devstack/openrc
Jamie Lennox bd24a8d0f8 Allow deploying keystone with SSL certificates
Allow providing certificates through environment variables to be used
for keystone, and provide the basis for doing this for other services.
It cannot be used in conjunction with tls-proxy as the service provides
it's own encrypted endpoint.

Impletmenting: blueprint devstack-https
Change-Id: I8cf4c9c8c8a6911ae56ebcd14600a9d24cca99a0
2013-11-25 22:27:51 +00:00

90 lines
3.3 KiB
Bash

#!/usr/bin/env bash
#
# source openrc [username] [tenantname]
#
# Configure a set of credentials for $TENANT/$USERNAME:
# Set OS_TENANT_NAME to override the default tenant 'demo'
# Set OS_USERNAME to override the default user name 'demo'
# Set ADMIN_PASSWORD to set the password for 'admin' and 'demo'
# NOTE: support for the old NOVA_* novaclient environment variables has
# been removed.
if [[ -n "$1" ]]; then
OS_USERNAME=$1
fi
if [[ -n "$2" ]]; then
OS_TENANT_NAME=$2
fi
# Find the other rc files
RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
# Import common functions
source $RC_DIR/functions
# Load local configuration
source $RC_DIR/stackrc
# Load the last env variables if available
if [[ -r $RC_DIR/.stackenv ]]; then
source $RC_DIR/.stackenv
fi
# Get some necessary configuration
source $RC_DIR/lib/tls
# The introduction of Keystone to the OpenStack ecosystem has standardized the
# term **tenant** as the entity that owns resources. In some places references
# still exist to the original Nova term **project** for this use. Also,
# **tenant_name** is preferred to **tenant_id**.
export OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
# In addition to the owning entity (tenant), nova stores the entity performing
# the action as the **user**.
export OS_USERNAME=${OS_USERNAME:-demo}
# With Keystone you pass the keystone password instead of an api key.
# Recent versions of novaclient use OS_PASSWORD instead of NOVA_API_KEYs
# or NOVA_PASSWORD.
export OS_PASSWORD=${ADMIN_PASSWORD:-secrete}
# Don't put the key into a keyring by default. Testing for development is much
# easier with this off.
export OS_NO_CACHE=${OS_NO_CACHE:-1}
# Set api HOST_IP endpoint. SERVICE_HOST may also be used to specify the endpoint,
# which is convenient for some localrc configurations.
HOST_IP=${HOST_IP:-127.0.0.1}
SERVICE_HOST=${SERVICE_HOST:-$HOST_IP}
SERVICE_PROTOCOL=${SERVICE_PROTOCOL:-http}
KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
# Some exercises call glance directly. On a single-node installation, Glance
# should be listening on HOST_IP. If its running elsewhere, it can be set here
GLANCE_HOST=${GLANCE_HOST:-$HOST_IP}
# Identity API version
export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0}
# Authenticating against an Openstack cloud using Keystone returns a **Token**
# and **Service Catalog**. The catalog contains the endpoints for all services
# the user/tenant has access to - including nova, glance, keystone, swift, ...
# We currently recommend using the 2.0 *identity api*.
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:5000/v${OS_IDENTITY_API_VERSION}
# Set the pointer to our CA certificate chain. Harmless if TLS is not used.
export OS_CACERT=${OS_CACERT:-$INT_CA_DIR/ca-chain.pem}
# Currently novaclient needs you to specify the *compute api* version. This
# needs to match the config of your catalog returned by Keystone.
export NOVA_VERSION=${NOVA_VERSION:-1.1}
# In the future this will change names:
export COMPUTE_API_VERSION=${COMPUTE_API_VERSION:-$NOVA_VERSION}
# Currently cinderclient needs you to specify the *volume api* version. This
# needs to match the config of your catalog returned by Keystone.
export CINDER_VERSION=${CINDER_VERSION:-2}
export OS_VOLUME_API_VERSION=${OS_VOLUME_API_VERSION:-$CINDER_VERSION}