don't use the same keystone admin token for everything
This commit is contained in:
parent
6e9fae0d27
commit
b96871e486
4 changed files with 13 additions and 6 deletions
|
@ -175,4 +175,4 @@ auth_host = 127.0.0.1
|
||||||
auth_port = 35357
|
auth_port = 35357
|
||||||
auth_protocol = http
|
auth_protocol = http
|
||||||
auth_uri = http://127.0.0.1:5000/
|
auth_uri = http://127.0.0.1:5000/
|
||||||
admin_token = 999888777666
|
admin_token = %SERVICE_TOKEN%
|
||||||
|
|
|
@ -64,7 +64,7 @@ auth_host = 127.0.0.1
|
||||||
auth_port = 35357
|
auth_port = 35357
|
||||||
auth_protocol = http
|
auth_protocol = http
|
||||||
auth_uri = http://127.0.0.1:5000/
|
auth_uri = http://127.0.0.1:5000/
|
||||||
admin_token = 999888777666
|
admin_token = %SERVICE_TOKEN%
|
||||||
|
|
||||||
[filter:keystone_shim]
|
[filter:keystone_shim]
|
||||||
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory
|
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory
|
||||||
|
|
|
@ -34,7 +34,7 @@ $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOS
|
||||||
# $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
|
# $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
|
||||||
|
|
||||||
# Tokens
|
# Tokens
|
||||||
$BIN_DIR/keystone-manage $* token add 999888777666 admin admin 2015-02-05T00:00
|
$BIN_DIR/keystone-manage $* token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00
|
||||||
|
|
||||||
# EC2 related creds
|
# EC2 related creds
|
||||||
$BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials"
|
$BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials"
|
||||||
|
|
13
stack.sh
13
stack.sh
|
@ -146,6 +146,10 @@ RABBIT_HOST=${RABBIT_HOST:-localhost}
|
||||||
# Glance connection info. Note the port must be specified.
|
# Glance connection info. Note the port must be specified.
|
||||||
GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}
|
GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}
|
||||||
|
|
||||||
|
# Service Token - Openstack components need to have an admin token
|
||||||
|
# to validate user tokens.
|
||||||
|
SERVICE_TOKEN=${SERVICE_TOKEN:-`uuidgen`}
|
||||||
|
|
||||||
# Install Packages
|
# Install Packages
|
||||||
# ================
|
# ================
|
||||||
#
|
#
|
||||||
|
@ -318,11 +322,13 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
|
||||||
GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf
|
GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf
|
||||||
cp $FILES/glance-registry.conf $GLANCE_CONF
|
cp $FILES/glance-registry.conf $GLANCE_CONF
|
||||||
sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF
|
sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF
|
||||||
|
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_CONF
|
||||||
sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_CONF
|
sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_CONF
|
||||||
|
|
||||||
GLANCE_API_CONF=$GLANCE_DIR/etc/glance-api.conf
|
GLANCE_API_CONF=$GLANCE_DIR/etc/glance-api.conf
|
||||||
cp $FILES/glance-api.conf $GLANCE_API_CONF
|
cp $FILES/glance-api.conf $GLANCE_API_CONF
|
||||||
sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_API_CONF
|
sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_API_CONF
|
||||||
|
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_API_CONF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Nova
|
# Nova
|
||||||
|
@ -428,6 +434,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
|
||||||
KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh
|
KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh
|
||||||
cp $FILES/keystone_data.sh $KEYSTONE_DATA
|
cp $FILES/keystone_data.sh $KEYSTONE_DATA
|
||||||
sudo sed -e "s,%HOST_IP%,$HOST_IP,g" -i $KEYSTONE_DATA
|
sudo sed -e "s,%HOST_IP%,$HOST_IP,g" -i $KEYSTONE_DATA
|
||||||
|
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_DATA
|
||||||
# initialize keystone with default users/endpoints
|
# initialize keystone with default users/endpoints
|
||||||
BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
|
BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
|
||||||
fi
|
fi
|
||||||
|
@ -508,9 +515,9 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
|
||||||
|
|
||||||
# add images to glance
|
# add images to glance
|
||||||
# FIXME: kernel/ramdisk is hardcoded - use return result from add
|
# FIXME: kernel/ramdisk is hardcoded - use return result from add
|
||||||
glance add -A 999888777666 name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image
|
glance add -A $SERVICE_TOKEN name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image
|
||||||
glance add -A 999888777666 name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image
|
glance add -A $SERVICE_TOKEN name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image
|
||||||
glance add -A 999888777666 name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image
|
glance add -A $SERVICE_TOKEN name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Using the cloud
|
# Using the cloud
|
||||||
|
|
Loading…
Reference in a new issue