aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/debian/keystone.postinst.in
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/debian/keystone.postinst.in')
-rw-r--r--keystone-moon/debian/keystone.postinst.in189
1 files changed, 189 insertions, 0 deletions
diff --git a/keystone-moon/debian/keystone.postinst.in b/keystone-moon/debian/keystone.postinst.in
new file mode 100644
index 00000000..3fd24fe6
--- /dev/null
+++ b/keystone-moon/debian/keystone.postinst.in
@@ -0,0 +1,189 @@
+#!/bin/sh
+
+set -e
+
+#PKGOS-INCLUDE#
+
+KEY_CONF=/etc/keystone/keystone.conf
+
+keystone_get_debconf_admin_credentials () {
+ db_get keystone/admin-user
+ ADMIN_USER_NAME=${RET:-admin}
+ db_get keystone/admin-password
+ ADMIN_USER_PW=${RET:-$(gen_password)}
+ db_get keystone/admin-email
+ ADMIN_USER_EMAIL=${RET:-root@localhost}
+ db_get keystone/admin-tenant-name
+ ADMIN_TENANT_NAME=${RET:-admin}
+ db_get keystone/admin-role-name
+ ADMIN_ROLE_NAME=${RET:-admin}
+
+ # We export the retrived credentials for later use
+ export OS_PROJECT_DOMAIN_ID=default
+ export OS_USER_DOMAIN_ID=default
+ export OS_USERNAME=admin
+ export OS_PASSWORD=${ADMIN_USER_PW}
+ export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
+ export OS_PROJECT_NAME=${ADMIN_TENANT_NAME}
+ export OS_AUTH_URL=http://127.0.0.1:35357/v3/
+ export OS_IDENTITY_API_VERSION=3
+ export OS_AUTH_VERSION=3
+ export OS_PROJECT_DOMAIN_ID=default
+ export OS_USER_DOMAIN_ID=default
+ export OS_NO_CACHE=1
+}
+
+keystone_bootstrap_admin () {
+ # This is the new way to bootstrap the admin user of Keystone
+ # and we shouldn't use the admin auth token anymore.
+ export OS_BOOTSTRAP_USERNAME=${ADMIN_USER_NAME}
+ export OS_BOOTSTRAP_PROJECT_NAME=${ADMIN_TENANT_NAME}
+ export OS_BOOTSTRAP_PASSWORD=${ADMIN_USER_PW}
+ keystone-manage bootstrap
+}
+
+keystone_create_admin_tenant () {
+ echo -n "Fixing-up: admin-project-desc "
+ openstack project set --description "Default Debian admin project" $ADMIN_TENANT_NAME
+ echo -n "service-project "
+ openstack project create --or-show service --description "Default Debian service project" >/dev/null
+ echo -n "default-admin-email "
+ openstack user set --description "Default Debian admin user" --email ${ADMIN_USER_EMAIL} --enable $ADMIN_USER_NAME
+ echo "...done!"
+
+ # Note: heat_stack_owner is needed for heat to work, and Member ResellerAdmin
+ # are needed for swift auto account creation.
+ echo -n "Adding roles: "
+ for i in admin KeystoneAdmin KeystoneServiceAdmin heat_stack_owner Member ResellerAdmin ; do
+ echo -n "${i} "
+ openstack role create --or-show ${i} >/dev/null
+ openstack role add --project $ADMIN_TENANT_NAME --user $ADMIN_USER_NAME ${i} >/dev/null
+ done
+ echo "...done!"
+}
+
+keystone_create_endpoint_postinst () {
+ local PKG_NAME
+ PKG_NAME=${1}
+
+ db_get keystone/endpoint-ip
+ # Make sure a valid IP has been entered in Debconf.
+ KEYSTONE_ENDPOINT_IP=`echo ${RET} | egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
+ if [ -n ${KEYSTONE_ENDPOINT_IP} ] ; then
+ db_get keystone/region-name
+ REGION_NAME=${RET}
+ if [ -n "${REGION_NAME}" ] ; then
+ NUM_LINES=$(OS_TOKEN=`openstack token issue -c id -f value` openstack service list --format=csv --os-url http://localhost:5000/v3 | q -d , -H 'SELECT ID FROM - WHERE `Type`="identity"' | wc -l)
+ if [ "${NUM_LINES}" = "0" ] ; then
+ echo -n "Setting-up: create-keystone-service "
+ OS_TOKEN=`openstack token issue -c id -f value` openstack service create --name=keystone --description="Keystone Identity Service" identity --os-url http://localhost:5000/v3 >/dev/null
+ echo -n "create-public-endpoint "
+ OS_TOKEN=`openstack token issue -c id -f value` openstack endpoint create --region "${REGION_NAME}" \
+ keystone public http://${KEYSTONE_ENDPOINT_IP}:5000/v2.0 --os-url http://localhost:5000/v3 >/dev/null
+ echo -n "create-internal-endpoint "
+ OS_TOKEN=`openstack token issue -c id -f value` openstack endpoint create --region "${REGION_NAME}" \
+ keystone internal http://${KEYSTONE_ENDPOINT_IP}:5000/v2.0 --os-url http://localhost:5000/v3 >/dev/null
+ echo -n "create-admin-endpoint "
+ OS_TOKEN=`openstack token issue -c id -f value` openstack endpoint create --region "${REGION_NAME}" \
+ keystone admin http://${KEYSTONE_ENDPOINT_IP}:35357/v2.0 --os-url http://localhost:5000/v3 >/dev/null
+ echo "...done!"
+ else
+ echo -n "Keystone service already registered..."
+ fi
+ fi
+ fi
+}
+
+if [ "$1" = "configure" ] ; then
+ . /usr/share/debconf/confmodule
+ . /usr/share/dbconfig-common/dpkg/postinst
+
+ # Create user and group keystone, plus /var/log and /var/lib owned by it
+ # We need a bash shell so that keystone-manage pkg_setup works, and the
+ # Wheezy package doesn't have it, failing upgrades
+ pkgos_var_user_group keystone /bin/sh
+ # Make sure we have a folder to create certs, that isn't world readable
+ mkdir -p /etc/keystone/ssl/certs
+ chown keystone:keystone /etc/keystone/ssl/certs
+ chmod 750 /etc/keystone/ssl/certs
+ chown keystone:keystone /etc/keystone/ssl
+ chmod 750 /etc/keystone/ssl
+
+ # Create keystone.conf if it's not there
+ pkgos_write_new_conf keystone keystone.conf
+ # Set the auth_token directive in in keystone.conf
+ db_get keystone/auth-token
+ AUTH_TOKEN=${RET}
+ if [ -z "${AUTH_TOKEN}" ] ; then
+ AUTH_TOKEN=`pkgos_gen_pass`
+ fi
+ pkgos_inifile set ${KEY_CONF} DEFAULT admin_token ${AUTH_TOKEN}
+ OSTACKCLI_PARAMS="--os-url=http://127.0.0.1:35357/v3/ --os-domain-name default --os-identity-api-version=3"
+
+ # Make sure /var/log/keystone/keystone.log is owned by keystone
+ # BEFORE any keystone-manage calls.
+ chown -R keystone:keystone /var/log/keystone
+
+ # Upgrade or create the db if directed to do so
+ db_get keystone/configure_db
+ if [ "$RET" = "true" ] ; then
+ # Configure the SQL connection of keystone.conf according to dbconfig-common
+ pkgos_dbc_postinst ${KEY_CONF} database connection keystone $@
+ echo "Running su keystone -s /bin/sh -c 'keystone-manage --noverbose db_sync'..."
+ if [ "${PKGOS_VERBOSE}" = "yes" ] ; then
+ su keystone -s /bin/sh -c "keystone-manage --verbose db_sync"
+ else
+ su keystone -s /bin/sh -c "keystone-manage --noverbose db_sync"
+ fi
+ fi
+
+ # Generate the ssl keys for keystone.
+ # It seems that starting it each time this script is launch
+ # isn't a problem.
+ #su keystone -s /bin/sh -c "keystone-manage pki_setup"
+
+ # Activate the keystone.service
+ deb-systemd-helper unmask keystone.service >/dev/null || true
+ if deb-systemd-helper --quiet was-enabled keystone.service ; then
+ deb-systemd-helper enable keystone.service >/dev/null || true
+ else
+ deb-systemd-helper update-state keystone.service >/dev/null || true
+ fi
+
+ # Setup init script and start keystone
+ pkgos_init keystone
+
+ # On first install, create basics configuration and add roles
+ if [ -z "$2" ] ; then
+ echo -n "Sleeping 5 seconds to make sure the keystone daemon is up and running: 5..."
+ sleep 1
+ echo -n "4..."
+ sleep 1
+ echo -n "3..."
+ sleep 1
+ echo -n "2..."
+ sleep 1
+ echo -n "1..."
+ sleep 1
+ echo "0"
+ db_get keystone/create-admin-tenant
+ if [ "$RET" = "true" ] ; then
+ keystone_get_debconf_admin_credentials
+ echo "===> Bootstraping tenants with 'keystone-manage bootstrap':"
+ keystone_get_debconf_admin_credentials
+ keystone_bootstrap_admin
+ db_get keystone/register-endpoint
+ if [ "$RET" = "true" ] ; then
+ echo "===> Registering keystone endpoint"
+ keystone_create_endpoint_postinst
+ fi
+ echo "===> Editing bootstraped tenants and adding default roles"
+ keystone_create_admin_tenant
+
+ echo "done!"
+ fi
+ fi
+ db_stop
+fi
+
+exit 0