-
-
Save alistairncoles/eace39b1e19c6ce708edd8cd9e951ff2 to your computer and use it in GitHub Desktop.
keystone install script, Ubuntu 16.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
KEYSTONE_ADMIN_TOKEN=ADMIN | |
KEYSTONE_HOST=localhost | |
KEYSTONE_ADMIN_PASSWORD=admin | |
DEFAULT_DOMAIN_NAME=default | |
SWIFT_HOST=saio | |
SWIFT_PASSWORD=swiftpass | |
set -e | |
#set -x | |
OS_CMD="openstack --os-url http://$KEYSTONE_HOST:5000/v3 --os-identity-api-version 3 --os-token $KEYSTONE_ADMIN_TOKEN" | |
echo "Installing the openstack client..." | |
sudo apt-get install python-openstackclient | |
echo "openstack client version is..." | |
openstack --version | |
openstack 2.3.0 | |
echo "Installing keystone package..." | |
echo "(installs default config in /etc/keystone and runs keystone-all)" | |
sudo apt-get install keystone | |
echo "keystone version is ..." | |
keystone-manage --version | |
# 9.2.0 | |
echo "To enable bootstrapping of keystone config using *insecure* admin token facility," | |
echo "edit /etc/keystone/keystone.conf DEFAULT section:" | |
echo " admin_token = ADMIN" | |
echo | |
read -p "Continue? " continue | |
echo "Restarting keystone service..." | |
sudo service keystone restart | |
sleep 2 | |
echo "Bootstrapping $DEFAULT_DOMAIN_NAME domain and admin user..." | |
$OS_CMD domain create $DEFAULT_DOMAIN_NAME | |
$OS_CMD project create admin --domain $DEFAULT_DOMAIN_NAME | |
$OS_CMD user create admin --project-domain $DEFAULT_DOMAIN_NAME --password $KEYSTONE_ADMIN_PASSWORD --enable --domain $DEFAULT_DOMAIN_NAME | |
$OS_CMD role create admin | |
$OS_CMD role add --project admin --user admin admin | |
echo "Creating keystone service and endpoints..." | |
$OS_CMD service create --name keystone identity --enable | |
$OS_CMD endpoint create --region RegionOne identity public http://$KEYSTONE_HOST:5000/v3 | |
$OS_CMD endpoint create --region RegionOne identity internal http://$KEYSTONE_HOST:5000/v3 | |
$OS_CMD endpoint create --region RegionOne identity admin http://$KEYSTONE_HOST:35357/v3 | |
# now we have bootstrapped an admin user, switch to using that for subsequent keystone setup... | |
OS_CMD="openstack --os-auth-url http://$KEYSTONE_HOST:35357/v3 --os-identity-api-version 3 --os-username admin --os-project-name admin --os-password $KEYSTONE_ADMIN_PASSWORD --os-user-domain-name $DEFAULT_DOMAIN_NAME --os-project-domain-name $DEFAULT_DOMAIN_NAME" | |
echo "Catalog for identity service..." | |
$OS_CMD catalog show identity | |
echo "Creating swift service and endpoints..." | |
$OS_CMD service create --name swift object-store --enable | |
$OS_CMD endpoint create --region RegionOne object-store internal http://$SWIFT_HOST:8080/v1/AUTH_%\(tenant_id\)s | |
$OS_CMD endpoint create --region RegionOne object-store public http://$SWIFT_HOST:8080/v1/AUTH_%\(tenant_id\)s | |
$OS_CMD endpoint create --region RegionOne object-store admin http://$SWIFT_HOST:8080/v1 | |
echo "Catalog for object-store service..." | |
$OS_CMD catalog show object-store | |
echo "Creating service project and swift user..." | |
$OS_CMD project create --domain $DEFAULT_DOMAIN_NAME service | |
$OS_CMD user create --domain $DEFAULT_DOMAIN_NAME --password $SWIFT_PASSWORD swift | |
$OS_CMD role add admin --project service --user swift | |
echo | |
echo "**********************************************************************************" | |
echo "here's the openstack shell command..." | |
echo " $OS_CMD" | |
echo | |
echo "** Make sure /etc/hosts has mappings for: $KEYSTONE_HOST $SWIFT_HOST" | |
echo | |
echo "** To install swift functional test projects and users, run:" | |
echo " swift-keystone-setup.sh http://$KEYSTONE_HOST:35357/v3 $KEYSTONE_ADMIN_PASSWORD" | |
echo | |
echo "** Set authoken options in /etc/swift/proxy-server.conf:" | |
echo " auth_uri = http://$KEYSTONE_HOST:5000" | |
echo " auth_url = http://$KEYSTONE_HOST:35357" | |
echo " auth_plugin = password" | |
echo " project_domain_name = $DEFAULT_DOMAIN_NAME" | |
echo " user_domain_name = $DEFAULT_DOMAIN_NAME" | |
echo " project_name = service" | |
echo " username = swift" | |
echo " password = $SWIFT_PASSWORD" | |
echo " delay_auth_decision = True" | |
echo " cache = swift.cache" | |
echo " include_service_catalog = False" | |
echo "** Set keystoneauth options in /etc/swift/proxy-server.conf:" | |
echo " reseller_prefix = AUTH, SERVICE" | |
echo " operator_roles = admin, swiftoperator" | |
echo " allow_overrides = true" | |
echo " # service_roles =" | |
echo " default_domain_id = <ID OF DEFAULT DOMAIN> <<<< THIS MUST BE SET !! **" | |
echo " # allow_names_in_acls = true" | |
echo " SERVICE_service_roles = swiftservice" | |
echo | |
# I tried and failed to configure keystone to treat the id of my domain named "default" | |
# as the default domain, by setting default_domain_id= in the [identity] section of | |
# /etc/keystone/keystone.conf, so it needs to be passed into swift functional tests | |
# explicitly via test.conf. | |
echo "** Set keystoneauth specific options in /etc/swift/test.conf:" | |
echo " auth_version = 3" | |
echo " auth_host = $KEYSTONE_HOST" | |
echo " auth_port = 5000" | |
echo " auth_ssl = no" | |
echo " auth_prefix = /v3/" | |
echo " domain_name = $DEFAULT_DOMAIN_NAME" | |
echo | |
echo "Check which version of the requests package you have w.r.t. this bug:" | |
echo " https://bugs.launchpad.net/swift/+bug/1604674" | |
echo " sudo pip show requests" | |
echo "**********************************************************************************" | |
exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment