From 2969c701a05f2f2f6d6a2a0739fc2c19e4f60782 Mon Sep 17 00:00:00 2001
From: Jesse Andrews <anotherjesse@gmail.com>
Date: Sat, 24 Sep 2011 12:31:57 -0700
Subject: [PATCH 1/5] initial commit of wilks work

---
 tools/install_openvpn.sh | 60 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 tools/install_openvpn.sh

diff --git a/tools/install_openvpn.sh b/tools/install_openvpn.sh
new file mode 100644
index 0000000..3b52cf1
--- /dev/null
+++ b/tools/install_openvpn.sh
@@ -0,0 +1,60 @@
+# rough history from wilk - need to cleanup
+apt-get install -y openvpn bridge-utils
+cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa/
+cd /etc/openvpn/easy-rsa
+source vars
+./clean-all
+./build-dh
+./pkitool --initca
+./pkitool --server server
+./pkitool client1
+cd keys
+openvpn --genkey --secret ta.key  ## Build a TLS key
+cp server.crt server.key ca.crt dh1024.pem ta.key ../../
+cd ../../
+
+cat >/etc/openvpn/server.conf <<EOF
+duplicate-cn
+port 6081
+proto tcp
+dev tun
+ca ca.crt
+cert server.crt
+key server.key  # This file should be kept secret
+dh dh1024.pem
+server 172.16.28.0 255.255.255.0
+ifconfig-pool-persist ipp.txt
+push "route 10.0.0.0 255.255.255.224"
+comp-lzo
+persist-key
+persist-tun
+status openvpn-status.log
+EOF
+/etc/init.d/openvpn restart
+
+echo Use the following ca for your client:
+cat /etc/openvpn/ca.crt
+
+echo
+echo Use the following cert for your client
+cat /etc/openvpn/easy-rsa/keys/client1.crt 
+echo
+echo Use the following key for your client
+cat /etc/openvpn/easy-rsa/keys/client1.key 
+echo
+echo Use the following client config:
+cat <<EOF
+ca ca.crt
+cert client.crt
+key client.key
+client
+dev tun
+proto tcp
+remote 50.56.12.212 6081
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+comp-lzo
+verb 3
+EOF

From 135fb645344bb6c8cc06517df8ef12c215f034cc Mon Sep 17 00:00:00 2001
From: Dean Troyer <dtroyer@gmail.com>
Date: Tue, 27 Sep 2011 12:57:53 -0500
Subject: [PATCH 2/5] Major refactor of vpn install

---
 tools/install_openvpn.sh | 180 +++++++++++++++++++++++++++++----------
 1 file changed, 137 insertions(+), 43 deletions(-)

diff --git a/tools/install_openvpn.sh b/tools/install_openvpn.sh
index 3b52cf1..a3a2346 100644
--- a/tools/install_openvpn.sh
+++ b/tools/install_openvpn.sh
@@ -1,60 +1,154 @@
-# rough history from wilk - need to cleanup
-apt-get install -y openvpn bridge-utils
-cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa/
-cd /etc/openvpn/easy-rsa
-source vars
-./clean-all
-./build-dh
-./pkitool --initca
-./pkitool --server server
-./pkitool client1
-cd keys
-openvpn --genkey --secret ta.key  ## Build a TLS key
-cp server.crt server.key ca.crt dh1024.pem ta.key ../../
-cd ../../
-
-cat >/etc/openvpn/server.conf <<EOF
-duplicate-cn
-port 6081
-proto tcp
-dev tun
+#!/bin/bash
+# install_openvpn.sh - Install OpenVPN and generate required certificates
+#
+# install_openvpn.sh --client name
+# install_openvpn.sh --server [name]
+#
+# name is used on the CN of the generated cert, and the filename of
+# the configuration, certificate and key files.
+#
+# --server mode configures the host with a running OpenVPN server instance
+# --client mode creates a tarball of a client configuration for this server
+
+# VPN Config
+VPN_SERVER=${VPN_SERVER:-`ifconfig eth0 | awk "/inet addr:/ { print \$2 }" | cut -d: -f2`}  # 50.56.12.212
+VPN_PROTO=${VPN_PROTO:-tcp}
+VPN_PORT=${VPN_PORT:-6081}
+VPN_DEV=${VPN_DEV:-tun}
+VPN_CLIENT_NET=${VPN_CLIENT_NET:-172.16.28.0}
+VPN_CLIENT_MASK=${VPN_CLIENT_MASK:-255.255.255.0}
+VPN_LOCAL_NET=${VPN_LOCAL_NET:-10.0.0.0}
+VPN_LOCAL_MASK=${VPN_LOCAL_MASK:-255.255.0.0}
+
+VPN_DIR=/etc/openvpn
+CA_DIR=/etc/openvpn/easy-rsa
+
+usage() {
+    echo "$0 - OpenVPN install and certificate generation"
+    echo ""
+    echo "$0 --client name"
+    echo "$0 --server [name]"
+    echo ""
+    echo " --server mode configures the host with a running OpenVPN server instance"
+    echo " --client mode creates a tarball of a client configuration for this server"
+    exit 1
+}
+
+if [ -z $1 ]; then
+    usage
+fi
+
+# Install OpenVPN
+if [ ! -x `which openvpn` ]; then
+    apt-get install -y openvpn bridge-utils
+fi
+if [ ! -d $CA_DIR ]; then
+    cp -pR /usr/share/doc/openvpn/examples/easy-rsa/2.0/ $CA_DIR
+fi
+
+OPWD=`pwd`
+cd $CA_DIR
+source ./vars
+
+# Override the defaults
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="TX"
+export KEY_CITY="SanAntonio"
+export KEY_ORG="Cloudbuilders"
+export KEY_EMAIL="rcb@lists.rackspace.com"
+
+if [ ! -r $CA_DIR/keys/dh1024.pem ]; then
+    # Initialize a new CA
+    $CA_DIR/clean-all
+    $CA_DIR/build-dh
+    $CA_DIR/pkitool --initca
+    openvpn --genkey --secret $CA_DIR/keys/ta.key  ## Build a TLS key
+fi
+
+do_server() {
+    NAME=$1
+    # Generate server certificate
+    $CA_DIR/pkitool --server $NAME
+
+    (cd $CA_DIR/keys;
+        cp $NAME.crt $NAME.key ca.crt dh1024.pem ta.key $VPN_DIR
+    )
+    cat >$VPN_DIR/$NAME.conf <<EOF
+proto $VPN_PROTO
+port $VPN_PORT
+dev $VPN_DEV
+cert $NAME.crt
+key $NAME.key  # This file should be kept secret
 ca ca.crt
-cert server.crt
-key server.key  # This file should be kept secret
 dh dh1024.pem
-server 172.16.28.0 255.255.255.0
+duplicate-cn
+server $VPN_CLIENT_NET $VPN_CLIENT_MASK
 ifconfig-pool-persist ipp.txt
-push "route 10.0.0.0 255.255.255.224"
+push "route $VPN_LOCAL_NET $VPN_LOCAL_MASK"
 comp-lzo
+user nobody
+group nobody
 persist-key
 persist-tun
 status openvpn-status.log
 EOF
-/etc/init.d/openvpn restart
-
-echo Use the following ca for your client:
-cat /etc/openvpn/ca.crt
-
-echo
-echo Use the following cert for your client
-cat /etc/openvpn/easy-rsa/keys/client1.crt 
-echo
-echo Use the following key for your client
-cat /etc/openvpn/easy-rsa/keys/client1.key 
-echo
-echo Use the following client config:
-cat <<EOF
+    /etc/init.d/openvpn restart
+}
+
+do_client() {
+    NAME=$1
+    # Generate a client certificate
+    $CA_DIR/pkitool $NAME
+
+    TMP_DIR=`mktemp -d`
+    (cd $CA_DIR/keys;
+        cp -p ca.crt ta.key $NAME.key $NAME.crt $TMP_DIR
+    )
+    if [ -r $VPN_DIR/hostname ]; then
+        HOST=`cat $VPN_DIR/hostname`
+    else
+        HOST=`hostname`
+    fi
+    cat >$TMP_DIR/$HOST.conf <<EOF
+proto $VPN_PROTO
+port $VPN_PORT
+dev $VPN_DEV
+cert $NAME.crt
+key $NAME.key  # This file should be kept secret
 ca ca.crt
-cert client.crt
-key client.key
 client
-dev tun
-proto tcp
-remote 50.56.12.212 6081
+remote $VPN_SERVER $VPN_PORT
 resolv-retry infinite
 nobind
+user nobody
+group nobody
 persist-key
 persist-tun
 comp-lzo
 verb 3
 EOF
+    (cd $TMP_DIR; tar cf $OPWD/$NAME.tar *)
+    rm -rf $TMP_DIR
+    echo "Client certificate and configuration is in $OPWD/$NAME.tar"
+}
+
+# Process command line args
+case $1 in
+    --client)   if [ -z $2 ]; then
+                    usage
+                fi
+                do_client $2
+                ;;
+    --server)   if [ -z $2 ]; then
+                    NAME=`hostname`
+                else
+                    NAME=$2
+                    # Save for --client use
+                    echo $NAME >$VPN_DIR/hostname
+                fi
+                do_server $NAME
+                ;;
+    --clean)    $CA_DIR/clean-all
+                ;;
+    *)          usage
+esac

From c4a99fb957cecbd1c647f9a4cb64ce44b595172f Mon Sep 17 00:00:00 2001
From: Anthony Young <sleepsonthefloor@gmail.com>
Date: Thu, 29 Sep 2011 22:31:46 +0000
Subject: [PATCH 3/5] updates to support most recent keystone

---
 files/keystone_data.sh | 34 ++++++++++------------------------
 1 file changed, 10 insertions(+), 24 deletions(-)

diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 1635b9d..23646d2 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -3,6 +3,7 @@ BIN_DIR=${BIN_DIR:-.}
 # Tenants
 $BIN_DIR/keystone-manage $* tenant add admin
 $BIN_DIR/keystone-manage $* tenant add demo
+$BIN_DIR/keystone-manage $* tenant add invisible_to_admin
 
 # Users
 $BIN_DIR/keystone-manage $* user add admin secrete
@@ -13,43 +14,28 @@ $BIN_DIR/keystone-manage $* role add Admin
 $BIN_DIR/keystone-manage $* role add Member
 $BIN_DIR/keystone-manage $* role add KeystoneAdmin
 $BIN_DIR/keystone-manage $* role add KeystoneServiceAdmin
-$BIN_DIR/keystone-manage $* role grant Admin admin 1
-$BIN_DIR/keystone-manage $* role grant Member demo 2
-$BIN_DIR/keystone-manage $* role grant Admin admin 2
+$BIN_DIR/keystone-manage $* role grant Admin admin admin
+$BIN_DIR/keystone-manage $* role grant Member demo demo
+$BIN_DIR/keystone-manage $* role grant Member demo invisible_to_admin
+$BIN_DIR/keystone-manage $* role grant Admin admin demo
 $BIN_DIR/keystone-manage $* role grant Admin admin
 $BIN_DIR/keystone-manage $* role grant KeystoneAdmin admin
 $BIN_DIR/keystone-manage $* role grant KeystoneServiceAdmin admin
 
 # Services
-$BIN_DIR/keystone-manage $* service add nova_compat nova_compat nova_compat
 $BIN_DIR/keystone-manage $* service add compute compute compute
 $BIN_DIR/keystone-manage $* service add glance glance glance
 $BIN_DIR/keystone-manage $* service add identity identity identity
 
 #endpointTemplates
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 1 http://%HOST_IP%:8774/v1.0/ http://%HOST_IP%:8774/v1.0  http://%HOST_IP%:8774/v1.0 1 1
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 2 http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id%  http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 3 http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne 4 http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1
+$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne compute http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id%  http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
+$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
+$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne identity http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1
 # $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
 
 # Tokens
-$BIN_DIR/keystone-manage $* token add 999888777666 1 1 2015-02-05T00:00
-
-#Tenant endpoints
-$BIN_DIR/keystone-manage $* endpoint add 1 1
-$BIN_DIR/keystone-manage $* endpoint add 1 2
-$BIN_DIR/keystone-manage $* endpoint add 1 3
-$BIN_DIR/keystone-manage $* endpoint add 1 4
-$BIN_DIR/keystone-manage $* endpoint add 1 5
-$BIN_DIR/keystone-manage $* endpoint add 1 6
-
-$BIN_DIR/keystone-manage $* endpoint add 2 1
-$BIN_DIR/keystone-manage $* endpoint add 2 2
-$BIN_DIR/keystone-manage $* endpoint add 2 3
-$BIN_DIR/keystone-manage $* endpoint add 2 4
-$BIN_DIR/keystone-manage $* endpoint add 2 5
-$BIN_DIR/keystone-manage $* endpoint add 2 6
+$BIN_DIR/keystone-manage $* token add 999888777666 admin admin 2015-02-05T00:00
 
+# EC2 related creds
 $BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials"
 $BIN_DIR/keystone-manage $* credentials add demo EC2 'demo:demo' demo demo || echo "no support for adding credentials"

From e0c0a8d9fbac8920a31f031870969fe76c61c6a0 Mon Sep 17 00:00:00 2001
From: Anthony Young <sleepsonthefloor@gmail.com>
Date: Thu, 29 Sep 2011 15:46:37 -0700
Subject: [PATCH 4/5] add in a keystone pip dep

---
 files/pips/keystone | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 files/pips/keystone

diff --git a/files/pips/keystone b/files/pips/keystone
new file mode 100644
index 0000000..09636e4
--- /dev/null
+++ b/files/pips/keystone
@@ -0,0 +1 @@
+PassLib

From f0f27ff805b2af06dca1251cec7a553d4fe095e2 Mon Sep 17 00:00:00 2001
From: Anthony Young <sleepsonthefloor@gmail.com>
Date: Thu, 29 Sep 2011 16:22:05 -0700
Subject: [PATCH 5/5] use type='image' for glance

---
 files/keystone_data.sh | 10 +++++-----
 stackrc                |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index 23646d2..d1be32d 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -23,14 +23,14 @@ $BIN_DIR/keystone-manage $* role grant KeystoneAdmin admin
 $BIN_DIR/keystone-manage $* role grant KeystoneServiceAdmin admin
 
 # Services
-$BIN_DIR/keystone-manage $* service add compute compute compute
-$BIN_DIR/keystone-manage $* service add glance glance glance
-$BIN_DIR/keystone-manage $* service add identity identity identity
+$BIN_DIR/keystone-manage $* service add nova compute "Nova Compute Service"
+$BIN_DIR/keystone-manage $* service add glance image "Glance Image Service"
+$BIN_DIR/keystone-manage $* service add keystone identity "Keystone Identity Service"
 
 #endpointTemplates
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne compute http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id%  http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
+$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne nova http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id%  http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
 $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne identity http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1
+$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1
 # $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
 
 # Tokens
diff --git a/stackrc b/stackrc
index deb467b..8bc455e 100644
--- a/stackrc
+++ b/stackrc
@@ -16,7 +16,7 @@ NOVNC_BRANCH=master
 
 # django powered web control panel for openstack
 DASH_REPO=https://github.com/cloudbuilders/openstack-dashboard.git
-DASH_BRANCH=master
+DASH_BRANCH=glance_type_image
 
 # add nixon, will use this to show munin graphs in dashboard
 NIXON_REPO=https://github.com/cloudbuilders/nixon.git