Refactors keystone setup section in osbash

This patch changes the sequence of some operations in the setup_keystone script and adds links to the section in install-guides. Change-Id: I0d7008ec8ee3e0419c485d4bfa4441d3be1d8e3b
2014-11-29 15:52:17 +05:30 · 2014-11-29 15:52:17 +05:30 · 95afa01391
commit 95afa01391
parent 0fe8770b11
1 changed files with 55 additions and 28 deletions
--- a/labs/scripts/setup_keystone.sh
+++ b/labs/scripts/setup_keystone.sh
@ -11,17 +11,12 @@ indicate_current_auto

 #------------------------------------------------------------------------------
 # Set up keystone for controller node
+# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-install.html
 #------------------------------------------------------------------------------

 echo "Installing keystone."
 sudo apt-get install -y keystone

-echo "Removing default SQLite database."
-sudo rm -f /var/lib/keystone/keystone.db
-
-echo "Setting up database for keystone."
-setup_database keystone
-
 function get_database_url {
    local db_user=$(service_to_db_user keystone)
    local db_password=$(service_to_db_password keystone)
@ -32,33 +27,50 @@ function get_database_url {

 database_url=$(get_database_url)

-echo "Configuring /etc/keystone/keystone.conf."
+echo "Configuring [database] section in /etc/keystone/keystone.conf."

 echo "Setting database connection: $database_url."
 iniset_sudo /etc/keystone/keystone.conf database connection "$database_url"

+echo "Removing default SQLite database."
+sudo rm -f /var/lib/keystone/keystone.db
+
+echo "Setting up database for keystone."
+setup_database keystone
+
+echo "Creating the database tables for keystone."
+sudo keystone-manage db_sync
+
+# NOTE: Commenting out command for openssl to
+# generate random token as we are passing default value in
+# $ADMIN_TOKEN. Should be changed in future to follow
+# install-guides structure.
+# openssl rand -hex 10
+
+echo "Configuring [DEFAULT] section in /etc/keystone/keystone.conf."
+
 echo "Setting admin_token to bootstrap authentication."
 iniset_sudo /etc/keystone/keystone.conf DEFAULT admin_token "$ADMIN_TOKEN"

 echo "Setting log directory to /var/log/keystone."
 iniset_sudo /etc/keystone/keystone.conf DEFAULT log_dir "/var/log/keystone"

+echo "Restarting keystone."
 sudo service keystone restart

-echo "Creating the database tables for keystone."
-sudo keystone-manage db_sync
-
 #------------------------------------------------------------------------------
-# Configure keystone users, roles, and endpoints so it can be used for
-# authentication.
+# Configure keystone users, tenants and roles
+# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-users.html
 #------------------------------------------------------------------------------

 echo "Using OS_SERVICE_TOKEN, OS_SERVICE_ENDPOINT for authentication."
 export OS_SERVICE_TOKEN=$ADMIN_TOKEN
 export OS_SERVICE_ENDPOINT="http://controller-mgmt:35357/v2.0"

-echo "Adding admin tenant."
-keystone tenant-create --name "$ADMIN_TENANT_NAME" --description "Admin Tenant"
+# Wait for keystone to come up
+until keystone user-list >/dev/null 2>&1; do
+    sleep 1
+done

 echo "Creating admin user."
 keystone user-create --name "$ADMIN_USER_NAME" --pass "$ADMIN_PASSWORD" --email "admin@$MAIL_DOMAIN"
@ -66,25 +78,20 @@ keystone user-create --name "$ADMIN_USER_NAME" --pass "$ADMIN_PASSWORD" --email
 echo "Creating admin roles."
 keystone role-create --name "$ADMIN_ROLE_NAME"

-echo "Adding admin roles to admin user."
+echo "Adding admin tenant."
+keystone tenant-create --name "$ADMIN_TENANT_NAME" --description "Admin Tenant"
+
+echo "Linking admin user, admin role and admin tenant."
 keystone user-role-add \
    --tenant "$ADMIN_TENANT_NAME" \
    --user "$ADMIN_USER_NAME" \
    --role "$ADMIN_ROLE_NAME"

-echo "Creating keystone service."
-keystone service-create \
-    --name keystone \
-    --type identity \
-    --description 'OpenStack Identity'
-
-echo "Creating endpoints for keystone."
-keystone_service_id=$(keystone service-list | awk '/ keystone / {print $2}')
-keystone endpoint-create \
-    --service-id "$keystone_service_id" \
-    --publicurl "http://controller-api:5000/v2.0" \
-    --adminurl "http://controller-mgmt:35357/v2.0" \
-    --internalurl "http://controller-mgmt:5000/v2.0"
+echo "Linking admin user, _member_ role, and admin tenant."
+keystone user-role-add \
+    --tenant "$ADMIN_TENANT_NAME" \
+    --user "$ADMIN_USER_NAME" \
+    --role "$MEMBER_ROLE_NAME"

 echo "Creating demo user."
 keystone user-create --name "$DEMO_USER_NAME" --pass "$DEMO_PASSWORD" --email "demo@$MAIL_DOMAIN"
@ -103,8 +110,28 @@ keystone tenant-create \
    --name "$SERVICE_TENANT_NAME" \
    --description "Service Tenant"

+#------------------------------------------------------------------------------
+# Configure keystone services and API endpoints
+# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-services.html
+#------------------------------------------------------------------------------
+
+echo "Creating keystone service."
+keystone service-create \
+    --name keystone \
+    --type identity \
+    --description 'OpenStack Identity'
+
+echo "Creating endpoints for keystone."
+keystone_service_id=$(keystone service-list | awk '/ keystone / {print $2}')
+keystone endpoint-create \
+    --service-id "$keystone_service_id" \
+    --publicurl "http://controller-api:5000/v2.0" \
+    --adminurl "http://controller-mgmt:35357/v2.0" \
+    --internalurl "http://controller-mgmt:5000/v2.0"
+
 #------------------------------------------------------------------------------
 # Verify the Identity Service installation
+# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-verify.html
 #------------------------------------------------------------------------------

 echo "Verifying keystone installation."