Last active
August 29, 2015 14:01
-
-
Save ishikawa84g/b769460ba6f38fc24cfd to your computer and use it in GitHub Desktop.
DevStackから抜いたKeystone初期ユーザ等の設定スクリプト。Endpointはあっている・・・はず。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ----------- | |
| # Defaults | |
| # ----------- | |
| SERVICE_PROJECT=service | |
| ADMIN_PROJECT=admin | |
| DEMO_PROJECT=demo | |
| ADMIN_ROLE=admin | |
| MEMBER_ROLE=_member_ | |
| HEAT_OWNER_ROLE=heat_stack_owner | |
| # SERVIVCE PASSWORD | |
| ADMIN_PASSWORD=YOUR_PASSWORD | |
| DEMO_PASSWORD=YOUR_PASSWORD | |
| NOVA_PASSWORD=YOUR_PASSWORD | |
| GLANCE_PASSWORD=YOUR_PASSWORD | |
| CINDER_PASSWORD=YOUR_PASSWORD | |
| NEUTRON_PASSWORD=YOUR_PASSWORD | |
| CEILOMETER_PASSWORD=YOUR_PASSWORD | |
| HEAT_PASSWORD=YOUR_PASSWORD | |
| # SERVICE USER | |
| ADMIN_USER=admin | |
| DEMO_USER=demo | |
| NOVA_USER=nova | |
| GLANCE_USER=glance | |
| CINDER_USER=cinder | |
| NEUTRON_USER=neutron | |
| CEILOMETER_USER=ceilometer | |
| HEAT_USER=heat | |
| # E-MAIL ADDRESS | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| # SERVICE PROTOCOL | |
| NOVA_PUBLIC_SERVICE_PROTOCOL=http | |
| NOVA_ADMIN_SERVICE_PROTOCOL=http | |
| NOVA_INTERNAL_SERVICE_PROTOCOL=http | |
| EC2_PUBLIC_SERVICE_PROTOCOL=http | |
| EC2_ADMIN_SERVICE_PROTOCOL=http | |
| EC2_INTERNAL_SERVICE_PROTOCOL=http | |
| GLANCE_PUBLIC_SERVICE_PROTOCOL=http | |
| GLANCE_ADMIN_SERVICE_PROTOCOL=http | |
| GLANCE_INTERNAL_SERVICE_PROTOCOL=http | |
| KEYSTONE_PUBLIC_SERVICE_PROTOCOL=http | |
| KEYSTONE_ADMIN_SERVICE_PROTOCOL=http | |
| KEYSTONE_INTERNAL_SERVICE_PROTOCOL=http | |
| CINDER_PUBLIC_SERVICE_PROTOCOL=http | |
| CINDER_ADMIN_SERVICE_PROTOCOL=http | |
| CINDER_INTERNAL_SERVICE_PROTOCOL=http | |
| NEUTRON_PUBLIC_SERVICE_PROTOCOL=http | |
| NEUTRON_ADMIN_SERVICE_PROTOCOL=http | |
| NEUTRON_INTERNAL_SERVICE_PROTOCOL=http | |
| CEILOMETER_PUBLIC_SERVICE_PROTOCOL=http | |
| CEILOMETER_ADMIN_SERVICE_PROTOCOL=http | |
| CEILOMETER_INTERNAL_SERVICE_PROTOCOL=http | |
| HEAT_API_PUBLIC_SERVICE_PROTOCOL=http | |
| HEAT_API_ADMIN_SERVICE_PROTOCOL=http | |
| HEAT_API_INTERNAL_SERVICE_PROTOCOL=http | |
| HEAT_CFN_PUBLIC_SERVICE_PROTOCOL=http | |
| HEAT_CFN_ADMIN_SERVICE_PROTOCOL=http | |
| HEAT_CFN_INTERNAL_SERVICE_PROTOCOL=http | |
| # SERVICE PORT | |
| NOVA_COMPUTE_PORT=8774 | |
| EC2_PORT=8773 | |
| GLANCE_API_PORT=9292 | |
| KEYSTONE_PUBLIC_PORT=5000 | |
| KEYSTONE_ADMIN_PORT=35357 | |
| CINDER_PORT=8776 | |
| NEUTRON_PORT=9696 | |
| CEILOMETER_PORT=8777 | |
| HEAT_API_PORT=8004 | |
| HEAT_API_CFN_PORT=8000 | |
| # IDENTITY | |
| IDENTITY_API_VERSION=2.0 | |
| REGION=RegionOne | |
| # SERVICE HOST ADDRESS | |
| NOVA_PUBLIC_SERVICE_HOST=127.0.0.1 | |
| NOVA_ADMIN_SERVICE_HOST=127.0.0.1 | |
| NOVA_INTERNAL_SERVICE_HOST=127.0.0.1 | |
| EC2_PUBLIC_SERVICE_HOST=127.0.0.1 | |
| EC2_ADMIN_SERVICE_HOST=127.0.0.1 | |
| EC2_INTERNAL_SERVICE_HOST=127.0.0.1 | |
| GLANCE_PUBLIC_SERVICE_HOST=127.0.0.1 | |
| GLANCE_ADMIN_SERVICE_HOST=127.0.0.1 | |
| GLANCE_INTERNAL_SERVICE_HOST=127.0.0.1 | |
| KEYSTONE_PUBLIC_SERVICE_HOST=127.0.0.1 | |
| KEYSTONE_ADMIN_SERVICE_HOST=127.0.0.1 | |
| KEYSTONE_INTERNAL_SERVICE_HOST=127.0.0.1 | |
| CINDER_PUBLIC_SERVICE_HOST=127.0.0.1 | |
| CINDER_ADMIN_SERVICE_HOST=127.0.0.1 | |
| CINDER_INTERNAL_SERVICE_HOST=127.0.0.1 | |
| NEUTRON_PUBLIC_SERVICE_HOST=127.0.0.1 | |
| NEUTRON_ADMIN_SERVICE_HOST=127.0.0.1 | |
| NEUTRON_INTERNAL_SERVICE_HOST=127.0.0.1 | |
| CEILOMETER_PUBLIC_SERVICE_HOST=127.0.0.1 | |
| CEILOMETER_ADMIN_SERVICE_HOST=127.0.0.1 | |
| CEILOMETER_INTERNAL_SERVICE_HOST=127.0.0.1 | |
| HEAT_API_PUBLIC_SERVICE_HOST=127.0.0.1 | |
| HEAT_API_ADMIN_SERVICE_HOST=127.0.0.1 | |
| HEAT_API_INTERNAL_SERVICE_HOST=127.0.0.1 | |
| HEAT_CFN_PUBLIC_SERVICE_HOST=127.0.0.1 | |
| HEAT_CFN_ADMIN_SERVICE_HOST=127.0.0.1 | |
| HEAT_CFN_INTERNAL_SERVICE_HOST=127.0.0.1 | |
| # export OS_TOKEN=999888777666 | |
| # export OS_URL=http://127.0.0.1:35357/v2.0 | |
| # OR openstack --os-token $OS_TOKEN --os-url $OS_URL | |
| # -------------------------------------- | |
| # Functions | |
| # -------------------------------------- | |
| function get_field { | |
| while read data; do | |
| if [ "$1" -lt 0 ]; then | |
| field="(\$(NF$1))" | |
| else | |
| field="\$$(($1 + 1))" | |
| fi | |
| echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}" | |
| done | |
| } | |
| # -------------------------------------- | |
| # Roles | |
| # -------------------------------------- | |
| openstack role create $ADMIN_ROLE | |
| #openstack role create $MEMBER_ROLE | |
| # -------------------------------------- | |
| # Projects | |
| # -------------------------------------- | |
| openstack project create $ADMIN_PROJECT | |
| openstack project create $DEMO_PROJECT | |
| openstack project create $SERVICE_PROJECT | |
| # -------------------------------------- | |
| # Users | |
| # -------------------------------------- | |
| openstack user create --project $ADMIN_PROJECT --email $ADMIN_EMAIL --password $ADMIN_PASSWORD $ADMIN_USER | |
| openstack user create --project $DEMO_PROJECT --email $DEMO_EMAIL --password $DEMO_PASSWORD $DEMO_USER | |
| # -------------------------------------- | |
| # Service Users | |
| # -------------------------------------- | |
| openstack user create --password $NOVA_PASSWORD --project $SERVICE_PROJECT --email $NOVA_EMAIL $NOVA_USER | |
| openstack user create --password $GLANCE_PASSWORD --project $SERVICE_PROJECT --email $GLANCE_EMAIL $GLANCE_USER | |
| openstack user create --password $CINDER_PASSWORD --project $SERVICE_PROJECT --email $CINDER_EMAIL $CINDER_USER | |
| openstack user create --password $NEUTRON_PASSWORD --project $SERVICE_PROJECT --email $NEUTRON_EMAIL $NEUTRON_USER | |
| openstack user create --password $CEILOMETER_PASSWORD --project $SERVICE_PROJECT --email $CEILOMETER_EMAIL $CEILOMETER_USER | |
| openstack user create --password $HEAT_PASSWORD --project $SERVICE_PROJECT --email $HEAT_EMAIL $HEAT_USER | |
| # -------------------------------------- | |
| # Role add | |
| # -------------------------------------- | |
| openstack role add --project $ADMIN_PROJECT --user $ADMIN_USER $ADMIN_ROLE | |
| openstack role add --project $DEMO_PROJECT --user $ADMIN_USER $ADMIN_ROLE | |
| #openstack role add --project $DEMO_PROJECT --user $DEMO_USER $MEMBER_ROLE | |
| openstack role add --project $SERVICE_PROJECT --user $NOVA_USER $ADMIN_ROLE | |
| openstack role add --project $SERVICE_PROJECT --user $GLANCE_USER $ADMIN_ROLE | |
| openstack role add --project $SERVICE_PROJECT --user $CINDER_USER $ADMIN_ROLE | |
| openstack role add --project $SERVICE_PROJECT --user $NEUTRON_USER $ADMIN_ROLE | |
| openstack role add --project $SERVICE_PROJECT --user $CEILOMETER_USER $ADMIN_ROLE | |
| openstack role add --project $SERVICE_PROJECT --user $HEAT_USER $ADMIN_ROLE | |
| # -------------------------------------- | |
| # Service | |
| # -------------------------------------- | |
| openstack service create --type=compute --description="Nova Compute Service" nova | |
| openstack service create --type=computev3 --description="Nova Compute Service V3" novav3 | |
| openstack service create --type ec2 --description "EC2 Compatibility Layer" ec2 | |
| openstack service create --type image --description "Glance Image Service" glance | |
| openstack service create --type identity --description "Keystone Identity Service" keystone | |
| openstack service create --type=volume --description="Cinder Volume Service" cinder | |
| openstack service create --type=volumev2 --description="Cinder Volume Service V2" cinderv2 | |
| openstack service create --type=network --description="Neutron Service" neutron | |
| openstack service create --type=metering --description="OpenStack Telemetry Service" ceilometer | |
| HEAT_SERVICE=$(openstack service create --type=orchestration --description="Heat Orchestration Service" heat | grep " id " | get_field 2) | |
| HEAT_CFN_SERVICE=$(openstack service create --type=cloudformation --description="Heat CloudFormation Service" heat | grep " id " | get_field 2) | |
| # -------------------------------------- | |
| # Endpoint | |
| # -------------------------------------- | |
| # Nova | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "${NOVA_PUBLIC_SERVICE_PROTOCOL}://${NOVA_PUBLIC_SERVICE_HOST}:${NOVA_COMPUTE_PORT}/v2/\$(tenant_id)s" \ | |
| --adminurl "${NOVA_ADMIN_SERVICE_PROTOCOL}://${NOVA_ADMIN_SERVICE_HOST}:${NOVA_COMPUTE_PORT}/v2/\$(tenant_id)s" \ | |
| --internalurl "${NOVA_INTERNAL_SERVICE_PROTOCOL}://${NOVA_INTERNAL_SERVICE_HOST}:${NOVA_COMPUTE_PORT}/v2/\$(tenant_id)s" \ | |
| nova | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "${NOVA_PUBLIC_SERVICE_PROTOCOL}://${NOVA_PUBLIC_SERVICE_HOST}:${NOVA_COMPUTE_PORT}/v3" \ | |
| --adminurl "${NOVA_ADMIN_SERVICE_PROTOCOL}://${NOVA_ADMIN_SERVICE_HOST}:${NOVA_COMPUTE_PORT}/v3" \ | |
| --internalurl "${NOVA_INTERNAL_SERVICE_PROTOCOL}://${NOVA_INTERNAL_SERVICE_HOST}:${NOVA_COMPUTE_PORT}/v3" \ | |
| novav3 | |
| # EC2 | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "${EC2_PUBLIC_SERVICE_PROTOCOL}://${EC2_PUBLIC_SERVICE_HOST}:${EC2_PORT}/services/Cloud" \ | |
| --adminurl "${EC2_INTERNAL_SERVICE_PROTOCOL}://${EC2_ADMIN_SERVICE_HOST}:${EC2_PORT}/services/Admin" \ | |
| --internalurl "${EC2_ADMIN_SERVICE_PROTOCOL}://${EC2_INTERNAL_SERVICE_HOST}:${EC2_PORT}/services/Cloud" \ | |
| ec2 | |
| # Glance | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "${GLANCE_PUBLIC_SERVICE_PROTOCOL}://${GLANCE_PUBLIC_SERVICE_HOST}:${GLANCE_API_PORT}" \ | |
| --adminurl "${GLANCE_ADMIN_SERVICE_PROTOCOL}://${GLANCE_INTERNAL_SERVICE_HOST}:${GLANCE_API_PORT}" \ | |
| --internalurl "${GLANCE_INTERNAL_SERVICE_PROTOCOL}://${GLANCE_ADMIN_SERVICE_HOST}:${GLANCE_API_PORT}" \ | |
| glance | |
| # Keystone | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "${KEYSTONE_PUBLIC_SERVICE_PROTOCOL}://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_PORT}/v${IDENTITY_API_VERSION}" \ | |
| --adminurl "${KEYSTONE_ADMIN_SERVICE_PROTOCOL}://${KEYSTONE_INTERNAL_SERVICE_HOST}:${KEYSTONE_ADMIN_PORT}/v${IDENTITY_API_VERSION}" \ | |
| --internalurl "${KEYSTONE_INTERNAL_SERVICE_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_PUBLIC_PORT}/v${IDENTITY_API_VERSION}" \ | |
| keystone | |
| # Cinder | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "${CINDER_PUBLIC_SERVICE_PROTOCOL}://${CINDER_PUBLIC_SERVICE_HOST}:${CINDER_PORT}/v1/\$(tenant_id)s" \ | |
| --adminurl "${CINDER_ADMIN_SERVICE_PROTOCOL}://${CINDER_ADMIN_SERVICE_HOST}:${CINDER_PORT}/v1/\$(tenant_id)s" \ | |
| --internalurl "${CINDER_INTERNAL_SERVICE_PROTOCOL}://${CINDER_INTERNAL_SERVICE_HOST}:${CINDER_PORT}/v1/\$(tenant_id)s" \ | |
| cinder | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "${CINDER_PUBLIC_SERVICE_PROTOCOL}://${CINDER_PUBLIC_SERVICE_HOST}:${CINDER_PORT}/v2/\$(tenant_id)s" \ | |
| --adminurl "${CINDER_ADMIN_SERVICE_PROTOCOL}://${CINDER_ADMIN_SERVICE_HOST}:${CINDER_PORT}/v2/\$(tenant_id)s" \ | |
| --internalurl "${CINDER_INTERNAL_SERVICE_PROTOCOL}://${CINDER_INTERNAL_SERVICE_HOST}:${CINDER_PORT}/v2/\$(tenant_id)s" \ | |
| cinderv2 | |
| # Neutron | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "${NEUTRON_PUBLIC_SERVICE_PROTOCOL}://${NEUTRON_PUBLIC_SERVICE_HOST}:${NEUTRON_PORT}" \ | |
| --adminurl "${NEUTRON_ADMIN_SERVICE_PROTOCOL}://${NEUTRON_INTERNAL_SERVICE_HOST}:${NEUTRON_PORT}" \ | |
| --internalurl "${NEUTRON_INTERNAL_SERVICE_PROTOCOL}://${NEUTRON_ADMIN_SERVICE_HOST}:${NEUTRON_PORT}" \ | |
| neutron | |
| # Ceilometer | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "$CEILOMETER_PUBLIC_SERVICE_PROTOCOL://$CEILOMETER_PUBLIC_SERVICE_HOST:$CEILOMETER_PORT" \ | |
| --adminurl "$CEILOMETER_ADMIN_SERVICE_PROTOCOL://$CEILOMETER_ADMIN_SERVICE_HOST:$CEILOMETER_PORT" \ | |
| --internalurl "$CEILOMETER_INTERNAL_SERVICE_PROTOCOL://$CEILOMETER_INTERNAL_SERVICE_HOST:$CEILOMETER_PORT" \ | |
| ceilometer | |
| # Heat | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "$HEAT_API_PUBLIC_SERVICE_PROTOCOL://$HEAT_API_PUBLIC_SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ | |
| --adminurl "$HEAT_API_ADMIN_SERVICE_PROTOCOL://$HEAT_API_ADMIN_SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ | |
| --internalurl "$HEAT_API_INTERNAL_SERVICE_PROTOCOL://$HEAT_API_INTERNAL_SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \ | |
| $HEAT_SERVICE | |
| openstack endpoint create \ | |
| --region $REGION \ | |
| --publicurl "$HEAT_CFN_PUBLIC_SERVICE_PROTOCOL://$HEAT_CFN_PUBLIC_SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ | |
| --adminurl "$HEAT_CFN_ADMIN_SERVICE_PROTOCOL://$HEAT_CFN_ADMIN_SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ | |
| --internalurl "$HEAT_CFN_INTERNAL_SERVICE_PROTOCOL://$HEAT_CFN_INTERNAL_SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \ | |
| $HEAT_CFN_SERVICE | |
| # -------------------------------------- | |
| # EC2 Credentials ? | |
| # -------------------------------------- | |
| #openstack ec2 credentials create --user nova --project $SERVICE_PROJECT -f shell -c access -c secret | |
| # -------------------------------------- | |
| # deferred_auth_method = trusts ? | |
| # -------------------------------------- | |
| #openstack role create $HEAT_OWNER_ROLE | |
| #openstack role add $HEAT_OWNER_ROLE --project $DEMO_PROJECT --user $DEMO_USER | |
| #openstack role add $HEAT_OWNER_ROLE --project $DEMO_PROJECT --user $ADMIN_USER | |
| #openstack role add $HEAT_OWNER_ROLE --project $ADMIN_PROJECT --user $ADMIN_USER | |
| #KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3" | |
| #D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 --os-identity-api-version=3 domain create heat --description "Owns users and projects created by heat" | grep ' id ' | get_field 2) | |
| #openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 --os-identity-api-version=3 user create --password $SERVICE_PASSWORD --domain $D_ID heat_domain_admin --description "Manages users and projects created by heat" | |
| #openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 --os-identity-api-version=3 role add --user heat_domain_admin --domain ${D_ID} admin |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment