Blame - files/keystone_data.sh - devstack

blob: 07b6b601d21d647febe56d4edd6e9425bfeb27df [file] [log] [blame]

Jesse Andrews	73e27b8	2011-09-12 17:55:00 -0700	[diff] [blame]	1	#!/bin/bash
Dean Troyer	b7d1fbb	2012-03-02 08:43:09 -0600	[diff] [blame]	2	#
				3	# Initial data for Keystone using python-keystoneclient
				4	#
Doug Hellmann	4a2b1c6	2012-11-01 16:23:52 -0400	[diff] [blame]	5	# Tenant User Roles
Chmouel Boudjnah	77b0e1d	2012-02-29 16:55:43 +0000	[diff] [blame]	6	# ------------------------------------------------------------------
Doug Hellmann	4a2b1c6	2012-11-01 16:23:52 -0400	[diff] [blame]	7	# service glance admin
Joe Gordon	1216b9f	2013-06-04 18:55:06 +0000	[diff] [blame]	8	# service heat service # if enabled
Eoghan Glynn	e3d3cb7	2013-06-20 15:05:54 +0000	[diff] [blame]	9	# service ceilometer admin # if enabled
Jay Pipes	b297d2d	2012-05-10 11:21:22 -0400	[diff] [blame]	10	# Tempest Only:
				11	# alt_demo alt_demo Member
Dean Troyer	b7d1fbb	2012-03-02 08:43:09 -0600	[diff] [blame]	12	#
				13	# Variables set before calling this script:
				14	# SERVICE_TOKEN - aka admin_token in keystone.conf
				15	# SERVICE_ENDPOINT - local Keystone admin endpoint
				16	# SERVICE_TENANT_NAME - name of tenant containing service accounts
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	17	# SERVICE_HOST - host used for endpoint creation
Dean Troyer	b7d1fbb	2012-03-02 08:43:09 -0600	[diff] [blame]	18	# ENABLED_SERVICES - stack.sh's list of services to start
				19	# DEVSTACK_DIR - Top-level DevStack directory
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	20	# KEYSTONE_CATALOG_BACKEND - used to determine service catalog creation
				21
				22	# Defaults
				23	# --------
Dean Troyer	b7d1fbb	2012-03-02 08:43:09 -0600	[diff] [blame]	24
				25	ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
				26	SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
Vishvananda Ishaya	d1f5243	2012-02-09 03:50:57 +0000	[diff] [blame]	27	export SERVICE_TOKEN=$SERVICE_TOKEN
				28	export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
Dean Troyer	b7d1fbb	2012-03-02 08:43:09 -0600	[diff] [blame]	29	SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
Vishvananda Ishaya	d1f5243	2012-02-09 03:50:57 +0000	[diff] [blame]	30
Jesse Andrews	73e27b8	2011-09-12 17:55:00 -0700	[diff] [blame]	31	# Roles
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	32	# -----
				33
guillaume pernot	901eed7	2012-11-29 08:44:58 +0100	[diff] [blame]	34	# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
				35	# The admin role in swift allows a user to act as an admin for their tenant,
				36	# but ResellerAdmin is needed for a user to act as any tenant. The name of this
				37	# role is also configurable in swift-proxy.conf
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	38	keystone role-create --name=ResellerAdmin
Joe Gordon	1216b9f	2013-06-04 18:55:06 +0000	[diff] [blame]	39	# Service role, so service users do not have to be admins
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	40	keystone role-create --name=service
Jesse Andrews	73e27b8	2011-09-12 17:55:00 -0700	[diff] [blame]	41
Dean Troyer	671c16e	2012-12-13 16:22:38 -0600	[diff] [blame]	42
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	43	# Services
				44	# --------
termie	a96a418	2012-01-09 22:13:29 -0800	[diff] [blame]	45
Chmouel Boudjnah	0c3a558	2013-03-06 10:58:33 +0100	[diff] [blame]	46	if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" \|\| "$ENABLED_SERVICES" =~ "swift" ]]; then
Chmouel Boudjnah	77b0e1d	2012-02-29 16:55:43 +0000	[diff] [blame]	47	# Nova needs ResellerAdmin role to download images when accessing
guillaume pernot	901eed7	2012-11-29 08:44:58 +0100	[diff] [blame]	48	# swift through the s3 api.
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	49	keystone user-role-add \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	50	--tenant $SERVICE_TENANT_NAME \
				51	--user nova \
				52	--role ResellerAdmin
Jesse Andrews	9c7c908	2011-11-23 10:10:53 -0800	[diff] [blame]	53	fi
Dean Troyer	b7d1fbb	2012-03-02 08:43:09 -0600	[diff] [blame]	54
Steve Baker	bfdad75	2012-08-18 09:00:42 +1200	[diff] [blame]	55	# Heat
				56	if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	57	keystone user-create --name=heat \
Sean Dague	922c8ae	2013-10-22 10:06:06 -0400	[diff] [blame]	58	--pass="$SERVICE_PASSWORD" \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	59	--tenant $SERVICE_TENANT_NAME \
				60	--email=heat@example.com
				61	keystone user-role-add --tenant $SERVICE_TENANT_NAME \
				62	--user heat \
				63	--role service
Steve Baker	053a5f8	2012-12-11 17:08:48 +1300	[diff] [blame]	64	# heat_stack_user role is for users created by Heat
				65	keystone role-create --name heat_stack_user
Steve Baker	bfdad75	2012-08-18 09:00:42 +1200	[diff] [blame]	66	if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	67	keystone service-create \
Steve Baker	bb421be	2012-10-10 13:19:10 +1300	[diff] [blame]	68	--name=heat-cfn \
				69	--type=cloudformation \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	70	--description="Heat CloudFormation Service"
Steve Baker	bfdad75	2012-08-18 09:00:42 +1200	[diff] [blame]	71	keystone endpoint-create \
				72	--region RegionOne \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	73	--service heat-cfn \
Angus Salkeld	e279021	2012-09-11 11:24:09 +1000	[diff] [blame]	74	--publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
				75	--adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
				76	--internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1"
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	77	keystone service-create \
Steve Baker	bb421be	2012-10-10 13:19:10 +1300	[diff] [blame]	78	--name=heat \
				79	--type=orchestration \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	80	--description="Heat Service"
Steve Baker	bb421be	2012-10-10 13:19:10 +1300	[diff] [blame]	81	keystone endpoint-create \
				82	--region RegionOne \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	83	--service heat \
Steve Baker	bb421be	2012-10-10 13:19:10 +1300	[diff] [blame]	84	--publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
				85	--adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
				86	--internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
Steve Baker	bfdad75	2012-08-18 09:00:42 +1200	[diff] [blame]	87	fi
				88	fi
				89
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	90	# Glance
				91	if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	92	keystone user-create \
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	93	--name=glance \
				94	--pass="$SERVICE_PASSWORD" \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	95	--tenant $SERVICE_TENANT_NAME \
				96	--email=glance@example.com
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	97	keystone user-role-add \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	98	--tenant $SERVICE_TENANT_NAME \
				99	--user glance \
				100	--role admin
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	101	if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	102	keystone service-create \
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	103	--name=glance \
				104	--type=image \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	105	--description="Glance Image Service"
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	106	keystone endpoint-create \
				107	--region RegionOne \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	108	--service glance \
Steve Baker	8d6c9bc	2012-09-11 10:05:14 +1200	[diff] [blame]	109	--publicurl "http://$SERVICE_HOST:9292" \
				110	--adminurl "http://$SERVICE_HOST:9292" \
				111	--internalurl "http://$SERVICE_HOST:9292"
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	112	fi
				113	fi
				114
Chmouel Boudjnah	ba31305	2013-07-10 21:03:43 +0200	[diff] [blame]	115	# Ceilometer
Doug Hellmann	4a2b1c6	2012-11-01 16:23:52 -0400	[diff] [blame]	116	if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	117	keystone user-create --name=ceilometer \
Sean Dague	922c8ae	2013-10-22 10:06:06 -0400	[diff] [blame]	118	--pass="$SERVICE_PASSWORD" \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	119	--tenant $SERVICE_TENANT_NAME \
				120	--email=ceilometer@example.com
				121	keystone user-role-add --tenant $SERVICE_TENANT_NAME \
				122	--user ceilometer \
				123	--role admin
guillaume pernot	901eed7	2012-11-29 08:44:58 +0100	[diff] [blame]	124	# Ceilometer needs ResellerAdmin role to access swift account stats.
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	125	keystone user-role-add --tenant $SERVICE_TENANT_NAME \
				126	--user ceilometer \
				127	--role ResellerAdmin
Julien Danjou	f36afe5	2012-10-04 18:00:10 +0200	[diff] [blame]	128	if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	129	keystone service-create \
Julien Danjou	f36afe5	2012-10-04 18:00:10 +0200	[diff] [blame]	130	--name=ceilometer \
				131	--type=metering \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	132	--description="Ceilometer Service"
Julien Danjou	f36afe5	2012-10-04 18:00:10 +0200	[diff] [blame]	133	keystone endpoint-create \
				134	--region RegionOne \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	135	--service ceilometer \
Eoghan Glynn	21ddaac	2013-03-05 12:40:59 +0000	[diff] [blame]	136	--publicurl "http://$SERVICE_HOST:8777" \
				137	--adminurl "http://$SERVICE_HOST:8777" \
				138	--internalurl "http://$SERVICE_HOST:8777"
Julien Danjou	f36afe5	2012-10-04 18:00:10 +0200	[diff] [blame]	139	fi
				140	fi
				141
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	142	# EC2
				143	if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
				144	if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	145	keystone service-create \
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	146	--name=ec2 \
				147	--type=ec2 \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	148	--description="EC2 Compatibility Layer"
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	149	keystone endpoint-create \
				150	--region RegionOne \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	151	--service ec2 \
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	152	--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
				153	--adminurl "http://$SERVICE_HOST:8773/services/Admin" \
				154	--internalurl "http://$SERVICE_HOST:8773/services/Cloud"
				155	fi
				156	fi
				157
				158	# S3
Chmouel Boudjnah	0c3a558	2013-03-06 10:58:33 +0100	[diff] [blame]	159	if [[ "$ENABLED_SERVICES" =~ "n-obj" \|\| "$ENABLED_SERVICES" =~ "swift3" ]]; then
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	160	if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	161	keystone service-create \
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	162	--name=s3 \
				163	--type=s3 \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	164	--description="S3"
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	165	keystone endpoint-create \
				166	--region RegionOne \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	167	--service s3 \
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	168	--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
				169	--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
				170	--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT"
				171	fi
Gabriel Hurley	a3a496f	2012-02-13 12:29:23 -0800	[diff] [blame]	172	fi
Jay Pipes	b297d2d	2012-05-10 11:21:22 -0400	[diff] [blame]	173
				174	if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
				175	# Tempest has some tests that validate various authorization checks
				176	# between two regular users in separate tenants
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	177	keystone tenant-create \
				178	--name=alt_demo
				179	keystone user-create \
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	180	--name=alt_demo \
				181	--pass="$ADMIN_PASSWORD" \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	182	--email=alt_demo@example.com
Dean Troyer	3f7c06f	2012-04-03 17:19:36 -0500	[diff] [blame]	183	keystone user-role-add \
Ken'ichi Ohmichi	9aadec3	2013-12-27 19:08:26 +0900	[diff] [blame]	184	--tenant alt_demo \
				185	--user alt_demo \
				186	--role Member
Jay Pipes	b297d2d	2012-05-10 11:21:22 -0400	[diff] [blame]	187	fi