commit 4a2b1c66118c8397930489b9cfb9247e8160b3ca
author Doug Hellmann <doug.hellmann@dreamhost.com> Thu Nov 01 16:23:52 2012 -0400
committer Doug Hellmann <doug.hellmann@dreamhost.com> Mon Nov 05 06:54:36 2012 -0500
tree eeaeaf1725305df4066ffbc57eb24821b0b4009e
parent 98b26ab358a852c48ba009bd762543293cb09544

Finish configuring ceilometer authentication

Copy the policy.json file for ceilometer into place
and configure the API service to find it.

Create a service user for ceilometer when the service
is enabled.

Use the service user for the admin_user and admin_password
in the ceilometer config file so the middleware can
verify tokens.

Change-Id: I39be13da0c86704d35e0ce3dc3d27fd38d787058
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>

lib/ceilometer

diff --git a/lib/ceilometer b/lib/ceilometer
index b0f0377..2b014b0 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -6,8 +6,9 @@
 
 # Dependencies:
 # - functions
-# - OS_USERNAME, OS_PASSWORD, OS_TENANT_NAME, OS_AUTH_URL set for admin credentials
+# - OS_AUTH_URL for auth in api
 # - DEST set to the destination directory
+# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
 
 # stack.sh
 # ---------
@@ -61,7 +62,15 @@
     iniset $CEILOMETER_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
     iniset $CEILOMETER_CONF DEFAULT sql_connection $BASE_SQL_CONN/nova?charset=utf8
 
+    # Install the policy file for the API server
+    cp $CEILOMETER_DIR/etc/ceilometer/policy.json $CEILOMETER_CONF_DIR
+    iniset $CEILOMETER_CONF DEFAULT policy_file $CEILOMETER_CONF_DIR/policy.json
+
     iniset $CEILOMETER_CONF keystone_authtoken auth_protocol http
+    iniset $CEILOMETER_CONF keystone_authtoken admin_user ceilometer
+    iniset $CEILOMETER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+    iniset $CEILOMETER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+
     cleanup_ceilometer
 }
 
@@ -73,7 +82,7 @@
 # start_ceilometer() - Start running processes, including screen
 function start_ceilometer() {
     screen_it ceilometer-acompute "cd $CEILOMETER_DIR && sg libvirtd \"$CEILOMETER_BIN_DIR/ceilometer-agent-compute --config-file $CEILOMETER_CONF\""
-    screen_it ceilometer-acentral "export OS_USERNAME=$OS_USERNAME OS_PASSWORD=$OS_PASSWORD OS_TENANT_NAME=$OS_TENANT_NAME OS_AUTH_URL=$OS_AUTH_URL && cd $CEILOMETER_DIR && $CEILOMETER_BIN_DIR/ceilometer-agent-central --config-file $CEILOMETER_CONF"
+    screen_it ceilometer-acentral "export OS_USERNAME=ceilometer OS_PASSWORD=$SERVICE_PASSWORD OS_TENANT_NAME=$SERVICE_TENANT_NAME OS_AUTH_URL=$OS_AUTH_URL && cd $CEILOMETER_DIR && $CEILOMETER_BIN_DIR/ceilometer-agent-central --config-file $CEILOMETER_CONF"
     screen_it ceilometer-collector "cd $CEILOMETER_DIR && $CEILOMETER_BIN_DIR/ceilometer-collector --config-file $CEILOMETER_CONF"
     screen_it ceilometer-api "cd $CEILOMETER_DIR && $CEILOMETER_BIN_DIR/ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF"
 }