aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/debian/keystone.postinst.in
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/debian/keystone.postinst.in')
-rw-r--r--keystone-moon/debian/keystone.postinst.in189
1 files changed, 0 insertions, 189 deletions
diff --git a/keystone-moon/debian/keystone.postinst.in b/keystone-moon/debian/keystone.postinst.in
deleted file mode 100644
index 3fd24fe6..00000000
--- a/keystone-moon/debian/keystone.postinst.in
+++ /dev/null
@@ -1,189 +0,0 @@
-#!/bin/sh
-
-set -e
-
-#PKGOS-INCLUDE#
-
-KEY_CONF=/etc/keystone/keystone.conf
-
-keystone_get_debconf_admin_credentials () {
- db_get keystone/admin-user
- ADMIN_USER_NAME=${RET:-admin}
- db_get keystone/admin-password
- ADMIN_USER_PW=${RET:-$(gen_password)}
- db_get keystone/admin-email
- ADMIN_USER_EMAIL=${RET:-root@localhost}
- db_get keystone/admin-tenant-name
- ADMIN_TENANT_NAME=${RET:-admin}
- db_get keystone/admin-role-name
- ADMIN_ROLE_NAME=${RET:-admin}
-
- # We export the retrived credentials for later use
- export OS_PROJECT_DOMAIN_ID=default
- export OS_USER_DOMAIN_ID=default
- export OS_USERNAME=admin
- export OS_PASSWORD=${ADMIN_USER_PW}
- export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
- export OS_PROJECT_NAME=${ADMIN_TENANT_NAME}
- export OS_AUTH_URL=http://127.0.0.1:35357/v3/
- export OS_IDENTITY_API_VERSION=3
- export OS_AUTH_VERSION=3
- export OS_PROJECT_DOMAIN_ID=default
- export OS_USER_DOMAIN_ID=default
- export OS_NO_CACHE=1
-}
-
-keystone_bootstrap_admin () {
- # This is the new way to bootstrap the admin user of Keystone
- # and we shouldn't use the admin auth token anymore.
- export OS_BOOTSTRAP_USERNAME=${ADMIN_USER_NAME}
- export OS_BOOTSTRAP_PROJECT_NAME=${ADMIN_TENANT_NAME}
- export OS_BOOTSTRAP_PASSWORD=${ADMIN_USER_PW}
- keystone-manage bootstrap
-}
-
-keystone_create_admin_tenant () {
- echo -n "Fixing-up: admin-project-desc "
- openstack project set --description "Default Debian admin project" $ADMIN_TENANT_NAME
- echo -n "service-project "
- openstack project create --or-show service --description "Default Debian service project" >/dev/null
- echo -n "default-admin-email "
- openstack user set --description "Default Debian admin user" --email ${ADMIN_USER_EMAIL} --enable $ADMIN_USER_NAME
- echo "...done!"
-
- # Note: heat_stack_owner is needed for heat to work, and Member ResellerAdmin
- # are needed for swift auto account creation.
- echo -n "Adding roles: "
- for i in admin KeystoneAdmin KeystoneServiceAdmin heat_stack_owner Member ResellerAdmin ; do
- echo -n "${i} "
- openstack role create --or-show ${i} >/dev/null
- openstack role add --project $ADMIN_TENANT_NAME --user $ADMIN_USER_NAME ${i} >/dev/null
- done
- echo "...done!"
-}
-
-keystone_create_endpoint_postinst () {
- local PKG_NAME
- PKG_NAME=${1}
-
- db_get keystone/endpoint-ip
- # Make sure a valid IP has been entered in Debconf.
- KEYSTONE_ENDPOINT_IP=`echo ${RET} | egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
- if [ -n ${KEYSTONE_ENDPOINT_IP} ] ; then
- db_get keystone/region-name
- REGION_NAME=${RET}
- if [ -n "${REGION_NAME}" ] ; then
- NUM_LINES=$(OS_TOKEN=`openstack token issue -c id -f value` openstack service list --format=csv --os-url http://localhost:5000/v3 | q -d , -H 'SELECT ID FROM - WHERE `Type`="identity"' | wc -l)
- if [ "${NUM_LINES}" = "0" ] ; then
- echo -n "Setting-up: create-keystone-service "
- OS_TOKEN=`openstack token issue -c id -f value` openstack service create --name=keystone --description="Keystone Identity Service" identity --os-url http://localhost:5000/v3 >/dev/null
- echo -n "create-public-endpoint "
- OS_TOKEN=`openstack token issue -c id -f value` openstack endpoint create --region "${REGION_NAME}" \
- keystone public http://${KEYSTONE_ENDPOINT_IP}:5000/v2.0 --os-url http://localhost:5000/v3 >/dev/null
- echo -n "create-internal-endpoint "
- OS_TOKEN=`openstack token issue -c id -f value` openstack endpoint create --region "${REGION_NAME}" \
- keystone internal http://${KEYSTONE_ENDPOINT_IP}:5000/v2.0 --os-url http://localhost:5000/v3 >/dev/null
- echo -n "create-admin-endpoint "
- OS_TOKEN=`openstack token issue -c id -f value` openstack endpoint create --region "${REGION_NAME}" \
- keystone admin http://${KEYSTONE_ENDPOINT_IP}:35357/v2.0 --os-url http://localhost:5000/v3 >/dev/null
- echo "...done!"
- else
- echo -n "Keystone service already registered..."
- fi
- fi
- fi
-}
-
-if [ "$1" = "configure" ] ; then
- . /usr/share/debconf/confmodule
- . /usr/share/dbconfig-common/dpkg/postinst
-
- # Create user and group keystone, plus /var/log and /var/lib owned by it
- # We need a bash shell so that keystone-manage pkg_setup works, and the
- # Wheezy package doesn't have it, failing upgrades
- pkgos_var_user_group keystone /bin/sh
- # Make sure we have a folder to create certs, that isn't world readable
- mkdir -p /etc/keystone/ssl/certs
- chown keystone:keystone /etc/keystone/ssl/certs
- chmod 750 /etc/keystone/ssl/certs
- chown keystone:keystone /etc/keystone/ssl
- chmod 750 /etc/keystone/ssl
-
- # Create keystone.conf if it's not there
- pkgos_write_new_conf keystone keystone.conf
- # Set the auth_token directive in in keystone.conf
- db_get keystone/auth-token
- AUTH_TOKEN=${RET}
- if [ -z "${AUTH_TOKEN}" ] ; then
- AUTH_TOKEN=`pkgos_gen_pass`
- fi
- pkgos_inifile set ${KEY_CONF} DEFAULT admin_token ${AUTH_TOKEN}
- OSTACKCLI_PARAMS="--os-url=http://127.0.0.1:35357/v3/ --os-domain-name default --os-identity-api-version=3"
-
- # Make sure /var/log/keystone/keystone.log is owned by keystone
- # BEFORE any keystone-manage calls.
- chown -R keystone:keystone /var/log/keystone
-
- # Upgrade or create the db if directed to do so
- db_get keystone/configure_db
- if [ "$RET" = "true" ] ; then
- # Configure the SQL connection of keystone.conf according to dbconfig-common
- pkgos_dbc_postinst ${KEY_CONF} database connection keystone $@
- echo "Running su keystone -s /bin/sh -c 'keystone-manage --noverbose db_sync'..."
- if [ "${PKGOS_VERBOSE}" = "yes" ] ; then
- su keystone -s /bin/sh -c "keystone-manage --verbose db_sync"
- else
- su keystone -s /bin/sh -c "keystone-manage --noverbose db_sync"
- fi
- fi
-
- # Generate the ssl keys for keystone.
- # It seems that starting it each time this script is launch
- # isn't a problem.
- #su keystone -s /bin/sh -c "keystone-manage pki_setup"
-
- # Activate the keystone.service
- deb-systemd-helper unmask keystone.service >/dev/null || true
- if deb-systemd-helper --quiet was-enabled keystone.service ; then
- deb-systemd-helper enable keystone.service >/dev/null || true
- else
- deb-systemd-helper update-state keystone.service >/dev/null || true
- fi
-
- # Setup init script and start keystone
- pkgos_init keystone
-
- # On first install, create basics configuration and add roles
- if [ -z "$2" ] ; then
- echo -n "Sleeping 5 seconds to make sure the keystone daemon is up and running: 5..."
- sleep 1
- echo -n "4..."
- sleep 1
- echo -n "3..."
- sleep 1
- echo -n "2..."
- sleep 1
- echo -n "1..."
- sleep 1
- echo "0"
- db_get keystone/create-admin-tenant
- if [ "$RET" = "true" ] ; then
- keystone_get_debconf_admin_credentials
- echo "===> Bootstraping tenants with 'keystone-manage bootstrap':"
- keystone_get_debconf_admin_credentials
- keystone_bootstrap_admin
- db_get keystone/register-endpoint
- if [ "$RET" = "true" ] ; then
- echo "===> Registering keystone endpoint"
- keystone_create_endpoint_postinst
- fi
- echo "===> Editing bootstraped tenants and adding default roles"
- keystone_create_admin_tenant
-
- echo "done!"
- fi
- fi
- db_stop
-fi
-
-exit 0