alistairncoles/keystone_configurator.sh Secret

## keystone_configurator.sh
#!/usr/bin/env bash

KEYSTONE_ADMIN_TOKEN=ADMIN
KEYSTONE_HOST=localhost
KEYSTONE_ADMIN_PASSWORD=admin
DEFAULT_DOMAIN_NAME=default
SWIFT_HOST=saio
SWIFT_PASSWORD=swiftpass

set -e
#set -x

OS_CMD="openstack --os-url http://$KEYSTONE_HOST:5000/v3 --os-identity-api-version 3  --os-token $KEYSTONE_ADMIN_TOKEN"

echo "Installing the openstack client..."
sudo apt-get install python-openstackclient
echo "openstack client version is..."
openstack --version
 openstack 2.3.0

echo "Installing keystone package..."
echo "(installs default config in /etc/keystone and runs keystone-all)"
sudo apt-get install keystone
echo "keystone version is ..."
keystone-manage --version
# 9.2.0

echo "To enable bootstrapping of keystone config using *insecure* admin token facility,"
echo "edit /etc/keystone/keystone.conf DEFAULT section:"
echo "    admin_token = ADMIN"
echo
read  -p "Continue? " continue

echo "Restarting keystone service..."
sudo service keystone restart
sleep 2

echo "Bootstrapping $DEFAULT_DOMAIN_NAME domain and admin user..."
$OS_CMD domain create $DEFAULT_DOMAIN_NAME
$OS_CMD project create admin --domain $DEFAULT_DOMAIN_NAME
$OS_CMD user create admin --project-domain $DEFAULT_DOMAIN_NAME --password $KEYSTONE_ADMIN_PASSWORD --enable --domain $DEFAULT_DOMAIN_NAME
$OS_CMD role create admin
$OS_CMD role add --project admin --user admin admin

echo "Creating keystone service and endpoints..."
$OS_CMD service create --name keystone identity --enable
$OS_CMD endpoint create --region RegionOne identity public http://$KEYSTONE_HOST:5000/v3
$OS_CMD endpoint create --region RegionOne identity internal http://$KEYSTONE_HOST:5000/v3
$OS_CMD endpoint create --region RegionOne identity admin http://$KEYSTONE_HOST:35357/v3

# now we have bootstrapped an admin user, switch to using that for subsequent keystone setup...
OS_CMD="openstack --os-auth-url http://$KEYSTONE_HOST:35357/v3 --os-identity-api-version 3 --os-username admin --os-project-name admin --os-password $KEYSTONE_ADMIN_PASSWORD --os-user-domain-name $DEFAULT_DOMAIN_NAME --os-project-domain-name $DEFAULT_DOMAIN_NAME"

echo "Catalog for identity service..."
$OS_CMD catalog show identity

echo "Creating swift service and endpoints..."
$OS_CMD service create --name swift object-store --enable
$OS_CMD endpoint create --region RegionOne object-store internal http://$SWIFT_HOST:8080/v1/AUTH_%\(tenant_id\)s
$OS_CMD endpoint create --region RegionOne object-store public http://$SWIFT_HOST:8080/v1/AUTH_%\(tenant_id\)s
$OS_CMD endpoint create --region RegionOne object-store admin http://$SWIFT_HOST:8080/v1
echo "Catalog for object-store service..."
$OS_CMD catalog show object-store

echo "Creating service project and swift user..."
$OS_CMD project create --domain $DEFAULT_DOMAIN_NAME service
$OS_CMD user create --domain $DEFAULT_DOMAIN_NAME --password $SWIFT_PASSWORD swift
$OS_CMD role add admin --project service --user swift
echo
echo "**********************************************************************************"
echo "here's the openstack shell command..."
echo "  $OS_CMD"
echo
echo "** Make sure /etc/hosts has mappings for: $KEYSTONE_HOST $SWIFT_HOST"
echo
echo "** To install swift functional test projects and users, run:"
echo "  swift-keystone-setup.sh http://$KEYSTONE_HOST:35357/v3 $KEYSTONE_ADMIN_PASSWORD"
echo
echo "** Set authoken options in /etc/swift/proxy-server.conf:"
echo "  auth_uri = http://$KEYSTONE_HOST:5000"
echo "  auth_url = http://$KEYSTONE_HOST:35357"
echo "  auth_plugin = password"
echo "  project_domain_name = $DEFAULT_DOMAIN_NAME"
echo "  user_domain_name = $DEFAULT_DOMAIN_NAME"
echo "  project_name = service"
echo "  username = swift"
echo "  password = $SWIFT_PASSWORD"
echo "  delay_auth_decision = True"
echo "  cache = swift.cache"
echo "  include_service_catalog = False"

echo "** Set keystoneauth options in /etc/swift/proxy-server.conf:"
echo "  reseller_prefix = AUTH, SERVICE"
echo "  operator_roles = admin, swiftoperator"
echo "  allow_overrides = true"
echo "  # service_roles ="
echo "  default_domain_id = <ID OF DEFAULT DOMAIN>  <<<< THIS MUST BE SET !! **"
echo "  # allow_names_in_acls = true"
echo "  SERVICE_service_roles = swiftservice"
echo
# I tried and failed to configure keystone to treat the id of my domain named "default"
# as the default domain, by setting default_domain_id= in the [identity] section of
# /etc/keystone/keystone.conf, so it needs to be passed into swift functional tests
# explicitly via test.conf.
echo "** Set keystoneauth specific options in /etc/swift/test.conf:"
echo "  auth_version = 3"
echo "  auth_host = $KEYSTONE_HOST"
echo "  auth_port = 5000"
echo "  auth_ssl = no"
echo "  auth_prefix = /v3/"
echo "  domain_name = $DEFAULT_DOMAIN_NAME"
echo
echo "Check which version of the requests package you have w.r.t. this bug:"
echo "      https://bugs.launchpad.net/swift/+bug/1604674"
echo "  sudo pip show requests"
echo "**********************************************************************************"

exit
	#!/usr/bin/env bash

	KEYSTONE_ADMIN_TOKEN=ADMIN
	KEYSTONE_HOST=localhost
	KEYSTONE_ADMIN_PASSWORD=admin
	DEFAULT_DOMAIN_NAME=default
	SWIFT_HOST=saio
	SWIFT_PASSWORD=swiftpass

	set -e
	#set -x

	OS_CMD="openstack --os-url http://$KEYSTONE_HOST:5000/v3 --os-identity-api-version 3 --os-token $KEYSTONE_ADMIN_TOKEN"

	echo "Installing the openstack client..."
	sudo apt-get install python-openstackclient
	echo "openstack client version is..."
	openstack --version
	openstack 2.3.0

	echo "Installing keystone package..."
	echo "(installs default config in /etc/keystone and runs keystone-all)"
	sudo apt-get install keystone
	echo "keystone version is ..."
	keystone-manage --version
	# 9.2.0

	echo "To enable bootstrapping of keystone config using insecure admin token facility,"
	echo "edit /etc/keystone/keystone.conf DEFAULT section:"
	echo " admin_token = ADMIN"
	echo
	read -p "Continue? " continue

	echo "Restarting keystone service..."
	sudo service keystone restart
	sleep 2

	echo "Bootstrapping $DEFAULT_DOMAIN_NAME domain and admin user..."
	$OS_CMD domain create $DEFAULT_DOMAIN_NAME
	$OS_CMD project create admin --domain $DEFAULT_DOMAIN_NAME
	$OS_CMD user create admin --project-domain $DEFAULT_DOMAIN_NAME --password $KEYSTONE_ADMIN_PASSWORD --enable --domain $DEFAULT_DOMAIN_NAME
	$OS_CMD role create admin
	$OS_CMD role add --project admin --user admin admin

	echo "Creating keystone service and endpoints..."
	$OS_CMD service create --name keystone identity --enable
	$OS_CMD endpoint create --region RegionOne identity public http://$KEYSTONE_HOST:5000/v3
	$OS_CMD endpoint create --region RegionOne identity internal http://$KEYSTONE_HOST:5000/v3
	$OS_CMD endpoint create --region RegionOne identity admin http://$KEYSTONE_HOST:35357/v3

	# now we have bootstrapped an admin user, switch to using that for subsequent keystone setup...
	OS_CMD="openstack --os-auth-url http://$KEYSTONE_HOST:35357/v3 --os-identity-api-version 3 --os-username admin --os-project-name admin --os-password $KEYSTONE_ADMIN_PASSWORD --os-user-domain-name $DEFAULT_DOMAIN_NAME --os-project-domain-name $DEFAULT_DOMAIN_NAME"

	echo "Catalog for identity service..."
	$OS_CMD catalog show identity

	echo "Creating swift service and endpoints..."
	$OS_CMD service create --name swift object-store --enable
	$OS_CMD endpoint create --region RegionOne object-store internal http://$SWIFT_HOST:8080/v1/AUTH_%\(tenant_id\)s
	$OS_CMD endpoint create --region RegionOne object-store public http://$SWIFT_HOST:8080/v1/AUTH_%\(tenant_id\)s
	$OS_CMD endpoint create --region RegionOne object-store admin http://$SWIFT_HOST:8080/v1
	echo "Catalog for object-store service..."
	$OS_CMD catalog show object-store

	echo "Creating service project and swift user..."
	$OS_CMD project create --domain $DEFAULT_DOMAIN_NAME service
	$OS_CMD user create --domain $DEFAULT_DOMAIN_NAME --password $SWIFT_PASSWORD swift
	$OS_CMD role add admin --project service --user swift
	echo
	echo "**********************************************************************************"
	echo "here's the openstack shell command..."
	echo " $OS_CMD"
	echo
	echo "** Make sure /etc/hosts has mappings for: $KEYSTONE_HOST $SWIFT_HOST"
	echo
	echo "** To install swift functional test projects and users, run:"
	echo " swift-keystone-setup.sh http://$KEYSTONE_HOST:35357/v3 $KEYSTONE_ADMIN_PASSWORD"
	echo
	echo "** Set authoken options in /etc/swift/proxy-server.conf:"
	echo " auth_uri = http://$KEYSTONE_HOST:5000"
	echo " auth_url = http://$KEYSTONE_HOST:35357"
	echo " auth_plugin = password"
	echo " project_domain_name = $DEFAULT_DOMAIN_NAME"
	echo " user_domain_name = $DEFAULT_DOMAIN_NAME"
	echo " project_name = service"
	echo " username = swift"
	echo " password = $SWIFT_PASSWORD"
	echo " delay_auth_decision = True"
	echo " cache = swift.cache"
	echo " include_service_catalog = False"

	echo "** Set keystoneauth options in /etc/swift/proxy-server.conf:"
	echo " reseller_prefix = AUTH, SERVICE"
	echo " operator_roles = admin, swiftoperator"
	echo " allow_overrides = true"
	echo " # service_roles ="
	echo " default_domain_id = <ID OF DEFAULT DOMAIN> <<<< THIS MUST BE SET !! **"
	echo " # allow_names_in_acls = true"
	echo " SERVICE_service_roles = swiftservice"
	echo
	# I tried and failed to configure keystone to treat the id of my domain named "default"
	# as the default domain, by setting default_domain_id= in the [identity] section of
	# /etc/keystone/keystone.conf, so it needs to be passed into swift functional tests
	# explicitly via test.conf.
	echo "** Set keystoneauth specific options in /etc/swift/test.conf:"
	echo " auth_version = 3"
	echo " auth_host = $KEYSTONE_HOST"
	echo " auth_port = 5000"
	echo " auth_ssl = no"
	echo " auth_prefix = /v3/"
	echo " domain_name = $DEFAULT_DOMAIN_NAME"
	echo
	echo "Check which version of the requests package you have w.r.t. this bug:"
	echo " https://bugs.launchpad.net/swift/+bug/1604674"
	echo " sudo pip show requests"
	echo "**********************************************************************************"

	exit