Created
June 14, 2016 12:59
-
-
Save mcornea/68fa6b75dfc6c7f870c8a2d936752f9a to your computer and use it in GitHub Desktop.
keystonev3_overcloud.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| UCRC='/home/stack/stackrc' | |
| OCRC='/home/stack/overcloudrc' | |
| OC_PASSWORD=$(grep OS_PASSWORD $OCRC | awk -F '=' {'print $2'}) | |
| HOSTAUTH=$(grep OS_AUTH_URL $OCRC | grep -oP '[0-9.]+' | head -1) | |
| source $UCRC | |
| CTRLIP=$(nova list | awk '/controller-0/ {print $12}' | grep -oP '[0-9.]+') | |
| ADMIN_TOKEN=$(\ | |
| curl http://$HOSTAUTH:5000/v3/auth/tokens \ | |
| -s \ | |
| -i \ | |
| -H "Content-Type: application/json" \ | |
| -d ' | |
| { | |
| "auth": { | |
| "identity": { | |
| "methods": [ | |
| "password" | |
| ], | |
| "password": { | |
| "user": { | |
| "domain": { | |
| "name": "Default" | |
| }, | |
| "name": "admin", | |
| "password": "'${OC_PASSWORD}'" | |
| } | |
| } | |
| }, | |
| "scope": { | |
| "project": { | |
| "domain": { | |
| "name": "Default" | |
| }, | |
| "name": "admin" | |
| } | |
| } | |
| } | |
| }' | grep ^X-Subject-Token: | awk {'print $2'} | tr -d '\r' ) | |
| ID_ADMIN_DOMAIN=$(\ | |
| curl http://$HOSTAUTH:5000/v3/domains \ | |
| -s \ | |
| -H "X-Auth-Token: $ADMIN_TOKEN" \ | |
| -H "Content-Type: application/json" -d '{ "domain": { "enabled": true, "name": "admin_domain" }}' | jq .domain.id | tr -d '"' ) | |
| ID_CLOUD_ADMIN=$(\ | |
| curl http://$HOSTAUTH:5000/v3/users -s -H "X-Auth-Token: $ADMIN_TOKEN" -H "Content-Type: application/json" -d "{ | |
| \"user\": { | |
| \"description\": \"Cloud administrator\", | |
| \"domain_id\": \"$ID_ADMIN_DOMAIN\", | |
| \"enabled\": true, | |
| \"name\": \"cloud_admin\", | |
| \"password\": \"password\" | |
| } | |
| }" | jq .user.id | tr -d '"' ) | |
| ADMIN_ROLE_ID=$(\ | |
| curl http://$HOSTAUTH:5000/v3/roles?name=admin \ | |
| -s \ | |
| -H "X-Auth-Token: $ADMIN_TOKEN" \ | |
| | jq .roles[0].id | tr -d '"' ) | |
| curl -X PUT http://$HOSTAUTH:5000/v3/domains/${ID_ADMIN_DOMAIN}/users/${ID_CLOUD_ADMIN}/roles/${ADMIN_ROLE_ID} \ | |
| -s \ | |
| -i \ | |
| -H "X-Auth-Token: $ADMIN_TOKEN" \ | |
| -H "Content-Type: application/json" | |
| curl http://$HOSTAUTH:5000/v3/domains/${ID_ADMIN_DOMAIN}/users/${ID_CLOUD_ADMIN}/roles \ | |
| -s \ | |
| -H "X-Auth-Token: $ADMIN_TOKEN" | jq .roles | |
| CLOUD_ADMIN_TOKEN=$(\ | |
| curl http://$HOSTAUTH:5000/v3/auth/tokens -s -i -H "Content-Type: application/json" -d ' | |
| { | |
| "auth": { | |
| "identity": { | |
| "methods": [ | |
| "password" | |
| ], | |
| "password": { | |
| "user": { | |
| "domain": { | |
| "name": "admin_domain" | |
| }, | |
| "name": "cloud_admin", | |
| "password": "password" | |
| } | |
| } | |
| }, | |
| "scope": { | |
| "domain": { | |
| "name": "admin_domain" | |
| } | |
| } | |
| } | |
| }' | grep ^X-Subject-Token: | awk '{print $2}' | tr -d '\r' ) | |
| ID_DOM1=$(\ | |
| curl http://$HOSTAUTH:5000/v3/domains \ | |
| -s \ | |
| -H "X-Auth-Token: $CLOUD_ADMIN_TOKEN" \ | |
| -H "Content-Type: application/json" \ | |
| -d '{ | |
| "domain": { | |
| "enabled": true, | |
| "name": "dom1" | |
| } | |
| }' | jq .domain.id | tr -d '"') | |
| ID_ADM1=$(\ | |
| curl http://$HOSTAUTH:5000/v3/users \ | |
| -s \ | |
| -H "X-Auth-Token: $CLOUD_ADMIN_TOKEN" \ | |
| -H "Content-Type: application/json" \ | |
| -d "{ | |
| \"user\": { | |
| \"description\": \"Administrator of domain dom1\", | |
| \"domain_id\": \"$ID_DOM1\", | |
| \"enabled\": true, | |
| \"name\": \"adm1\", | |
| \"password\": \"password\" | |
| } | |
| }" | jq .user.id | tr -d '"') | |
| curl -X PUT http://$HOSTAUTH:5000/v3/domains/${ID_DOM1}/users/${ID_ADM1}/roles/${ADMIN_ROLE_ID} \ | |
| -s \ | |
| -i \ | |
| -H "X-Auth-Token: $CLOUD_ADMIN_TOKEN" \ | |
| -H "Content-Type: application/json" | |
| curl http://$HOSTAUTH:5000/v3/domains/${ID_DOM1}/users/${ID_ADM1}/roles \ | |
| -s \ | |
| -H "X-Auth-Token: $CLOUD_ADMIN_TOKEN" | jq .roles | |
| echo ADMIN_TOKEN=$ADMIN_TOKEN | |
| echo ID_ADMIN_DOMAIN=$ID_ADMIN_DOMAIN | |
| echo ID_CLOUD_ADMIN=$ID_CLOUD_ADMIN | |
| echo ADMIN_ROLE_ID=$ADMIN_ROLE_ID | |
| echo CLOUD_ADMIN_TOKEN=$CLOUD_ADMIN_TOKEN | |
| echo ID_DOM1=$ID_DOM1 | |
| echo ID_ADM1=$ID_ADM1 | |
| ssh -o StrictHostKeyChecking=no -l heat-admin $CTRLIP "curl -O https://raw.githubusercontent.com/openstack/keystone/master/etc/policy.v3cloudsample.json; sed s/admin_domain_id/${ID_ADMIN_DOMAIN}/ < policy.v3cloudsample.json > policy.json-v3" | |
| ssh -o StrictHostKeyChecking=no -l heat-admin $CTRLIP "sudo cp /etc/keystone/policy.json /etc/keystone/policy.json-v2; sudo cp /home/heat-admin/policy.json-v3 /etc/keystone/policy.json; sudo chown keystone /etc/keystone/policy.json" | |
| ssh -o StrictHostKeyChecking=no -l heat-admin $CTRLIP "sudo pcs resource restart openstack-keystone" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment