deleted keystone

exercises/euca.sh

@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-
-# we will use the ``euca2ools`` cli tool that wraps the python boto
-# library to test ec2 compatibility
-#
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occured.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error.  It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-
-# Settings
-# ========
-
-# Use openrc + stackrc + localrc for settings
-pushd $(cd $(dirname "$0")/.. && pwd)
-source ./openrc
-popd
-
-# find a machine image to boot
-IMAGE=`euca-describe-images | grep machine | cut -f2 | head -n1`
-
-# launch it
-INSTANCE=`euca-run-instances $IMAGE | grep INSTANCE | cut -f2`
-
-# assure it has booted within a reasonable time
-if ! timeout $RUNNING_TIMEOUT sh -c "while euca-describe-instances $INSTANCE | grep -q running; do sleep 1; done"; then
-    echo "server didn't become active within $RUNNING_TIMEOUT seconds"
-    exit 1
-fi
-
-euca-terminate-instances $INSTANCE

exercises/floating_ips.sh

@@ -1,168 +0,0 @@
-#!/usr/bin/env bash
-
-# **exercise.sh** - using the cloud can be fun
-
-# we will use the ``nova`` cli tool provided by the ``python-novaclient``
-# package
-#
-
-
-# This script exits on an error so that errors don't compound and you see
-# only the first error that occured.
-set -o errexit
-
-# Print the commands being run so that we can see the command that triggers
-# an error.  It is also useful for following allowing as the install occurs.
-set -o xtrace
-
-
-# Settings
-# ========
-
-# Use openrc + stackrc + localrc for settings
-pushd $(cd $(dirname "$0")/.. && pwd)
-source ./openrc
-popd
-
-# Get a token for clients that don't support service catalog
-# ==========================================================
-
-# manually create a token by querying keystone (sending JSON data).  Keystone
-# returns a token and catalog of endpoints.  We use python to parse the token
-# and save it.
-
-TOKEN=`curl -s -d  "{\"auth\":{\"passwordCredentials\": {\"username\": \"$NOVA_USERNAME\", \"password\": \"$NOVA_PASSWORD\"}}}" -H "Content-type: application/json" http://$HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"`
-
-# Launching a server
-# ==================
-
-# List servers for tenant:
-nova list
-
-# Images
-# ------
-
-# Nova has a **deprecated** way of listing images.
-nova image-list
-
-# But we recommend using glance directly
-glance -A $TOKEN index
-
-# Let's grab the id of the first AMI image to launch
-IMAGE=`glance -A $TOKEN index | egrep ami | cut -d" " -f1`
-
-# Security Groups
-# ---------------
-SECGROUP=test_secgroup
-
-# List of secgroups:
-nova secgroup-list
-
-# Create a secgroup
-nova secgroup-create $SECGROUP "test_secgroup description"
-
-# determine flavor
-# ----------------
-
-# List of flavors:
-nova flavor-list
-
-# and grab the first flavor in the list to launch
-FLAVOR=`nova flavor-list | head -n 4 | tail -n 1 | cut -d"|" -f2`
-
-NAME="myserver"
-
-nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP
-
-# Testing
-# =======
-
-# First check if it spins up (becomes active and responds to ping on
-# internal ip).  If you run this script from a nova node, you should
-# bypass security groups and have direct access to the server.
-
-# Waiting for boot
-# ----------------
-
-# Max time to wait while vm goes from build to active state
-ACTIVE_TIMEOUT=${ACTIVE_TIMEOUT:-10}
-
-# Max time till the vm is bootable
-BOOT_TIMEOUT=${BOOT_TIMEOUT:-15}
-
-# Max time to wait for proper association and dis-association.
-ASSOCIATE_TIMEOUT=${ASSOCIATE_TIMEOUT:-10}
-
-# check that the status is active within ACTIVE_TIMEOUT seconds
-if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova show $NAME | grep status | grep -q ACTIVE; do sleep 1; done"; then
-    echo "server didn't become active!"
-    exit 1
-fi
-
-# get the IP of the server
-IP=`nova show $NAME | grep "private network" | cut -d"|" -f3`
-
-# for single node deployments, we can ping private ips
-MULTI_HOST=${MULTI_HOST:-0}
-if [ "$MULTI_HOST" = "0" ]; then
-    # sometimes the first ping fails (10 seconds isn't enough time for the VM's
-    # network to respond?), so let's ping for a default of 15 seconds with a
-    # timeout of a second for each ping.
-    if ! timeout $BOOT_TIMEOUT sh -c "while ! ping -c1 -w1 $IP; do sleep 1; done"; then
-        echo "Couldn't ping server"
-        exit 1
-    fi
-else
-    # On a multi-host system, without vm net access, do a sleep to wait for the boot
-    sleep $BOOT_TIMEOUT
-fi
-
-# Security Groups & Floating IPs
-# ------------------------------
-
-# allow icmp traffic (ping)
-nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0
-
-# List rules for a secgroup
-nova secgroup-list-rules $SECGROUP
-
-# allocate a floating ip
-nova floating-ip-create
-
-# store  floating address
-FLOATING_IP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'`
-
-# add floating ip to our server
-nova add-floating-ip $NAME $FLOATING_IP
-
-# test we can ping our floating ip within ASSOCIATE_TIMEOUT seconds
-if ! timeout $ASSOCIATE_TIMEOUT sh -c "while ! ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then
-    echo "Couldn't ping server with floating ip"
-    exit 1
-fi
-
-# dis-allow icmp traffic (ping)
-nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0
-
-# FIXME (anthony): make xs support security groups
-if [ "$VIRT_DRIVER" != "xenserver" ]; then
-    # test we can aren't able to ping our floating ip within ASSOCIATE_TIMEOUT seconds
-    if ! timeout $ASSOCIATE_TIMEOUT sh -c "while ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then
-        print "Security group failure - ping should not be allowed!"
-        echo "Couldn't ping server with floating ip"
-        exit 1
-    fi
-fi
-
-# de-allocate the floating ip
-nova floating-ip-delete $FLOATING_IP
-
-# shutdown the server
-nova delete $NAME
-
-# Delete a secgroup
-nova secgroup-delete $SECGROUP
-
-# FIXME: validate shutdown within 5 seconds
-# (nova show $NAME returns 1 or status != ACTIVE)?
-

files/keystone.conf

@@ -1,116 +0,0 @@
-[DEFAULT]
-# Show more verbose log output (sets INFO log level output)
-verbose = False
-
-# Show debugging output in logs (sets DEBUG log level output)
-debug = False
-
-# Which backend store should Keystone use by default.
-# Default: 'sqlite'
-# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
-default_store = sqlite
-
-# Log to this file. Make sure you do not set the same log
-# file for both the API and registry servers!
-log_file = %DEST%/keystone/keystone.log
-
-# List of backends to be configured
-backends = keystone.backends.sqlalchemy
-#For LDAP support, add: ,keystone.backends.ldap
-
-# Dictionary Maps every service to a header.Missing services would get header
-# X_(SERVICE_NAME) Key => Service Name, Value => Header Name
-service-header-mappings = {
-	'nova' : 'X-Server-Management-Url',
-	'swift' : 'X-Storage-Url',
-	'cdn' : 'X-CDN-Management-Url'}
-
-#List of extensions currently supported
-extensions= osksadm,oskscatalog
-
-# Address to bind the API server
-# TODO Properties defined within app not available via pipeline.
-service_host = 0.0.0.0
-
-# Port the bind the API server to
-service_port = 5000
-
-# SSL for API server
-service_ssl = False
-
-# Address to bind the Admin API server
-admin_host = 0.0.0.0
-
-# Port the bind the Admin API server to
-admin_port = 35357
-
-# SSL for API Admin server
-admin_ssl = False
-
-# Keystone certificate file (modify as needed)
-# Only required if *_ssl is set to True
-certfile = /etc/keystone/ssl/certs/keystone.pem
-
-# Keystone private key file (modify as needed)
-# Only required if *_ssl is set to True
-keyfile = /etc/keystone/ssl/private/keystonekey.pem
-
-# Keystone trusted CA certificates  (modify as needed)
-# Only required if *_ssl is set to True
-ca_certs = /etc/keystone/ssl/certs/ca.pem
-
-# Client certificate required
-# Only relevant if *_ssl is set to True
-cert_required = True
-
-#Role that allows to perform admin operations.
-keystone-admin-role = Admin
-
-#Role that allows to perform service admin operations.
-keystone-service-admin-role = KeystoneServiceAdmin
-
-#Tells whether password user need to be hashed in the backend
-hash-password = True
-
-[keystone.backends.sqlalchemy]
-# SQLAlchemy connection string for the reference implementation registry
-# server. Any valid SQLAlchemy connection string is fine.
-# See: http://bit.ly/ideIpI
-sql_connection = %SQL_CONN%
-backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',
-                    'User', 'Credentials', 'EndpointTemplates', 'Token',
-                    'Service']
-
-# Period in seconds after which SQLAlchemy should reestablish its connection
-# to the database.
-sql_idle_timeout = 30
-
-[pipeline:admin]
-pipeline =
-    urlrewritefilter
-    admin_api
-
-[pipeline:keystone-legacy-auth]
-pipeline =
-    urlrewritefilter
-    legacy_auth
-    RAX-KEY-extension
-    service_api
-
-[app:service_api]
-paste.app_factory = keystone.server:service_app_factory
-
-[app:admin_api]
-paste.app_factory = keystone.server:admin_app_factory
-
-[filter:urlrewritefilter]
-paste.filter_factory = keystone.middleware.url:filter_factory
-
-[filter:legacy_auth]
-paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory
-
-[filter:RAX-KEY-extension]
-paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory
-
-[filter:debug]
-paste.filter_factory = keystone.common.wsgi:debug_filter_factory

files/keystone_data.sh

@@ -1,46 +0,0 @@
-#!/bin/bash
-BIN_DIR=${BIN_DIR:-.}
-# Tenants
-$BIN_DIR/keystone-manage $* tenant add admin
-$BIN_DIR/keystone-manage $* tenant add demo
-$BIN_DIR/keystone-manage $* tenant add invisible_to_admin
-
-# Users
-$BIN_DIR/keystone-manage $* user add admin %ADMIN_PASSWORD%
-$BIN_DIR/keystone-manage $* user add demo %ADMIN_PASSWORD%
-
-# Roles
-$BIN_DIR/keystone-manage $* role add Admin
-$BIN_DIR/keystone-manage $* role add Member
-$BIN_DIR/keystone-manage $* role add KeystoneAdmin
-$BIN_DIR/keystone-manage $* role add KeystoneServiceAdmin
-$BIN_DIR/keystone-manage $* role add sysadmin
-$BIN_DIR/keystone-manage $* role add netadmin
-$BIN_DIR/keystone-manage $* role grant Admin admin admin
-$BIN_DIR/keystone-manage $* role grant Member demo demo
-$BIN_DIR/keystone-manage $* role grant sysadmin demo demo
-$BIN_DIR/keystone-manage $* role grant netadmin demo demo
-$BIN_DIR/keystone-manage $* role grant Member demo invisible_to_admin
-$BIN_DIR/keystone-manage $* role grant Admin admin demo
-$BIN_DIR/keystone-manage $* role grant Admin admin
-$BIN_DIR/keystone-manage $* role grant KeystoneAdmin admin
-$BIN_DIR/keystone-manage $* role grant KeystoneServiceAdmin admin
-
-# Services
-$BIN_DIR/keystone-manage $* service add nova compute "Nova Compute Service"
-$BIN_DIR/keystone-manage $* service add glance image "Glance Image Service"
-$BIN_DIR/keystone-manage $* service add keystone identity "Keystone Identity Service"
-
-#endpointTemplates
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne nova http://%HOST_IP%:8774/v1.1/%tenant_id% http://%HOST_IP%:8774/v1.1/%tenant_id%  http://%HOST_IP%:8774/v1.1/%tenant_id% 1 1
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% http://%HOST_IP%:9292/v1.1/%tenant_id% 1 1
-$BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:35357/v2.0 http://%HOST_IP%:5000/v2.0 1 1
-
-# Tokens
-$BIN_DIR/keystone-manage $* token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00
-
-# EC2 related creds - note we are setting the secret key to ADMIN_PASSWORD
-# but keystone doesn't parse them - it is just a blob from keystone's
-# point of view
-$BIN_DIR/keystone-manage $* credentials add admin EC2 'admin' '%ADMIN_PASSWORD%' admin || echo "no support for adding credentials"
-$BIN_DIR/keystone-manage $* credentials add demo EC2 'demo' '%ADMIN_PASSWORD%' demo || echo "no support for adding credentials"

localrc

@@ -1,4 +1,3 @@
 MYSQL_PASSWORD=passmysql
 RABBIT_PASSWORD=passrabbit
 SERVICE_TOKEN=passadmintoken
-ADMIN_PASSWORD=passkeystone

openrc

@@ -17,10 +17,6 @@ export NOVA_PROJECT_ID=${TENANT:-demo}
 # the action as the **user**.
 export NOVA_USERNAME=${USERNAME:-demo}
 
-# With Keystone you pass the keystone password instead of an api key.
-# The most recent versions of novaclient use NOVA_PASSWORD instead of NOVA_API_KEY
-export NOVA_PASSWORD=${ADMIN_PASSWORD:-secrete}
-
 # With the addition of Keystone, to use an openstack cloud you should
 # authenticate against keystone, which returns a **Token** and **Service
 # Catalog**.  The catalog contains the endpoint for all services the user/tenant

stack.sh

@@ -126,14 +126,13 @@ fi
 # Set the destination directories for openstack projects
 NOVA_DIR=$DEST/nova
 GLANCE_DIR=$DEST/glance
-KEYSTONE_DIR=$DEST/keystone
 NOVACLIENT_DIR=$DEST/python-novaclient
 
 # Default Quantum Plugin
 Q_PLUGIN=${Q_PLUGIN:-openvswitch}
 
 # Specify which services to launch.  These generally correspond to screen tabs
-ENABLED_SERVICES=${ENABLED_SERVICES:-g-api,g-reg,key,n-api,n-cpu,n-net,n-sch,mysql,rabbit}
+ENABLED_SERVICES=${ENABLED_SERVICES:-g-api,g-reg,n-api,n-cpu,n-net,n-sch,mysql,rabbit}
 
 # Name of the lvm volume group to use/create for iscsi volumes
 VOLUME_GROUP=${VOLUME_GROUP:-nova-volumes}
@@ -275,14 +274,9 @@ read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
 # Glance connection info.  Note the port must be specified.
 GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}
 
-# Keystone
-# --------
-
 # Service Token - Openstack components need to have an admin token
 # to validate user tokens.
 read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."
-# Horizon currently truncates usernames and passwords at 20 characters
-read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR HORIZON AND KEYSTONE (20 CHARS OR LESS)."
 
 LOGFILE=${LOGFILE:-"$PWD/stack.sh.$$.log"}
 (
@@ -335,10 +329,6 @@ function get_packages() {
             if [[ ! $file_to_parse =~ glance ]]; then
                 file_to_parse="${file_to_parse} glance"
             fi
-        elif [[ $service == key* ]]; then
-            if [[ ! $file_to_parse =~ keystone ]]; then
-                file_to_parse="${file_to_parse} keystone"
-            fi
         fi
     done
 
@@ -422,14 +412,6 @@ git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
 # python client library to nova that horizon (and others) use
 git_clone $NOVACLIENT_REPO $NOVACLIENT_DIR $NOVACLIENT_BRANCH
 
-# glance, swift middleware and nova api needs keystone middleware
-if [[ "$ENABLED_SERVICES" =~ "key" ||
-      "$ENABLED_SERVICES" =~ "g-api" ||
-      "$ENABLED_SERVICES" =~ "n-api" ||
-      "$ENABLED_SERVICES" =~ "swift" ]]; then
-    # unified auth system (manages accounts/tokens)
-    git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
-fi
 if [[ "$ENABLED_SERVICES" =~ "g-api" ||
       "$ENABLED_SERVICES" =~ "n-api" ]]; then
     # image catalog service
@@ -442,12 +424,6 @@ fi
 
 # setup our checkouts so they are installed into python path
 # allowing ``import nova`` or ``import glance.client``
-if [[ "$ENABLED_SERVICES" =~ "key" ||
-      "$ENABLED_SERVICES" =~ "g-api" ||
-      "$ENABLED_SERVICES" =~ "n-api" ||
-      "$ENABLED_SERVICES" =~ "swift" ]]; then
-    cd $KEYSTONE_DIR; sudo python setup.py develop
-fi
 if [[ "$ENABLED_SERVICES" =~ "g-api" ||
       "$ENABLED_SERVICES" =~ "n-api" ]]; then
     cd $GLANCE_DIR; sudo python setup.py develop
@@ -716,30 +692,6 @@ if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then
 fi
 
 
-# Keystone
-# --------
-
-if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
-    # (re)create keystone database
-    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'
-    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone;'
-
-    # Configure keystone.conf
-    KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf
-    cp $FILES/keystone.conf $KEYSTONE_CONF
-    sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone,g" -i $KEYSTONE_CONF
-    sudo sed -e "s,%DEST%,$DEST,g" -i $KEYSTONE_CONF
-
-    # keystone_data.sh creates our admin user and our ``SERVICE_TOKEN``.
-    KEYSTONE_DATA=$KEYSTONE_DIR/bin/keystone_data.sh
-    cp $FILES/keystone_data.sh $KEYSTONE_DATA
-    sudo sed -e "s,%HOST_IP%,$HOST_IP,g" -i $KEYSTONE_DATA
-    sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_DATA
-    sudo sed -e "s,%ADMIN_PASSWORD%,$ADMIN_PASSWORD,g" -i $KEYSTONE_DATA
-    # initialize keystone with default users/endpoints
-    ENABLED_SERVICES=$ENABLED_SERVICES BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
-fi
-
 
 # Launch Services
 # ===============
@@ -785,16 +737,6 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
     fi
 fi
 
-# launch the keystone and wait for it to answer before continuing
-if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
-    screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF -d"
-    echo "Waiting for keystone to start..."
-    if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget -q -O- http://127.0.0.1:5000; do sleep 1; done"; then
-      echo "keystone did not start"
-      exit 1
-    fi
-fi
-
 # launch the nova-api and wait for it to answer before continuing
 if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
     screen_it n-api "cd $NOVA_DIR && $NOVA_DIR/bin/nova-api"
@@ -896,14 +838,6 @@ echo ""
 echo ""
 echo ""
 
-# If keystone is present, you can point nova cli to this server
-if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
-    echo "keystone is serving at http://$HOST_IP:5000/v2.0/"
-    echo "examples on using novaclient command line is in exercise.sh"
-    echo "the default users are: admin and demo"
-    echo "the password: $ADMIN_PASSWORD"
-fi
-
 # indicate how long this took to run (bash maintained variable 'SECONDS')
 echo "stack.sh completed in $SECONDS seconds."