From 3a0931273be9d701781d9a02ebe97f1bf4979782 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 19:01:45 +0000 Subject: [PATCH] make keystone use mysql --- files/keystone.conf | 86 +++++++++++++++++++++++++++++++++++++++++++++ stack.sh | 11 +++--- 2 files changed, 93 insertions(+), 4 deletions(-) create mode 100755 files/keystone.conf diff --git a/files/keystone.conf b/files/keystone.conf new file mode 100755 index 0000000..4e775ab --- /dev/null +++ b/files/keystone.conf @@ -0,0 +1,86 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +debug = False + +# Which backend store should Keystone use by default. +# Default: 'sqlite' +# Available choices are 'sqlite' [future will include LDAP, PAM, etc] +default_store = sqlite + +# Log to this file. Make sure you do not set the same log +# file for both the API and registry servers! +log_file = /opt/keystone/keystone.log + +# List of backends to be configured +backends = keystone.backends.sqlalchemy +#For LDAP support, add: ,keystone.backends.ldap + +# Dictionary Maps every service to a header.Missing services would get header +# X_(SERVICE_NAME) Key => Service Name, Value => Header Name +service-header-mappings = { + 'nova' : 'X-Server-Management-Url', + 'swift' : 'X-Storage-Url', + 'cdn' : 'X-CDN-Management-Url'} + +# Address to bind the API server +# TODO Properties defined within app not available via pipeline. +service_host = 0.0.0.0 + +# Port the bind the API server to +service_port = 5000 + +# Address to bind the Admin API server +admin_host = 0.0.0.0 + +# Port the bind the Admin API server to +admin_port = 5001 + +#Role that allows to perform admin operations. +keystone-admin-role = Admin + +#Role that allows to perform service admin operations. +keystone-service-admin-role = KeystoneServiceAdmin + +[keystone.backends.sqlalchemy] +# SQLAlchemy connection string for the reference implementation registry +# server. Any valid SQLAlchemy connection string is fine. +# See: http://bit.ly/ideIpI +#sql_connection = sqlite:///keystone.db +sql_connection = mysql://root:nova@localhost/keystone +backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant', + 'User', 'Credentials', 'EndpointTemplates', 'Token', + 'Service'] + +# Period in seconds after which SQLAlchemy should reestablish its connection +# to the database. +sql_idle_timeout = 30 + +[pipeline:admin] +pipeline = + urlrewritefilter + admin_api + +[pipeline:keystone-legacy-auth] +pipeline = + urlrewritefilter + legacy_auth + RAX-KEY-extension + service_api + +[app:service_api] +paste.app_factory = keystone.server:service_app_factory + +[app:admin_api] +paste.app_factory = keystone.server:admin_app_factory + +[filter:urlrewritefilter] +paste.filter_factory = keystone.middleware.url:filter_factory + +[filter:legacy_auth] +paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory + +[filter:RAX-KEY-extension] +paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory diff --git a/stack.sh b/stack.sh index 8e871de..d8ad2b1 100755 --- a/stack.sh +++ b/stack.sh @@ -222,12 +222,15 @@ mkdir -p $NOVA_DIR/networks # (re)create nova database mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE nova;' || true mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE nova;' +mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE keystone;' || true +mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE keystone;' $NOVA_DIR/bin/nova-manage db sync +# FIXME (anthony) keystone should use keystone.conf.example +KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf +cp $DIR/files/keystone.conf $KEYSTONE_CONF + # initialize keystone with default users/endpoints -rm -f /opt/keystone/keystone.db -# FIXME keystone creates a keystone.log wherever you run it from (bugify) -cd /tmp BIN_DIR=$KEYSTONE_DIR/bin bash $DIR/files/keystone_data.sh # create a small network @@ -261,7 +264,7 @@ screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.con screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf" # keystone drops a keystone.log where if it is run, so change the path to # where it can write -screen_it key "cd /tmp; $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_DIR/etc/keystone.conf" +screen_it key "cd /tmp; $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF" screen_it n-api "$NOVA_DIR/bin/nova-api" screen_it n-cpu "$NOVA_DIR/bin/nova-compute" screen_it n-net "$NOVA_DIR/bin/nova-network"