Skip to content

Commit

Permalink
Move keystone to seperate machine.
Browse files Browse the repository at this point in the history
  • Loading branch information
@guanxiaohua2k6
guanxiaohua2k6 committed Apr 13, 2012
1 parent 82026d1 commit 4294ed3
Show file tree
Hide file tree
Showing 19 changed files with 79 additions and 125 deletions.
4 changes: 4 additions & 0 deletions softwares/glance_e/data.yml
View file
Expand Up @@ -12,6 +12,10 @@ config_item_defaults:
value: admin value: admin
- name: admin_password - name: admin_password
value: admin value: admin
- name: keystone
value: localhost
- name: swift_proxy
value: localhost


component_config_defaults: component_config_defaults:


Expand Down
4 changes: 2 additions & 2 deletions softwares/glance_e/puppet/manifests/glance/test.pp
View file
Expand Up @@ -2,11 +2,11 @@
file { file {
"/var/lib/glance/test.sh": "/var/lib/glance/test.sh":
alias => "test.sh", alias => "test.sh",
source => "puppet:///modules/glance_e/test.sh" content => template("glance_e/test.sh.erb")
} }


exec { exec {
"/var/lib/glance/test.sh $admin_tenant_name $admin_user $admin_password 2>&1": "/var/lib/glance/test.sh 2>&1":
alias => "test.sh", alias => "test.sh",
require => File["test.sh"] require => File["test.sh"]
} }
Expand Down
8 changes: 4 additions & 4 deletions softwares/glance_e/puppet/files/test.sh → ...res/glance_e/puppet/templates/test.sh.erb
View file
Expand Up @@ -33,10 +33,10 @@ if [ $pid1 != $pid2 ]; then
exit 1 exit 1
fi fi


export OS_TENANT_NAME=$1 export OS_TENANT_NAME="<%= admin_tenant_name %>"
export OS_USERNAME=$2 export OS_USERNAME="<%= admin_user %>"
export OS_PASSWORD=$3 export OS_PASSWORD="<%= admin_password %>"
export OS_AUTH_URL="http://localhost:5000/v2.0/" export OS_AUTH_URL="http://<%= keystone %>:5000/v2.0/"


glance index glance index
if [ $? != 0 ]; then if [ $? != 0 ]; then
Expand Down
6 changes: 3 additions & 3 deletions softwares/glance_e/templates/glance-api-paste.ini.erb
View file
Expand Up @@ -65,12 +65,12 @@ glance.filter_factory = glance.common.context:ContextMiddleware
[filter:authtoken] [filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http service_protocol = http
service_host = 127.0.0.1 service_host = <%= keystone %>
service_port = 5000 service_port = 5000
auth_host = 127.0.0.1 auth_host = <%= keystone %>
auth_port = 35357 auth_port = 35357
auth_protocol = http auth_protocol = http
auth_uri = http://127.0.0.1:5000/ auth_uri = http://<%= keystone %>:5000/
admin_tenant_name = <%= admin_tenant_name %> admin_tenant_name = <%= admin_tenant_name %>
admin_user = <%= admin_user %> admin_user = <%= admin_user %>
admin_password = <%= admin_password %> admin_password = <%= admin_password %>
10 changes: 5 additions & 5 deletions softwares/glance_e/templates/glance-api.conf.erb
View file
Expand Up @@ -132,30 +132,30 @@ filesystem_store_datadir = /var/lib/glance/images/


# Version of the authentication service to use # Version of the authentication service to use
# Valid versions are '2' for keystone and '1' for swauth and rackspace # Valid versions are '2' for keystone and '1' for swauth and rackspace
swift_store_auth_version = 2 swift_store_auth_version = 1


# Address where the Swift authentication service lives # Address where the Swift authentication service lives
# Valid schemes are 'http://' and 'https://' # Valid schemes are 'http://' and 'https://'
# If no scheme specified, default to 'https://' # If no scheme specified, default to 'https://'
# For swauth, use something like '127.0.0.1:8080/v1.0/' # For swauth, use something like '127.0.0.1:8080/v1.0/'
swift_store_auth_address = 127.0.0.1:35357/v2.0/ swift_store_auth_address = <%= swift_proxy %>:8080/auth/v1.0/


# User to authenticate against the Swift authentication service # User to authenticate against the Swift authentication service
# If you use Swift authentication service, set it to 'account':'user' # If you use Swift authentication service, set it to 'account':'user'
# where 'account' is a Swift storage account and 'user' # where 'account' is a Swift storage account and 'user'
# is a user in that account # is a user in that account
swift_store_user = jdoe:jdoe swift_store_user = system:root


# Auth key for the user authenticating against the # Auth key for the user authenticating against the
# Swift authentication service # Swift authentication service
swift_store_key = a86850deb2742ec3cb41518e26aa2d89 swift_store_key = testpass


# Container within the account that the account should use # Container within the account that the account should use
# for storing images in Swift # for storing images in Swift
swift_store_container = glance swift_store_container = glance


# Do we create the container if it does not exist? # Do we create the container if it does not exist?
swift_store_create_container_on_put = False swift_store_create_container_on_put = True


# What size, in MB, should Glance start chunking image files # What size, in MB, should Glance start chunking image files
# and do a large object manifest in Swift? By default, this is # and do a large object manifest in Swift? By default, this is
Expand Down
6 changes: 3 additions & 3 deletions softwares/glance_e/templates/glance-registry-paste.ini.erb
View file
Expand Up @@ -22,12 +22,12 @@ glance.filter_factory = glance.common.context:ContextMiddleware
[filter:authtoken] [filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http service_protocol = http
service_host = 127.0.0.1 service_host = <%= keystone %>
service_port = 5000 service_port = 5000
auth_host = 127.0.0.1 auth_host = <%= keystone %>
auth_port = 35357 auth_port = 35357
auth_protocol = http auth_protocol = http
auth_uri = http://127.0.0.1:5000/ auth_uri = http://<%= keystone %>:5000/
admin_tenant_name = <%= admin_tenant_name %> admin_tenant_name = <%= admin_tenant_name %>
admin_user = <%= admin_user %> admin_user = <%= admin_user %>
admin_password = <%= admin_password %> admin_password = <%= admin_password %>
59 changes: 10 additions & 49 deletions softwares/keystone_e/data.yml
View file
@@ -1,70 +1,31 @@
# Description of the software, such as the following example.
#
#description: openstack nova diablo
description: openstack essex keystone description: openstack essex keystone


# Components of the software, such as the following example.
#
#components:
# - name: nova_compute
# - name: nova_api
components: components:
- name: keystone - name: keystone


# Dependencies of components, such as the following example.
#
#component_dependencies:
# # nova_compute will depend on nova_api when installing.
# # operation's default value is install.
# - source_component: nova_compute
# dest_component: nova_api
# # nova_compute will depend on nova_api when uninstalling.
# - source_component: nova_compute
# dest_component: nova_api
# operation: uninstall
component_dependencies: component_dependencies:


# Default values of config items, such as the following example.
#
#config_item_defaults:
# # The default value of config item libvirt_type is qemu.
# - name: libvirt_type
# value: qemu
# # The default value of config item user is admin.
# - name: user
# value: admin
config_item_defaults: config_item_defaults:
- name: admin_token - name: admin_token
value: ADMIN value: ADMIN
- name: admin_tenant_name
value: admin
- name: admin_user
value: admin
- name: admin_password - name: admin_password
value: admin value: admin
- name: service_password - name: admin_email
value: service value: admin@nii.ac.jp
- name: nova_api
value: localhost
- name: glance
value: localhost


# Default contents of component config files, such as the following example.
#
#component_config_defaults:
# # The default content of config file /etc/nova/nova-compute.conf
# # for component nova_compute will be defined at
# # $home/softwares/$software/templates/nova-compute.conf.erb
# - path: /etc/nova/nova-compute.conf
# component: nova_compute
component_config_defaults: component_config_defaults:


# Default contents of software config files, such as the following example.
#
#software_config_defaults:
# # The default content of config file /etc/nova/nova.conf for the software
# # will be defined at $home/softwares/$software/templates/nova.conf.erb.
# - path: /etc/nova/nova.conf
software_config_defaults: software_config_defaults:
- path: /etc/keystone/keystone.conf - path: /etc/keystone/keystone.conf
- path: /etc/keystone/default_catalog.templates - path: /etc/keystone/default_catalog.templates


# The component which is installed on a node where a test script will be executed.
#
#test_components:
# # The test will be done on the node where nova_api is installed.
# - component: nova_api
test_components: test_components:
- component: keystone - component: keystone
4 changes: 2 additions & 2 deletions softwares/keystone_e/puppet/manifests/keystone/install.pp
View file
Expand Up @@ -17,7 +17,7 @@
require => Package[keystone, python-keystone]; require => Package[keystone, python-keystone];


"/var/lib/keystone/keystone-init.sh": "/var/lib/keystone/keystone-init.sh":
source => "puppet:///modules/keystone_e/keystone-init.sh", content => template("keystone_e/keystone-init.sh.erb"),
require => Exec[restart_keystone]; require => Exec[restart_keystone];
} }


Expand All @@ -26,7 +26,7 @@
alias => "restart_keystone", alias => "restart_keystone",
require => File["keystone", "default_catalog"]; require => File["keystone", "default_catalog"];


"/var/lib/keystone/keystone-init.sh $admin_password $admin_token $service_password": "/var/lib/keystone/keystone-init.sh":
require => File["/var/lib/keystone/keystone-init.sh"]; require => File["/var/lib/keystone/keystone-init.sh"];
} }
} }
4 changes: 2 additions & 2 deletions softwares/keystone_e/puppet/manifests/keystone/test.pp
View file
Expand Up @@ -2,11 +2,11 @@
file { file {
"/var/lib/keystone/test.sh": "/var/lib/keystone/test.sh":
alias => "test.sh", alias => "test.sh",
source => "puppet:///modules/keystone_e/test.sh" content => template("keystone_e/test.sh.erb")
} }


exec { exec {
"/var/lib/keystone/test.sh $admin_password 2>&1": "/var/lib/keystone/test.sh 2>&1":
require => File["test.sh"], require => File["test.sh"],
} }
} }
22 changes: 12 additions & 10 deletions .../keystone_e/puppet/files/keystone-init.sh → ...e_e/puppet/templates/keystone-init.sh.erb
View file
Expand Up @@ -20,34 +20,37 @@
# ENABLED_SERVICES - stack.sh's list of services to start # ENABLED_SERVICES - stack.sh's list of services to start
# DEVSTACK_DIR - Top-level DevStack directory # DEVSTACK_DIR - Top-level DevStack directory


ADMIN_PASSWORD=$1 ADMIN_TENANT_NAME=<%= admin_tenant_name %>
SERVICE_PASSWORD=$3 ADMIN_USER_NAME=<%= admin_user %>
export SERVICE_TOKEN=$2 ADMIN_PASSWORD=<%= admin_password %>
export SERVICE_ENDPOINT="http://localhost:35357/v2.0" ADMIN_EMAIL=<%= admin_email %>
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service} export SERVICE_TOKEN=<%= admin_token %>
export SERVICE_ENDPOINT="http://127.0.0.1:35357/v2.0"
SERVICE_TENANT_NAME="service"
SERVICE_PASSWORD="service"


function get_id () { function get_id () {
echo `$@ | awk '/ id / { print $4 }'` echo `$@ | awk '/ id / { print $4 }'`
} }


# Tenants # Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin) ADMIN_TENANT=$(get_id keystone tenant-create --name=$ADMIN_TENANT_NAME)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME) SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
DEMO_TENANT=$(get_id keystone tenant-create --name=demo) DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin) INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)




# Users # Users
ADMIN_USER=$(get_id keystone user-create --name=admin \ ADMIN_USER=$(get_id keystone user-create --name=$ADMIN_USER_NAME \
--pass="$ADMIN_PASSWORD" \ --pass="$ADMIN_PASSWORD" \
--email=admin@nii.ac.jp) --email=$ADMIN_EMAIL)
DEMO_USER=$(get_id keystone user-create --name=demo \ DEMO_USER=$(get_id keystone user-create --name=demo \
--pass="$ADMIN_PASSWORD" \ --pass="$ADMIN_PASSWORD" \
--email=demo@nii.ac.jp) --email=demo@nii.ac.jp)




# Roles # Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin) ADMIN_ROLE=$(get_id keystone role-create --name=$ADMIN_USER_NAME)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin) KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used # ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
Expand All @@ -60,7 +63,6 @@ keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT


# TODO(termie): these two might be dubious
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT


Expand Down
2 changes: 1 addition & 1 deletion softwares/keystone_e/puppet/files/test.sh → ...s/keystone_e/puppet/templates/test.sh.erb
View file
Expand Up @@ -17,7 +17,7 @@ if [ $pid1 != $pid2 ]; then
exit 1 exit 1
fi fi


output=`keystone --tenant=admin --username=admin --password=$1 --auth_url=http://127.0.0.1:5000/v2.0 user-list` output=`keystone --tenant=<%= admin_tenant_name %> --username=<%= admin_user %> --password=<%= admin_password %> --auth_url=http://127.0.0.1:5000/v2.0 user-list`


for user in admin glance nova demo for user in admin glance nova demo
do do
Expand Down
30 changes: 15 additions & 15 deletions softwares/keystone_e/templates/default_catalog.templates.erb
View file
@@ -1,27 +1,27 @@
# config for TemplatedCatalog, using camelCase because I don't want to do # config for TemplatedCatalog, using camelCase because I don't want to do
# translations for keystone compat # translations for keystone compat
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0 catalog.RegionOne.identity.publicURL = http://<%= keystone %>:$(public_port)s/v2.0
catalog.RegionOne.identity.adminURL = http://localhost:$(admin_port)s/v2.0 catalog.RegionOne.identity.adminURL = http://<%= keystone %>:$(admin_port)s/v2.0
catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0 catalog.RegionOne.identity.internalURL = http://<%= keystone %>:$(public_port)s/v2.0
catalog.RegionOne.identity.name = Identity Service catalog.RegionOne.identity.name = Identity Service


# fake compute service for now to help novaclient tests work # fake compute service for now to help novaclient tests work
catalog.RegionOne.compute.publicURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s catalog.RegionOne.compute.publicURL = http://<%= nova_api %>:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.adminURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s catalog.RegionOne.compute.adminURL = http://<%= nova_api %>:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.internalURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s catalog.RegionOne.compute.internalURL = http://<%= nova_api %>:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.name = Compute Service catalog.RegionOne.compute.name = Compute Service


catalog.RegionOne.volume.publicURL = http://localhost:8776/v1/$(tenant_id)s catalog.RegionOne.volume.publicURL = http://<%= nova_api %>:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.adminURL = http://localhost:8776/v1/$(tenant_id)s catalog.RegionOne.volume.adminURL = http://<%= nova_api %>:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.internalURL = http://localhost:8776/v1/$(tenant_id)s catalog.RegionOne.volume.internalURL = http://<%= nova_api %>:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.name = Volume Service catalog.RegionOne.volume.name = Volume Service


catalog.RegionOne.ec2.publicURL = http://localhost:8773/services/Cloud catalog.RegionOne.ec2.publicURL = http://<%= nova_api %>:8773/services/Cloud
catalog.RegionOne.ec2.adminURL = http://localhost:8773/services/Admin catalog.RegionOne.ec2.adminURL = http://<%= nova_api %>:8773/services/Admin
catalog.RegionOne.ec2.internalURL = http://localhost:8773/services/Cloud catalog.RegionOne.ec2.internalURL = http://<%= nova_api %>:8773/services/Cloud
catalog.RegionOne.ec2.name = EC2 Service catalog.RegionOne.ec2.name = EC2 Service


catalog.RegionOne.image.publicURL = http://localhost:9292/v1 catalog.RegionOne.image.publicURL = http://<%= glance %>:9292/v1
catalog.RegionOne.image.adminURL = http://localhost:9292/v1 catalog.RegionOne.image.adminURL = http://<%= glance %>:9292/v1
catalog.RegionOne.image.internalURL = http://localhost:9292/v1 catalog.RegionOne.image.internalURL = http://<%= glance %>:9292/v1
catalog.RegionOne.image.name = Image Service catalog.RegionOne.image.name = Image Service
4 changes: 3 additions & 1 deletion softwares/nova_e/data.yml
View file
Expand Up @@ -46,7 +46,9 @@ config_item_defaults:
value: admin value: admin
- name: admin_password - name: admin_password
value: admin value: admin
- name: glance_host - name: glance
value: localhost
- name: keystone
value: localhost value: localhost


component_config_defaults: component_config_defaults:
Expand Down
4 changes: 2 additions & 2 deletions softwares/nova_e/puppet/manifests/nova_api/test.pp
View file
Expand Up @@ -4,15 +4,15 @@
file { file {
"/var/lib/nova/test.sh": "/var/lib/nova/test.sh":
alias => "test.sh", alias => "test.sh",
source => "puppet:///modules/nova_e/test.sh"; content => template("nova_e/test.sh.erb");


"/var/lib/nova/$image_file_name": "/var/lib/nova/$image_file_name":
alias => "$image_file_name", alias => "$image_file_name",
source => "puppet:///modules/nova_e/$image_file_name"; source => "puppet:///modules/nova_e/$image_file_name";
} }


exec { exec {
"/var/lib/nova/test.sh $image_file_name $nova_objectstore $admin_tenant_name $admin_user $admin_password 2>&1": "/var/lib/nova/test.sh $image_file_name 2>&1":
alias => "test.sh", alias => "test.sh",
require => File["test.sh", "$image_file_name"]; require => File["test.sh", "$image_file_name"];
} }
Expand Down
14 changes: 0 additions & 14 deletions softwares/nova_e/puppet/templates/openstack-dashboard.conf.erb
View file

This file was deleted.

11 changes: 5 additions & 6 deletions softwares/nova_e/puppet/files/test.sh → ...wares/nova_e/puppet/templates/test.sh.erb
View file
Expand Up @@ -26,12 +26,11 @@ if [ "`which nova-manage`" = "" ]; then
fi fi


image_file="$1" image_file="$1"
nova_objectstore="$2"


export OS_TENANT_NAME=$3 export OS_TENANT_NAME="<%= admin_tenant_name %>"
export OS_USERNAME=$4 export OS_USERNAME="<%= admin_user %>"
export OS_PASSWORD=$5 export OS_PASSWORD="<%= admin_password %>"
export OS_AUTH_URL="http://localhost:5000/v2.0/" export OS_AUTH_URL="http://<%= keystone %>:5000/v2.0/"


nova x509-create-cert nova x509-create-cert
nova x509-get-root-cert nova x509-get-root-cert
Expand All @@ -44,7 +43,7 @@ export EC2_USER_ID=$(echo "$CREDS" | awk '/ user_id / { print $4 }')
export EC2_CERT="$HOME/cert.pem" export EC2_CERT="$HOME/cert.pem"
export EC2_PRIVATE_KEY="$HOME/pk.pem" export EC2_PRIVATE_KEY="$HOME/pk.pem"
export EUCALYPTUS_CERT="$HOME/cacert.pem" export EUCALYPTUS_CERT="$HOME/cacert.pem"
export S3_URL="http://$nova_objectstore:3333" export S3_URL="http://<%= nova_objectstore %>:3333"


rm novarc rm novarc


Expand Down

0 comments on commit 4294ed3

Please sign in to comment.