commit 4a2b1c66118c8397930489b9cfb9247e8160b3ca
author Doug Hellmann <doug.hellmann@dreamhost.com> Thu Nov 01 16:23:52 2012 -0400
committer Doug Hellmann <doug.hellmann@dreamhost.com> Mon Nov 05 06:54:36 2012 -0500
tree eeaeaf1725305df4066ffbc57eb24821b0b4009e
parent 98b26ab358a852c48ba009bd762543293cb09544

Finish configuring ceilometer authentication

Copy the policy.json file for ceilometer into place
and configure the API service to find it.

Create a service user for ceilometer when the service
is enabled.

Use the service user for the admin_user and admin_password
in the ceilometer config file so the middleware can
verify tokens.

Change-Id: I39be13da0c86704d35e0ce3dc3d27fd38d787058
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>

files/keystone_data.sh

diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 9520b17..3da11bf 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -2,18 +2,19 @@
 #
 # Initial data for Keystone using python-keystoneclient
 #
-# Tenant               User      Roles
+# Tenant               User       Roles
 # ------------------------------------------------------------------
-# admin                admin     admin
-# service              glance    admin
-# service              nova      admin, [ResellerAdmin (swift only)]
-# service              quantum   admin        # if enabled
-# service              swift     admin        # if enabled
-# service              cinder    admin        # if enabled
-# service              heat      admin        # if enabled
-# demo                 admin     admin
-# demo                 demo      Member, anotherrole
-# invisible_to_admin   demo      Member
+# admin                admin      admin
+# service              glance     admin
+# service              nova       admin, [ResellerAdmin (swift only)]
+# service              quantum    admin        # if enabled
+# service              swift      admin        # if enabled
+# service              cinder     admin        # if enabled
+# service              heat       admin        # if enabled
+# service              ceilometer admin        # if enabled
+# demo                 admin      admin
+# demo                 demo       Member, anotherrole
+# invisible_to_admin   demo       Member
 # Tempest Only:
 # alt_demo             alt_demo  Member
 #
@@ -262,7 +263,14 @@
     fi
 fi
 
-if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
+if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
+    CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \
+                                              --pass="$SERVICE_PASSWORD" \
+                                              --tenant_id $SERVICE_TENANT \
+                                              --email=ceilometer@example.com)
+    keystone user-role-add --tenant_id $SERVICE_TENANT \
+                           --user_id $CEILOMETER_USER \
+                           --role_id $ADMIN_ROLE
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
         CEILOMETER_SERVICE=$(get_id keystone service-create \
             --name=ceilometer \
@@ -345,4 +353,3 @@
             --internalurl "http://$SERVICE_HOST:8776/v1/\$(tenant_id)s"
     fi
 fi
-