From 95afa013913de81402531fea1238da3c12848e6b Mon Sep 17 00:00:00 2001 From: sayalilunkad Date: Sat, 29 Nov 2014 15:52:17 +0530 Subject: [PATCH] Refactors keystone setup section in osbash This patch changes the sequence of some operations in the setup_keystone script and adds links to the section in install-guides. Change-Id: I0d7008ec8ee3e0419c485d4bfa4441d3be1d8e3b --- labs/scripts/setup_keystone.sh | 83 ++++++++++++++++++++++------------ 1 file changed, 55 insertions(+), 28 deletions(-) diff --git a/labs/scripts/setup_keystone.sh b/labs/scripts/setup_keystone.sh index d89821d1..de888ee0 100755 --- a/labs/scripts/setup_keystone.sh +++ b/labs/scripts/setup_keystone.sh @@ -11,17 +11,12 @@ indicate_current_auto #------------------------------------------------------------------------------ # Set up keystone for controller node +# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-install.html #------------------------------------------------------------------------------ echo "Installing keystone." sudo apt-get install -y keystone -echo "Removing default SQLite database." -sudo rm -f /var/lib/keystone/keystone.db - -echo "Setting up database for keystone." -setup_database keystone - function get_database_url { local db_user=$(service_to_db_user keystone) local db_password=$(service_to_db_password keystone) @@ -32,33 +27,50 @@ function get_database_url { database_url=$(get_database_url) -echo "Configuring /etc/keystone/keystone.conf." +echo "Configuring [database] section in /etc/keystone/keystone.conf." echo "Setting database connection: $database_url." iniset_sudo /etc/keystone/keystone.conf database connection "$database_url" +echo "Removing default SQLite database." +sudo rm -f /var/lib/keystone/keystone.db + +echo "Setting up database for keystone." +setup_database keystone + +echo "Creating the database tables for keystone." +sudo keystone-manage db_sync + +# NOTE: Commenting out command for openssl to +# generate random token as we are passing default value in +# $ADMIN_TOKEN. Should be changed in future to follow +# install-guides structure. +# openssl rand -hex 10 + +echo "Configuring [DEFAULT] section in /etc/keystone/keystone.conf." + echo "Setting admin_token to bootstrap authentication." iniset_sudo /etc/keystone/keystone.conf DEFAULT admin_token "$ADMIN_TOKEN" echo "Setting log directory to /var/log/keystone." iniset_sudo /etc/keystone/keystone.conf DEFAULT log_dir "/var/log/keystone" +echo "Restarting keystone." sudo service keystone restart -echo "Creating the database tables for keystone." -sudo keystone-manage db_sync - #------------------------------------------------------------------------------ -# Configure keystone users, roles, and endpoints so it can be used for -# authentication. +# Configure keystone users, tenants and roles +# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-users.html #------------------------------------------------------------------------------ echo "Using OS_SERVICE_TOKEN, OS_SERVICE_ENDPOINT for authentication." export OS_SERVICE_TOKEN=$ADMIN_TOKEN export OS_SERVICE_ENDPOINT="http://controller-mgmt:35357/v2.0" -echo "Adding admin tenant." -keystone tenant-create --name "$ADMIN_TENANT_NAME" --description "Admin Tenant" +# Wait for keystone to come up +until keystone user-list >/dev/null 2>&1; do + sleep 1 +done echo "Creating admin user." keystone user-create --name "$ADMIN_USER_NAME" --pass "$ADMIN_PASSWORD" --email "admin@$MAIL_DOMAIN" @@ -66,25 +78,20 @@ keystone user-create --name "$ADMIN_USER_NAME" --pass "$ADMIN_PASSWORD" --email echo "Creating admin roles." keystone role-create --name "$ADMIN_ROLE_NAME" -echo "Adding admin roles to admin user." +echo "Adding admin tenant." +keystone tenant-create --name "$ADMIN_TENANT_NAME" --description "Admin Tenant" + +echo "Linking admin user, admin role and admin tenant." keystone user-role-add \ --tenant "$ADMIN_TENANT_NAME" \ --user "$ADMIN_USER_NAME" \ --role "$ADMIN_ROLE_NAME" -echo "Creating keystone service." -keystone service-create \ - --name keystone \ - --type identity \ - --description 'OpenStack Identity' - -echo "Creating endpoints for keystone." -keystone_service_id=$(keystone service-list | awk '/ keystone / {print $2}') -keystone endpoint-create \ - --service-id "$keystone_service_id" \ - --publicurl "http://controller-api:5000/v2.0" \ - --adminurl "http://controller-mgmt:35357/v2.0" \ - --internalurl "http://controller-mgmt:5000/v2.0" +echo "Linking admin user, _member_ role, and admin tenant." +keystone user-role-add \ + --tenant "$ADMIN_TENANT_NAME" \ + --user "$ADMIN_USER_NAME" \ + --role "$MEMBER_ROLE_NAME" echo "Creating demo user." keystone user-create --name "$DEMO_USER_NAME" --pass "$DEMO_PASSWORD" --email "demo@$MAIL_DOMAIN" @@ -103,8 +110,28 @@ keystone tenant-create \ --name "$SERVICE_TENANT_NAME" \ --description "Service Tenant" +#------------------------------------------------------------------------------ +# Configure keystone services and API endpoints +# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-services.html +#------------------------------------------------------------------------------ + +echo "Creating keystone service." +keystone service-create \ + --name keystone \ + --type identity \ + --description 'OpenStack Identity' + +echo "Creating endpoints for keystone." +keystone_service_id=$(keystone service-list | awk '/ keystone / {print $2}') +keystone endpoint-create \ + --service-id "$keystone_service_id" \ + --publicurl "http://controller-api:5000/v2.0" \ + --adminurl "http://controller-mgmt:35357/v2.0" \ + --internalurl "http://controller-mgmt:5000/v2.0" + #------------------------------------------------------------------------------ # Verify the Identity Service installation +# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-verify.html #------------------------------------------------------------------------------ echo "Verifying keystone installation."