4edd0baf8d
Admin token has been deprecated upstream. It will be removed in O. We switch over to the new `keystone-manage bootstrap` method for creating the initial admin user, role, and project. Co-Authored-By: Sam Yaple <sam@yaple.net> Change-Id: I6ca90e8d4c3b71009e24b049b2efbc08c05ebfbf
83 lines
3.4 KiB
Bash
83 lines
3.4 KiB
Bash
#!/bin/bash
|
|
|
|
# NOTE(SamYaple): Kolla needs to wraps `keystone-manage bootstrap` to ensure
|
|
# any change is reported correctly for idempotency. This script will exit with
|
|
# valid json that can be parsed with information about if the task has failed
|
|
# and if anything changed.
|
|
|
|
USERNAME=$1
|
|
PASSWORD=$2
|
|
PROJECT=$3
|
|
ROLE=$4
|
|
ADMIN_URL=$5
|
|
INTERNAL_URL=$6
|
|
PUBLIC_URL=$7
|
|
REGION=$8
|
|
|
|
function get_token {
|
|
unset OS_TOKEN OS_URL
|
|
OS_TOKEN=$(openstack --os-identity-api-version 3 --os-username "${USERNAME}" --os-password "${PASSWORD}" --os-project-name "${PROJECT}" --os-auth-url "${ADMIN_URL}" token issue 2>&1 | awk '/ id / {print $4}')
|
|
OS_URL="${ADMIN_URL}/v3"
|
|
}
|
|
|
|
function fail_json {
|
|
echo '{"failed": true, "msg": "'$1'"}'
|
|
exit 1
|
|
}
|
|
|
|
function exit_json {
|
|
echo '{"failed": false, "changed": '"${changed}"'}'
|
|
}
|
|
|
|
function create_service {
|
|
if [[ ! $(openstack --os-identity-api-version 3 --os-token "${OS_TOKEN}" --os-url "${OS_URL}" service list 2>&1 | awk '/identity/') ]]; then
|
|
openstack --os-identity-api-version 3 --os-token "${OS_TOKEN}" --os-url "${OS_URL}" service create identity --name keystone 2>&1 > /dev/null
|
|
changed="true"
|
|
fi
|
|
}
|
|
|
|
function create_endpoints {
|
|
endpoints=$(openstack --os-identity-api-version 3 --os-token "${OS_TOKEN}" --os-url "${OS_URL}" endpoint list)
|
|
if [[ $(echo "${endpoints}" | awk '$6 == "keystone" && $4 == "'"${REGION}"'" && $12 == "admin" {print $14;exit}') != "${ADMIN_URL}" ]]; then
|
|
openstack --os-identity-api-version 3 --os-token "${OS_TOKEN}" --os-url "${OS_URL}" endpoint create --region "${REGION}" keystone admin "${ADMIN_URL}" 2>&1 > /dev/null
|
|
changed="true"
|
|
fi
|
|
if [[ $(echo "${endpoints}" | awk '$6 == "keystone" && $4 == "'"${REGION}"'" && $12 == "internal" {print $14;exit}') != "${INTERNAL_URL}" ]]; then
|
|
openstack --os-identity-api-version 3 --os-token "${OS_TOKEN}" --os-url "${OS_URL}" endpoint create --region "${REGION}" keystone internal "${INTERNAL_URL}" 2>&1 > /dev/null
|
|
changed="true"
|
|
fi
|
|
if [[ $(echo "${endpoints}" | awk '$6 == "keystone" && $4 == "'"${REGION}"'" && $12 == "public" {print $14;exit}') != "${PUBLIC_URL}" ]]; then
|
|
openstack --os-identity-api-version 3 --os-token "${OS_TOKEN}" --os-url "${OS_URL}" endpoint create --region "${REGION}" keystone public "${PUBLIC_URL}" 2>&1 > /dev/null
|
|
changed="true"
|
|
fi
|
|
}
|
|
|
|
changed="false"
|
|
get_token
|
|
if [[ ! $(openstack --os-identity-api-version 3 --os-token "${OS_TOKEN}" --os-url "${OS_URL}" user list 2>&1 | awk '/'"${USERNAME}"'/') ]]; then
|
|
keystone_bootstrap=$(keystone-manage bootstrap --bootstrap-username "${USERNAME}" --bootstrap-password "${PASSWORD}" --bootstrap-project-name "${PROJECT}" --bootstrap-role-name "${ROLE}" 2>&1)
|
|
if [[ $? != 0 ]]; then
|
|
fail_json "${keystone_bootstrap}"
|
|
fi
|
|
|
|
changed=$(echo "${keystone_bootstrap}" | awk '
|
|
/Domain default already exists, skipping creation./ ||
|
|
/Project '"${PROJECT}"' already exists, skipping creation./ ||
|
|
/User '"${USERNAME}"' already exists, skipping creation./ ||
|
|
/Role '"${ROLE}"' exists, skipping creation./ ||
|
|
/User '"${USERNAME}"' already has '"${ROLE}"' on '"${PROJECT}"'./ {count++}
|
|
END {
|
|
if (count == 5) changed="false"; else changed="true"
|
|
print changed
|
|
}'
|
|
)
|
|
fi
|
|
|
|
get_token
|
|
if [[ ! "${OS_TOKEN}" ]]; then
|
|
fail_json "Unable to issue token"
|
|
fi
|
|
create_service
|
|
create_endpoints
|
|
exit_json
|