packstack-with-v3-domains.sh

#!/bin/bash -e

if [ ${EUID} -ne 0 ] ; then
    echo "Usage: Please run this script as root, e.g. sudo ${0} [--create-admin-domain]"
    exit 0
else
    cd /root
fi

if [ "${1}" == "--create-admin-domain" ] ; then
    admin_domain=admin
    cloud_admin=cloudadmin
else
    admin_domain=default
    cloud_admin=admin
fi

curl -O https://raw.githubusercontent.com/furlongm/standalone-configuration-management/master/puppet/standalone-puppet.sh
bash -x standalone-puppet.sh -e [email protected]

# fix network as per RDO instructions
systemctl disable firewalld
systemctl stop firewalld
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl enable network
systemctl start network

# install packstack
yum install -y centos-release-openstack-ocata
yum update -y
yum install -y openstack-packstack

# generate answers file
if [ ! -f answers.txt ] ; then
    packstack --allinone --gen-answer-file=answers.txt
fi

# install packstack
packstack --answer-file=answers.txt

# create domain-scoped openrc
sed -e "s/OS_PROJECT_NAME.*/OS_DOMAIN_NAME=/" \
    -e "s/DOMAIN_.*/DOMAIN_NAME=${admin_domain}/g" \
    -e "s/USERNAME=.*/USERNAME=${cloud_admin}/" \
    keystonerc_admin > keystonerc_cloudadmin
echo "unset OS_PROJECT_NAME" >> keystonerc_cloudadmin

# create admin token openrc
grep ^admin_token /etc/keystone/keystone.conf | sed -e "s/admin_token = /export OS_TOKEN=/" > keystonerc_token
grep OS_AUTH_URL keystonerc_admin | sed -e "s/AUTH_//" >> keystonerc_token
echo "export OS_IDENTITY_API_VERSION=3" >> keystonerc_token

# source admin token and assign admin role to admin user in admin project and admin domain
. keystonerc_token
openstack domain create ${admin_domain} || true

password=$(grep OS_PASSWORD keystonerc_admin | sed -e s/.*=//)
openstack user create --domain ${admin_domain} --password ${password} ${cloud_admin} || true

openstack project create --domain ${admin_domain} admin || true
admin_project=$(openstack project show --domain ${admin_domain} admin -f value -c id)

openstack role add --user ${cloud_admin} --project ${admin_project} admin
openstack role add --user ${cloud_admin} --domain ${admin_domain} admin

# download and apply v3 policy
curl https://raw.githubusercontent.com/openstack/keystone/stable/ocata/etc/policy.v3cloudsample.json > /etc/keystone/policy.json
admin_domain_id=$(openstack domain show ${admin_domain} -f value -c id)
sed -i -e "s/admin_domain_id/${admin_domain_id}/" /etc/keystone/policy.json
cp -f /etc/keystone/policy.json /etc/openstack-dashboard/keystone_policy.json

# enable multidomain support in horizon
echo "OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True" >> /etc/openstack-dashboard/local_settings
echo "OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'" >> /etc/openstack-dashboard/local_settings

# allow access to dashboard from floating ip address
external_ip=$(curl -s v4.ifconfig.co)
sed -i -e "s/ServerAlias localhost/ServerAlias ${external_ip}/" /etc/httpd/conf.d/15-horizon_vhost.conf
systemctl restart httpd
echo "Login at http://${external_ip}/dashboard -> ${cloud_admin} / ${password}"