Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/ironic/files/ironic-keystone-setup.sh
author Matt Keenan <matt.keenan@oracle.com>
Fri, 19 Jun 2015 09:35:02 +0100
branchs11-update
changeset 4508 d8924d870370
permissions -rwxr-xr-x
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service) PSARC 2015/070 pecan - Lightweight Python web-framework PSARC 2015/071 PyCA Python Cryptography PSARC 2015/170 OpenStack client for Ironic (Bare Metal Provisioning) PSARC 2015/171 scp - python secure copy PSARC 2015/196 singledispatch - Single-dispatch generic functions for Python PSARC 2015/197 logutils - Set of handlers for standard Python logging library PSARC 2015/198 Support for enumerations in Python 2.6 and 2.7 PSARC 2015/250 paramiko - SSHv2 protocol implementation in Python 20547142 Request to integrate Ironic into userland 17502639 The Python paramiko module should be added to Userland 20172780 The Python module scp should be added to Userland 20180376 The Python module ironicclient should be added to Userland 20182588 The Python module pecan should be added to Userland 20465525 The PyCA cryptography module should be added to Userland 20904396 The Python module singledispatch should be added to Userland 20904413 The Python module logutils should be added to Userland 20917993 The Python enum34 module should be added to Userland

#!/usr/bin/env bash

# Copyright 2013 OpenStack Foundation
#
# Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

# Sample initial data for Keystone ironic setup using python-keystoneclient
#
# Creates ironic user and user-role, then creates ironic keystone service.
# Finally creates keystone-endpoint of required.
#
# If any keystone components already exist, will remove them before attempting
# to create.
#
# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment
# variable. Use this with the Catalog Templated backend.
#
# Tenant               User      Roles
# -------------------------------------------------------
# service              ironic    admin

# By default, passwords used are those in the OpenStack Install and Deploy
# Manual. One can override these (publicly known, and hence, insecure) passwords
# by setting the appropriate environment variables. A common default password
# can be used by the "SERVICE_PASSWORD" environment variable.

PATH=/usr/bin

IRONIC_PASSWORD=${IRONIC_PASSWORD:-${SERVICE_PASSWORD:-ironic}}

CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
CONTROLLER_INTERNAL_ADDRESS=${CONTROLLER_INTERNAL_ADDRESS:-localhost}

IRONIC_PUBLIC_ADDRESS=${IRONIC_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
IRONIC_ADMIN_ADDRESS=${IRONIC_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
IRONIC_INTERNAL_ADDRESS=${IRONIC_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}

export OS_AUTH_URL="http://localhost:5000/v2.0"
export OS_USERNAME="admin"
export OS_PASSWORD="secrete"
export OS_TENANT_NAME="demo"

function get_id () {
    echo `"$@" | grep ' id ' | awk '{print $4}'`
}

function get_role_id () {
    echo `"$@" | grep ' admin ' | awk '{print $2}'`
}

function get_endpoint_id () {
    echo `"$@" | grep $KEYSTONE_SERVICE | awk '{print $2}'`
}

#
# Service tenant
#
SERVICE_TENANT=$(get_id keystone tenant-get service)

#
# Admin Role
#
ADMIN_ROLE=$(get_role_id keystone user-role-list)


#
# Ironic User
#
IRONIC_USER=$(get_id keystone user-get ironic 2> /dev/null)
if ! [[ -z "$IRONIC_USER" ]]; then
  keystone user-role-remove --user=ironic \
                            --role=admin \
                            --tenant=service
  keystone user-delete ironic
fi
IRONIC_USER=$(get_id keystone user-create --name=ironic \
                                          --pass="${IRONIC_PASSWORD}")
keystone user-role-add --user-id $IRONIC_USER \
                       --role-id $ADMIN_ROLE \
                       --tenant-id $SERVICE_TENANT

#
# Ironic service
#
KEYSTONE_SERVICE=$(get_id keystone service-get ironic 2> /dev/null)
if ! [[ -z "$KEYSTONE_SERVICE" ]]; then
  KEYSTONE_ENDPOINT=$(get_endpoint_id keystone endpoint-list)
  keystone endpoint-delete $KEYSTONE_ENDPOINT
  keystone service-delete ironic
fi

KEYSTONE_SERVICE=$(get_id \
keystone service-create --name=ironic \
                        --type=baremetal \
                        --description="Ironic Bare Metal Provisioning Service")
if [[ -z "$DISABLE_ENDPOINTS" ]]; then
    keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
        --publicurl "http://$IRONIC_PUBLIC_ADDRESS:6385" \
        --adminurl "http://$IRONIC_ADMIN_ADDRESS:6385" \
        --internalurl "http://$IRONIC_INTERNAL_ADDRESS:6385"
fi
upstream/oracle/userland-gate