1 #!/usr/bin/env bash |
|
2 |
|
3 # Copyright 2013 OpenStack Foundation |
|
4 # |
|
5 # Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. |
|
6 # |
|
7 # Licensed under the Apache License, Version 2.0 (the "License"); you may |
|
8 # not use this file except in compliance with the License. You may obtain |
|
9 # a copy of the License at |
|
10 # |
|
11 # http://www.apache.org/licenses/LICENSE-2.0 |
|
12 # |
|
13 # Unless required by applicable law or agreed to in writing, software |
|
14 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
|
15 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
|
16 # License for the specific language governing permissions and limitations |
|
17 # under the License. |
|
18 |
|
19 # Sample initial data for Keystone ironic setup using python-keystoneclient |
|
20 # |
|
21 # Creates ironic user and user-role, then creates ironic keystone service. |
|
22 # Finally creates keystone-endpoint of required. |
|
23 # |
|
24 # If any keystone components already exist, will remove them before attempting |
|
25 # to create. |
|
26 # |
|
27 # Disable creation of endpoints by setting DISABLE_ENDPOINTS environment |
|
28 # variable. Use this with the Catalog Templated backend. |
|
29 # |
|
30 # Tenant User Roles |
|
31 # ------------------------------------------------------- |
|
32 # service ironic admin |
|
33 |
|
34 # By default, passwords used are those in the OpenStack Install and Deploy |
|
35 # Manual. One can override these (publicly known, and hence, insecure) passwords |
|
36 # by setting the appropriate environment variables. A common default password |
|
37 # can be used by the "SERVICE_PASSWORD" environment variable. |
|
38 |
|
39 PATH=/usr/bin |
|
40 |
|
41 IRONIC_PASSWORD=${IRONIC_PASSWORD:-${SERVICE_PASSWORD:-ironic}} |
|
42 |
|
43 CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost} |
|
44 CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost} |
|
45 CONTROLLER_INTERNAL_ADDRESS=${CONTROLLER_INTERNAL_ADDRESS:-localhost} |
|
46 |
|
47 IRONIC_PUBLIC_ADDRESS=${IRONIC_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS} |
|
48 IRONIC_ADMIN_ADDRESS=${IRONIC_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS} |
|
49 IRONIC_INTERNAL_ADDRESS=${IRONIC_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS} |
|
50 |
|
51 export OS_AUTH_URL="http://localhost:5000/v2.0" |
|
52 export OS_USERNAME="admin" |
|
53 export OS_PASSWORD="secrete" |
|
54 export OS_TENANT_NAME="demo" |
|
55 |
|
56 function get_id () { |
|
57 echo `"$@" | grep ' id ' | awk '{print $4}'` |
|
58 } |
|
59 |
|
60 function get_role_id () { |
|
61 echo `"$@" | grep ' admin ' | awk '{print $2}'` |
|
62 } |
|
63 |
|
64 function get_endpoint_id () { |
|
65 echo `"$@" | grep $KEYSTONE_SERVICE | awk '{print $2}'` |
|
66 } |
|
67 |
|
68 # |
|
69 # Service tenant |
|
70 # |
|
71 SERVICE_TENANT=$(get_id keystone tenant-get service) |
|
72 |
|
73 # |
|
74 # Admin Role |
|
75 # |
|
76 ADMIN_ROLE=$(get_role_id keystone user-role-list) |
|
77 |
|
78 |
|
79 # |
|
80 # Ironic User |
|
81 # |
|
82 IRONIC_USER=$(get_id keystone user-get ironic 2> /dev/null) |
|
83 if ! [[ -z "$IRONIC_USER" ]]; then |
|
84 keystone user-role-remove --user=ironic \ |
|
85 --role=admin \ |
|
86 --tenant=service |
|
87 keystone user-delete ironic |
|
88 fi |
|
89 IRONIC_USER=$(get_id keystone user-create --name=ironic \ |
|
90 --pass="${IRONIC_PASSWORD}") |
|
91 keystone user-role-add --user-id $IRONIC_USER \ |
|
92 --role-id $ADMIN_ROLE \ |
|
93 --tenant-id $SERVICE_TENANT |
|
94 |
|
95 # |
|
96 # Ironic service |
|
97 # |
|
98 KEYSTONE_SERVICE=$(get_id keystone service-get ironic 2> /dev/null) |
|
99 if ! [[ -z "$KEYSTONE_SERVICE" ]]; then |
|
100 KEYSTONE_ENDPOINT=$(get_endpoint_id keystone endpoint-list) |
|
101 keystone endpoint-delete $KEYSTONE_ENDPOINT |
|
102 keystone service-delete ironic |
|
103 fi |
|
104 |
|
105 KEYSTONE_SERVICE=$(get_id \ |
|
106 keystone service-create --name=ironic \ |
|
107 --type=baremetal \ |
|
108 --description="Ironic Bare Metal Provisioning Service") |
|
109 if [[ -z "$DISABLE_ENDPOINTS" ]]; then |
|
110 keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \ |
|
111 --publicurl "http://$IRONIC_PUBLIC_ADDRESS:6385" \ |
|
112 --adminurl "http://$IRONIC_ADMIN_ADDRESS:6385" \ |
|
113 --internalurl "http://$IRONIC_INTERNAL_ADDRESS:6385" |
|
114 fi |
|