don't use the same keystone admin token for everything

This commit is contained in:
Jesse Andrews 2011-10-02 09:02:46 -07:00
parent 6e9fae0d27
commit b96871e486
4 changed files with 13 additions and 6 deletions

View file

@ -175,4 +175,4 @@ auth_host = 127.0.0.1
auth_port = 35357 auth_port = 35357
auth_protocol = http auth_protocol = http
auth_uri = http://127.0.0.1:5000/ auth_uri = http://127.0.0.1:5000/
admin_token = 999888777666 admin_token = %SERVICE_TOKEN%

View file

@ -64,7 +64,7 @@ auth_host = 127.0.0.1
auth_port = 35357 auth_port = 35357
auth_protocol = http auth_protocol = http
auth_uri = http://127.0.0.1:5000/ auth_uri = http://127.0.0.1:5000/
admin_token = 999888777666 admin_token = %SERVICE_TOKEN%
[filter:keystone_shim] [filter:keystone_shim]
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory

View file

@ -34,7 +34,7 @@ $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOS
# $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1 # $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne swift http://%HOST_IP%:8080/v1/AUTH_%tenant_id% http://%HOST_IP%:8080/ http://%HOST_IP%:8080/v1/AUTH_%tenant_id% 1 1
# Tokens # Tokens
$BIN_DIR/keystone-manage $* token add 999888777666 admin admin 2015-02-05T00:00 $BIN_DIR/keystone-manage $* token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00
# EC2 related creds # EC2 related creds
$BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials" $BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials"

View file

@ -146,6 +146,10 @@ RABBIT_HOST=${RABBIT_HOST:-localhost}
# Glance connection info. Note the port must be specified. # Glance connection info. Note the port must be specified.
GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292} GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}
# Service Token - Openstack components need to have an admin token
# to validate user tokens.
SERVICE_TOKEN=${SERVICE_TOKEN:-`uuidgen`}
# Install Packages # Install Packages
# ================ # ================
# #
@ -318,11 +322,13 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf
cp $FILES/glance-registry.conf $GLANCE_CONF cp $FILES/glance-registry.conf $GLANCE_CONF
sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_CONF
sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_CONF sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_CONF
GLANCE_API_CONF=$GLANCE_DIR/etc/glance-api.conf GLANCE_API_CONF=$GLANCE_DIR/etc/glance-api.conf
cp $FILES/glance-api.conf $GLANCE_API_CONF cp $FILES/glance-api.conf $GLANCE_API_CONF
sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_API_CONF sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_API_CONF
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_API_CONF
fi fi
# Nova # Nova
@ -428,6 +434,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh
cp $FILES/keystone_data.sh $KEYSTONE_DATA cp $FILES/keystone_data.sh $KEYSTONE_DATA
sudo sed -e "s,%HOST_IP%,$HOST_IP,g" -i $KEYSTONE_DATA sudo sed -e "s,%HOST_IP%,$HOST_IP,g" -i $KEYSTONE_DATA
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_DATA
# initialize keystone with default users/endpoints # initialize keystone with default users/endpoints
BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
fi fi
@ -508,9 +515,9 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then
# add images to glance # add images to glance
# FIXME: kernel/ramdisk is hardcoded - use return result from add # FIXME: kernel/ramdisk is hardcoded - use return result from add
glance add -A 999888777666 name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image glance add -A $SERVICE_TOKEN name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image
glance add -A 999888777666 name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image glance add -A $SERVICE_TOKEN name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image
glance add -A 999888777666 name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image glance add -A $SERVICE_TOKEN name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image
fi fi
# Using the cloud # Using the cloud