From 3ac7da64d12c631def3640369998d292fd1a199f Mon Sep 17 00:00:00 2001 From: Sam Yaple Date: Wed, 17 Jun 2015 08:11:44 +0000 Subject: [PATCH] Add initial config function and keystone support Add set_configs function that implements the flow from the proposed ansible-multi spec. Move start.sh to config-internal.sh to preserve existing behaviour. config-externall.sh copies the appropriate configs in from the bind'd location and sets permissions and ownership appropriately. Partially Implements: blueprint ansible-multi Change-Id: I53fca0660451087f273fefc3c63e0d8cf1a2c096 --- ansible/group_vars/all.yml | 1 - ansible/library/merge_configs | 84 +++++++++ ansible/roles/bootstrap.yml | 34 ++++ ansible/roles/config.yml | 24 +++ ansible/roles/keystone/defaults/main.yml | 42 +++++ ansible/roles/keystone/tasks/bootstrap.yml | 14 ++ ansible/roles/keystone/tasks/config.yml | 16 ++ ansible/roles/keystone/tasks/main.yml | 13 +- ansible/roles/keystone/tasks/register.yml | 12 ++ ansible/roles/keystone/tasks/start.yml | 9 + .../roles/keystone/templates/keystone.conf.j2 | 13 ++ ansible/roles/start.yml | 30 ++++ docker/centos/binary/keystone/Dockerfile | 4 +- .../centos/binary/keystone/config-external.sh | 1 + .../centos/binary/keystone/config-internal.sh | 1 + docker/common/base/kolla-common.sh | 24 +++ docker/common/keystone/config-external.sh | 7 + docker/common/keystone/config-internal.sh | 165 +++++++++++++++++ docker/common/keystone/start.sh | 168 ++---------------- etc/kolla/config/database.conf | 0 etc/kolla/config/global.conf | 0 etc/kolla/config/keystone.conf | 0 etc/kolla/config/keystone/keystone.conf | 0 etc/kolla/config/messaging.conf | 0 etc/kolla/defaults.yml | 20 +++ etc/kolla/globals.yml | 77 ++++++++ etc/kolla/passwords.yml | 29 +++ tools/genenv | 1 + 28 files changed, 623 insertions(+), 166 deletions(-) delete mode 100644 ansible/group_vars/all.yml create mode 100644 ansible/library/merge_configs create mode 100644 ansible/roles/bootstrap.yml create mode 100644 ansible/roles/config.yml create mode 100644 ansible/roles/keystone/defaults/main.yml create mode 100644 ansible/roles/keystone/tasks/bootstrap.yml create mode 100644 ansible/roles/keystone/tasks/config.yml create mode 100644 ansible/roles/keystone/tasks/register.yml create mode 100644 ansible/roles/keystone/tasks/start.yml create mode 100644 ansible/roles/keystone/templates/keystone.conf.j2 create mode 100644 ansible/roles/start.yml create mode 120000 docker/centos/binary/keystone/config-external.sh create mode 120000 docker/centos/binary/keystone/config-internal.sh create mode 100644 docker/common/keystone/config-external.sh create mode 100755 docker/common/keystone/config-internal.sh create mode 100644 etc/kolla/config/database.conf create mode 100644 etc/kolla/config/global.conf create mode 100644 etc/kolla/config/keystone.conf create mode 100644 etc/kolla/config/keystone/keystone.conf create mode 100644 etc/kolla/config/messaging.conf create mode 100644 etc/kolla/defaults.yml create mode 100644 etc/kolla/globals.yml create mode 100644 etc/kolla/passwords.yml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml deleted file mode 100644 index 313d58c357..0000000000 --- a/ansible/group_vars/all.yml +++ /dev/null @@ -1 +0,0 @@ -koalla_directory: "/usr/share/kolla" diff --git a/ansible/library/merge_configs b/ansible/library/merge_configs new file mode 100644 index 0000000000..9991833aac --- /dev/null +++ b/ansible/library/merge_configs @@ -0,0 +1,84 @@ +#!/usr/bin/python + +# Copyright 2015 Sam Yaple +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DOCUMENTATION = ''' +--- +module: merge_configs +short_description: Merge ini-style configs +description: + - ConfigParser is used to merge several ini-style configs into one +options: + dest: + description: + - The destination file name + required: True + type: str + sources: + description: + - A list of files on the destination node to merge together + default: None + required: True + type: str +author: Sam Yaple +''' + +EXAMPLES = ''' +Merge multiple configs: + +- hosts: database + tasks: + - name: Merge configs + merge_configs: + sources: + - "/tmp/config_1.cnf" + - "/tmp/config_2.cnf" + - "/tmp/config_3.cnf" + dest: + - "/etc/mysql/my.cnf" +''' + +import ConfigParser + +def main(): + module = AnsibleModule( + argument_spec = dict( + sources = dict(required=True, type='list'), + dest = dict(required=True, type='str'), + ) + ) + + try: + sources = module.params.pop('sources') + dest = module.params.pop('dest') + + config = ConfigParser.ConfigParser() + + for source_file in sources: + config.read(source_file) + + with open(dest, 'wb') as dest_file: + config.write(dest_file) + + module.exit_json(changed=True) + except Exception, e: + changed = True + module.exit_json(failed=True, changed=changed, msg=repr(e)) + + +# import module snippets +from ansible.module_utils.basic import * +if __name__ == '__main__': + main() diff --git a/ansible/roles/bootstrap.yml b/ansible/roles/bootstrap.yml new file mode 100644 index 0000000000..cb5bfd7fd8 --- /dev/null +++ b/ansible/roles/bootstrap.yml @@ -0,0 +1,34 @@ +--- +- name: Creating database + mysql_db: + login_host: "{{ database_address }}" + login_user: "{{ database_user }}" + login_password: "{{ database_password }}" + name: "{{ service_database_name }}" + register: database + run_once: True + +- name: Creating database user and setting permissions + mysql_user: + login_host: "{{ database_address }}" + login_user: "{{ database_user }}" + login_password: "{{ database_password }}" + name: "{{ service_database_name }}" + password: "{{ service_database_password }}" + host: "%" + priv: "{{ service_database_name }}.*:ALL" + append_privs: "yes" + run_once: True + +- include: start.yml + vars: + run_once: True + when: database|changed + +- name: Cleaning up boostrap container + docker: + name: "{{ container_name }}" + image: "{{ container_image }}" + state: "absent" + run_once: True + when: database|changed diff --git a/ansible/roles/config.yml b/ansible/roles/config.yml new file mode 100644 index 0000000000..a941e89ee9 --- /dev/null +++ b/ansible/roles/config.yml @@ -0,0 +1,24 @@ +--- +- name: Ensuring templates config directory exists + file: + path: "{{ node_templates_directory }}/{{ project_name }}" + state: "directory" + recurse: yes + +- name: Ensuring config directory exists + file: + path: "{{ node_config_directory }}/{{ project_name }}" + state: "directory" + +- name: Copying over config(s) + template: + src: "{{ item.0 }}" + dest: "{{ item.1 }}" + with_together: + - config_source + - config_template_dest + +- name: Merging the config files and saving to the final destination + merge_configs: + sources: "{{ config_template_dest }}" + dest: "{{ config_dest }}" diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml new file mode 100644 index 0000000000..d3b4f3cb13 --- /dev/null +++ b/ansible/roles/keystone/defaults/main.yml @@ -0,0 +1,42 @@ +--- +project_name: "keystone" + +#################### +# Database +#################### +keystone_database_name: "keystone" +keystone_database_user: "keystone" +keystone_database_address: "{{ kolla_internal_address }}" + +# Do not override "service_*" variables +service_database_name: "{{ keystone_database_name }}" +service_database_user: "{{ keystone_database_user }}" +service_database_password: "{{ keystone_database_password }}" + + +#################### +# Docker +#################### +docker_keystone_registry: "{{ docker_registry }}" +docker_keystone_namespace: "{{ docker_namespace }}" +kolla_keystone_base_distro: "{{ kolla_base_distro }}" +kolla_keystone_install_type: "{{ kolla_install_type }}" +kolla_keystone_container_name: "keystone" + +docker_keystone_image: "{{ docker_keystone_registry }}{{ docker_keystone_namespace }}/{{ kolla_keystone_base_distro }}-{{ kolla_keystone_install_type }}-{{ kolla_keystone_container_name }}" +docker_keystone_tag: "{{ openstack_release }}" +docker_keystone_image_full: "{{ docker_keystone_image }}:{{ docker_keystone_tag }}" + + +#################### +# Openstack +#################### +keystone_public_address: "{{ kolla_external_address }}" +keystone_admin_address: "{{ kolla_internal_address }}" +keystone_internal_address: "{{ kolla_internal_address }}" + +keystone_public_port: "5000" +keystone_admin_port: "35357" + +keystone_logging_verbose: "{{ openstack_logging_verbose }}" +keystone_logging_debug: "{{ openstack_logging_debug }}" diff --git a/ansible/roles/keystone/tasks/bootstrap.yml b/ansible/roles/keystone/tasks/bootstrap.yml new file mode 100644 index 0000000000..c2bbf1a02a --- /dev/null +++ b/ansible/roles/keystone/tasks/bootstrap.yml @@ -0,0 +1,14 @@ +--- +# "detach: False" ensures we will be able to wait until the database bootstrap +# is finished. We can also check the exit code and catch errors if the database +# initialization does not successfully finish +- include: ../../bootstrap.yml + vars: + container_detach: False + container_environment: + BOOTSTRAP: + CONFIG_STRATEGY: "{{ config_strategy }}" + container_image: "{{ docker_keystone_image_full }}" + container_name: "bootstrap_keystone" + container_volumes: + - "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro" diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml new file mode 100644 index 0000000000..6a6a12eac2 --- /dev/null +++ b/ansible/roles/keystone/tasks/config.yml @@ -0,0 +1,16 @@ +--- +- include: ../../config.yml + vars: + config_source: + - "roles/keystone/templates/keystone.conf.j2" + - "/etc/kolla/config/global.conf" + - "/etc/kolla/config/database.conf" + - "/etc/kolla/config/messaging.conf" + - "/etc/kolla/config/keystone.conf" + config_template_dest: + - "{{ node_templates_directory }}/keystone/keystone.conf_minimal" + - "{{ node_templates_directory }}/keystone/keystone.conf_global" + - "{{ node_templates_directory }}/keystone/keystone.conf_database" + - "{{ node_templates_directory }}/keystone/keystone.conf_messaging" + - "{{ node_templates_directory }}/keystone/keystone.conf_augment" + config_dest: "{{ node_config_directory }}/keystone/keystone.conf" diff --git a/ansible/roles/keystone/tasks/main.yml b/ansible/roles/keystone/tasks/main.yml index 29a7fef520..2821641c4b 100644 --- a/ansible/roles/keystone/tasks/main.yml +++ b/ansible/roles/keystone/tasks/main.yml @@ -1,7 +1,8 @@ --- -- name: Bringing up keystone service(s) - docker_compose: - project_name: keystone - compose_file: "{{ koalla_directory }}/compose/keystone.yml" - command: up - no_recreate: true +- include: config.yml + +- include: bootstrap.yml + +- include: start.yml + +#- include: register.yml diff --git a/ansible/roles/keystone/tasks/register.yml b/ansible/roles/keystone/tasks/register.yml new file mode 100644 index 0000000000..8ee20320bb --- /dev/null +++ b/ansible/roles/keystone/tasks/register.yml @@ -0,0 +1,12 @@ +--- +# NB: Not an Attorney +# +# Upstream ansible will have all of the new modules we need based on +# the shade library. They are written, but the keystone modules haven't3 +# been merged yet. None of the modules will land before Ansible 2.0. +# +# These new modules will be relicensed using ASL2.0 as the result of a +# gentlemen's agreement that the Kolla authors will not alter the Shade code. +# This does not place additional restrictions on the license of this work. The +# relicense agreement is based upon trust, not something legally binding and +# has no binding impact on the license of Kolla.. diff --git a/ansible/roles/keystone/tasks/start.yml b/ansible/roles/keystone/tasks/start.yml new file mode 100644 index 0000000000..a1d999ef57 --- /dev/null +++ b/ansible/roles/keystone/tasks/start.yml @@ -0,0 +1,9 @@ +--- +- include: ../../start.yml + vars: + container_environment: + CONFIG_STRATEGY: "{{ config_strategy }}" + container_image: "{{ docker_keystone_image_full }}" + container_name: "keystone" + container_volumes: + - "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro" diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2 new file mode 100644 index 0000000000..9dc45cb0a3 --- /dev/null +++ b/ansible/roles/keystone/templates/keystone.conf.j2 @@ -0,0 +1,13 @@ +[DEFAULT] +verbose = {{ keystone_logging_verbose }} +debug = {{ keystone_logging_debug }} + +bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} + +admin_token = {{ keystone_admin_token }} + +public_endpoint = http://{{ keystone_public_address }}:{{ keystone_public_port }} +admin_endpoint = http://{{ keystone_admin_address }}:{{ keystone_admin_port }} + +[database] +connection = mysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }} diff --git a/ansible/roles/start.yml b/ansible/roles/start.yml new file mode 100644 index 0000000000..44d9b0c67c --- /dev/null +++ b/ansible/roles/start.yml @@ -0,0 +1,30 @@ +--- +# Using "state: reloaded" will restart the container if a new image is +# pulled or the paramaters are modified. +# +# "pull: always" will _always_ pull the latest image. It registers a +# change when the image has changed, regardless of "state" +# +# Due to a bug in the ansible docker module it doesnt properly supply the +# docker_api_version from docker-py, so we specify it here. This will be +# removed when the bugfix makes it downstream + +- name: Starting the container + docker: + detach: "{{ container_detach | default('True') }}" + env: "{{ container_environment }}" + docker_api_version: "{{ docker_api_version }}" + image: "{{ container_image }}" + insecure_registry: "{{ docker_insecure_registry }}" + name: "{{ container_name }}" + net: host + password: "{{ docker_registry_password }}" + privileged: "{{ container_privileged | default('False') }}" + pull: "{{ docker_pull_policy }}" + registry: "{{ docker_registry }}" + restart_policy: "{{ docker_restart_policy }}" + restart_policy_retry: "{{ docker_restart_policy_retry }}" + state: reloaded + username: "{{ docker_registry_username }}" + volumes: "{{ container_volumes }}" + run_once: "{{ run_once | default('False') }}" diff --git a/docker/centos/binary/keystone/Dockerfile b/docker/centos/binary/keystone/Dockerfile index f8db5f5828..e05db2fded 100644 --- a/docker/centos/binary/keystone/Dockerfile +++ b/docker/centos/binary/keystone/Dockerfile @@ -17,8 +17,8 @@ RUN chown -R keystone:keystone /var/www/cgi-bin/keystone RUN chmod 755 /var/www/cgi-bin/keystone/* # Add start-up and check scripts -COPY ./start.sh /start.sh -COPY ./check.sh /check.sh +COPY start.sh check.sh / +COPY config-internal.sh config-external.sh /opt/kolla/ # Run the Keystone start script CMD ["/start.sh"] diff --git a/docker/centos/binary/keystone/config-external.sh b/docker/centos/binary/keystone/config-external.sh new file mode 120000 index 0000000000..ae5be7eea9 --- /dev/null +++ b/docker/centos/binary/keystone/config-external.sh @@ -0,0 +1 @@ +../../../common/keystone/config-external.sh \ No newline at end of file diff --git a/docker/centos/binary/keystone/config-internal.sh b/docker/centos/binary/keystone/config-internal.sh new file mode 120000 index 0000000000..fe8d98c1f6 --- /dev/null +++ b/docker/centos/binary/keystone/config-internal.sh @@ -0,0 +1 @@ +../../../common/keystone/config-internal.sh \ No newline at end of file diff --git a/docker/common/base/kolla-common.sh b/docker/common/base/kolla-common.sh index 8c2ef5ec1c..bd6a539a0b 100644 --- a/docker/common/base/kolla-common.sh +++ b/docker/common/base/kolla-common.sh @@ -168,3 +168,27 @@ dump_vars() { set +o posix } +set_configs() { + case $KOLLA_CONFIG_STRATEGY in + CONFIG_INTERNAL) + # exec is intentional to preserve existing behaviour + exec /opt/kolla/config-internal.sh + ;; + CONFIG_EXTERNAL_COPY_ALWAYS) + source /opt/kolla/config-exernal.sh + ;; + CONFIG_EXTERNAL_COPY_ONCE) + if [[ -f /configured ]]; then + echo 'INFO - This container has already been configured; Refusing to copy new configs' + return + fi + source /opt/kolla/config-exernal.sh + touch /configured + ;; + + *) + echo '$CONFIG_STRATEGY is not set properly' + exit 1 + ;; + esac +} diff --git a/docker/common/keystone/config-external.sh b/docker/common/keystone/config-external.sh new file mode 100644 index 0000000000..76e4acfff2 --- /dev/null +++ b/docker/common/keystone/config-external.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +if [[ -f /opt/kolla/keystone/keystone.conf ]]; then + cp /opt/kolla/keystone/keystone.conf /etc/keystone/keystone.conf + chown keystone: /etc/keystone/keystone.conf + chmod 0644 /etc/keystone/keystone.conf +fi diff --git a/docker/common/keystone/config-internal.sh b/docker/common/keystone/config-internal.sh new file mode 100755 index 0000000000..527870fdfe --- /dev/null +++ b/docker/common/keystone/config-internal.sh @@ -0,0 +1,165 @@ +#!/bin/bash + +set -e + +# Run Kolla common script +echo "Running the kolla-common script" +. /opt/kolla/kolla-common.sh + +# Credentials, token, etc.. +: ${ADMIN_USER:=admin} +: ${ADMIN_USER_PASSWORD:=password} +: ${ADMIN_TENANT_NAME:=admin} +: ${KEYSTONE_USER:=keystone} +: ${KEYSTONE_ADMIN_PASSWORD:=password} +: ${KEYSTONE_ADMIN_TOKEN:=changeme} +# DB Settings +: ${INIT_KEYSTONE_DB:=true} +: ${KEYSTONE_DB_NAME:=keystone} +: ${KEYSTONE_DB_USER:=keystone} +: ${DB_ROOT_PASSWORD:=password} +: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP} +: ${KEYSTONE_DB_PASSWORD:=password} +# Service Addresses/Ports/Version +: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP} +: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP} +: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000} +: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357} +: ${KEYSTONE_API_VERSION:=2.0} +# Logging +: ${LOG_FILE:=/var/log/keystone/keystone.log} +: ${VERBOSE_LOGGING:=true} +: ${DEBUG_LOGGING:=false} +: ${USE_STDERR:=false} +# Token provider, driver, etc.. +: ${TOKEN_PROVIDER:=uuid} +: ${TOKEN_DRIVER:=sql} + +## Check DB connectivity and required variables +echo "Checking connectivity to the DB" +fail_unless_db +echo "Checking for required variables" +check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \ + KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \ + KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \ + PUBLIC_IP INIT_KEYSTONE_DB +dump_vars + +# Setup the Keystone DB +echo "Setting up Keystone DB" +mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql < /openrc </dev/null || useradd --user-group keystone + +# Run PKI Setup script +echo "Setting up PKI" +/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone + +# Fix permissions +chown -R keystone:keystone /var/log/keystone +chown -R keystone:keystone /etc/keystone/ssl +chmod -R o-rwx /etc/keystone/ssl + +# Initialize the Keystone DB +echo "Initializing Keystone DB" +if [ "${INIT_KEYSTONE_DB}" == "true" ] ; then + su -s /bin/bash -c "keystone-manage db_sync" keystone +fi + +# Start Keystone +echo "Starting Keystone" +/usr/sbin/httpd -DFOREGROUND & +PID=$! + +# Export Keystone service environment variables +export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}" +export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" + +# Check to make sure the service is running +echo "Verifying Keystone is running" +while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do + echo "waiting for Keystone @ ${SERVICE_ENDPOINT}" + sleep 1; +done +echo "keystone is active @ ${SERVICE_ENDPOINT}" + +# Create Keystone tenant, user, role, service and endpoints +echo "Creating Keystone tenant, user, role, service and endpoints" +crux user-create --update \ + -n ${ADMIN_USER} -p "${ADMIN_USER_PASSWORD}" \ + -t ${ADMIN_TENANT_NAME} -r admin +crux user-create --update \ + -n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \ + -t ${ADMIN_TENANT_NAME} -r admin +crux endpoint-create --remove-all \ + -n keystone -t identity \ + -I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \ + -A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \ + -P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" + +# Wait on all jobs to exit before proceeding (see man wait) +wait diff --git a/docker/common/keystone/start.sh b/docker/common/keystone/start.sh index 527870fdfe..4dce4c7575 100755 --- a/docker/common/keystone/start.sh +++ b/docker/common/keystone/start.sh @@ -1,165 +1,19 @@ #!/bin/bash -set -e +set -o errexit -# Run Kolla common script -echo "Running the kolla-common script" -. /opt/kolla/kolla-common.sh +CMD="/usr/bin/keystone-all" +ARGS="" -# Credentials, token, etc.. -: ${ADMIN_USER:=admin} -: ${ADMIN_USER_PASSWORD:=password} -: ${ADMIN_TENANT_NAME:=admin} -: ${KEYSTONE_USER:=keystone} -: ${KEYSTONE_ADMIN_PASSWORD:=password} -: ${KEYSTONE_ADMIN_TOKEN:=changeme} -# DB Settings -: ${INIT_KEYSTONE_DB:=true} -: ${KEYSTONE_DB_NAME:=keystone} -: ${KEYSTONE_DB_USER:=keystone} -: ${DB_ROOT_PASSWORD:=password} -: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP} -: ${KEYSTONE_DB_PASSWORD:=password} -# Service Addresses/Ports/Version -: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP} -: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP} -: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000} -: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357} -: ${KEYSTONE_API_VERSION:=2.0} -# Logging -: ${LOG_FILE:=/var/log/keystone/keystone.log} -: ${VERBOSE_LOGGING:=true} -: ${DEBUG_LOGGING:=false} -: ${USE_STDERR:=false} -# Token provider, driver, etc.. -: ${TOKEN_PROVIDER:=uuid} -: ${TOKEN_DRIVER:=sql} +# loading common functions +source /opt/kolla/kolla-common.sh -## Check DB connectivity and required variables -echo "Checking connectivity to the DB" -fail_unless_db -echo "Checking for required variables" -check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \ - KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \ - KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \ - PUBLIC_IP INIT_KEYSTONE_DB -dump_vars +set_configs -# Setup the Keystone DB -echo "Setting up Keystone DB" -mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql < /openrc </dev/null || useradd --user-group keystone - -# Run PKI Setup script -echo "Setting up PKI" -/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone - -# Fix permissions -chown -R keystone:keystone /var/log/keystone -chown -R keystone:keystone /etc/keystone/ssl -chmod -R o-rwx /etc/keystone/ssl - -# Initialize the Keystone DB -echo "Initializing Keystone DB" -if [ "${INIT_KEYSTONE_DB}" == "true" ] ; then - su -s /bin/bash -c "keystone-manage db_sync" keystone +# Bootstrap and exit if BOOTSTRAP variable is set +if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then + su -c "keystone-manage db_sync" keystone + exit 0 fi -# Start Keystone -echo "Starting Keystone" -/usr/sbin/httpd -DFOREGROUND & -PID=$! - -# Export Keystone service environment variables -export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}" -export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" - -# Check to make sure the service is running -echo "Verifying Keystone is running" -while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do - echo "waiting for Keystone @ ${SERVICE_ENDPOINT}" - sleep 1; -done -echo "keystone is active @ ${SERVICE_ENDPOINT}" - -# Create Keystone tenant, user, role, service and endpoints -echo "Creating Keystone tenant, user, role, service and endpoints" -crux user-create --update \ - -n ${ADMIN_USER} -p "${ADMIN_USER_PASSWORD}" \ - -t ${ADMIN_TENANT_NAME} -r admin -crux user-create --update \ - -n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \ - -t ${ADMIN_TENANT_NAME} -r admin -crux endpoint-create --remove-all \ - -n keystone -t identity \ - -I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \ - -A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \ - -P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" - -# Wait on all jobs to exit before proceeding (see man wait) -wait +exec $CMD $ARGS diff --git a/etc/kolla/config/database.conf b/etc/kolla/config/database.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/global.conf b/etc/kolla/config/global.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/keystone.conf b/etc/kolla/config/keystone.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/keystone/keystone.conf b/etc/kolla/config/keystone/keystone.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/config/messaging.conf b/etc/kolla/config/messaging.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/defaults.yml b/etc/kolla/defaults.yml new file mode 100644 index 0000000000..3eda373979 --- /dev/null +++ b/etc/kolla/defaults.yml @@ -0,0 +1,20 @@ +--- +# The options in this file can be overridden in 'globals.yml', but typically +# shouldn't be modified. A comment describing why the option exists should be +# included before each option. + +# Ansible Docker module bug. This can be removed when Ansible 2.0 arrives +# https://github.com/ansible/ansible-modules-core/issues/1227 +docker_api_version: "1.18" + +# TODO(SamYaple): remove references to these variables in Ansible +kolla_directory: "/usr/share/kolla" +koalla_directory: "/usr/share/kolla" + +# The "temp" files that are created before merge need to stay persistent due +# to the fact that ansible will register a "change" if it has to create them +# again. Persistent files allow for idempotency +node_templates_directory: "/usr/share/kolla/templates" + +# The directory to store the config files on the destination node +node_config_directory: "/opt/kolla/config" diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml new file mode 100644 index 0000000000..cf95ebd218 --- /dev/null +++ b/etc/kolla/globals.yml @@ -0,0 +1,77 @@ +--- +# Please specify all passwords/secrets in the "/etc/kolla/passwords.yml" + +################### +# Kolla options +################### +config_strategy: "CONFIG_EXTERNAL_COPY_ONCE" + +kolla_base_distro: "centos" +kolla_install_type: "rdo" + +# The Public address used to communicate with Openstack +# This must be set, but it can be an private ip. It can also be the same as the +# internal address. +kolla_external_address: "openstack.example.com" +kolla_internal_address: "10.10.10.254" + + +#################### +# Database options +#################### +database_address: "{{ keystone_internal_address }}" +database_user: "root" + + +#################### +# Docker options +#################### +docker_registry: +docker_namespace: "kollaglue" +docker_registry_username: +docker_insecure_registry: "False" + +# Valid options are [ missing, always ] +docker_pull_policy: "always" + +# Valid options are [ no, on-failure, always ] +docker_restart_policy: "always" + +# '0' means unlimited retries +docker_restart_policy_retry: "10" + +### Example: Private repository with authentication +# +# docker_registry: "172.16.0.10:5000" +# docker_namespace: "companyname" +# docker_registry_username: "sam" +# docker_registry_password: "correcthorsebatterystaple" +# docker_insecure_registry: "False" + + +#################### +# Networking options +#################### +# The interface to use for various services types +network_interface: "eth0" + +# These can be adjusted for even more customization +api_interface: "{{ network_interface }}" +storage_interface: "{{ network_interface }}" +neutron_interface: "{{ network_interface }}" + + +#################### +# Openstack options +#################### +openstack_release: "latest" + +openstack_logging_verbose: "True" +openstack_logging_debug: "False" + + +#################### +# RabbitMQ options +#################### +#placeholder + diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml new file mode 100644 index 0000000000..79fa6868c1 --- /dev/null +++ b/etc/kolla/passwords.yml @@ -0,0 +1,29 @@ +--- +# TODO: SamYaple +# This file should have generated values by default. Propose Ansible vault for +# locking down the secrets properly. + + +################### +# Database options +#################### +database_password: "password" + + +#################### +# Docker options +#################### +docker_registry_password: + + +#################### +# Openstack options +#################### +keystone_admin_token: "password" +keystone_database_password: "password" + + +#################### +# RabbitMQ options +#################### + diff --git a/tools/genenv b/tools/genenv index 07fe45e472..d04b67876b 100755 --- a/tools/genenv +++ b/tools/genenv @@ -246,6 +246,7 @@ export OS_VOLUME_API_VERSION=$CINDER_API_VERSION EOF cat > ./compose/openstack.env <