Add initial config function and keystone support
Add set_configs function that implements the flow from the proposed ansible-multi spec. Move start.sh to config-internal.sh to preserve existing behaviour. config-externall.sh copies the appropriate configs in from the bind'd location and sets permissions and ownership appropriately. Partially Implements: blueprint ansible-multi Change-Id: I53fca0660451087f273fefc3c63e0d8cf1a2c096
This commit is contained in:
parent
6370bf25cb
commit
3ac7da64d1
@ -1 +0,0 @@
|
|||||||
koalla_directory: "/usr/share/kolla"
|
|
84
ansible/library/merge_configs
Normal file
84
ansible/library/merge_configs
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
#!/usr/bin/python
|
||||||
|
|
||||||
|
# Copyright 2015 Sam Yaple
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
DOCUMENTATION = '''
|
||||||
|
---
|
||||||
|
module: merge_configs
|
||||||
|
short_description: Merge ini-style configs
|
||||||
|
description:
|
||||||
|
- ConfigParser is used to merge several ini-style configs into one
|
||||||
|
options:
|
||||||
|
dest:
|
||||||
|
description:
|
||||||
|
- The destination file name
|
||||||
|
required: True
|
||||||
|
type: str
|
||||||
|
sources:
|
||||||
|
description:
|
||||||
|
- A list of files on the destination node to merge together
|
||||||
|
default: None
|
||||||
|
required: True
|
||||||
|
type: str
|
||||||
|
author: Sam Yaple
|
||||||
|
'''
|
||||||
|
|
||||||
|
EXAMPLES = '''
|
||||||
|
Merge multiple configs:
|
||||||
|
|
||||||
|
- hosts: database
|
||||||
|
tasks:
|
||||||
|
- name: Merge configs
|
||||||
|
merge_configs:
|
||||||
|
sources:
|
||||||
|
- "/tmp/config_1.cnf"
|
||||||
|
- "/tmp/config_2.cnf"
|
||||||
|
- "/tmp/config_3.cnf"
|
||||||
|
dest:
|
||||||
|
- "/etc/mysql/my.cnf"
|
||||||
|
'''
|
||||||
|
|
||||||
|
import ConfigParser
|
||||||
|
|
||||||
|
def main():
|
||||||
|
module = AnsibleModule(
|
||||||
|
argument_spec = dict(
|
||||||
|
sources = dict(required=True, type='list'),
|
||||||
|
dest = dict(required=True, type='str'),
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
try:
|
||||||
|
sources = module.params.pop('sources')
|
||||||
|
dest = module.params.pop('dest')
|
||||||
|
|
||||||
|
config = ConfigParser.ConfigParser()
|
||||||
|
|
||||||
|
for source_file in sources:
|
||||||
|
config.read(source_file)
|
||||||
|
|
||||||
|
with open(dest, 'wb') as dest_file:
|
||||||
|
config.write(dest_file)
|
||||||
|
|
||||||
|
module.exit_json(changed=True)
|
||||||
|
except Exception, e:
|
||||||
|
changed = True
|
||||||
|
module.exit_json(failed=True, changed=changed, msg=repr(e))
|
||||||
|
|
||||||
|
|
||||||
|
# import module snippets
|
||||||
|
from ansible.module_utils.basic import *
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
34
ansible/roles/bootstrap.yml
Normal file
34
ansible/roles/bootstrap.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
- name: Creating database
|
||||||
|
mysql_db:
|
||||||
|
login_host: "{{ database_address }}"
|
||||||
|
login_user: "{{ database_user }}"
|
||||||
|
login_password: "{{ database_password }}"
|
||||||
|
name: "{{ service_database_name }}"
|
||||||
|
register: database
|
||||||
|
run_once: True
|
||||||
|
|
||||||
|
- name: Creating database user and setting permissions
|
||||||
|
mysql_user:
|
||||||
|
login_host: "{{ database_address }}"
|
||||||
|
login_user: "{{ database_user }}"
|
||||||
|
login_password: "{{ database_password }}"
|
||||||
|
name: "{{ service_database_name }}"
|
||||||
|
password: "{{ service_database_password }}"
|
||||||
|
host: "%"
|
||||||
|
priv: "{{ service_database_name }}.*:ALL"
|
||||||
|
append_privs: "yes"
|
||||||
|
run_once: True
|
||||||
|
|
||||||
|
- include: start.yml
|
||||||
|
vars:
|
||||||
|
run_once: True
|
||||||
|
when: database|changed
|
||||||
|
|
||||||
|
- name: Cleaning up boostrap container
|
||||||
|
docker:
|
||||||
|
name: "{{ container_name }}"
|
||||||
|
image: "{{ container_image }}"
|
||||||
|
state: "absent"
|
||||||
|
run_once: True
|
||||||
|
when: database|changed
|
24
ansible/roles/config.yml
Normal file
24
ansible/roles/config.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
- name: Ensuring templates config directory exists
|
||||||
|
file:
|
||||||
|
path: "{{ node_templates_directory }}/{{ project_name }}"
|
||||||
|
state: "directory"
|
||||||
|
recurse: yes
|
||||||
|
|
||||||
|
- name: Ensuring config directory exists
|
||||||
|
file:
|
||||||
|
path: "{{ node_config_directory }}/{{ project_name }}"
|
||||||
|
state: "directory"
|
||||||
|
|
||||||
|
- name: Copying over config(s)
|
||||||
|
template:
|
||||||
|
src: "{{ item.0 }}"
|
||||||
|
dest: "{{ item.1 }}"
|
||||||
|
with_together:
|
||||||
|
- config_source
|
||||||
|
- config_template_dest
|
||||||
|
|
||||||
|
- name: Merging the config files and saving to the final destination
|
||||||
|
merge_configs:
|
||||||
|
sources: "{{ config_template_dest }}"
|
||||||
|
dest: "{{ config_dest }}"
|
42
ansible/roles/keystone/defaults/main.yml
Normal file
42
ansible/roles/keystone/defaults/main.yml
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
---
|
||||||
|
project_name: "keystone"
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Database
|
||||||
|
####################
|
||||||
|
keystone_database_name: "keystone"
|
||||||
|
keystone_database_user: "keystone"
|
||||||
|
keystone_database_address: "{{ kolla_internal_address }}"
|
||||||
|
|
||||||
|
# Do not override "service_*" variables
|
||||||
|
service_database_name: "{{ keystone_database_name }}"
|
||||||
|
service_database_user: "{{ keystone_database_user }}"
|
||||||
|
service_database_password: "{{ keystone_database_password }}"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Docker
|
||||||
|
####################
|
||||||
|
docker_keystone_registry: "{{ docker_registry }}"
|
||||||
|
docker_keystone_namespace: "{{ docker_namespace }}"
|
||||||
|
kolla_keystone_base_distro: "{{ kolla_base_distro }}"
|
||||||
|
kolla_keystone_install_type: "{{ kolla_install_type }}"
|
||||||
|
kolla_keystone_container_name: "keystone"
|
||||||
|
|
||||||
|
docker_keystone_image: "{{ docker_keystone_registry }}{{ docker_keystone_namespace }}/{{ kolla_keystone_base_distro }}-{{ kolla_keystone_install_type }}-{{ kolla_keystone_container_name }}"
|
||||||
|
docker_keystone_tag: "{{ openstack_release }}"
|
||||||
|
docker_keystone_image_full: "{{ docker_keystone_image }}:{{ docker_keystone_tag }}"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Openstack
|
||||||
|
####################
|
||||||
|
keystone_public_address: "{{ kolla_external_address }}"
|
||||||
|
keystone_admin_address: "{{ kolla_internal_address }}"
|
||||||
|
keystone_internal_address: "{{ kolla_internal_address }}"
|
||||||
|
|
||||||
|
keystone_public_port: "5000"
|
||||||
|
keystone_admin_port: "35357"
|
||||||
|
|
||||||
|
keystone_logging_verbose: "{{ openstack_logging_verbose }}"
|
||||||
|
keystone_logging_debug: "{{ openstack_logging_debug }}"
|
14
ansible/roles/keystone/tasks/bootstrap.yml
Normal file
14
ansible/roles/keystone/tasks/bootstrap.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
# "detach: False" ensures we will be able to wait until the database bootstrap
|
||||||
|
# is finished. We can also check the exit code and catch errors if the database
|
||||||
|
# initialization does not successfully finish
|
||||||
|
- include: ../../bootstrap.yml
|
||||||
|
vars:
|
||||||
|
container_detach: False
|
||||||
|
container_environment:
|
||||||
|
BOOTSTRAP:
|
||||||
|
CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||||
|
container_image: "{{ docker_keystone_image_full }}"
|
||||||
|
container_name: "bootstrap_keystone"
|
||||||
|
container_volumes:
|
||||||
|
- "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro"
|
16
ansible/roles/keystone/tasks/config.yml
Normal file
16
ansible/roles/keystone/tasks/config.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- include: ../../config.yml
|
||||||
|
vars:
|
||||||
|
config_source:
|
||||||
|
- "roles/keystone/templates/keystone.conf.j2"
|
||||||
|
- "/etc/kolla/config/global.conf"
|
||||||
|
- "/etc/kolla/config/database.conf"
|
||||||
|
- "/etc/kolla/config/messaging.conf"
|
||||||
|
- "/etc/kolla/config/keystone.conf"
|
||||||
|
config_template_dest:
|
||||||
|
- "{{ node_templates_directory }}/keystone/keystone.conf_minimal"
|
||||||
|
- "{{ node_templates_directory }}/keystone/keystone.conf_global"
|
||||||
|
- "{{ node_templates_directory }}/keystone/keystone.conf_database"
|
||||||
|
- "{{ node_templates_directory }}/keystone/keystone.conf_messaging"
|
||||||
|
- "{{ node_templates_directory }}/keystone/keystone.conf_augment"
|
||||||
|
config_dest: "{{ node_config_directory }}/keystone/keystone.conf"
|
@ -1,7 +1,8 @@
|
|||||||
---
|
---
|
||||||
- name: Bringing up keystone service(s)
|
- include: config.yml
|
||||||
docker_compose:
|
|
||||||
project_name: keystone
|
- include: bootstrap.yml
|
||||||
compose_file: "{{ koalla_directory }}/compose/keystone.yml"
|
|
||||||
command: up
|
- include: start.yml
|
||||||
no_recreate: true
|
|
||||||
|
#- include: register.yml
|
||||||
|
12
ansible/roles/keystone/tasks/register.yml
Normal file
12
ansible/roles/keystone/tasks/register.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
# NB: Not an Attorney
|
||||||
|
#
|
||||||
|
# Upstream ansible will have all of the new modules we need based on
|
||||||
|
# the shade library. They are written, but the keystone modules haven't3
|
||||||
|
# been merged yet. None of the modules will land before Ansible 2.0.
|
||||||
|
#
|
||||||
|
# These new modules will be relicensed using ASL2.0 as the result of a
|
||||||
|
# gentlemen's agreement that the Kolla authors will not alter the Shade code.
|
||||||
|
# This does not place additional restrictions on the license of this work. The
|
||||||
|
# relicense agreement is based upon trust, not something legally binding and
|
||||||
|
# has no binding impact on the license of Kolla..
|
9
ansible/roles/keystone/tasks/start.yml
Normal file
9
ansible/roles/keystone/tasks/start.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
- include: ../../start.yml
|
||||||
|
vars:
|
||||||
|
container_environment:
|
||||||
|
CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||||
|
container_image: "{{ docker_keystone_image_full }}"
|
||||||
|
container_name: "keystone"
|
||||||
|
container_volumes:
|
||||||
|
- "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro"
|
13
ansible/roles/keystone/templates/keystone.conf.j2
Normal file
13
ansible/roles/keystone/templates/keystone.conf.j2
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[DEFAULT]
|
||||||
|
verbose = {{ keystone_logging_verbose }}
|
||||||
|
debug = {{ keystone_logging_debug }}
|
||||||
|
|
||||||
|
bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
|
||||||
|
|
||||||
|
admin_token = {{ keystone_admin_token }}
|
||||||
|
|
||||||
|
public_endpoint = http://{{ keystone_public_address }}:{{ keystone_public_port }}
|
||||||
|
admin_endpoint = http://{{ keystone_admin_address }}:{{ keystone_admin_port }}
|
||||||
|
|
||||||
|
[database]
|
||||||
|
connection = mysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
|
30
ansible/roles/start.yml
Normal file
30
ansible/roles/start.yml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
---
|
||||||
|
# Using "state: reloaded" will restart the container if a new image is
|
||||||
|
# pulled or the paramaters are modified.
|
||||||
|
#
|
||||||
|
# "pull: always" will _always_ pull the latest image. It registers a
|
||||||
|
# change when the image has changed, regardless of "state"
|
||||||
|
#
|
||||||
|
# Due to a bug in the ansible docker module it doesnt properly supply the
|
||||||
|
# docker_api_version from docker-py, so we specify it here. This will be
|
||||||
|
# removed when the bugfix makes it downstream
|
||||||
|
|
||||||
|
- name: Starting the container
|
||||||
|
docker:
|
||||||
|
detach: "{{ container_detach | default('True') }}"
|
||||||
|
env: "{{ container_environment }}"
|
||||||
|
docker_api_version: "{{ docker_api_version }}"
|
||||||
|
image: "{{ container_image }}"
|
||||||
|
insecure_registry: "{{ docker_insecure_registry }}"
|
||||||
|
name: "{{ container_name }}"
|
||||||
|
net: host
|
||||||
|
password: "{{ docker_registry_password }}"
|
||||||
|
privileged: "{{ container_privileged | default('False') }}"
|
||||||
|
pull: "{{ docker_pull_policy }}"
|
||||||
|
registry: "{{ docker_registry }}"
|
||||||
|
restart_policy: "{{ docker_restart_policy }}"
|
||||||
|
restart_policy_retry: "{{ docker_restart_policy_retry }}"
|
||||||
|
state: reloaded
|
||||||
|
username: "{{ docker_registry_username }}"
|
||||||
|
volumes: "{{ container_volumes }}"
|
||||||
|
run_once: "{{ run_once | default('False') }}"
|
@ -17,8 +17,8 @@ RUN chown -R keystone:keystone /var/www/cgi-bin/keystone
|
|||||||
RUN chmod 755 /var/www/cgi-bin/keystone/*
|
RUN chmod 755 /var/www/cgi-bin/keystone/*
|
||||||
|
|
||||||
# Add start-up and check scripts
|
# Add start-up and check scripts
|
||||||
COPY ./start.sh /start.sh
|
COPY start.sh check.sh /
|
||||||
COPY ./check.sh /check.sh
|
COPY config-internal.sh config-external.sh /opt/kolla/
|
||||||
|
|
||||||
# Run the Keystone start script
|
# Run the Keystone start script
|
||||||
CMD ["/start.sh"]
|
CMD ["/start.sh"]
|
||||||
|
1
docker/centos/binary/keystone/config-external.sh
Symbolic link
1
docker/centos/binary/keystone/config-external.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../../common/keystone/config-external.sh
|
1
docker/centos/binary/keystone/config-internal.sh
Symbolic link
1
docker/centos/binary/keystone/config-internal.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../../common/keystone/config-internal.sh
|
@ -168,3 +168,27 @@ dump_vars() {
|
|||||||
set +o posix
|
set +o posix
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_configs() {
|
||||||
|
case $KOLLA_CONFIG_STRATEGY in
|
||||||
|
CONFIG_INTERNAL)
|
||||||
|
# exec is intentional to preserve existing behaviour
|
||||||
|
exec /opt/kolla/config-internal.sh
|
||||||
|
;;
|
||||||
|
CONFIG_EXTERNAL_COPY_ALWAYS)
|
||||||
|
source /opt/kolla/config-exernal.sh
|
||||||
|
;;
|
||||||
|
CONFIG_EXTERNAL_COPY_ONCE)
|
||||||
|
if [[ -f /configured ]]; then
|
||||||
|
echo 'INFO - This container has already been configured; Refusing to copy new configs'
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
source /opt/kolla/config-exernal.sh
|
||||||
|
touch /configured
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo '$CONFIG_STRATEGY is not set properly'
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
7
docker/common/keystone/config-external.sh
Normal file
7
docker/common/keystone/config-external.sh
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [[ -f /opt/kolla/keystone/keystone.conf ]]; then
|
||||||
|
cp /opt/kolla/keystone/keystone.conf /etc/keystone/keystone.conf
|
||||||
|
chown keystone: /etc/keystone/keystone.conf
|
||||||
|
chmod 0644 /etc/keystone/keystone.conf
|
||||||
|
fi
|
165
docker/common/keystone/config-internal.sh
Executable file
165
docker/common/keystone/config-internal.sh
Executable file
@ -0,0 +1,165 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Run Kolla common script
|
||||||
|
echo "Running the kolla-common script"
|
||||||
|
. /opt/kolla/kolla-common.sh
|
||||||
|
|
||||||
|
# Credentials, token, etc..
|
||||||
|
: ${ADMIN_USER:=admin}
|
||||||
|
: ${ADMIN_USER_PASSWORD:=password}
|
||||||
|
: ${ADMIN_TENANT_NAME:=admin}
|
||||||
|
: ${KEYSTONE_USER:=keystone}
|
||||||
|
: ${KEYSTONE_ADMIN_PASSWORD:=password}
|
||||||
|
: ${KEYSTONE_ADMIN_TOKEN:=changeme}
|
||||||
|
# DB Settings
|
||||||
|
: ${INIT_KEYSTONE_DB:=true}
|
||||||
|
: ${KEYSTONE_DB_NAME:=keystone}
|
||||||
|
: ${KEYSTONE_DB_USER:=keystone}
|
||||||
|
: ${DB_ROOT_PASSWORD:=password}
|
||||||
|
: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP}
|
||||||
|
: ${KEYSTONE_DB_PASSWORD:=password}
|
||||||
|
# Service Addresses/Ports/Version
|
||||||
|
: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP}
|
||||||
|
: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP}
|
||||||
|
: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000}
|
||||||
|
: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357}
|
||||||
|
: ${KEYSTONE_API_VERSION:=2.0}
|
||||||
|
# Logging
|
||||||
|
: ${LOG_FILE:=/var/log/keystone/keystone.log}
|
||||||
|
: ${VERBOSE_LOGGING:=true}
|
||||||
|
: ${DEBUG_LOGGING:=false}
|
||||||
|
: ${USE_STDERR:=false}
|
||||||
|
# Token provider, driver, etc..
|
||||||
|
: ${TOKEN_PROVIDER:=uuid}
|
||||||
|
: ${TOKEN_DRIVER:=sql}
|
||||||
|
|
||||||
|
## Check DB connectivity and required variables
|
||||||
|
echo "Checking connectivity to the DB"
|
||||||
|
fail_unless_db
|
||||||
|
echo "Checking for required variables"
|
||||||
|
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \
|
||||||
|
KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \
|
||||||
|
KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \
|
||||||
|
PUBLIC_IP INIT_KEYSTONE_DB
|
||||||
|
dump_vars
|
||||||
|
|
||||||
|
# Setup the Keystone DB
|
||||||
|
echo "Setting up Keystone DB"
|
||||||
|
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
|
||||||
|
CREATE DATABASE IF NOT EXISTS ${KEYSTONE_DB_NAME};
|
||||||
|
GRANT ALL PRIVILEGES ON ${KEYSTONE_DB_NAME}.* TO
|
||||||
|
'${KEYSTONE_DB_USER}'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# File path and name used by crudini tool
|
||||||
|
cfg=/etc/keystone/keystone.conf
|
||||||
|
|
||||||
|
# Token Configuration
|
||||||
|
echo "Configuring keystone.conf"
|
||||||
|
crudini --set $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
admin_token \
|
||||||
|
"${KEYSTONE_ADMIN_TOKEN}"
|
||||||
|
|
||||||
|
# Database Configuration
|
||||||
|
crudini --set $cfg \
|
||||||
|
database \
|
||||||
|
connection \
|
||||||
|
"mysql://${KEYSTONE_DB_USER}:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${KEYSTONE_DB_NAME}"
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
crudini --del $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
log_dir
|
||||||
|
crudini --set $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
log_file \
|
||||||
|
${LOG_FILE}
|
||||||
|
crudini --set $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
verbose \
|
||||||
|
${VERBOSE_LOGGING}
|
||||||
|
crudini --set $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
debug \
|
||||||
|
${DEBUG_LOGGING}
|
||||||
|
crudini --set $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
use_stderr \
|
||||||
|
${USE_STDERR}
|
||||||
|
|
||||||
|
# Token Management
|
||||||
|
crudini --set $cfg \
|
||||||
|
token \
|
||||||
|
provider \
|
||||||
|
keystone.token.providers."${TOKEN_PROVIDER}".Provider
|
||||||
|
crudini --set $cfg \
|
||||||
|
token \
|
||||||
|
driver \
|
||||||
|
keystone.token.persistence.backends."${TOKEN_DRIVER}".Token
|
||||||
|
crudini --set $cfg \
|
||||||
|
revoke \
|
||||||
|
driver \
|
||||||
|
keystone.contrib.revoke.backends."${TOKEN_DRIVER}".Revoke
|
||||||
|
|
||||||
|
# Setup the openrc auth file
|
||||||
|
cat > /openrc <<EOF
|
||||||
|
export OS_AUTH_URL=http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}
|
||||||
|
export OS_USERNAME=${KEYSTONE_USER}
|
||||||
|
export OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD}
|
||||||
|
export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Create keystone user and group if they don't exist
|
||||||
|
id -u keystone &>/dev/null || useradd --user-group keystone
|
||||||
|
|
||||||
|
# Run PKI Setup script
|
||||||
|
echo "Setting up PKI"
|
||||||
|
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
|
||||||
|
|
||||||
|
# Fix permissions
|
||||||
|
chown -R keystone:keystone /var/log/keystone
|
||||||
|
chown -R keystone:keystone /etc/keystone/ssl
|
||||||
|
chmod -R o-rwx /etc/keystone/ssl
|
||||||
|
|
||||||
|
# Initialize the Keystone DB
|
||||||
|
echo "Initializing Keystone DB"
|
||||||
|
if [ "${INIT_KEYSTONE_DB}" == "true" ] ; then
|
||||||
|
su -s /bin/bash -c "keystone-manage db_sync" keystone
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Start Keystone
|
||||||
|
echo "Starting Keystone"
|
||||||
|
/usr/sbin/httpd -DFOREGROUND &
|
||||||
|
PID=$!
|
||||||
|
|
||||||
|
# Export Keystone service environment variables
|
||||||
|
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
|
||||||
|
export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
||||||
|
|
||||||
|
# Check to make sure the service is running
|
||||||
|
echo "Verifying Keystone is running"
|
||||||
|
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
|
||||||
|
echo "waiting for Keystone @ ${SERVICE_ENDPOINT}"
|
||||||
|
sleep 1;
|
||||||
|
done
|
||||||
|
echo "keystone is active @ ${SERVICE_ENDPOINT}"
|
||||||
|
|
||||||
|
# Create Keystone tenant, user, role, service and endpoints
|
||||||
|
echo "Creating Keystone tenant, user, role, service and endpoints"
|
||||||
|
crux user-create --update \
|
||||||
|
-n ${ADMIN_USER} -p "${ADMIN_USER_PASSWORD}" \
|
||||||
|
-t ${ADMIN_TENANT_NAME} -r admin
|
||||||
|
crux user-create --update \
|
||||||
|
-n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \
|
||||||
|
-t ${ADMIN_TENANT_NAME} -r admin
|
||||||
|
crux endpoint-create --remove-all \
|
||||||
|
-n keystone -t identity \
|
||||||
|
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
||||||
|
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
||||||
|
-P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
||||||
|
|
||||||
|
# Wait on all jobs to exit before proceeding (see man wait)
|
||||||
|
wait
|
@ -1,165 +1,19 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -e
|
set -o errexit
|
||||||
|
|
||||||
# Run Kolla common script
|
CMD="/usr/bin/keystone-all"
|
||||||
echo "Running the kolla-common script"
|
ARGS=""
|
||||||
. /opt/kolla/kolla-common.sh
|
|
||||||
|
|
||||||
# Credentials, token, etc..
|
# loading common functions
|
||||||
: ${ADMIN_USER:=admin}
|
source /opt/kolla/kolla-common.sh
|
||||||
: ${ADMIN_USER_PASSWORD:=password}
|
|
||||||
: ${ADMIN_TENANT_NAME:=admin}
|
|
||||||
: ${KEYSTONE_USER:=keystone}
|
|
||||||
: ${KEYSTONE_ADMIN_PASSWORD:=password}
|
|
||||||
: ${KEYSTONE_ADMIN_TOKEN:=changeme}
|
|
||||||
# DB Settings
|
|
||||||
: ${INIT_KEYSTONE_DB:=true}
|
|
||||||
: ${KEYSTONE_DB_NAME:=keystone}
|
|
||||||
: ${KEYSTONE_DB_USER:=keystone}
|
|
||||||
: ${DB_ROOT_PASSWORD:=password}
|
|
||||||
: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP}
|
|
||||||
: ${KEYSTONE_DB_PASSWORD:=password}
|
|
||||||
# Service Addresses/Ports/Version
|
|
||||||
: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP}
|
|
||||||
: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP}
|
|
||||||
: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000}
|
|
||||||
: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357}
|
|
||||||
: ${KEYSTONE_API_VERSION:=2.0}
|
|
||||||
# Logging
|
|
||||||
: ${LOG_FILE:=/var/log/keystone/keystone.log}
|
|
||||||
: ${VERBOSE_LOGGING:=true}
|
|
||||||
: ${DEBUG_LOGGING:=false}
|
|
||||||
: ${USE_STDERR:=false}
|
|
||||||
# Token provider, driver, etc..
|
|
||||||
: ${TOKEN_PROVIDER:=uuid}
|
|
||||||
: ${TOKEN_DRIVER:=sql}
|
|
||||||
|
|
||||||
## Check DB connectivity and required variables
|
set_configs
|
||||||
echo "Checking connectivity to the DB"
|
|
||||||
fail_unless_db
|
|
||||||
echo "Checking for required variables"
|
|
||||||
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \
|
|
||||||
KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \
|
|
||||||
KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \
|
|
||||||
PUBLIC_IP INIT_KEYSTONE_DB
|
|
||||||
dump_vars
|
|
||||||
|
|
||||||
# Setup the Keystone DB
|
# Bootstrap and exit if BOOTSTRAP variable is set
|
||||||
echo "Setting up Keystone DB"
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||||
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
|
su -c "keystone-manage db_sync" keystone
|
||||||
CREATE DATABASE IF NOT EXISTS ${KEYSTONE_DB_NAME};
|
exit 0
|
||||||
GRANT ALL PRIVILEGES ON ${KEYSTONE_DB_NAME}.* TO
|
|
||||||
'${KEYSTONE_DB_USER}'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# File path and name used by crudini tool
|
|
||||||
cfg=/etc/keystone/keystone.conf
|
|
||||||
|
|
||||||
# Token Configuration
|
|
||||||
echo "Configuring keystone.conf"
|
|
||||||
crudini --set $cfg \
|
|
||||||
DEFAULT \
|
|
||||||
admin_token \
|
|
||||||
"${KEYSTONE_ADMIN_TOKEN}"
|
|
||||||
|
|
||||||
# Database Configuration
|
|
||||||
crudini --set $cfg \
|
|
||||||
database \
|
|
||||||
connection \
|
|
||||||
"mysql://${KEYSTONE_DB_USER}:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${KEYSTONE_DB_NAME}"
|
|
||||||
|
|
||||||
# Logging
|
|
||||||
crudini --del $cfg \
|
|
||||||
DEFAULT \
|
|
||||||
log_dir
|
|
||||||
crudini --set $cfg \
|
|
||||||
DEFAULT \
|
|
||||||
log_file \
|
|
||||||
${LOG_FILE}
|
|
||||||
crudini --set $cfg \
|
|
||||||
DEFAULT \
|
|
||||||
verbose \
|
|
||||||
${VERBOSE_LOGGING}
|
|
||||||
crudini --set $cfg \
|
|
||||||
DEFAULT \
|
|
||||||
debug \
|
|
||||||
${DEBUG_LOGGING}
|
|
||||||
crudini --set $cfg \
|
|
||||||
DEFAULT \
|
|
||||||
use_stderr \
|
|
||||||
${USE_STDERR}
|
|
||||||
|
|
||||||
# Token Management
|
|
||||||
crudini --set $cfg \
|
|
||||||
token \
|
|
||||||
provider \
|
|
||||||
keystone.token.providers."${TOKEN_PROVIDER}".Provider
|
|
||||||
crudini --set $cfg \
|
|
||||||
token \
|
|
||||||
driver \
|
|
||||||
keystone.token.persistence.backends."${TOKEN_DRIVER}".Token
|
|
||||||
crudini --set $cfg \
|
|
||||||
revoke \
|
|
||||||
driver \
|
|
||||||
keystone.contrib.revoke.backends."${TOKEN_DRIVER}".Revoke
|
|
||||||
|
|
||||||
# Setup the openrc auth file
|
|
||||||
cat > /openrc <<EOF
|
|
||||||
export OS_AUTH_URL=http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}
|
|
||||||
export OS_USERNAME=${KEYSTONE_USER}
|
|
||||||
export OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD}
|
|
||||||
export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Create keystone user and group if they don't exist
|
|
||||||
id -u keystone &>/dev/null || useradd --user-group keystone
|
|
||||||
|
|
||||||
# Run PKI Setup script
|
|
||||||
echo "Setting up PKI"
|
|
||||||
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
|
|
||||||
|
|
||||||
# Fix permissions
|
|
||||||
chown -R keystone:keystone /var/log/keystone
|
|
||||||
chown -R keystone:keystone /etc/keystone/ssl
|
|
||||||
chmod -R o-rwx /etc/keystone/ssl
|
|
||||||
|
|
||||||
# Initialize the Keystone DB
|
|
||||||
echo "Initializing Keystone DB"
|
|
||||||
if [ "${INIT_KEYSTONE_DB}" == "true" ] ; then
|
|
||||||
su -s /bin/bash -c "keystone-manage db_sync" keystone
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Start Keystone
|
exec $CMD $ARGS
|
||||||
echo "Starting Keystone"
|
|
||||||
/usr/sbin/httpd -DFOREGROUND &
|
|
||||||
PID=$!
|
|
||||||
|
|
||||||
# Export Keystone service environment variables
|
|
||||||
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
|
|
||||||
export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
|
||||||
|
|
||||||
# Check to make sure the service is running
|
|
||||||
echo "Verifying Keystone is running"
|
|
||||||
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
|
|
||||||
echo "waiting for Keystone @ ${SERVICE_ENDPOINT}"
|
|
||||||
sleep 1;
|
|
||||||
done
|
|
||||||
echo "keystone is active @ ${SERVICE_ENDPOINT}"
|
|
||||||
|
|
||||||
# Create Keystone tenant, user, role, service and endpoints
|
|
||||||
echo "Creating Keystone tenant, user, role, service and endpoints"
|
|
||||||
crux user-create --update \
|
|
||||||
-n ${ADMIN_USER} -p "${ADMIN_USER_PASSWORD}" \
|
|
||||||
-t ${ADMIN_TENANT_NAME} -r admin
|
|
||||||
crux user-create --update \
|
|
||||||
-n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \
|
|
||||||
-t ${ADMIN_TENANT_NAME} -r admin
|
|
||||||
crux endpoint-create --remove-all \
|
|
||||||
-n keystone -t identity \
|
|
||||||
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
|
||||||
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
|
||||||
-P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
|
||||||
|
|
||||||
# Wait on all jobs to exit before proceeding (see man wait)
|
|
||||||
wait
|
|
||||||
|
0
etc/kolla/config/database.conf
Normal file
0
etc/kolla/config/database.conf
Normal file
0
etc/kolla/config/global.conf
Normal file
0
etc/kolla/config/global.conf
Normal file
0
etc/kolla/config/keystone.conf
Normal file
0
etc/kolla/config/keystone.conf
Normal file
0
etc/kolla/config/keystone/keystone.conf
Normal file
0
etc/kolla/config/keystone/keystone.conf
Normal file
0
etc/kolla/config/messaging.conf
Normal file
0
etc/kolla/config/messaging.conf
Normal file
20
etc/kolla/defaults.yml
Normal file
20
etc/kolla/defaults.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
# The options in this file can be overridden in 'globals.yml', but typically
|
||||||
|
# shouldn't be modified. A comment describing why the option exists should be
|
||||||
|
# included before each option.
|
||||||
|
|
||||||
|
# Ansible Docker module bug. This can be removed when Ansible 2.0 arrives
|
||||||
|
# https://github.com/ansible/ansible-modules-core/issues/1227
|
||||||
|
docker_api_version: "1.18"
|
||||||
|
|
||||||
|
# TODO(SamYaple): remove references to these variables in Ansible
|
||||||
|
kolla_directory: "/usr/share/kolla"
|
||||||
|
koalla_directory: "/usr/share/kolla"
|
||||||
|
|
||||||
|
# The "temp" files that are created before merge need to stay persistent due
|
||||||
|
# to the fact that ansible will register a "change" if it has to create them
|
||||||
|
# again. Persistent files allow for idempotency
|
||||||
|
node_templates_directory: "/usr/share/kolla/templates"
|
||||||
|
|
||||||
|
# The directory to store the config files on the destination node
|
||||||
|
node_config_directory: "/opt/kolla/config"
|
77
etc/kolla/globals.yml
Normal file
77
etc/kolla/globals.yml
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
---
|
||||||
|
# Please specify all passwords/secrets in the "/etc/kolla/passwords.yml"
|
||||||
|
|
||||||
|
###################
|
||||||
|
# Kolla options
|
||||||
|
###################
|
||||||
|
config_strategy: "CONFIG_EXTERNAL_COPY_ONCE"
|
||||||
|
|
||||||
|
kolla_base_distro: "centos"
|
||||||
|
kolla_install_type: "rdo"
|
||||||
|
|
||||||
|
# The Public address used to communicate with Openstack
|
||||||
|
# This must be set, but it can be an private ip. It can also be the same as the
|
||||||
|
# internal address.
|
||||||
|
kolla_external_address: "openstack.example.com"
|
||||||
|
kolla_internal_address: "10.10.10.254"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Database options
|
||||||
|
####################
|
||||||
|
database_address: "{{ keystone_internal_address }}"
|
||||||
|
database_user: "root"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Docker options
|
||||||
|
####################
|
||||||
|
docker_registry:
|
||||||
|
docker_namespace: "kollaglue"
|
||||||
|
docker_registry_username:
|
||||||
|
docker_insecure_registry: "False"
|
||||||
|
|
||||||
|
# Valid options are [ missing, always ]
|
||||||
|
docker_pull_policy: "always"
|
||||||
|
|
||||||
|
# Valid options are [ no, on-failure, always ]
|
||||||
|
docker_restart_policy: "always"
|
||||||
|
|
||||||
|
# '0' means unlimited retries
|
||||||
|
docker_restart_policy_retry: "10"
|
||||||
|
|
||||||
|
### Example: Private repository with authentication
|
||||||
|
#
|
||||||
|
# docker_registry: "172.16.0.10:5000"
|
||||||
|
# docker_namespace: "companyname"
|
||||||
|
# docker_registry_username: "sam"
|
||||||
|
# docker_registry_password: "correcthorsebatterystaple"
|
||||||
|
# docker_insecure_registry: "False"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Networking options
|
||||||
|
####################
|
||||||
|
# The interface to use for various services types
|
||||||
|
network_interface: "eth0"
|
||||||
|
|
||||||
|
# These can be adjusted for even more customization
|
||||||
|
api_interface: "{{ network_interface }}"
|
||||||
|
storage_interface: "{{ network_interface }}"
|
||||||
|
neutron_interface: "{{ network_interface }}"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Openstack options
|
||||||
|
####################
|
||||||
|
openstack_release: "latest"
|
||||||
|
|
||||||
|
openstack_logging_verbose: "True"
|
||||||
|
openstack_logging_debug: "False"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# RabbitMQ options
|
||||||
|
####################
|
||||||
|
#placeholder
|
||||||
|
|
29
etc/kolla/passwords.yml
Normal file
29
etc/kolla/passwords.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
# TODO: SamYaple
|
||||||
|
# This file should have generated values by default. Propose Ansible vault for
|
||||||
|
# locking down the secrets properly.
|
||||||
|
|
||||||
|
|
||||||
|
###################
|
||||||
|
# Database options
|
||||||
|
####################
|
||||||
|
database_password: "password"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Docker options
|
||||||
|
####################
|
||||||
|
docker_registry_password:
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Openstack options
|
||||||
|
####################
|
||||||
|
keystone_admin_token: "password"
|
||||||
|
keystone_database_password: "password"
|
||||||
|
|
||||||
|
|
||||||
|
####################
|
||||||
|
# RabbitMQ options
|
||||||
|
####################
|
||||||
|
|
@ -246,6 +246,7 @@ export OS_VOLUME_API_VERSION=$CINDER_API_VERSION
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat > ./compose/openstack.env <<EOF
|
cat > ./compose/openstack.env <<EOF
|
||||||
|
CONFIG_STRATEGY=CONFIG_INTERNAL
|
||||||
DEBUG_LOGGING=$DEBUG_LOGGING
|
DEBUG_LOGGING=$DEBUG_LOGGING
|
||||||
VERBOSE_LOGGING=$VERBOSE_LOGGING
|
VERBOSE_LOGGING=$VERBOSE_LOGGING
|
||||||
NOVA_LOG_DIR=$NOVA_LOG_DIR
|
NOVA_LOG_DIR=$NOVA_LOG_DIR
|
||||||
|
Loading…
Reference in New Issue
Block a user