Merge remote-tracking branch 'upstream/master'

This commit is contained in:
Dean Troyer 2011-09-29 19:03:10 -05:00
commit 73778e5224
4 changed files with 169 additions and 28 deletions

View file

@ -3,6 +3,7 @@ BIN_DIR=${BIN_DIR:-.}
# Tenants
$BIN_DIR/keystone-manage $* tenant add admin
$BIN_DIR/keystone-manage $* tenant add demo
$BIN_DIR/keystone-manage $* tenant add invisible_to_admin
# Users
$BIN_DIR/keystone-manage $* user add admin secrete
@ -13,43 +14,28 @@ $BIN_DIR/keystone-manage $* role add Admin
$BIN_DIR/keystone-manage $* role add Member
$BIN_DIR/keystone-manage $* role add KeystoneAdmin
$BIN_DIR/keystone-manage $* role add KeystoneServiceAdmin
$BIN_DIR/keystone-manage $* role grant Admin admin 1
$BIN_DIR/keystone-manage $* role grant Member demo 2
$BIN_DIR/keystone-manage $* role grant Admin admin 2
$BIN_DIR/keystone-manage $* role grant Admin admin admin
$BIN_DIR/keystone-manage $* role grant Member demo demo
$BIN_DIR/keystone-manage $* role grant Member demo invisible_to_admin
$BIN_DIR/keystone-manage $* role grant Admin admin demo
$BIN_DIR/keystone-manage $* role grant Admin admin
$BIN_DIR/keystone-manage $* role grant KeystoneAdmin admin
$BIN_DIR/keystone-manage $* role grant KeystoneServiceAdmin admin
# Services
$BIN_DIR/keystone-manage $* service add nova_compat nova_compat nova_compat
$BIN_DIR/keystone-manage $* service add compute compute compute
$BIN_DIR/keystone-manage $* service add glance glance glance
$BIN_DIR/keystone-manage $* service add identity identity identity
$BIN_DIR/keystone-manage $* service add nova compute "Nova Compute Service"
$BIN_DIR/keystone-manage $* service add glance image "Glance Image Service"
$BIN_DIR/keystone-manage $* service add keystone identity "Keystone Identity Service"
#endpointTemplates
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 1 http://%HOST_IP%:8774/v1.0/ http://%HOST_IP%:8774/v1.0 http://%HOST_IP%:8774/v1.0 1 1
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 2 http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 3 http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 4 http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne nova http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1
# $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
# Tokens
$BIN_DIR/keystone-manage $* token add 999888777666 1 1 2015-02-05T00:00
#Tenant endpoints
$BIN_DIR/keystone-manage $* endpoint add 1 1
$BIN_DIR/keystone-manage $* endpoint add 1 2
$BIN_DIR/keystone-manage $* endpoint add 1 3
$BIN_DIR/keystone-manage $* endpoint add 1 4
$BIN_DIR/keystone-manage $* endpoint add 1 5
$BIN_DIR/keystone-manage $* endpoint add 1 6
$BIN_DIR/keystone-manage $* endpoint add 2 1
$BIN_DIR/keystone-manage $* endpoint add 2 2
$BIN_DIR/keystone-manage $* endpoint add 2 3
$BIN_DIR/keystone-manage $* endpoint add 2 4
$BIN_DIR/keystone-manage $* endpoint add 2 5
$BIN_DIR/keystone-manage $* endpoint add 2 6
$BIN_DIR/keystone-manage $* token add 999888777666 admin admin 2015-02-05T00:00
# EC2 related creds
$BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials"
$BIN_DIR/keystone-manage $* credentials add demo EC2 'demo:demo' demo demo || echo "no support for adding credentials"

1
files/pips/keystone Normal file
View file

@ -0,0 +1 @@
PassLib

View file

@ -16,7 +16,7 @@ NOVNC_BRANCH=master
# django powered web control panel for openstack
DASH_REPO=https://github.com/cloudbuilders/openstack-dashboard.git
DASH_BRANCH=master
DASH_BRANCH=glance_type_image
# add nixon, will use this to show munin graphs in dashboard
NIXON_REPO=https://github.com/cloudbuilders/nixon.git

154
tools/install_openvpn.sh Normal file
View file

@ -0,0 +1,154 @@
#!/bin/bash
# install_openvpn.sh - Install OpenVPN and generate required certificates
#
# install_openvpn.sh --client name
# install_openvpn.sh --server [name]
#
# name is used on the CN of the generated cert, and the filename of
# the configuration, certificate and key files.
#
# --server mode configures the host with a running OpenVPN server instance
# --client mode creates a tarball of a client configuration for this server
# VPN Config
VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`} # 50.56.12.212
VPN_PROTO=${VPN_PROTO:-tcp}
VPN_PORT=${VPN_PORT:-6081}
VPN_DEV=${VPN_DEV:-tun}
VPN_CLIENT_NET=${VPN_CLIENT_NET:-172.16.28.0}
VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-255.255.255.0}
VPN_LOCAL_NET=${VPN_LOCAL_NET:-10.0.0.0}
VPN_LOCAL_MASK=${VPN_LOCAL_MASK:-255.255.0.0}
VPN_DIR=/etc/openvpn
CA_DIR=/etc/openvpn/easy-rsa
usage() {
echo "$0 - OpenVPN install and certificate generation"
echo ""
echo "$0 --client name"
echo "$0 --server [name]"
echo ""
echo " --server mode configures the host with a running OpenVPN server instance"
echo " --client mode creates a tarball of a client configuration for this server"
exit 1
}
if [ -z $1 ]; then
usage
fi
# Install OpenVPN
if [ ! -x `which openvpn` ]; then
apt-get install -y openvpn bridge-utils
fi
if [ ! -d $CA_DIR ]; then
cp -pR /usr/share/doc/openvpn/examples/easy-rsa/2.0/ $CA_DIR
fi
OPWD=`pwd`
cd $CA_DIR
source ./vars
# Override the defaults
export KEY_COUNTRY="US"
export KEY_PROVINCE="TX"
export KEY_CITY="SanAntonio"
export KEY_ORG="Cloudbuilders"
export KEY_EMAIL="rcb@lists.rackspace.com"
if [ ! -r $CA_DIR/keys/dh1024.pem ]; then
# Initialize a new CA
$CA_DIR/clean-all
$CA_DIR/build-dh
$CA_DIR/pkitool --initca
openvpn --genkey --secret $CA_DIR/keys/ta.key ## Build a TLS key
fi
do_server() {
NAME=$1
# Generate server certificate
$CA_DIR/pkitool --server $NAME
(cd $CA_DIR/keys;
cp $NAME.crt $NAME.key ca.crt dh1024.pem ta.key $VPN_DIR
)
cat >$VPN_DIR/$NAME.conf <<EOF
proto $VPN_PROTO
port $VPN_PORT
dev $VPN_DEV
cert $NAME.crt
key $NAME.key # This file should be kept secret
ca ca.crt
dh dh1024.pem
duplicate-cn
server $VPN_CLIENT_NET $VPN_CLIENT_MASK
ifconfig-pool-persist ipp.txt
push "route $VPN_LOCAL_NET $VPN_LOCAL_MASK"
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
EOF
/etc/init.d/openvpn restart
}
do_client() {
NAME=$1
# Generate a client certificate
$CA_DIR/pkitool $NAME
TMP_DIR=`mktemp -d`
(cd $CA_DIR/keys;
cp -p ca.crt ta.key $NAME.key $NAME.crt $TMP_DIR
)
if [ -r $VPN_DIR/hostname ]; then
HOST=`cat $VPN_DIR/hostname`
else
HOST=`hostname`
fi
cat >$TMP_DIR/$HOST.conf <<EOF
proto $VPN_PROTO
port $VPN_PORT
dev $VPN_DEV
cert $NAME.crt
key $NAME.key # This file should be kept secret
ca ca.crt
client
remote $VPN_SERVER $VPN_PORT
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
comp-lzo
verb 3
EOF
(cd $TMP_DIR; tar cf $OPWD/$NAME.tar *)
rm -rf $TMP_DIR
echo "Client certificate and configuration is in $OPWD/$NAME.tar"
}
# Process command line args
case $1 in
--client) if [ -z $2 ]; then
usage
fi
do_client $2
;;
--server) if [ -z $2 ]; then
NAME=`hostname`
else
NAME=$2
# Save for --client use
echo $NAME >$VPN_DIR/hostname
fi
do_server $NAME
;;
--clean) $CA_DIR/clean-all
;;
*) usage
esac