summaryrefslogtreecommitdiff
path: root/openstack/usr/share/openstack/openstack-keystone-setup
diff options
context:
space:
mode:
Diffstat (limited to 'openstack/usr/share/openstack/openstack-keystone-setup')
-rw-r--r--openstack/usr/share/openstack/openstack-keystone-setup92
1 files changed, 92 insertions, 0 deletions
diff --git a/openstack/usr/share/openstack/openstack-keystone-setup b/openstack/usr/share/openstack/openstack-keystone-setup
new file mode 100644
index 00000000..9c034c5b
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-keystone-setup
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+# Create required system users and groups
+
+getent group keystone >/dev/null || groupadd -r --gid 163 keystone
+getent passwd keystone >/dev/null || \
+ useradd --uid 163 -r -g keystone -d /var/lib/keystone -s /sbin/nologin \
+ -c "OpenStack Keystone Daemons" keystone
+
+# Keystone compute configuration
+if [ ! -d /var/run/keystone ]; then
+ mkdir -p /var/run/keystone
+ chown -R keystone:keystone /var/run/keystone
+fi
+
+if [ ! -d /var/lock/keystone ]; then
+ mkdir -p /var/lock/keystone
+ chown -R keystone:keystone /var/lock/keystone
+fi
+
+if [ ! -d /var/log/keystone ]; then
+ mkdir -p /var/log/keystone
+ chown -R keystone:keystone /var/log/keystone
+fi
+
+# Setup the keystone database
+if ! sudo -u postgres psql -lqt | grep -q keystone; then
+ # Create posgreSQL user
+ sudo -u postgres createuser \
+ --pwprompt --encrypted \
+ --no-adduser --no-createdb \
+ --no-password \
+ ##KEYSTONE_DB_USER##
+
+ sudo -u postgres createdb \
+ --owner=##KEYSTONE_DB_USER## \
+ keystone
+
+ sudo -u keystone keystone-manage db_sync
+fi
+
+chown -R keystone:keystone /var/lib/keystone
+
+systemctl start openstack-keystone
+
+export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN##
+export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0'
+
+# This script creates a TEMPORARY admin user, with a password that may
+# float arount on the system. Please delete this user once you have set up
+# the real admin user with a real secure password.
+
+keystone tenant-create --name admin --description "Admin Tenant"
+keystone role-create --name admin
+
+keystone user-create --name temporary_admin --pass ##KEYSTONE_TEMPORARY_ADMIN_PASSWORD##
+keystone user-role-add --tenant admin --user temporary_admin --role admin
+
+keystone tenant-create --name service --description "Service Tenant"
+
+# Define a service for the Identity Service
+keystone service-create --name keystone --type identity --description "Openstack Identity"
+
+# Specify an API endpoint for the Identity Service by using the returned service ID.
+keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') \
+ --publicurl ##KEYSTONE_PUBLIC_URL## \
+ --internalurl ##KEYSTONE_INTERNAL_URL## \
+ --adminurl ##KEYSTONE_ADMIN_URL##
+
+rm /etc/systemd/system/multi-user.target.wants/openstack-keystone-setup.service
+
+ln -s "/etc/systemd/system/openstack-keystone.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-keystone.service"
+
+exit 0