Move keystone account creation out of keystone_data.sh keystone_data.sh is getting unwieldly and increasingly needs configuration information for services. Also need the ability to manipulate HOST/IP information for hosts to handle service HA/proxy configurations. Begin moving the creation of service account information into the service lib files, starting with the common accounts and keystone itself. Change-Id: Ie259f7b71983c4f4a2e33ab9c8a8e2b00238ba38

commit: d835de892a9426a96f16e187d23eff715311d492 [log] [tgz]
author: Dean Troyer <dtroyer@gmail.com> Thu Nov 29 17:11:35 2012 -0600
committer: Dean Troyer <dtroyer@gmail.com> Mon Dec 03 13:47:27 2012 -0600
tree: 0f7216ff43033cb768d106d2b2c75c8046180ae1
parent: 22d6799d73251d325ca73869197e1c7f20c3c99e [diff] [blame]
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 20749bc..c8e68dd 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh

@@ -4,7 +4,6 @@
 #
 # Tenant               User       Roles
 # ------------------------------------------------------------------
-# admin                admin      admin
 # service              glance     admin
 # service              nova       admin, [ResellerAdmin (swift only)]
 # service              quantum    admin        # if enabled
@@ -12,9 +11,6 @@
 # service              cinder     admin        # if enabled
 # service              heat       admin        # if enabled
 # service              ceilometer admin        # if enabled
-# demo                 admin      admin
-# demo                 demo       Member, anotherrole
-# invisible_to_admin   demo       Member
 # Tempest Only:
 # alt_demo             alt_demo  Member
 #
@@ -40,53 +36,14 @@
     echo `"$@" | awk '/ id / { print $4 }'`
 }
 
-
-# Tenants
-# -------
-
-ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
-SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
-DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
-INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
-
-
-# Users
-# -----
-
-ADMIN_USER=$(get_id keystone user-create --name=admin \
-                                         --pass="$ADMIN_PASSWORD" \
-                                         --email=admin@example.com)
-DEMO_USER=$(get_id keystone user-create --name=demo \
-                                        --pass="$ADMIN_PASSWORD" \
-                                        --email=demo@example.com)
+# Lookups
+SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
+ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
 
 
 # Roles
 # -----
 
-ADMIN_ROLE=$(get_id keystone role-create --name=admin)
-KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
-KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
-# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
-# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
-ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)
-
-
-# Add Roles to Users in Tenants
-keystone user-role-add --user_id $ADMIN_USER --role_id $ADMIN_ROLE --tenant_id $ADMIN_TENANT
-keystone user-role-add --user_id $ADMIN_USER --role_id $ADMIN_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user_id $DEMO_USER --role_id $ANOTHER_ROLE --tenant_id $DEMO_TENANT
-
-# TODO(termie): these two might be dubious
-keystone user-role-add --user_id $ADMIN_USER --role_id $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
-keystone user-role-add --user_id $ADMIN_USER --role_id $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
-
-
-# The Member role is used by Horizon and Swift so we need to keep it:
-MEMBER_ROLE=$(get_id keystone role-create --name=Member)
-keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $INVIS_TENANT
-
 # The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
 # The admin role in swift allows a user to act as an admin for their tenant,
 # but ResellerAdmin is needed for a user to act as any tenant. The name of this
@@ -96,20 +53,6 @@
 # Services
 # --------
 
-# Keystone
-if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
-    KEYSTONE_SERVICE=$(get_id keystone service-create \
-        --name=keystone \
-        --type=identity \
-        --description="Keystone Identity Service")
-    keystone endpoint-create \
-        --region RegionOne \
-        --service_id $KEYSTONE_SERVICE \
-        --publicurl "http://$SERVICE_HOST:\$(public_port)s/v2.0" \
-        --adminurl "http://$SERVICE_HOST:\$(admin_port)s/v2.0" \
-        --internalurl "http://$SERVICE_HOST:\$(public_port)s/v2.0"
-fi
-
 # Nova
 if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
     NOVA_USER=$(get_id keystone user-create \
commit	d835de892a9426a96f16e187d23eff715311d492	[log] [tgz]
author	Dean Troyer <dtroyer@gmail.com>	Thu Nov 29 17:11:35 2012 -0600
committer	Dean Troyer <dtroyer@gmail.com>	Mon Dec 03 13:47:27 2012 -0600
tree	0f7216ff43033cb768d106d2b2c75c8046180ae1
parent	22d6799d73251d325ca73869197e1c7f20c3c99e [diff] [blame]