 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"

   116 +        --publicurl "http://$NOVA_PUBLIC_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \

   117 +        --adminurl "http://$NOVA_ADMIN_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s" \

   118 +        --internalurl "http://$NOVA_INTERNAL_ADDRESS:\$(compute_port)s/v1.1/\$(tenant_id)s"

   119  fi

   120  

   121  #

   122  # Volume service

   123  #

   124  VOLUME_SERVICE=$(get_id \

   125 -keystone service-create --name=volume \

   126 +keystone service-create --name=cinder \

   127                          --type=volume \

   128 -                        --description="Nova Volume Service")

   129 +                        --description="Cinder Volume Service")

   130  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   131      keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \

   132 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \

   133 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \

   134 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"

   135 +        --publicurl "http://$CINDER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \

   136 +        --adminurl "http://$CINDER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \

   137 +        --internalurl "http://$CINDER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"

   138  fi

   139  

   140  #

   141 @@ -187,9 +229,9 @@

   142                          --description="Glance Image Service")

   143  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   144      keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \

   145 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \

   146 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \

   147 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"

   148 +        --publicurl "http://$GLANCE_PUBLIC_ADDRESS:9292" \

   149 +        --adminurl "http://$GLANCE_ADMIN_ADDRESS:9292" \

   150 +        --internalurl "http://$GLANCE_INTERNAL_ADDRESS:9292"

   151  fi

   152  

   153  #

   154 @@ -201,9 +243,9 @@

   155                          --description="EC2 Compatibility Layer")

   156  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   157      keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \

   158 -        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \

   159 -        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \

   160 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"

   161 +        --publicurl "http://$EC2_PUBLIC_ADDRESS:8773/services/Cloud" \

   162 +        --adminurl "http://$EC2_ADMIN_ADDRESS:8773/services/Admin" \

   163 +        --internalurl "http://$EC2_INTERNAL_ADDRESS:8773/services/Cloud"

   164  fi

   165  

   166  #

   167 @@ -212,15 +254,30 @@

   168  SWIFT_SERVICE=$(get_id \

   169  keystone service-create --name=swift \

   170                          --type="object-store" \

   171 -                        --description="Swift Service")

   172 +                        --description="Swift Object Store Service")

   173  if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   174      keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \

   175 -        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:8888/v1/AUTH_\$(tenant_id)s" \

   176 -        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:8888/v1" \

   177 -        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8888/v1/AUTH_\$(tenant_id)s"

   178 +        --publicurl   "http://$SWIFT_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \

   179 +        --adminurl    "http://$SWIFT_ADMIN_ADDRESS:8080/v1" \

   180 +        --internalurl "http://$SWIFT_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"

   181 +fi

   182 +

   183 +#

   184 +# Neutron service

   185 +#

   186 +NEUTRON_SERVICE=$(get_id \

   187 +keystone service-create --name=neutron \

   188 +                        --type=network \

   189 +                        --description="Neutron Network Service")

   190 +if [[ -z "$DISABLE_ENDPOINTS" ]]; then

   191 +    keystone endpoint-create --region RegionOne --service-id $NEUTRON_SERVICE \

   192 +        --publicurl "http://$NEUTRON_PUBLIC_ADDRESS:9696/" \

   193 +        --adminurl "http://$NEUTRON_ADMIN_ADDRESS:9696/" \

   194 +        --internalurl "http://$NEUTRON_INTERNAL_ADDRESS:9696/"

   195  fi

   196  

   197  # create ec2 creds and parse the secret and access key returned

   198 +unset SERVICE_ENDPOINT SERVICE_TOKEN

   199  RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)

   200  ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`

   201  ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`