commit b3288381047690510845209cc372d07e5b11e396
author Dean Troyer <dtroyer@gmail.com> Tue Feb 28 16:41:10 2012 -0600
committer Dean Troyer <dtroyer@gmail.com> Wed Feb 29 16:22:10 2012 -0600
tree 6d36ca5f4d9ff7d74b8bf47c2e220fe0452ff688
parent f1a11adf2bc308c386cb2c818088fe040019f114

Add service account configuration

* Use username/password instead of service token for service auth to Keystone
* Updates files/glance-*-paste.ini and files/swift/proxy-server.conf
* keystone_data.sh creates 'service' tenant, 'nova' and 'glance' users
  ('swift' and 'quantum' if those services are enabled)
* Uses $SERVICE_PASSWORD for the service auth password. There is no default;
  to default to $ADMIN_PASSWORD, place the assignment in localrc.

Fixes bug 942983

Change-Id: If78eed1b509a9c1e8441bb4cfa095da9052f9395

files/keystone_data.sh

diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 3f4841f..e292811 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -17,6 +17,7 @@
 fi
 
 ADMIN_TENANT=`get_id keystone tenant-create --name=admin`
+SERVICE_TENANT=`get_id keystone tenant-create --name=$SERVICE_TENANT_NAME`
 DEMO_TENANT=`get_id keystone tenant-create --name=demo`
 INVIS_TENANT=`get_id keystone tenant-create --name=invisible_to_admin`
 
@@ -73,6 +74,14 @@
                                  --name=nova \
                                  --type=compute \
                                  --description="Nova Compute Service"
+NOVA_USER=`get_id keystone user-create \
+                                 --name=nova \
+                                 --pass="$SERVICE_PASSWORD" \
+                                 --tenant_id $SERVICE_TENANT \
+                                 --email=nova@example.com`
+keystone user-role-add --tenant_id $SERVICE_TENANT \
+                                 --user $NOVA_USER \
+                                 --role $ADMIN_ROLE
 
 keystone service-create \
                                  --name=ec2 \
@@ -83,6 +92,14 @@
                                  --name=glance \
                                  --type=image \
                                  --description="Glance Image Service"
+GLANCE_USER=`get_id keystone user-create \
+                                 --name=glance \
+                                 --pass="$SERVICE_PASSWORD" \
+                                 --tenant_id $SERVICE_TENANT \
+                                 --email=glance@example.com`
+keystone user-role-add --tenant_id $SERVICE_TENANT \
+                                 --user $GLANCE_USER \
+                                 --role $ADMIN_ROLE
 
 keystone service-create \
                                  --name=keystone \
@@ -101,12 +118,28 @@
                                  --name=swift \
                                  --type="object-store" \
                                  --description="Swift Service"
+    SWIFT_USER=`get_id keystone user-create \
+                                 --name=swift \
+                                 --pass="$SERVICE_PASSWORD" \
+                                 --tenant_id $SERVICE_TENANT \
+                                 --email=swift@example.com`
+    keystone user-role-add --tenant_id $SERVICE_TENANT \
+                                 --user $SWIFT_USER \
+                                 --role $ADMIN_ROLE
 fi
 if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
     keystone service-create \
                                  --name=quantum \
                                  --type=network \
                                  --description="Quantum Service"
+    QUANTUM_USER=`get_id keystone user-create \
+                                 --name=quantum \
+                                 --pass="$SERVICE_PASSWORD" \
+                                 --tenant_id $SERVICE_TENANT \
+                                 --email=quantum@example.com`
+    keystone user-role-add --tenant_id $SERVICE_TENANT \
+                                 --user $QUANTUM_USER \
+                                 --role $ADMIN_ROLE
 fi
 
 # create ec2 creds and parse the secret and access key returned