#!/bin/sh
#
# Copyright (C) 2014 Codethink Limited
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

set -e

# Create required system users and groups

getent group keystone >/dev/null || groupadd -r --gid 163 keystone
getent passwd keystone >/dev/null || \
	useradd --uid 163 -r -g keystone -d /var/lib/keystone -s /sbin/nologin \
	-c "OpenStack Keystone Daemons" keystone

# Keystone compute configuration
if [ ! -d /var/run/keystone ]; then
    mkdir -p /var/run/keystone
    chown -R keystone:keystone /var/run/keystone
fi

if [ ! -d /var/lock/keystone ]; then
    mkdir -p /var/lock/keystone
    chown -R keystone:keystone /var/lock/keystone
fi

if [ ! -d /var/log/keystone ]; then
    mkdir -p /var/log/keystone
    chown -R keystone:keystone /var/log/keystone
fi

# Setup the keystone database
if ! sudo -u postgres psql -lqt | grep -q keystone; then
    # Create posgreSQL user
    sudo -u postgres createuser \
	    --pwprompt --encrypted \
	    --no-adduser --no-createdb \
	    --no-password \
	    ##KEYSTONE_DB_USER##

    sudo -u postgres createdb \
	    --owner=##KEYSTONE_DB_USER## \
	    keystone

    sudo -u keystone keystone-manage db_sync
fi

chown -R keystone:keystone /var/lib/keystone

systemctl start openstack-keystone

export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN##
export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0'

# This script creates a TEMPORARY admin user, with a password that may
# float arount on the system. Please delete this user once you have set up
# the real admin user with a real secure password.

keystone tenant-create --name admin --description "Admin Tenant"
keystone role-create --name admin

keystone user-create --name temporary_admin --pass ##KEYSTONE_TEMPORARY_ADMIN_PASSWORD##
keystone user-role-add --tenant admin --user temporary_admin --role admin

keystone tenant-create --name service --description "Service Tenant"

# Define a service for the Identity Service
keystone service-create --name keystone --type identity --description "Openstack Identity"

# Specify an API endpoint for the Identity Service by using the returned service ID.
keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') \
	                 --publicurl ##KEYSTONE_PUBLIC_URL## \
			 --internalurl ##KEYSTONE_INTERNAL_URL## \
			 --adminurl ##KEYSTONE_ADMIN_URL##

rm /etc/systemd/system/multi-user.target.wants/openstack-keystone-setup.service

ln -s "/etc/systemd/system/openstack-keystone.service" \
    "/etc/systemd/system/multi-user.target.wants/openstack-keystone.service"

exit 0