diff --git a/files/keystone_data.sh b/files/keystone_data.sh index 1635b9d..d1be32d 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -3,6 +3,7 @@ BIN_DIR=${BIN_DIR:-.} # Tenants $BIN_DIR/keystone-manage $* tenant add admin $BIN_DIR/keystone-manage $* tenant add demo +$BIN_DIR/keystone-manage $* tenant add invisible_to_admin # Users $BIN_DIR/keystone-manage $* user add admin secrete @@ -13,43 +14,28 @@ $BIN_DIR/keystone-manage $* role add Admin $BIN_DIR/keystone-manage $* role add Member $BIN_DIR/keystone-manage $* role add KeystoneAdmin $BIN_DIR/keystone-manage $* role add KeystoneServiceAdmin -$BIN_DIR/keystone-manage $* role grant Admin admin 1 -$BIN_DIR/keystone-manage $* role grant Member demo 2 -$BIN_DIR/keystone-manage $* role grant Admin admin 2 +$BIN_DIR/keystone-manage $* role grant Admin admin admin +$BIN_DIR/keystone-manage $* role grant Member demo demo +$BIN_DIR/keystone-manage $* role grant Member demo invisible_to_admin +$BIN_DIR/keystone-manage $* role grant Admin admin demo $BIN_DIR/keystone-manage $* role grant Admin admin $BIN_DIR/keystone-manage $* role grant KeystoneAdmin admin $BIN_DIR/keystone-manage $* role grant KeystoneServiceAdmin admin # Services -$BIN_DIR/keystone-manage $* service add nova_compat nova_compat nova_compat -$BIN_DIR/keystone-manage $* service add compute compute compute -$BIN_DIR/keystone-manage $* service add glance glance glance -$BIN_DIR/keystone-manage $* service add identity identity identity +$BIN_DIR/keystone-manage $* service add nova compute "Nova Compute Service" +$BIN_DIR/keystone-manage $* service add glance image "Glance Image Service" +$BIN_DIR/keystone-manage $* service add keystone identity "Keystone Identity Service" #endpointTemplates -$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 1 http://%HOST_IP%:8774/v1.0/ http://%HOST_IP%:8774/v1.0 http://%HOST_IP%:8774/v1.0 1 1 -$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 2 http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1 -$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 3 http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1 -$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 4 http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1 +$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne nova http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1 +$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1 +$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1 # $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1 # Tokens -$BIN_DIR/keystone-manage $* token add 999888777666 1 1 2015-02-05T00:00 - -#Tenant endpoints -$BIN_DIR/keystone-manage $* endpoint add 1 1 -$BIN_DIR/keystone-manage $* endpoint add 1 2 -$BIN_DIR/keystone-manage $* endpoint add 1 3 -$BIN_DIR/keystone-manage $* endpoint add 1 4 -$BIN_DIR/keystone-manage $* endpoint add 1 5 -$BIN_DIR/keystone-manage $* endpoint add 1 6 - -$BIN_DIR/keystone-manage $* endpoint add 2 1 -$BIN_DIR/keystone-manage $* endpoint add 2 2 -$BIN_DIR/keystone-manage $* endpoint add 2 3 -$BIN_DIR/keystone-manage $* endpoint add 2 4 -$BIN_DIR/keystone-manage $* endpoint add 2 5 -$BIN_DIR/keystone-manage $* endpoint add 2 6 +$BIN_DIR/keystone-manage $* token add 999888777666 admin admin 2015-02-05T00:00 +# EC2 related creds $BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials" $BIN_DIR/keystone-manage $* credentials add demo EC2 'demo:demo' demo demo || echo "no support for adding credentials" diff --git a/files/pips/keystone b/files/pips/keystone new file mode 100644 index 0000000..09636e4 --- /dev/null +++ b/files/pips/keystone @@ -0,0 +1 @@ +PassLib diff --git a/stackrc b/stackrc index deb467b..8bc455e 100644 --- a/stackrc +++ b/stackrc @@ -16,7 +16,7 @@ NOVNC_BRANCH=master # django powered web control panel for openstack DASH_REPO=https://github.com/cloudbuilders/openstack-dashboard.git -DASH_BRANCH=master +DASH_BRANCH=glance_type_image # add nixon, will use this to show munin graphs in dashboard NIXON_REPO=https://github.com/cloudbuilders/nixon.git diff --git a/tools/install_openvpn.sh b/tools/install_openvpn.sh new file mode 100644 index 0000000..a3a2346 --- /dev/null +++ b/tools/install_openvpn.sh @@ -0,0 +1,154 @@ +#!/bin/bash +# install_openvpn.sh - Install OpenVPN and generate required certificates +# +# install_openvpn.sh --client name +# install_openvpn.sh --server [name] +# +# name is used on the CN of the generated cert, and the filename of +# the configuration, certificate and key files. +# +# --server mode configures the host with a running OpenVPN server instance +# --client mode creates a tarball of a client configuration for this server + +# VPN Config +VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`} # 50.56.12.212 +VPN_PROTO=${VPN_PROTO:-tcp} +VPN_PORT=${VPN_PORT:-6081} +VPN_DEV=${VPN_DEV:-tun} +VPN_CLIENT_NET=${VPN_CLIENT_NET:-172.16.28.0} +VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-255.255.255.0} +VPN_LOCAL_NET=${VPN_LOCAL_NET:-10.0.0.0} +VPN_LOCAL_MASK=${VPN_LOCAL_MASK:-255.255.0.0} + +VPN_DIR=/etc/openvpn +CA_DIR=/etc/openvpn/easy-rsa + +usage() { + echo "$0 - OpenVPN install and certificate generation" + echo "" + echo "$0 --client name" + echo "$0 --server [name]" + echo "" + echo " --server mode configures the host with a running OpenVPN server instance" + echo " --client mode creates a tarball of a client configuration for this server" + exit 1 +} + +if [ -z $1 ]; then + usage +fi + +# Install OpenVPN +if [ ! -x `which openvpn` ]; then + apt-get install -y openvpn bridge-utils +fi +if [ ! -d $CA_DIR ]; then + cp -pR /usr/share/doc/openvpn/examples/easy-rsa/2.0/ $CA_DIR +fi + +OPWD=`pwd` +cd $CA_DIR +source ./vars + +# Override the defaults +export KEY_COUNTRY="US" +export KEY_PROVINCE="TX" +export KEY_CITY="SanAntonio" +export KEY_ORG="Cloudbuilders" +export KEY_EMAIL="rcb@lists.rackspace.com" + +if [ ! -r $CA_DIR/keys/dh1024.pem ]; then + # Initialize a new CA + $CA_DIR/clean-all + $CA_DIR/build-dh + $CA_DIR/pkitool --initca + openvpn --genkey --secret $CA_DIR/keys/ta.key ## Build a TLS key +fi + +do_server() { + NAME=$1 + # Generate server certificate + $CA_DIR/pkitool --server $NAME + + (cd $CA_DIR/keys; + cp $NAME.crt $NAME.key ca.crt dh1024.pem ta.key $VPN_DIR + ) + cat >$VPN_DIR/$NAME.conf <$TMP_DIR/$HOST.conf <$VPN_DIR/hostname + fi + do_server $NAME + ;; + --clean) $CA_DIR/clean-all + ;; + *) usage +esac