From e0d970e40d7b4b4532fd3c2a6b617da5d8f23674 Mon Sep 17 00:00:00 2001
From: Pranav Salunke <dguitarbite@gmail.com>
Date: Fri, 8 Aug 2014 10:21:23 +0530
Subject: [PATCH] Adds Keystone service tenant

Keystone service tenant is required by OpenStack services to
authenticate. We could reuse admin tenant for the same but it
will provide OpenStack services with unnecessary privileges.

Implements: blueprint openstack-training-labs
Change-Id: Ia72012a09da36df5f52454c289775a8b050f9e1a
---
 labs/config/credentials        | 8 ++++++++
 labs/scripts/setup_keystone.sh | 5 +++++
 2 files changed, 13 insertions(+)

diff --git a/labs/config/credentials b/labs/config/credentials
index 55db1ce1..2ebb36df 100644
--- a/labs/config/credentials
+++ b/labs/config/credentials
@@ -23,4 +23,12 @@
 : ${ADMIN_USER_NAME:=admin}
 : ${ADMIN_PASSWORD:=admin_pass}
 
+# OpenStack Services needs to be affiliated with a tenant to provide
+# authentication to other OpenStack services. We create a "service" tenant for
+# the OpenStack services. All the OpenStack services will be registered via
+# service tenant.
+
+# Tenant and role for service accounts.
+: ${SERVICE_TENANT_NAME:=service}
+
 # vim: set ai ts=4 sw=4 et ft=sh:
diff --git a/labs/scripts/setup_keystone.sh b/labs/scripts/setup_keystone.sh
index 95819e9b..aa461483 100755
--- a/labs/scripts/setup_keystone.sh
+++ b/labs/scripts/setup_keystone.sh
@@ -84,3 +84,8 @@ keystone endpoint-create \
     --publicurl "http://controller-api:5000/v2.0" \
     --adminurl "http://controller-mgmt:35357/v2.0" \
     --internalurl "http://controller-mgmt:5000/v2.0"
+
+echo "Adding service tenant."
+keystone tenant-create \
+    --name "$SERVICE_TENANT_NAME" \
+    --description "Service Tenant"