create and store secret and access keys
diff --git a/files/keystone.conf b/files/keystone.conf
index 0ee0827..3167c0f 100644
--- a/files/keystone.conf
+++ b/files/keystone.conf
@@ -37,7 +37,7 @@
driver = keystone.policy.backends.simple.SimpleMatch
[ec2]
-driver = keystone.contrib.ec2.backends.kvs.Ec2
+driver = keystone.contrib.ec2.backends.sql.Ec2
[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 35eaa5d..39952b1 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -98,6 +98,25 @@
"description=Swift Service"
fi
+# create ec2 creds and parse the secret and access key returned
+RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$ADMIN_USER tenant_id=$ADMIN_TENANT`
+ADMIN_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"`
+ADMIN_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"`
+
+
+RESULT=`$BIN_DIR/keystone-manage ec2 create user_id=$DEMO_USER tenant_id=$DEMO_TENANT`
+DEMO_ACCESS=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['access'];"`
+DEMO_SECRET=`echo $RESULT | python -c "import sys; import json; result = json.loads(sys.stdin.read()); print result['secret'];"`
+
+# write the secret and access to ec2rc
+cat > $DEVSTACK_DIR/ec2rc <<EOF
+ADMIN_ACCESS=$ADMIN_ACCESS
+ADMIN_SECRET=$ADMIN_SECRET
+DEMO_ACCESS=$DEMO_ACCESS
+DEMO_SECRET=$DEMO_SECRET
+EOF
+
+
#endpointTemplates
#$BIN_DIR/keystone-manage $* endpointTemplates add \
# RegionOne nova
@@ -130,8 +149,3 @@
# Tokens
#$BIN_DIR/keystone-manage token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00
-# EC2 related creds - note we are setting the secret key to ADMIN_PASSWORD
-# but keystone doesn't parse them - it is just a blob from keystone's
-# point of view
-#$BIN_DIR/keystone-manage credentials add admin EC2 'admin' '%ADMIN_PASSWORD%' admin || echo "no support for adding credentials"
-#$BIN_DIR/keystone-manage credentials add demo EC2 'demo' '%ADMIN_PASSWORD%' demo || echo "no support for adding credentials"
diff --git a/openrc b/openrc
index 4c4b1d3..c05bf65 100644
--- a/openrc
+++ b/openrc
@@ -56,10 +56,10 @@
export EC2_URL=${EC2_URL:-http://$SERVICE_HOST:8773/services/Cloud}
# Access key is set in the initial keystone data to be the same as username
-export EC2_ACCESS_KEY=${USERNAME:-demo}
+export EC2_ACCESS_KEY=${DEMO_ACCESS}
# Secret key is set in the initial keystone data to the admin password
-export EC2_SECRET_KEY=${ADMIN_PASSWORD:-secrete}
+export EC2_SECRET_KEY=${DEMO_SECRET}
# Euca2ools Certificate stuff for uploading bundles
# You can get your certs using ./tools/get_certs.sh
diff --git a/stack.sh b/stack.sh
index cedf597..8421c3c 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1398,7 +1398,7 @@
# initialize keystone with default users/endpoints
pushd $KEYSTONE_DIR
$KEYSTONE_DIR/bin/keystone-manage db_sync
- ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
+ DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
popd
fi
diff --git a/stackrc b/stackrc
index c9acdbe..d30bf66 100644
--- a/stackrc
+++ b/stackrc
@@ -76,6 +76,11 @@
IMAGE_URLS="http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-uec.tar.gz";;
esac
+# use stored ec2 env variables
+if [ -f ./ec2rc ]; then
+ source ./ec2rc
+fi
+
# allow local overrides of env variables
if [ -f ./localrc ]; then
source ./localrc