[openstack-keystone] change default catalog backend to sql
Alan Pevec
apevec at fedoraproject.org
Thu Mar 8 03:10:10 UTC 2012
commit 44f4456cd5547a86315e8dc84586c82806a3e35d
Author: Alan Pevec <apevec at redhat.com>
Date: Thu Mar 8 04:07:53 2012 +0100
change default catalog backend to sql
rhbz#800704
- update sample-data script
- add missing keystoneclient dependency
add-more-default-catalog-templates.patch | 38 +++
openstack-config-set | 2 +
openstack-keystone-db-setup | 2 +-
openstack-keystone.spec | 24 ++-
sample_data.sh | 236 ++++++++++++++++++++
sample_data.sh-catalog-backend.patch | 39 ++++
....sh-check-file-paths-for-packaged-install.patch | 73 ------
7 files changed, 334 insertions(+), 80 deletions(-)
---
diff --git a/add-more-default-catalog-templates.patch b/add-more-default-catalog-templates.patch
new file mode 100644
index 0000000..5672918
--- /dev/null
+++ b/add-more-default-catalog-templates.patch
@@ -0,0 +1,38 @@
+From 8a63feb8112e9e9e0033fb81c13db80417e9d130 Mon Sep 17 00:00:00 2001
+From: Alan Pevec <apevec at redhat.com>
+Date: Tue, 6 Mar 2012 21:46:52 +0100
+Subject: [PATCH] add more default catalog templates
+
+Image, Volume and Ec2 services were missing
+
+Change-Id: I409b0b587b0019dc97bf46760e8f732aa13b88de
+---
+ etc/default_catalog.templates | 15 +++++++++++++++
+ 1 files changed, 15 insertions(+), 0 deletions(-)
+
+diff --git a/etc/default_catalog.templates b/etc/default_catalog.templates
+index c12b5c4..7f1317d 100644
+--- a/etc/default_catalog.templates
++++ b/etc/default_catalog.templates
+@@ -10,3 +10,18 @@ catalog.RegionOne.compute.publicURL = http://localhost:$(compute_port)s/v1.1/$(t
+ catalog.RegionOne.compute.adminURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
+ catalog.RegionOne.compute.internalURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
+ catalog.RegionOne.compute.name = 'Compute Service'
++
++catalog.RegionOne.volume.publicURL = http://localhost:8776/v1/$(tenant_id)s
++catalog.RegionOne.volume.adminURL = http://localhost:8776/v1/$(tenant_id)s
++catalog.RegionOne.volume.internalURL = http://localhost:8776/v1/$(tenant_id)s
++catalog.RegionOne.volume.name = 'Volume Service'
++
++catalog.RegionOne.ec2.publicURL = http://localhost:8773/services/Cloud
++catalog.RegionOne.ec2.adminURL = http://localhost:8773/services/Admin
++catalog.RegionOne.ec2.internalURL = http://localhost:8773/services/Cloud
++catalog.RegionOne.ec2.name = 'EC2 Service'
++
++catalog.RegionOne.image.publicURL = http://localhost:9292/v1
++catalog.RegionOne.image.adminURL = http://localhost:9292/v1
++catalog.RegionOne.image.internalURL = http://localhost:9292/v1
++catalog.RegionOne.image.name = 'Image Service'
+--
+1.7.7.6
+
diff --git a/openstack-config-set b/openstack-config-set
index 4173435..2b97fb6 100755
--- a/openstack-config-set
+++ b/openstack-config-set
@@ -14,6 +14,8 @@ except:
conf=iniparse.ConfigParser()
conf.read(cfgfile)
+if not conf.has_section(section):
+ conf.add_section(section)
conf.set(section, parameter, value)
fp=open(cfgfile,"w")
diff --git a/openstack-keystone-db-setup b/openstack-keystone-db-setup
index 4c95a3a..23ddea3 100755
--- a/openstack-keystone-db-setup
+++ b/openstack-keystone-db-setup
@@ -229,7 +229,7 @@ fi
# Ask openstack-$APP to sync the db.
-echo "Asking openstack-$APP to sync the databse."
+echo "Asking openstack-$APP to sync the database."
if [ "${APP}" = "nova" ]; then
nova-manage db sync
else
diff --git a/openstack-keystone.spec b/openstack-keystone.spec
index 40d65e2..22971b6 100644
--- a/openstack-keystone.spec
+++ b/openstack-keystone.spec
@@ -10,7 +10,7 @@
Name: openstack-keystone
Version: 2012.1
-Release: 0.9.%{release_letter}%{milestone}%{?dist}
+Release: 0.10.%{release_letter}%{milestone}%{?dist}
Summary: OpenStack Identity Service
License: ASL 2.0
@@ -21,9 +21,13 @@ Source1: openstack-keystone.logrotate
Source2: openstack-keystone.service
Source3: openstack-keystone-db-setup
Source4: openstack-config-set
+Source5: sample_data.sh
-# upstream review: https://review.openstack.org/4658
-Patch1: sample_data.sh-check-file-paths-for-packaged-install.patch
+# https://review.openstack.org/4658
+# https://review.openstack.org/5049
+Patch1: sample_data.sh-catalog-backend.patch
+# https://review.openstack.org/4997
+Patch2: add-more-default-catalog-templates.patch
BuildArch: noarch
BuildRequires: python2-devel
@@ -32,6 +36,7 @@ BuildRequires: python-iniparse
BuildRequires: systemd-units
Requires: python-keystone = %{version}-%{release}
+Requires: python-keystoneclient >= 2012.1-0.4.e4
Requires(post): systemd-units
Requires(preun): systemd-units
@@ -77,11 +82,13 @@ This package contains the Keystone Python library.
%prep
%setup -q -n keystone-%{version}
%patch1 -p1
+%patch2 -p1
# change default configuration
%{SOURCE4} etc/keystone.conf DEFAULT log_file %{_localstatedir}/log/keystone/keystone.log
%{SOURCE4} etc/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone
%{SOURCE4} etc/keystone.conf catalog template_file %{_sysconfdir}/keystone/default_catalog.templates
+%{SOURCE4} etc/keystone.conf catalog driver keystone.catalog.backends.sql.Catalog
%{SOURCE4} etc/keystone.conf identity driver keystone.identity.backends.sql.Identity
%{SOURCE4} etc/keystone.conf token driver keystone.token.backends.sql.Token
%{SOURCE4} etc/keystone.conf ec2 driver keystone.contrib.ec2.backends.sql.Ec2
@@ -108,7 +115,7 @@ install -p -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/openstack-keystone.servi
# Install database setup helper script.
install -p -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/openstack-keystone-db-setup
# Install sample data script.
-install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_bindir}/openstack-keystone-sample-data
+install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data
# Install configuration helper script.
install -p -D -m 755 %{SOURCE4} %{buildroot}%{_bindir}/openstack-config-set
@@ -161,8 +168,8 @@ fi
%{_bindir}/openstack-keystone-sample-data
%{_unitdir}/openstack-keystone.service
%dir %{_sysconfdir}/keystone
-%config(noreplace) %attr(-, keystone, keystone) %{_sysconfdir}/keystone/keystone.conf
-%config(noreplace) %attr(-, keystone, keystone) %{_sysconfdir}/keystone/default_catalog.templates
+%config(noreplace) %attr(640, root, keystone) %{_sysconfdir}/keystone/keystone.conf
+%config(noreplace) %attr(640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates
%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
%dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone
%dir %attr(-, keystone, keystone) %{_localstatedir}/log/keystone
@@ -174,6 +181,11 @@ fi
%{python_sitelib}/keystone-%{version}-*.egg-info
%changelog
+* Thu Mar 08 2012 Alan Pevec <apevec at redhat.com> 2012.1-0.10.e4
+- change default catalog backend to sql rhbz#800704
+- update sample-data script
+- add missing keystoneclient dependency
+
* Thu Mar 01 2012 Alan Pevec <apevec at redhat.com> 2012.1-0.9.e4
- essex-4 milestone
diff --git a/sample_data.sh b/sample_data.sh
new file mode 100755
index 0000000..38505d3
--- /dev/null
+++ b/sample_data.sh
@@ -0,0 +1,236 @@
+#!/usr/bin/env bash
+#
+# Sample initial data for Keystone using python-keystoneclient
+#
+# This script is based on the original DevStack keystone_data.sh script.
+#
+# It demonstrates how to bootstrap Keystone with an administrative user
+# using the SERVICE_TOKEN and SERVICE_ENDPOINT environment variables
+# and the administrative API. It will get the admin_token (SERVICE_TOKEN)
+# and admin_port from keystone.conf if available.
+#
+# There are two environment variables to set passwords that should be set
+# prior to running this script. Warnings will appear if they are unset.
+# * ADMIN_PASSWORD is used to set the password for the admin and demo accounts.
+# * SERVICE_PASSWORD is used to set the password for the service accounts.
+#
+# Enable the Swift and Quantum accounts by setting ENABLE_SWIFT and/or
+# ENABLE_QUANTUM environment variables.
+#
+# Enable creation of endpoints by setting ENABLE_ENDPOINTS environment variable.
+# Works with Catalog SQL backend.
+#
+# A set of EC2-compatible credentials is created for both admin and demo
+# users and placed in etc/ec2rc.
+#
+# Tenant User Roles
+# -------------------------------------------------------
+# admin admin admin
+# service glance admin
+# service nova admin
+# service quantum admin # if enabled
+# service swift admin # if enabled
+# demo admin admin
+# demo demo Member,sysadmin,netadmin
+# invisible_to_admin demo Member
+
+TOOLS_DIR=$(cd $(dirname "$0") && pwd)
+KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}
+if [[ -r "$KEYSTONE_CONF" ]]; then
+ EC2RC="$(dirname "$KEYSTONE_CONF")/ec2rc"
+elif [[ -r "$TOOLS_DIR/../etc/keystone.conf" ]]; then
+ # assume git checkout
+ KEYSTONE_CONF="$TOOLS_DIR/../etc/keystone.conf"
+ EC2RC="$TOOLS_DIR/../etc/ec2rc"
+else
+ KEYSTONE_CONF=""
+ EC2RC="ec2rc"
+fi
+ENABLE_ENDPOINTS=1
+# Please set these, they are ONLY SAMPLE PASSWORDS!
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
+if [[ "$ADMIN_PASSWORD" == "secrete" ]]; then
+ echo "The default admin password has been detected. Please consider"
+ echo "setting an actual password in environment variable ADMIN_PASSWORD"
+fi
+SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
+if [[ "$SERVICE_PASSWORD" == "$ADMIN_PASSWORD" ]]; then
+ echo "The default service password has been detected. Please consider"
+ echo "setting an actual password in environment variable SERVICE_PASSWORD"
+fi
+
+# Extract some info from Keystone's configuration file
+if [[ -r "$KEYSTONE_CONF" ]]; then
+ CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
+ CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
+fi
+
+export SERVICE_TOKEN=${SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
+if [[ -z "$SERVICE_TOKEN" ]]; then
+ echo "No service token found."
+ echo "Set SERVICE_TOKEN manually from keystone.conf admin_token."
+ exit 1
+fi
+
+export SERVICE_ENDPOINT=${SERVICE_ENDPOINT:-http://127.0.0.1:${CONFIG_ADMIN_PORT:-35357}/v2.0}
+
+function get_id () {
+ echo `"$@" | grep ' id ' | awk '{print $4}'`
+}
+
+
+# Tenants
+ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
+SERVICE_TENANT=$(get_id keystone tenant-create --name=service)
+DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
+INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
+
+
+# Users
+ADMIN_USER=$(get_id keystone user-create --name=admin \
+ --pass="$ADMIN_PASSWORD" \
+ --email=admin at example.com)
+DEMO_USER=$(get_id keystone user-create --name=demo \
+ --pass="$ADMIN_PASSWORD" \
+ --email=admin at example.com)
+
+
+# Roles
+ADMIN_ROLE=$(get_id keystone role-create --name=admin)
+MEMBER_ROLE=$(get_id keystone role-create --name=Member)
+KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
+KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
+SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
+NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
+
+
+# Add Roles to Users in Tenants
+keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
+keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
+keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
+keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
+keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
+keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
+
+# TODO(termie): these two might be dubious
+keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
+keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
+
+
+# Services
+NOVA_SERVICE=$(get_id \
+keystone service-create --name=nova \
+ --type=compute \
+ --description="Nova Compute Service")
+NOVA_USER=$(get_id keystone user-create --name=nova \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=nova at example.com)
+keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $NOVA_USER \
+ --role $ADMIN_ROLE
+if [[ -n "$ENABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service_id $NOVA_SERVICE \
+ --publicurl 'http://localhost:$(compute_port)s/v1.1/$(tenant_id)s' \
+ --adminurl 'http://localhost:$(compute_port)s/v1.1/$(tenant_id)s' \
+ --internalurl 'http://localhost:$(compute_port)s/v1.1/$(tenant_id)s'
+fi
+
+EC2_SERVICE=$(get_id \
+keystone service-create --name=ec2 \
+ --type=ec2 \
+ --description="EC2 Compatibility Layer")
+if [[ -n "$ENABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service_id $EC2_SERVICE \
+ --publicurl http://localhost:8773/services/Cloud \
+ --adminurl http://localhost:8773/services/Admin \
+ --internalurl http://localhost:8773/services/Cloud
+fi
+
+GLANCE_SERVICE=$(get_id \
+keystone service-create --name=glance \
+ --type=image \
+ --description="Glance Image Service")
+GLANCE_USER=$(get_id keystone user-create --name=glance \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=glance at example.com)
+keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $GLANCE_USER \
+ --role $ADMIN_ROLE
+if [[ -n "$ENABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service_id $GLANCE_SERVICE \
+ --publicurl http://localhost:9292/v1 \
+ --adminurl http://localhost:9292/v1 \
+ --internalurl http://localhost:9292/v1
+fi
+
+KEYSTONE_SERVICE=$(get_id \
+keystone service-create --name=keystone \
+ --type=identity \
+ --description="Keystone Identity Service")
+if [[ -n "$ENABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service_id $KEYSTONE_SERVICE \
+ --publicurl 'http://localhost:$(public_port)s/v2.0' \
+ --adminurl 'http://localhost:$(admin_port)s/v2.0' \
+ --internalurl 'http://localhost:$(admin_port)s/v2.0'
+fi
+
+VOLUME_SERVICE=$(get_id \
+keystone service-create --name="nova-volume" \
+ --type=volume \
+ --description="Nova Volume Service")
+if [[ -n "$ENABLE_ENDPOINTS" ]]; then
+ keystone endpoint-create --region RegionOne --service_id $VOLUME_SERVICE \
+ --publicurl 'http://localhost:8776/v1/$(tenant_id)s' \
+ --adminurl 'http://localhost:8776/v1/$(tenant_id)s' \
+ --internalurl 'http://localhost:8776/v1/$(tenant_id)s'
+fi
+
+keystone service-create --name="horizon" \
+ --type=dashboard \
+ --description="OpenStack Dashboard"
+
+if [[ -n "$ENABLE_SWIFT" ]]; then
+ keystone service-create --name=swift \
+ --type="object-store" \
+ --description="Swift Service"
+ SWIFT_USER=$(get_id keystone user-create --name=swift \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=swift at example.com)
+ keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $SWIFT_USER \
+ --role $ADMIN_ROLE
+fi
+
+if [[ -n "$ENABLE_QUANTUM" ]]; then
+ keystone service-create --name=quantum \
+ --type=network \
+ --description="Quantum Service"
+ QUANTUM_USER=$(get_id keystone user-create --name=quantum \
+ --pass="$SERVICE_PASSWORD" \
+ --tenant_id $SERVICE_TENANT \
+ --email=quantum at example.com)
+ keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user $QUANTUM_USER \
+ --role $ADMIN_ROLE
+fi
+
+
+# create ec2 creds and parse the secret and access key returned
+RESULT=$(keystone ec2-credentials-create --tenant_id=$ADMIN_TENANT --user=$ADMIN_USER)
+ADMIN_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
+ADMIN_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
+
+RESULT=$(keystone ec2-credentials-create --tenant_id=$DEMO_TENANT --user=$DEMO_USER)
+DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
+DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
+
+# write the secret and access to ec2rc
+cat > $EC2RC <<EOF
+ADMIN_ACCESS=$ADMIN_ACCESS
+ADMIN_SECRET=$ADMIN_SECRET
+DEMO_ACCESS=$DEMO_ACCESS
+DEMO_SECRET=$DEMO_SECRET
+EOF
diff --git a/sample_data.sh-catalog-backend.patch b/sample_data.sh-catalog-backend.patch
new file mode 100644
index 0000000..a6686c9
--- /dev/null
+++ b/sample_data.sh-catalog-backend.patch
@@ -0,0 +1,39 @@
+From f54adddc5c65a765981dec092bfa4545abea5ebd Mon Sep 17 00:00:00 2001
+From: Alan Pevec <apevec at redhat.com>
+Date: Wed, 7 Mar 2012 21:31:37 +0100
+Subject: [PATCH] create service endpoints in sample data
+
+Enable creation of endpoints by setting ENABLE_ENDPOINTS environment
+variable. Works with Catalog SQL backend.
+
+Change-Id: I9ba0ea1b3cf35720fb338e91f48fcbddc326971b
+
+diff --git a/keystone/catalog/backends/sql.py b/keystone/catalog/backends/sql.py
+index a3a46cd..a5964d7 100644
+--- a/keystone/catalog/backends/sql.py
++++ b/keystone/catalog/backends/sql.py
+@@ -19,11 +19,13 @@ import sqlalchemy.exc
+ import webob.exc
+
+ from keystone import catalog
++from keystone import config
+ from keystone import exception
+ from keystone.common import sql
+ from keystone.common.sql import migration
+
+
++CONF = config.CONF
+ class Service(sql.ModelBase, sql.DictBase):
+ __tablename__ = 'service'
+ id = sql.Column(sql.String(64), primary_key=True)
+@@ -140,7 +142,9 @@ class Catalog(sql.Base):
+ return [e['id'] for e in list(endpoints)]
+
+ def get_catalog(self, user_id, tenant_id, metadata=None):
+- d = {'tenant_id': tenant_id, 'user_id': user_id}
++ d = dict(CONF.iteritems())
++ d.update({'tenant_id': tenant_id,
++ 'user_id': user_id})
+ catalog = {}
+
+ endpoints = [self.get_endpoint(e)
More information about the scm-commits
mailing list