heat-common 1:10.0.0-0ubuntu1.1 / usr / bin / heat-keystone-setup

This file is indexed.

/usr/bin/heat-keystone-setup is in heat-common 1:10.0.0-0ubuntu1.1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
#!/bin/bash

echo "Warning: This script is deprecated! Please use other tool to setup keystone for heat." >&2

set +e

KEYSTONE_CONF=${KEYSTONE_CONF:-/etc/keystone/keystone.conf}

# Extract some info from Keystone's configuration file
if [[ -r "$KEYSTONE_CONF" ]]; then
    CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
    CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
fi

SERVICE_TOKEN=${OS_SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
SERVICE_ENDPOINT=${OS_SERVICE_ENDPOINT:-http://127.0.0.1:${CONFIG_ADMIN_PORT:-35357}/v2.0}
if [[ -z "$SERVICE_TOKEN" ]]; then
    echo "No service token found." >&2
    echo "Set SERVICE_TOKEN manually from keystone.conf admin_token." >&2
    exit 1
fi

set_admin_token() {
    alias openstack="openstack --os-token $SERVICE_TOKEN \
                             --os-endpoint $SERVICE_ENDPOINT"
}

unset_admin_token() {
    unalias openstack
}

#### utilities functions merged from devstack to check required parameter is not empty
# Prints line number and "message" in error format
# err $LINENO "message"
function err() {
    local exitcode=$?
    errXTRACE=$(set +o | grep xtrace)
    set +o xtrace
    local msg="[ERROR] ${BASH_SOURCE[2]}:$1 $2"
    echo $msg 1>&2;
    if [[ -n ${LOGDIR} ]]; then
        echo $msg >> "${LOGDIR}/error.log"
    fi
    $errXTRACE
    return $exitcode
}
# Prints backtrace info
# filename:lineno:function
function backtrace {
    local level=$1
    local deep=$((${#BASH_SOURCE[@]} - 1))
    echo "[Call Trace]"
    while [ $level -le $deep ]; do
        echo "${BASH_SOURCE[$deep]}:${BASH_LINENO[$deep-1]}:${FUNCNAME[$deep-1]}"
        deep=$((deep - 1))
    done
}


# Prints line number and "message" then exits
# die $LINENO "message"
function die() {
    local exitcode=$?
    set +o xtrace
    local line=$1; shift
    if [ $exitcode == 0 ]; then
        exitcode=1
    fi
    backtrace 2
    err $line "$*"
    exit $exitcode
}


# Checks an environment variable is not set or has length 0 OR if the
# exit code is non-zero and prints "message" and exits
# NOTE: env-var is the variable name without a '$'
# die_if_not_set $LINENO env-var "message"
function die_if_not_set() {
    local exitcode=$?
    FXTRACE=$(set +o | grep xtrace)
    set +o xtrace
    local line=$1; shift
    local evar=$1; shift
    if ! is_set $evar || [ $exitcode != 0 ]; then
        die $line "$*"
    fi
    $FXTRACE
}

# Test if the named environment variable is set and not zero length
# is_set env-var
function is_set() {
    local var=\$"$1"
    eval "[ -n \"$var\" ]" # For ex.: sh -c "[ -n \"$var\" ]" would be better, but several exercises depends on this
}

#######################################

get_data() {
    local match_column=$(($1 + 1))
    local regex="$2"
    local output_column=$(($3 + 1))
    shift 3

    output=$("$@" | \
           awk -F'|' \
               "! /^\+/ && \$${match_column} ~ \"^ *${regex} *\$\" \
                { print \$${output_column} }")

    echo "$output"
}

get_id () {
    get_data 1 id 2 "$@"
}

get_user() {
    local username=$1

    local user_id=$(get_data 2 $username 1 openstack user list)

    if [ -n "$user_id" ]; then
        echo "Found existing $username user" >&2
        echo $user_id >&2
    else
        echo "Creating $username user..." >&2
        get_id openstack user create $username \
                                    --password="$SERVICE_PASSWORD" \
                                    --project $SERVICE_TENANT \
                                    --email=$username@example.com
    fi
}

add_role() {
    local user_id=$1
    local tenant=$2
    local role_id=$3
    local username=$4

    user_roles=$(openstack user role list $user_id\
                          --project $tenant 2>/dev/null)
    if [ $? == 0 ]; then
        # Folsom
        existing_role=$(get_data 1 $role_id 1 echo "$user_roles")
        if [ -n "$existing_role" ]
        then
            echo "User $username already has role $role_id" >&2
            return
        fi
        openstack role add --project $tenant \
                           --user $user_id \
                           $role_id
    fi
}

create_role() {
    local role_name=$1

    role_id=$(get_data 2 $role_name 1 openstack role list)
    if [ -n "$role_id" ]
    then
        echo "Role $role_name already exists : $role_id" >&2
    else
        openstack role create $role_name
    fi
}

get_endpoint() {
    local service_type=$1

    unset_admin_token
    openstack endpoint show $service_type
    set_admin_token
}

delete_endpoint() {
    local service_type=$1

    local endpoints=$(get_data 4 $service_type 1 openstack endpoint list)

    for endpoint in $endpoints; do
        echo "Removing $service_type endpoint ${endpoint}..." >&2
        openstack endpoint delete "$endpoint" >&2
    done

    if [ -z "$endpoints" ]; then false; fi

}

delete_all_endpoints() {
    while delete_endpoint $1; do
        true
    done
}

delete_service() {
    local service_type=$1

    delete_all_endpoints $service_type

    local service_ids=$(get_data 3 $service_type 1 openstack service list)

    for service in $service_ids; do
        local service_name=$(get_data 1 $service 2 openstack service list)
        echo "Removing $service_name:$service_type service..." >&2
        openstack service delete $service >&2
    done
}

get_service() {
    local service_name=$1
    local service_type=$2
    local description="$3"

    delete_service $service_type

    get_id openstack service create --name=$service_name \
                                   --description="$description" \
                                   $service_type
}

add_endpoint() {
    local service_id=$1
    local url="$2"

    openstack endpoint create --region RegionOne --publicurl "$url" \
        --adminurl "$url" --internalurl "$url" $service_id >&2
}

keystone_setup() {

    unset OS_SERVICE_TOKEN
    unset OS_SERVICE_ENDPOINT
    TENANT_ID=$(get_data 1 project_id 2 openstack token issue)
    die_if_not_set $LINENO TENANT_ID "Fail to get TENANT_ID by 'openstack token issue' "

    set_admin_token

    ADMIN_ROLE=$(get_data 2 admin 1 openstack role list)
    die_if_not_set $LINENO ADMIN_ROLE "Fail to get ADMIN_ROLE by 'openstack role list' "
    SERVICE_TENANT=$(get_data 2 service 1 openstack project list)
    die_if_not_set $LINENO SERVICE_TENANT "Fail to get service tenant 'openstack project list' "
    SERVICE_PASSWORD=${SERVICE_PASSWORD:-$OS_PASSWORD}
    SERVICE_HOST=${SERVICE_HOST:-localhost}

    if [[ "$SERVICE_PASSWORD" == "$OS_PASSWORD" ]]; then
        echo "Using the OS_PASSWORD for the SERVICE_PASSWORD." >&2
    fi

    if [[ "$SERVICE_HOST" == "localhost" ]]; then
        echo "Warning: Endpoints will be registered as localhost, but this usually won't work." >&2
        echo "Set SERVICE_HOST to a publicly accessible hostname/IP instead." >&2
    fi

    echo ADMIN_ROLE $ADMIN_ROLE
    echo SERVICE_TENANT $SERVICE_TENANT
    echo SERVICE_PASSWORD $SERVICE_PASSWORD
    echo SERVICE_TOKEN $SERVICE_TOKEN
    echo SERVICE_HOST $SERVICE_HOST

    HEAT_USERNAME="heat"
    HEAT_USERID=$(get_user $HEAT_USERNAME)
    die_if_not_set $LINENO HEAT_USERID "Fail to get user for $HEAT_USERNAME"
    echo HEAT_USERID $HEAT_USERID
    add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME

    # Create a special role which template-defined "stack users" are
    # assigned to in the engine when they are created, this allows them
    # to be more easily differentiated from other users (e.g so we can
    # lock down these implicitly untrusted users via RBAC policy)
    STACK_USER_ROLE="heat_stack_user"
    create_role $STACK_USER_ROLE

    HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
                       "Heat CloudFormation API")
    add_endpoint $HEAT_CFN_SERVICE "http://$SERVICE_HOST:8000/v1"

    HEAT_OS_SERVICE=$(get_service heat orchestration \
                      "Heat API")
    add_endpoint $HEAT_OS_SERVICE "http://$SERVICE_HOST:8004/v1/%(tenant_id)s"
}

if [[ ${BASH_SOURCE[0]} == ${0} ]]; then
    keystone_setup
fi

APT Browse - Built by Thomas Orozco.