1 files changed, 240 insertions, 0 deletions
diff --git a/keystone-moon/tools/sample_data.sh b/keystone-moon/tools/sample_data.sh
new file mode 100755
index 00000000..55ab9d21
--- /dev/null
+++ b/keystone-moon/tools/sample_data.sh
@@ -0,0 +1,240 @@
+#!/usr/bin/env bash
+
+# Copyright 2013 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Sample initial data for Keystone using python-keystoneclient
+#
+# This script is based on the original DevStack keystone_data.sh script.
+#
+# It demonstrates how to bootstrap Keystone with an administrative user
+# using the OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables
+# and the administrative API.  It will get the admin_token (OS_SERVICE_TOKEN)
+# and admin_port from keystone.conf if available.
+#
+# Disable creation of endpoints by setting DISABLE_ENDPOINTS environment variable.
+# Use this with the Catalog Templated backend.
+#
+# A EC2-compatible credential is created for the admin user and
+# placed in etc/ec2rc.
+#
+# Tenant               User      Roles
+# -------------------------------------------------------
+# demo                 admin     admin
+# service              glance    admin
+# service              nova      admin
+# service              ec2       admin
+# service              swift     admin
+
+# By default, passwords used are those in the OpenStack Install and Deploy Manual.
+# One can override these (publicly known, and hence, insecure) passwords by setting the appropriate
+# environment variables. A common default password for all the services can be used by
+# setting the "SERVICE_PASSWORD" environment variable.
+
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
+NOVA_PASSWORD=${NOVA_PASSWORD:-${SERVICE_PASSWORD:-nova}}
+GLANCE_PASSWORD=${GLANCE_PASSWORD:-${SERVICE_PASSWORD:-glance}}
+EC2_PASSWORD=${EC2_PASSWORD:-${SERVICE_PASSWORD:-ec2}}
+SWIFT_PASSWORD=${SWIFT_PASSWORD:-${SERVICE_PASSWORD:-swiftpass}}
+
+CONTROLLER_PUBLIC_ADDRESS=${CONTROLLER_PUBLIC_ADDRESS:-localhost}
+CONTROLLER_ADMIN_ADDRESS=${CONTROLLER_ADMIN_ADDRESS:-localhost}
+CONTROLLER_INTERNAL_ADDRESS=${CONTROLLER_INTERNAL_ADDRESS:-localhost}
+
+TOOLS_DIR=$(cd $(dirname "$0") && pwd)
+KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
+if [[ -r "$KEYSTONE_CONF" ]]; then
+    EC2RC="$(dirname "$KEYSTONE_CONF")/ec2rc"
+elif [[ -r "$TOOLS_DIR/../etc/keystone.conf" ]]; then
+    # assume git checkout
+    KEYSTONE_CONF="$TOOLS_DIR/../etc/keystone.conf"
+    EC2RC="$TOOLS_DIR/../etc/ec2rc"
+else
+    KEYSTONE_CONF=""
+    EC2RC="ec2rc"
+fi
+
+# Extract some info from Keystone's configuration file
+if [[ -r "$KEYSTONE_CONF" ]]; then
+    CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
+    if [[ -z "${CONFIG_SERVICE_TOKEN}" ]]; then
+        # default config options are commented out, so lets try those
+        CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^\#admin_token= | cut -d'=' -f2)
+    fi
+    CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
+    if [[ -z "${CONFIG_ADMIN_PORT}" ]]; then
+        # default config options are commented out, so lets try those
+        CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^\#admin_port= | cut -d'=' -f2)
+    fi
+fi
+
+export OS_SERVICE_TOKEN=${OS_SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
+if [[ -z "$OS_SERVICE_TOKEN" ]]; then
+    echo "No service token found."
+    echo "Set OS_SERVICE_TOKEN manually from keystone.conf admin_token."
+    exit 1
+fi
+
+export OS_SERVICE_ENDPOINT=${OS_SERVICE_ENDPOINT:-http://$CONTROLLER_PUBLIC_ADDRESS:${CONFIG_ADMIN_PORT:-35357}/v2.0}
+
+function get_id () {
+    echo `"$@" | grep ' id ' | awk '{print $4}'`
+}
+
+#
+# Default tenant
+#
+DEMO_TENANT=$(get_id keystone tenant-create --name=demo \
+                                            --description "Default Tenant")
+
+ADMIN_USER=$(get_id keystone user-create --name=admin \
+                                         --pass="${ADMIN_PASSWORD}")
+
+ADMIN_ROLE=$(get_id keystone role-create --name=admin)
+
+keystone user-role-add --user-id $ADMIN_USER \
+                       --role-id $ADMIN_ROLE \
+                       --tenant-id $DEMO_TENANT
+
+#
+# Service tenant
+#
+SERVICE_TENANT=$(get_id keystone tenant-create --name=service \
+                                               --description "Service Tenant")
+
+GLANCE_USER=$(get_id keystone user-create --name=glance \
+                                          --pass="${GLANCE_PASSWORD}")
+
+keystone user-role-add --user-id $GLANCE_USER \
+                       --role-id $ADMIN_ROLE \
+                       --tenant-id $SERVICE_TENANT
+
+NOVA_USER=$(get_id keystone user-create --name=nova \
+                                        --pass="${NOVA_PASSWORD}" \
+                                        --tenant-id $SERVICE_TENANT)
+
+keystone user-role-add --user-id $NOVA_USER \
+                       --role-id $ADMIN_ROLE \
+                       --tenant-id $SERVICE_TENANT
+
+EC2_USER=$(get_id keystone user-create --name=ec2 \
+                                       --pass="${EC2_PASSWORD}" \
+                                       --tenant-id $SERVICE_TENANT)
+
+keystone user-role-add --user-id $EC2_USER \
+                       --role-id $ADMIN_ROLE \
+                       --tenant-id $SERVICE_TENANT
+
+SWIFT_USER=$(get_id keystone user-create --name=swift \
+                                         --pass="${SWIFT_PASSWORD}" \
+                                         --tenant-id $SERVICE_TENANT)
+
+keystone user-role-add --user-id $SWIFT_USER \
+                       --role-id $ADMIN_ROLE \
+                       --tenant-id $SERVICE_TENANT
+
+#
+# Keystone service
+#
+KEYSTONE_SERVICE=$(get_id \
+keystone service-create --name=keystone \
+                        --type=identity \
+                        --description="Keystone Identity Service")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+    keystone endpoint-create --region RegionOne --service-id $KEYSTONE_SERVICE \
+        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:\$(public_port)s/v2.0" \
+        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:\$(admin_port)s/v2.0" \
+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:\$(public_port)s/v2.0"
+fi
+
+#
+# Nova service
+#
+NOVA_SERVICE=$(get_id \
+keystone service-create --name=nova \
+                        --type=compute \
+                        --description="Nova Compute Service")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+    keystone endpoint-create --region RegionOne --service-id $NOVA_SERVICE \
+        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8774/v2/\$(tenant_id)s" \
+        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8774/v2/\$(tenant_id)s" \
+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8774/v2/\$(tenant_id)s"
+fi
+
+#
+# Volume service
+#
+VOLUME_SERVICE=$(get_id \
+keystone service-create --name=volume \
+                        --type=volume \
+                        --description="Nova Volume Service")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+    keystone endpoint-create --region RegionOne --service-id $VOLUME_SERVICE \
+        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8776/v1/\$(tenant_id)s" \
+        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8776/v1/\$(tenant_id)s" \
+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8776/v1/\$(tenant_id)s"
+fi
+
+#
+# Image service
+#
+GLANCE_SERVICE=$(get_id \
+keystone service-create --name=glance \
+                        --type=image \
+                        --description="Glance Image Service")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+    keystone endpoint-create --region RegionOne --service-id $GLANCE_SERVICE \
+        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:9292" \
+        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:9292" \
+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:9292"
+fi
+
+#
+# EC2 service
+#
+EC2_SERVICE=$(get_id \
+keystone service-create --name=ec2 \
+                        --type=ec2 \
+                        --description="EC2 Compatibility Layer")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+    keystone endpoint-create --region RegionOne --service-id $EC2_SERVICE \
+        --publicurl "http://$CONTROLLER_PUBLIC_ADDRESS:8773/services/Cloud" \
+        --adminurl "http://$CONTROLLER_ADMIN_ADDRESS:8773/services/Admin" \
+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8773/services/Cloud"
+fi
+
+#
+# Swift service
+#
+SWIFT_SERVICE=$(get_id \
+keystone service-create --name=swift \
+                        --type="object-store" \
+                        --description="Swift Service")
+if [[ -z "$DISABLE_ENDPOINTS" ]]; then
+    keystone endpoint-create --region RegionOne --service-id $SWIFT_SERVICE \
+        --publicurl   "http://$CONTROLLER_PUBLIC_ADDRESS:8080/v1/AUTH_\$(tenant_id)s" \
+        --adminurl    "http://$CONTROLLER_ADMIN_ADDRESS:8080/v1" \
+        --internalurl "http://$CONTROLLER_INTERNAL_ADDRESS:8080/v1/AUTH_\$(tenant_id)s"
+fi
+
+# create ec2 creds and parse the secret and access key returned
+RESULT=$(keystone ec2-credentials-create --tenant-id=$SERVICE_TENANT --user-id=$ADMIN_USER)
+ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
+ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
+
+# write the secret and access to ec2rc
+cat > $EC2RC <<EOF
+ADMIN_ACCESS=$ADMIN_ACCESS
+ADMIN_SECRET=$ADMIN_SECRET
+EOF