diff options
Diffstat (limited to 'openstack/usr/share/openstack/openstack-keystone-setup')
-rw-r--r-- | openstack/usr/share/openstack/openstack-keystone-setup | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/openstack/usr/share/openstack/openstack-keystone-setup b/openstack/usr/share/openstack/openstack-keystone-setup new file mode 100644 index 00000000..9c034c5b --- /dev/null +++ b/openstack/usr/share/openstack/openstack-keystone-setup @@ -0,0 +1,92 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +# Create required system users and groups + +getent group keystone >/dev/null || groupadd -r --gid 163 keystone +getent passwd keystone >/dev/null || \ + useradd --uid 163 -r -g keystone -d /var/lib/keystone -s /sbin/nologin \ + -c "OpenStack Keystone Daemons" keystone + +# Keystone compute configuration +if [ ! -d /var/run/keystone ]; then + mkdir -p /var/run/keystone + chown -R keystone:keystone /var/run/keystone +fi + +if [ ! -d /var/lock/keystone ]; then + mkdir -p /var/lock/keystone + chown -R keystone:keystone /var/lock/keystone +fi + +if [ ! -d /var/log/keystone ]; then + mkdir -p /var/log/keystone + chown -R keystone:keystone /var/log/keystone +fi + +# Setup the keystone database +if ! sudo -u postgres psql -lqt | grep -q keystone; then + # Create posgreSQL user + sudo -u postgres createuser \ + --pwprompt --encrypted \ + --no-adduser --no-createdb \ + --no-password \ + ##KEYSTONE_DB_USER## + + sudo -u postgres createdb \ + --owner=##KEYSTONE_DB_USER## \ + keystone + + sudo -u keystone keystone-manage db_sync +fi + +chown -R keystone:keystone /var/lib/keystone + +systemctl start openstack-keystone + +export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## +export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0' + +# This script creates a TEMPORARY admin user, with a password that may +# float arount on the system. Please delete this user once you have set up +# the real admin user with a real secure password. + +keystone tenant-create --name admin --description "Admin Tenant" +keystone role-create --name admin + +keystone user-create --name temporary_admin --pass ##KEYSTONE_TEMPORARY_ADMIN_PASSWORD## +keystone user-role-add --tenant admin --user temporary_admin --role admin + +keystone tenant-create --name service --description "Service Tenant" + +# Define a service for the Identity Service +keystone service-create --name keystone --type identity --description "Openstack Identity" + +# Specify an API endpoint for the Identity Service by using the returned service ID. +keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') \ + --publicurl ##KEYSTONE_PUBLIC_URL## \ + --internalurl ##KEYSTONE_INTERNAL_URL## \ + --adminurl ##KEYSTONE_ADMIN_URL## + +rm /etc/systemd/system/multi-user.target.wants/openstack-keystone-setup.service + +ln -s "/etc/systemd/system/openstack-keystone.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-keystone.service" + +exit 0 |