| Dean Troyer | d81a027 | 2012-08-31 18:04:55 -0500 | [diff] [blame^] | 1 | # lib/keystone |
| 2 | # Functions to control the configuration and operation of **Keystone** |
| 3 | |
| 4 | # Dependencies: |
| 5 | # ``functions`` file |
| 6 | # ``BASE_SQL_CONN`` |
| 7 | # ``SERVICE_HOST`` |
| 8 | # ``SERVICE_TOKEN`` |
| 9 | # ``S3_SERVICE_PORT`` (template backend only) |
| 10 | |
| 11 | |
| 12 | # ``stack.sh`` calls the entry points in this order: |
| 13 | # |
| 14 | # install_keystone |
| 15 | # configure_keystone |
| 16 | # init_keystone |
| 17 | # start_keystone |
| 18 | # stop_keystone |
| 19 | # cleanup_keystone |
| 20 | |
| 21 | # Print the commands being run so that we can see the command that triggers |
| 22 | # an error. It is also useful for following along as the install occurs. |
| 23 | set -o xtrace |
| 24 | |
| 25 | |
| 26 | # Defaults |
| 27 | # -------- |
| 28 | |
| 29 | # <define global variables here that belong to this project> |
| 30 | |
| 31 | # Set up default directories |
| 32 | KEYSTONE_DIR=$DEST/keystone |
| 33 | KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone} |
| 34 | KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf |
| 35 | |
| 36 | KEYSTONECLIENT_DIR=$DEST/python-keystoneclient |
| 37 | |
| 38 | # Select the backend for Keystopne's service catalog |
| 39 | KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-template} |
| 40 | KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates |
| 41 | |
| 42 | # Set Keystone interface configuration |
| 43 | KEYSTONE_API_PORT=${KEYSTONE_API_PORT:-5000} |
| 44 | KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST} |
| 45 | KEYSTONE_AUTH_PORT=${KEYSTONE_AUTH_PORT:-35357} |
| 46 | KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-http} |
| 47 | KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST} |
| 48 | KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000} |
| 49 | KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-http} |
| 50 | |
| 51 | |
| 52 | # Entry Points |
| 53 | # ------------ |
| 54 | |
| 55 | # cleanup_keystone() - Remove residual data files, anything left over from previous |
| 56 | # runs that a clean run would need to clean up |
| 57 | function cleanup_keystone() { |
| 58 | # kill instances (nova) |
| 59 | # delete image files (glance) |
| 60 | # This function intentionally left blank |
| 61 | : |
| 62 | } |
| 63 | |
| 64 | # configure_keystoneclient() - Set config files, create data dirs, etc |
| 65 | function configure_keystoneclient() { |
| 66 | setup_develop $KEYSTONECLIENT_DIR |
| 67 | } |
| 68 | |
| 69 | # configure_keystone() - Set config files, create data dirs, etc |
| 70 | function configure_keystone() { |
| 71 | setup_develop $KEYSTONE_DIR |
| 72 | |
| 73 | if [[ ! -d $KEYSTONE_CONF_DIR ]]; then |
| 74 | sudo mkdir -p $KEYSTONE_CONF_DIR |
| 75 | sudo chown `whoami` $KEYSTONE_CONF_DIR |
| 76 | fi |
| 77 | |
| 78 | if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then |
| 79 | cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF |
| 80 | cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR |
| 81 | fi |
| 82 | |
| 83 | # Rewrite stock ``keystone.conf`` |
| 84 | iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN" |
| 85 | iniset $KEYSTONE_CONF sql connection "$BASE_SQL_CONN/keystone?charset=utf8" |
| 86 | iniset $KEYSTONE_CONF ec2 driver "keystone.contrib.ec2.backends.sql.Ec2" |
| 87 | sed -e " |
| 88 | /^pipeline.*ec2_extension crud_/s|ec2_extension crud_extension|ec2_extension s3_extension crud_extension|; |
| 89 | " -i $KEYSTONE_CONF |
| 90 | |
| 91 | # Append the S3 bits |
| 92 | iniset $KEYSTONE_CONF filter:s3_extension paste.filter_factory "keystone.contrib.s3:S3Extension.factory" |
| 93 | |
| 94 | if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then |
| 95 | # Configure ``keystone.conf`` to use sql |
| 96 | iniset $KEYSTONE_CONF catalog driver keystone.catalog.backends.sql.Catalog |
| 97 | inicomment $KEYSTONE_CONF catalog template_file |
| 98 | else |
| 99 | cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG |
| 100 | |
| 101 | # Add swift endpoints to service catalog if swift is enabled |
| 102 | if is_service_enabled swift; then |
| 103 | echo "catalog.RegionOne.object_store.publicURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG |
| 104 | echo "catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:8080/" >> $KEYSTONE_CATALOG |
| 105 | echo "catalog.RegionOne.object_store.internalURL = http://%SERVICE_HOST%:8080/v1/AUTH_\$(tenant_id)s" >> $KEYSTONE_CATALOG |
| 106 | echo "catalog.RegionOne.object_store.name = Swift Service" >> $KEYSTONE_CATALOG |
| 107 | fi |
| 108 | |
| 109 | # Add quantum endpoints to service catalog if quantum is enabled |
| 110 | if is_service_enabled quantum; then |
| 111 | echo "catalog.RegionOne.network.publicURL = http://%SERVICE_HOST%:$Q_PORT/" >> $KEYSTONE_CATALOG |
| 112 | echo "catalog.RegionOne.network.adminURL = http://%SERVICE_HOST%:$Q_PORT/" >> $KEYSTONE_CATALOG |
| 113 | echo "catalog.RegionOne.network.internalURL = http://%SERVICE_HOST%:$Q_PORT/" >> $KEYSTONE_CATALOG |
| 114 | echo "catalog.RegionOne.network.name = Quantum Service" >> $KEYSTONE_CATALOG |
| 115 | fi |
| 116 | |
| 117 | sudo sed -e " |
| 118 | s,%SERVICE_HOST%,$SERVICE_HOST,g; |
| 119 | s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g; |
| 120 | " -i $KEYSTONE_CATALOG |
| 121 | |
| 122 | # Configure ``keystone.conf`` to use templates |
| 123 | iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.TemplatedCatalog" |
| 124 | iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG" |
| 125 | fi |
| 126 | |
| 127 | # Set up logging |
| 128 | LOGGING_ROOT="devel" |
| 129 | if [ "$SYSLOG" != "False" ]; then |
| 130 | LOGGING_ROOT="$LOGGING_ROOT,production" |
| 131 | fi |
| 132 | KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_CONF_DIR/logging.conf" |
| 133 | cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf |
| 134 | iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG" |
| 135 | iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production" |
| 136 | |
| 137 | } |
| 138 | |
| 139 | # init_keystone() - Initialize databases, etc. |
| 140 | function init_keystone() { |
| 141 | # (Re)create keystone database |
| 142 | mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;' |
| 143 | mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone CHARACTER SET utf8;' |
| 144 | |
| 145 | # Initialize keystone database |
| 146 | $KEYSTONE_DIR/bin/keystone-manage db_sync |
| 147 | |
| 148 | # Set up certificates |
| 149 | $KEYSTONE_DIR/bin/keystone-manage pki_setup |
| 150 | } |
| 151 | |
| 152 | # install_keystoneclient() - Collect source and prepare |
| 153 | function install_keystoneclient() { |
| 154 | git_clone $KEYSTONECLIENT_REPO $KEYSTONECLIENT_DIR $KEYSTONECLIENT_BRANCH |
| 155 | } |
| 156 | |
| 157 | # install_keystone() - Collect source and prepare |
| 158 | function install_keystone() { |
| 159 | git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH |
| 160 | } |
| 161 | |
| 162 | # start_keystone() - Start running processes, including screen |
| 163 | function start_keystone() { |
| 164 | # Start Keystone in a screen window |
| 165 | screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" |
| 166 | } |
| 167 | |
| 168 | # stop_keystone() - Stop running processes |
| 169 | function stop_keystone() { |
| 170 | # Kill the Keystone screen window |
| 171 | screen -S $SCREEN_NAME -p key -X kill |
| 172 | } |