From 89358afe3598cc5d4636f050deeacf8c5cc2354f Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Sun, 2 Oct 2011 14:11:17 -0400 Subject: [PATCH] don't use secrete as admin password - fixes #34 --- files/keystone_data.sh | 12 +++++++----- stack.sh | 4 ++++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/files/keystone_data.sh b/files/keystone_data.sh index cfb4572..f48eaf9 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -6,8 +6,8 @@ $BIN_DIR/keystone-manage $* tenant add demo $BIN_DIR/keystone-manage $* tenant add invisible_to_admin # Users -$BIN_DIR/keystone-manage $* user add admin secrete -$BIN_DIR/keystone-manage $* user add demo secrete +$BIN_DIR/keystone-manage $* user add admin %ADMIN_PASSWORD% +$BIN_DIR/keystone-manage $* user add demo %ADMIN_PASSWORD% # Roles $BIN_DIR/keystone-manage $* role add Admin @@ -36,6 +36,8 @@ $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOS # Tokens $BIN_DIR/keystone-manage $* token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00 -# EC2 related creds -$BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials" -$BIN_DIR/keystone-manage $* credentials add demo EC2 'demo:demo' demo demo || echo "no support for adding credentials" +# EC2 related creds - note we are setting the token to user_password +# but keystone doesn't parse them - it is just a blob from keystone's +# point of view +$BIN_DIR/keystone-manage $* credentials add admin EC2 'admin_%ADMIN_PASSWORD%' admin admin || echo "no support for adding credentials" +$BIN_DIR/keystone-manage $* credentials add demo EC2 'demo_%ADMIN_PASSWORD%' demo demo || echo "no support for adding credentials" diff --git a/stack.sh b/stack.sh index 27ea5ec..07b323b 100755 --- a/stack.sh +++ b/stack.sh @@ -147,6 +147,7 @@ GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292} # Service Token - Openstack components need to have an admin token # to validate user tokens. SERVICE_TOKEN=${SERVICE_TOKEN:-`uuidgen`} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-`openssl rand -hex 12`} # Install Packages # ================ @@ -415,6 +416,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then cp $FILES/keystone_data.sh $KEYSTONE_DATA sudo sed -e "s,%HOST_IP%,$HOST_IP,g" -i $KEYSTONE_DATA sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_DATA + sudo sed -e "s,%ADMIN_PASSWORD%,$ADMIN_PASSWORD,g" -i $KEYSTONE_DATA # initialize keystone with default users/endpoints BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA fi @@ -513,6 +515,8 @@ fi if [[ "$ENABLED_SERVICES" =~ "key" ]]; then echo "keystone is serving at http://$HOST_IP:5000/v2.0/" echo "examples on using novaclient command line is in exercise.sh" + echo "the default users are: admin and demo" + echo "the password: $ADMIN_PASSWORD" fi # Summary