keystone/patches/sample-data.sh.patch

2900N/AIn-house patch to the sample_data.sh script installed in
2900N/A/usr/demo/openstack/keystone in order to support all of the standard
2900N/Aservices and to allow customization of the individual service
6033N/Aendpoints. This is a Solaris-specific patch and is not suitable for
6033N/Aupstream
2900N/A
2900N/AIt also includes a change to use the standard Solaris tr(1) rather than
2900N/AGNU sed.
2900N/A
6033N/A--- keystone-2015.1.2/tools/sample_data.sh.~2~  2016-02-07 01:41:04.218073379 -0800
6033N/A+++ keystone-2015.1.2/tools/sample_data.sh  2016-02-07 01:44:19.119595020 -0800
6033N/A@@ -23,8 +23,8 @@
6033N/A # API.  It will get the admin_token (OS_TOKEN) and admin_port from
6033N/A # keystone.conf if available.
2900N/A #
6033N/A-# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
6033N/A-# Use this with the Catalog Templated backend.
6033N/A+# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment
6033N/A+# variable. Use this with the Catalog Templated backend.
6033N/A #
6033N/A # A EC2-compatible credential is created for the admin user and
6033N/A # placed in etc/ec2rc.
6033N/A@@ -37,11 +37,15 @@
2900N/A # service              ec2       admin
2900N/A # service              swift     admin
6033N/A # service              neutron   admin
6033N/A-
6033N/A-# By default, passwords used are those in the OpenStack Install and Deploy Manual.
6033N/A-# One can override these (publicly known, and hence, insecure) passwords by setting the appropriate
6033N/A-# environment variables. A common default password for all the services can be used by
6033N/A-# setting the "SERVICE_PASSWORD" environment variable.
2900N/A+# service              cinder    admin
6033N/A+# service              heat      admin
6033N/A+# service              ironic    admin
6033N/A+
6033N/A+# By default, passwords used are those in the OpenStack Install and Deploy
6033N/A+# Manual. One can override these (publicly known, and hence, insecure)
6033N/A+# passwords by setting the appropriate environment variables. A common default
6033N/A+# password for all the services can be used by setting the "SERVICE_PASSWORD"
6033N/A+# environment variable.
2900N/A
6033N/A # Test to verify that the openstackclient is installed, if not exit
6033N/A type openstack >/dev/null 2>&1 || {
6033N/A@@ -49,17 +53,57 @@ type openstack >/dev/null 2>&1 || {
6033N/A     exit 1
6033N/A     }
4070N/A
2900N/A+PATH=/usr/bin
4070N/A+
2900N/A ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
2900N/A NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}}
2900N/A GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}}
2900N/A EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}
4070N/A-SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}
4070N/A+SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swift}}
6033N/A NEUTRON_PASSWORD=${NEUTRON_PASSWORD:-${SERVICE_PASSWORD:-neutron}}
2900N/A+CINDER_PASSWORD=${CINDER_PASSWORD:-${SERVICE_PASSWORD:-cinder}}
6033N/A+HEAT_PASSWORD=${HEAT_PASSWORD:-${SERVICE_PASSWORD:-heat}}
6033N/A+IRONIC_PASSWORD=${IRONIC_PASSWORD:-${SERVICE_PASSWORD:-ironic}}
2900N/A
2900N/A CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
2900N/A CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
2900N/A CONTROLLER_INTERNAL_ADDRESS=${CONTROLLER_INTERNAL_ADDRESS:-localhost}
2900N/A
2900N/A+NOVA_PUBLIC_ADDRESS=${NOVA_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
2900N/A+NOVA_ADMIN_ADDRESS=${NOVA_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
2900N/A+NOVA_INTERNAL_ADDRESS=${NOVA_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
6033N/A+
2900N/A+GLANCE_PUBLIC_ADDRESS=${GLANCE_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
2900N/A+GLANCE_ADMIN_ADDRESS=${GLANCE_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
2900N/A+GLANCE_INTERNAL_ADDRESS=${GLANCE_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
6033N/A+
2900N/A+EC2_PUBLIC_ADDRESS=${EC2_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
2900N/A+EC2_ADMIN_ADDRESS=${EC2_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
2900N/A+EC2_INTERNAL_ADDRESS=${EC2_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
6033N/A+
2900N/A+SWIFT_PUBLIC_ADDRESS=${SWIFT_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
2900N/A+SWIFT_ADMIN_ADDRESS=${SWIFT_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
2900N/A+SWIFT_INTERNAL_ADDRESS=${SWIFT_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
6033N/A+
2900N/A+NEUTRON_PUBLIC_ADDRESS=${NEUTRON_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
2900N/A+NEUTRON_ADMIN_ADDRESS=${NEUTRON_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
2900N/A+NEUTRON_INTERNAL_ADDRESS=${NEUTRON_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
2900N/A+
6033N/A+CINDER_PUBLIC_ADDRESS=${CINDER_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
6033N/A+CINDER_ADMIN_ADDRESS=${CINDER_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
6033N/A+CINDER_INTERNAL_ADDRESS=${CINDER_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
6033N/A+
6033N/A+HEAT_CFN_PUBLIC_ADDRESS=${HEAT_CFN_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
6033N/A+HEAT_CFN_ADMIN_ADDRESS=${HEAT_CFN_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
6033N/A+HEAT_CFN_INTERNAL_ADDRESS=${HEAT_CFN_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
6033N/A+HEAT_PUBLIC_ADDRESS=${HEAT_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
6033N/A+HEAT_ADMIN_ADDRESS=${HEAT_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
6033N/A+HEAT_INTERNAL_ADDRESS=${HEAT_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
6033N/A+
6033N/A+IRONIC_PUBLIC_ADDRESS=${IRONIC_PUBLIC_ADDRESS:-$CONTROLLER_PUBLIC_ADDRESS}
6033N/A+IRONIC_ADMIN_ADDRESS=${IRONIC_ADMIN_ADDRESS:-$CONTROLLER_ADMIN_ADDRESS}
6033N/A+IRONIC_INTERNAL_ADDRESS=${IRONIC_INTERNAL_ADDRESS:-$CONTROLLER_INTERNAL_ADDRESS}
6033N/A+
2900N/A TOOLS_DIR=$(cd $(dirname "$0") && pwd)
2900N/A KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
2900N/A if [[ -r "$KEYSTONE_CONF" ]]; then
6033N/A@@ -75,15 +119,19 @@ fi
2900N/A
2900N/A # Extract some info from Keystone's configuration file
2900N/A if [[ -r "$KEYSTONE_CONF" ]]; then
2900N/A-    CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
6033N/A+    CONFIG_SERVICE_TOKEN=$(tr -d '[\t ]' < $KEYSTONE_CONF | \
6033N/A+        grep ^admin_token= | cut -d'=' -f2)
6033N/A     if [[ -z "${CONFIG_SERVICE_TOKEN}" ]]; then
6033N/A         # default config options are commented out, so lets try those
6033N/A-        CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^\#admin_token= | cut -d'=' -f2)
6033N/A+        CONFIG_SERVICE_TOKEN=$(tr -d '[\t ]' < $KEYSTONE_CONF | \
6033N/A+            grep ^\#admin_token= | cut -d'=' -f2)
6033N/A     fi
2900N/A-    CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
6033N/A+    CONFIG_ADMIN_PORT=$(tr -d '[\t ]' < $KEYSTONE_CONF | \
6033N/A+        grep ^admin_port= | cut -d'=' -f2)
6033N/A     if [[ -z "${CONFIG_ADMIN_PORT}" ]]; then
6033N/A         # default config options are commented out, so lets try those
6033N/A-        CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^\#admin_port= | cut -d'=' -f2)
6033N/A+        CONFIG_ADMIN_PORT=$(tr -d '[\t ]' < $KEYSTONE_CONF | \
6033N/A+            grep ^\#admin_port= | cut -d'=' -f2)
6033N/A     fi
2900N/A fi
2900N/A
6033N/A@@ -156,6 +204,29 @@ openstack role add --user neutron \
6033N/A                    --project service \
6033N/A                    admin
2900N/A
6033N/A+openstack user create cinder --project service \
6033N/A+                             --password "${CINDER_PASSWORD}"
6033N/A+
6033N/A+openstack role add --user cinder \
6033N/A+                   --project service \
6033N/A+                   admin
2900N/A+
6033N/A+openstack user create heat --project service \
6033N/A+                           --password "${HEAT_PASSWORD}"
6033N/A+
6033N/A+openstack role add --user heat \
6033N/A+                   --project service \
6033N/A+                   admin
2900N/A+
6033N/A+openstack role create heat_stack_user
2900N/A+
6033N/A+openstack user create ironic --project service \
6033N/A+                             --password "${IRONIC_PASSWORD}"
6033N/A+
6033N/A+openstack role add --user ironic \
6033N/A+                   --project service \
6033N/A+                   admin
2900N/A+
2900N/A #
2900N/A # Keystone service
2900N/A #
6033N/A@@ -178,24 +249,32 @@ openstack service create --name=nova \
6033N/A                          compute
2900N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A     openstack endpoint create --region RegionOne \
4070N/A-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
4070N/A-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s" \
4070N/A+        --publicurl "http://$NOVA_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
4070N/A+        --adminurl "http://$NOVA_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
6033N/A+        --internalurl "http://$NOVA_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s" \
6033N/A         nova
2900N/A fi
2900N/A
2900N/A #
2900N/A # Volume service
2900N/A #
6033N/A-openstack service create --name=volume \
6033N/A+openstack service create --name=cinder \
6033N/A                          --description="Cinder Volume Service" \
6033N/A                          volume
6033N/A+openstack service create --name=cinderv2 \
6033N/A+                         --description="Cinder Volume Service (Version 2)" \
6033N/A+                         volumev2
2900N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A     openstack endpoint create --region RegionOne \
2900N/A-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
2900N/A-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" \
6033N/A-        volume
2900N/A+        --publicurl "http://$CINDER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
2900N/A+        --adminurl "http://$CINDER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
6033N/A+        --internalurl "http://$CINDER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s" \
6033N/A+        cinder
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A+        --publicurl "http://$CINDER_PUBLIC_ADDRESS:8776/v2/\$(tenant_id)s" \
6033N/A+        --adminurl "http://$CINDER_ADMIN_ADDRESS:8776/v2/\$(tenant_id)s" \
6033N/A+        --internalurl "http://$CINDER_INTERNAL_ADDRESS:8776/v2/\$(tenant_id)s" \
6033N/A+        cinderv2
2900N/A fi
2900N/A
2900N/A #
6033N/A@@ -206,9 +285,9 @@ openstack service create --name=glance \
6033N/A                          image
2900N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A     openstack endpoint create --region RegionOne  \
6033N/A-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
6033N/A-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292" \
6033N/A+        --publicurl "http://$GLANCE_PUBLIC_ADDRESS:9292" \
6033N/A+        --adminurl "http://$GLANCE_ADMIN_ADDRESS:9292" \
6033N/A+        --internalurl "http://$GLANCE_INTERNAL_ADDRESS:9292" \
6033N/A         glance
6033N/A fi
6033N/A
6033N/A@@ -220,9 +299,9 @@ openstack service create --name=ec2 \
6033N/A                          ec2
6033N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A     openstack endpoint create --region RegionOne \
2900N/A-        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
2900N/A-        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud" \
2900N/A+        --publicurl "http://$EC2_PUBLIC_ADDRESS:8773/services/Cloud" \
2900N/A+        --adminurl "http://$EC2_ADMIN_ADDRESS:8773/services/Admin" \
6033N/A+        --internalurl "http://$EC2_INTERNAL_ADDRESS:8773/services/Cloud" \
6033N/A         ec2
2900N/A fi
2900N/A
6033N/A@@ -234,9 +313,11 @@ openstack service create --name=swift \
6033N/A                          object-store
2900N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A     openstack endpoint create --region RegionOne \
2900N/A-        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
2900N/A-        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
6033N/A+        --publicurl \
6033N/A+            "http://$SWIFT_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
6033N/A+        --adminurl    "http://$SWIFT_ADMIN_ADDRESS:8080/v1" \
6033N/A+        --internalurl \
6033N/A+            "http://$SWIFT_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
6033N/A         swift
6033N/A fi
6033N/A
6033N/A@@ -248,12 +329,48 @@ openstack service create --name=neutron
6033N/A                          network
6033N/A if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A     openstack endpoint create --region RegionOne \
6033N/A-        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:9696" \
6033N/A-        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:9696" \
6033N/A-        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9696" \
6033N/A+        --publicurl   "http://$NEUTRON_PUBLIC_ADDRESS:9696" \
6033N/A+        --adminurl    "http://$NEUTRON_ADMIN_ADDRESS:9696" \
6033N/A+        --internalurl "http://$NEUTRON_INTERNAL_ADDRESS:9696" \
6033N/A         neutron
6033N/A fi
6033N/A
6033N/A+#
6033N/A+# Heat service
6033N/A+#
6033N/A+openstack service create --name=heat-cfn \
6033N/A+                         --description="Heat CloudFormation API" \
6033N/A+                         cloudformation
6033N/A+openstack service create --name=heat \
6033N/A+                         --description="Heat API" \
6033N/A+                         orchestration
6033N/A+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A+        --publicurl   "http://$HEAT_CFN_PUBLIC_ADDRESS:8000/v1" \
6033N/A+        --adminurl    "http://$HEAT_CFN_ADMIN_ADDRESS:8000/v1" \
6033N/A+        --internalurl "http://$HEAT_CFN_INTERNAL_ADDRESS:8000/v1" \
6033N/A+        heat-cfn
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A+        --publicurl   "http://$HEAT_PUBLIC_ADDRESS:8004/v1/\$(tenant_id)s" \
6033N/A+        --adminurl    "http://$HEAT_ADMIN_ADDRESS:8004/v1/\$(tenant_id)s" \
6033N/A+        --internalurl "http://$HEAT_INTERNAL_ADDRESS:8004/v1/\$(tenant_id)s" \
6033N/A+        heat
2900N/A+fi
2900N/A+
2900N/A+#
6033N/A+# Ironic service
2900N/A+#
6033N/A+openstack service create --name=ironic \
6033N/A+    --description="Ironic Bare Metal Provisioning Service" \
6033N/A+    baremetal
2900N/A+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
6033N/A+    openstack endpoint create --region RegionOne \
6033N/A+        --publicurl   "http://$IRONIC_PUBLIC_ADDRESS:6385" \
6033N/A+        --adminurl    "http://$IRONIC_ADMIN_ADDRESS:6385" \
6033N/A+        --internalurl "http://$IRONIC_INTERNAL_ADDRESS:6385" \
6033N/A+        ironic
6033N/A+fi
6033N/A+
2900N/A # create ec2 creds and parse the secret and access key returned
6033N/A ADMIN_USER=$(get_id openstack user show admin)
6033N/A RESULT=$(openstack ec2 credentials create --project service --user $ADMIN_USER)