Common auth configuration for Mulsite deployment

This set of scripts is used to configure centralized Keystone
across multiple regions. Each script is executed during a certain stage
of the automated  multisite deployment setup via Jenkins [1].

region.sh - registers new endpoints in Keystone tagging them with
RegionTwo.
fetchpass.sh - reads service passwords in the master region and stores
them in an encrypted file.
endpoint.sh - reads the public_url, private_url and admin_url from
RegionTwo and stores it in a file to be used during region registration
phase.
run.sh - is a generic proxy runner which triggers execution of any
runnable on a target node (compute|controller).
writepass.sh - updates service password entries in the configuration
files for RegionTwo.

[1]
https://wiki.opnfv.org/display/multisite/Multisite+Deployment+Environment

Change-Id: If2c91600237003a13cc0dc822924ab8d27ce202c
Signed-off-by: Dimitri Mazmanov <dimitri.mazmanov@ericsson.com>

1 files changed, 72 insertions, 0 deletions

diff --git a/tools/keystone/fetchpass.sh b/tools/keystone/fetchpass.sh
new file mode 100755
index 0000000..6e3b069
--- /dev/null
+++ b/tools/keystone/fetchpass.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+# Author: Dimitri Mazmanov (dimitri.mazmanov@ericsson.com)
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+
+# DISCLAIMER: This script is a dirty filthy hack! But we need it.
+# Fetch service password from the configuration files and store them
+# in a file to pass further down the build chain
+
+EXPORT_FILE="/root/servicepass.ini"
+
+GLANCE_CONF="/etc/glance/glance-registry.conf"
+NOVA_CONF="/etc/nova/nova.conf"
+NEUTRON_CONF="/etc/neutron/neutron.conf"
+CINDER_CONF="/etc/cinder/cinder.conf"
+HEAT_CONF="/etc/heat/heat.conf"
+GLARE_CONF="/etc/glance/glance-glare.conf"
+KEYSTONE_CONF='/etc/keystone/keystone.conf'
+CEILOMETER_CONF='/etc/ceilometer/ceilometer.conf'
+AODH_CONF='/etc/aodh/aodh.conf'
+
+source openrc
+
+# Get an option from an INI file
+# iniget config-file section option
+function iniget {
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
+    set +o xtrace
+    local file=$1
+    local section=$2
+    local option=$3
+    local line
+
+    line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
+    echo ${line#*=}
+    $xtrace
+}
+
+bind_host=$(openstack endpoint list | grep keystone | grep public | cut -d '|' -f 8 | cut -d '/' -f 3 | cut -d ':' -f 1)
+
+glance_password=$(iniget ${GLANCE_CONF} keystone_authtoken password)
+nova_password=$(iniget ${NOVA_CONF} keystone_authtoken password)
+cinder_password=$(iniget ${CINDER_CONF} keystone_authtoken password)
+glare_password=$(iniget ${GLARE_CONF} keystone_authtoken password)
+heat_password=$(iniget ${HEAT_CONF} keystone_authtoken password)
+neutron_password=$(iniget ${NEUTRON_CONF} keystone_authtoken password)
+ceilometer_password=$(iniget ${CEILOMETER_CONF} keystone_authtoken password)
+aodh_password=$(iniget ${AODH_CONF} keystone_authtoken password)
+#NOTE: can't find swift in /etc
+
+cat <<EOT >> /root/passwords.ini
+[DEFAULT]
+identity_uri=${bind_host}
+glance=${glance_password}
+nova=${nova_password}
+cinder=${cinder_password}
+glare=${glare_password}
+heat=${heat_password}
+neutron=${neutron_password}
+ceilometer=${ceilometer_password}
+aodh=${aodh_password}
+EOT
+
+openssl enc -aes-256-cbc -salt -in /root/passwords.ini -out ${EXPORT_FILE} -k multisite
+
+rm /root/passwords.ini
\ No newline at end of file