Add initial config function and keystone support
Add set_configs function that implements the flow from the proposed ansible-multi spec. Move start.sh to config-internal.sh to preserve existing behaviour. config-externall.sh copies the appropriate configs in from the bind'd location and sets permissions and ownership appropriately. Partially Implements: blueprint ansible-multi Change-Id: I53fca0660451087f273fefc3c63e0d8cf1a2c096
This commit is contained in:
parent
6370bf25cb
commit
3ac7da64d1
@ -1 +0,0 @@
|
||||
koalla_directory: "/usr/share/kolla"
|
84
ansible/library/merge_configs
Normal file
84
ansible/library/merge_configs
Normal file
@ -0,0 +1,84 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
# Copyright 2015 Sam Yaple
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: merge_configs
|
||||
short_description: Merge ini-style configs
|
||||
description:
|
||||
- ConfigParser is used to merge several ini-style configs into one
|
||||
options:
|
||||
dest:
|
||||
description:
|
||||
- The destination file name
|
||||
required: True
|
||||
type: str
|
||||
sources:
|
||||
description:
|
||||
- A list of files on the destination node to merge together
|
||||
default: None
|
||||
required: True
|
||||
type: str
|
||||
author: Sam Yaple
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
Merge multiple configs:
|
||||
|
||||
- hosts: database
|
||||
tasks:
|
||||
- name: Merge configs
|
||||
merge_configs:
|
||||
sources:
|
||||
- "/tmp/config_1.cnf"
|
||||
- "/tmp/config_2.cnf"
|
||||
- "/tmp/config_3.cnf"
|
||||
dest:
|
||||
- "/etc/mysql/my.cnf"
|
||||
'''
|
||||
|
||||
import ConfigParser
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec = dict(
|
||||
sources = dict(required=True, type='list'),
|
||||
dest = dict(required=True, type='str'),
|
||||
)
|
||||
)
|
||||
|
||||
try:
|
||||
sources = module.params.pop('sources')
|
||||
dest = module.params.pop('dest')
|
||||
|
||||
config = ConfigParser.ConfigParser()
|
||||
|
||||
for source_file in sources:
|
||||
config.read(source_file)
|
||||
|
||||
with open(dest, 'wb') as dest_file:
|
||||
config.write(dest_file)
|
||||
|
||||
module.exit_json(changed=True)
|
||||
except Exception, e:
|
||||
changed = True
|
||||
module.exit_json(failed=True, changed=changed, msg=repr(e))
|
||||
|
||||
|
||||
# import module snippets
|
||||
from ansible.module_utils.basic import *
|
||||
if __name__ == '__main__':
|
||||
main()
|
34
ansible/roles/bootstrap.yml
Normal file
34
ansible/roles/bootstrap.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
- name: Creating database
|
||||
mysql_db:
|
||||
login_host: "{{ database_address }}"
|
||||
login_user: "{{ database_user }}"
|
||||
login_password: "{{ database_password }}"
|
||||
name: "{{ service_database_name }}"
|
||||
register: database
|
||||
run_once: True
|
||||
|
||||
- name: Creating database user and setting permissions
|
||||
mysql_user:
|
||||
login_host: "{{ database_address }}"
|
||||
login_user: "{{ database_user }}"
|
||||
login_password: "{{ database_password }}"
|
||||
name: "{{ service_database_name }}"
|
||||
password: "{{ service_database_password }}"
|
||||
host: "%"
|
||||
priv: "{{ service_database_name }}.*:ALL"
|
||||
append_privs: "yes"
|
||||
run_once: True
|
||||
|
||||
- include: start.yml
|
||||
vars:
|
||||
run_once: True
|
||||
when: database|changed
|
||||
|
||||
- name: Cleaning up boostrap container
|
||||
docker:
|
||||
name: "{{ container_name }}"
|
||||
image: "{{ container_image }}"
|
||||
state: "absent"
|
||||
run_once: True
|
||||
when: database|changed
|
24
ansible/roles/config.yml
Normal file
24
ansible/roles/config.yml
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
- name: Ensuring templates config directory exists
|
||||
file:
|
||||
path: "{{ node_templates_directory }}/{{ project_name }}"
|
||||
state: "directory"
|
||||
recurse: yes
|
||||
|
||||
- name: Ensuring config directory exists
|
||||
file:
|
||||
path: "{{ node_config_directory }}/{{ project_name }}"
|
||||
state: "directory"
|
||||
|
||||
- name: Copying over config(s)
|
||||
template:
|
||||
src: "{{ item.0 }}"
|
||||
dest: "{{ item.1 }}"
|
||||
with_together:
|
||||
- config_source
|
||||
- config_template_dest
|
||||
|
||||
- name: Merging the config files and saving to the final destination
|
||||
merge_configs:
|
||||
sources: "{{ config_template_dest }}"
|
||||
dest: "{{ config_dest }}"
|
42
ansible/roles/keystone/defaults/main.yml
Normal file
42
ansible/roles/keystone/defaults/main.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
project_name: "keystone"
|
||||
|
||||
####################
|
||||
# Database
|
||||
####################
|
||||
keystone_database_name: "keystone"
|
||||
keystone_database_user: "keystone"
|
||||
keystone_database_address: "{{ kolla_internal_address }}"
|
||||
|
||||
# Do not override "service_*" variables
|
||||
service_database_name: "{{ keystone_database_name }}"
|
||||
service_database_user: "{{ keystone_database_user }}"
|
||||
service_database_password: "{{ keystone_database_password }}"
|
||||
|
||||
|
||||
####################
|
||||
# Docker
|
||||
####################
|
||||
docker_keystone_registry: "{{ docker_registry }}"
|
||||
docker_keystone_namespace: "{{ docker_namespace }}"
|
||||
kolla_keystone_base_distro: "{{ kolla_base_distro }}"
|
||||
kolla_keystone_install_type: "{{ kolla_install_type }}"
|
||||
kolla_keystone_container_name: "keystone"
|
||||
|
||||
docker_keystone_image: "{{ docker_keystone_registry }}{{ docker_keystone_namespace }}/{{ kolla_keystone_base_distro }}-{{ kolla_keystone_install_type }}-{{ kolla_keystone_container_name }}"
|
||||
docker_keystone_tag: "{{ openstack_release }}"
|
||||
docker_keystone_image_full: "{{ docker_keystone_image }}:{{ docker_keystone_tag }}"
|
||||
|
||||
|
||||
####################
|
||||
# Openstack
|
||||
####################
|
||||
keystone_public_address: "{{ kolla_external_address }}"
|
||||
keystone_admin_address: "{{ kolla_internal_address }}"
|
||||
keystone_internal_address: "{{ kolla_internal_address }}"
|
||||
|
||||
keystone_public_port: "5000"
|
||||
keystone_admin_port: "35357"
|
||||
|
||||
keystone_logging_verbose: "{{ openstack_logging_verbose }}"
|
||||
keystone_logging_debug: "{{ openstack_logging_debug }}"
|
14
ansible/roles/keystone/tasks/bootstrap.yml
Normal file
14
ansible/roles/keystone/tasks/bootstrap.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
# "detach: False" ensures we will be able to wait until the database bootstrap
|
||||
# is finished. We can also check the exit code and catch errors if the database
|
||||
# initialization does not successfully finish
|
||||
- include: ../../bootstrap.yml
|
||||
vars:
|
||||
container_detach: False
|
||||
container_environment:
|
||||
BOOTSTRAP:
|
||||
CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||
container_image: "{{ docker_keystone_image_full }}"
|
||||
container_name: "bootstrap_keystone"
|
||||
container_volumes:
|
||||
- "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro"
|
16
ansible/roles/keystone/tasks/config.yml
Normal file
16
ansible/roles/keystone/tasks/config.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
- include: ../../config.yml
|
||||
vars:
|
||||
config_source:
|
||||
- "roles/keystone/templates/keystone.conf.j2"
|
||||
- "/etc/kolla/config/global.conf"
|
||||
- "/etc/kolla/config/database.conf"
|
||||
- "/etc/kolla/config/messaging.conf"
|
||||
- "/etc/kolla/config/keystone.conf"
|
||||
config_template_dest:
|
||||
- "{{ node_templates_directory }}/keystone/keystone.conf_minimal"
|
||||
- "{{ node_templates_directory }}/keystone/keystone.conf_global"
|
||||
- "{{ node_templates_directory }}/keystone/keystone.conf_database"
|
||||
- "{{ node_templates_directory }}/keystone/keystone.conf_messaging"
|
||||
- "{{ node_templates_directory }}/keystone/keystone.conf_augment"
|
||||
config_dest: "{{ node_config_directory }}/keystone/keystone.conf"
|
@ -1,7 +1,8 @@
|
||||
---
|
||||
- name: Bringing up keystone service(s)
|
||||
docker_compose:
|
||||
project_name: keystone
|
||||
compose_file: "{{ koalla_directory }}/compose/keystone.yml"
|
||||
command: up
|
||||
no_recreate: true
|
||||
- include: config.yml
|
||||
|
||||
- include: bootstrap.yml
|
||||
|
||||
- include: start.yml
|
||||
|
||||
#- include: register.yml
|
||||
|
12
ansible/roles/keystone/tasks/register.yml
Normal file
12
ansible/roles/keystone/tasks/register.yml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
# NB: Not an Attorney
|
||||
#
|
||||
# Upstream ansible will have all of the new modules we need based on
|
||||
# the shade library. They are written, but the keystone modules haven't3
|
||||
# been merged yet. None of the modules will land before Ansible 2.0.
|
||||
#
|
||||
# These new modules will be relicensed using ASL2.0 as the result of a
|
||||
# gentlemen's agreement that the Kolla authors will not alter the Shade code.
|
||||
# This does not place additional restrictions on the license of this work. The
|
||||
# relicense agreement is based upon trust, not something legally binding and
|
||||
# has no binding impact on the license of Kolla..
|
9
ansible/roles/keystone/tasks/start.yml
Normal file
9
ansible/roles/keystone/tasks/start.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
- include: ../../start.yml
|
||||
vars:
|
||||
container_environment:
|
||||
CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||
container_image: "{{ docker_keystone_image_full }}"
|
||||
container_name: "keystone"
|
||||
container_volumes:
|
||||
- "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro"
|
13
ansible/roles/keystone/templates/keystone.conf.j2
Normal file
13
ansible/roles/keystone/templates/keystone.conf.j2
Normal file
@ -0,0 +1,13 @@
|
||||
[DEFAULT]
|
||||
verbose = {{ keystone_logging_verbose }}
|
||||
debug = {{ keystone_logging_debug }}
|
||||
|
||||
bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
|
||||
|
||||
admin_token = {{ keystone_admin_token }}
|
||||
|
||||
public_endpoint = http://{{ keystone_public_address }}:{{ keystone_public_port }}
|
||||
admin_endpoint = http://{{ keystone_admin_address }}:{{ keystone_admin_port }}
|
||||
|
||||
[database]
|
||||
connection = mysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
|
30
ansible/roles/start.yml
Normal file
30
ansible/roles/start.yml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
# Using "state: reloaded" will restart the container if a new image is
|
||||
# pulled or the paramaters are modified.
|
||||
#
|
||||
# "pull: always" will _always_ pull the latest image. It registers a
|
||||
# change when the image has changed, regardless of "state"
|
||||
#
|
||||
# Due to a bug in the ansible docker module it doesnt properly supply the
|
||||
# docker_api_version from docker-py, so we specify it here. This will be
|
||||
# removed when the bugfix makes it downstream
|
||||
|
||||
- name: Starting the container
|
||||
docker:
|
||||
detach: "{{ container_detach | default('True') }}"
|
||||
env: "{{ container_environment }}"
|
||||
docker_api_version: "{{ docker_api_version }}"
|
||||
image: "{{ container_image }}"
|
||||
insecure_registry: "{{ docker_insecure_registry }}"
|
||||
name: "{{ container_name }}"
|
||||
net: host
|
||||
password: "{{ docker_registry_password }}"
|
||||
privileged: "{{ container_privileged | default('False') }}"
|
||||
pull: "{{ docker_pull_policy }}"
|
||||
registry: "{{ docker_registry }}"
|
||||
restart_policy: "{{ docker_restart_policy }}"
|
||||
restart_policy_retry: "{{ docker_restart_policy_retry }}"
|
||||
state: reloaded
|
||||
username: "{{ docker_registry_username }}"
|
||||
volumes: "{{ container_volumes }}"
|
||||
run_once: "{{ run_once | default('False') }}"
|
@ -17,8 +17,8 @@ RUN chown -R keystone:keystone /var/www/cgi-bin/keystone
|
||||
RUN chmod 755 /var/www/cgi-bin/keystone/*
|
||||
|
||||
# Add start-up and check scripts
|
||||
COPY ./start.sh /start.sh
|
||||
COPY ./check.sh /check.sh
|
||||
COPY start.sh check.sh /
|
||||
COPY config-internal.sh config-external.sh /opt/kolla/
|
||||
|
||||
# Run the Keystone start script
|
||||
CMD ["/start.sh"]
|
||||
|
1
docker/centos/binary/keystone/config-external.sh
Symbolic link
1
docker/centos/binary/keystone/config-external.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../../../common/keystone/config-external.sh
|
1
docker/centos/binary/keystone/config-internal.sh
Symbolic link
1
docker/centos/binary/keystone/config-internal.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../../../common/keystone/config-internal.sh
|
@ -168,3 +168,27 @@ dump_vars() {
|
||||
set +o posix
|
||||
}
|
||||
|
||||
set_configs() {
|
||||
case $KOLLA_CONFIG_STRATEGY in
|
||||
CONFIG_INTERNAL)
|
||||
# exec is intentional to preserve existing behaviour
|
||||
exec /opt/kolla/config-internal.sh
|
||||
;;
|
||||
CONFIG_EXTERNAL_COPY_ALWAYS)
|
||||
source /opt/kolla/config-exernal.sh
|
||||
;;
|
||||
CONFIG_EXTERNAL_COPY_ONCE)
|
||||
if [[ -f /configured ]]; then
|
||||
echo 'INFO - This container has already been configured; Refusing to copy new configs'
|
||||
return
|
||||
fi
|
||||
source /opt/kolla/config-exernal.sh
|
||||
touch /configured
|
||||
;;
|
||||
|
||||
*)
|
||||
echo '$CONFIG_STRATEGY is not set properly'
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
7
docker/common/keystone/config-external.sh
Normal file
7
docker/common/keystone/config-external.sh
Normal file
@ -0,0 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [[ -f /opt/kolla/keystone/keystone.conf ]]; then
|
||||
cp /opt/kolla/keystone/keystone.conf /etc/keystone/keystone.conf
|
||||
chown keystone: /etc/keystone/keystone.conf
|
||||
chmod 0644 /etc/keystone/keystone.conf
|
||||
fi
|
165
docker/common/keystone/config-internal.sh
Executable file
165
docker/common/keystone/config-internal.sh
Executable file
@ -0,0 +1,165 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# Run Kolla common script
|
||||
echo "Running the kolla-common script"
|
||||
. /opt/kolla/kolla-common.sh
|
||||
|
||||
# Credentials, token, etc..
|
||||
: ${ADMIN_USER:=admin}
|
||||
: ${ADMIN_USER_PASSWORD:=password}
|
||||
: ${ADMIN_TENANT_NAME:=admin}
|
||||
: ${KEYSTONE_USER:=keystone}
|
||||
: ${KEYSTONE_ADMIN_PASSWORD:=password}
|
||||
: ${KEYSTONE_ADMIN_TOKEN:=changeme}
|
||||
# DB Settings
|
||||
: ${INIT_KEYSTONE_DB:=true}
|
||||
: ${KEYSTONE_DB_NAME:=keystone}
|
||||
: ${KEYSTONE_DB_USER:=keystone}
|
||||
: ${DB_ROOT_PASSWORD:=password}
|
||||
: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP}
|
||||
: ${KEYSTONE_DB_PASSWORD:=password}
|
||||
# Service Addresses/Ports/Version
|
||||
: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP}
|
||||
: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP}
|
||||
: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000}
|
||||
: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357}
|
||||
: ${KEYSTONE_API_VERSION:=2.0}
|
||||
# Logging
|
||||
: ${LOG_FILE:=/var/log/keystone/keystone.log}
|
||||
: ${VERBOSE_LOGGING:=true}
|
||||
: ${DEBUG_LOGGING:=false}
|
||||
: ${USE_STDERR:=false}
|
||||
# Token provider, driver, etc..
|
||||
: ${TOKEN_PROVIDER:=uuid}
|
||||
: ${TOKEN_DRIVER:=sql}
|
||||
|
||||
## Check DB connectivity and required variables
|
||||
echo "Checking connectivity to the DB"
|
||||
fail_unless_db
|
||||
echo "Checking for required variables"
|
||||
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \
|
||||
KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \
|
||||
KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \
|
||||
PUBLIC_IP INIT_KEYSTONE_DB
|
||||
dump_vars
|
||||
|
||||
# Setup the Keystone DB
|
||||
echo "Setting up Keystone DB"
|
||||
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
|
||||
CREATE DATABASE IF NOT EXISTS ${KEYSTONE_DB_NAME};
|
||||
GRANT ALL PRIVILEGES ON ${KEYSTONE_DB_NAME}.* TO
|
||||
'${KEYSTONE_DB_USER}'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
|
||||
EOF
|
||||
|
||||
# File path and name used by crudini tool
|
||||
cfg=/etc/keystone/keystone.conf
|
||||
|
||||
# Token Configuration
|
||||
echo "Configuring keystone.conf"
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
admin_token \
|
||||
"${KEYSTONE_ADMIN_TOKEN}"
|
||||
|
||||
# Database Configuration
|
||||
crudini --set $cfg \
|
||||
database \
|
||||
connection \
|
||||
"mysql://${KEYSTONE_DB_USER}:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${KEYSTONE_DB_NAME}"
|
||||
|
||||
# Logging
|
||||
crudini --del $cfg \
|
||||
DEFAULT \
|
||||
log_dir
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
log_file \
|
||||
${LOG_FILE}
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
verbose \
|
||||
${VERBOSE_LOGGING}
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
debug \
|
||||
${DEBUG_LOGGING}
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
use_stderr \
|
||||
${USE_STDERR}
|
||||
|
||||
# Token Management
|
||||
crudini --set $cfg \
|
||||
token \
|
||||
provider \
|
||||
keystone.token.providers."${TOKEN_PROVIDER}".Provider
|
||||
crudini --set $cfg \
|
||||
token \
|
||||
driver \
|
||||
keystone.token.persistence.backends."${TOKEN_DRIVER}".Token
|
||||
crudini --set $cfg \
|
||||
revoke \
|
||||
driver \
|
||||
keystone.contrib.revoke.backends."${TOKEN_DRIVER}".Revoke
|
||||
|
||||
# Setup the openrc auth file
|
||||
cat > /openrc <<EOF
|
||||
export OS_AUTH_URL=http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}
|
||||
export OS_USERNAME=${KEYSTONE_USER}
|
||||
export OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD}
|
||||
export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
|
||||
EOF
|
||||
|
||||
# Create keystone user and group if they don't exist
|
||||
id -u keystone &>/dev/null || useradd --user-group keystone
|
||||
|
||||
# Run PKI Setup script
|
||||
echo "Setting up PKI"
|
||||
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
|
||||
|
||||
# Fix permissions
|
||||
chown -R keystone:keystone /var/log/keystone
|
||||
chown -R keystone:keystone /etc/keystone/ssl
|
||||
chmod -R o-rwx /etc/keystone/ssl
|
||||
|
||||
# Initialize the Keystone DB
|
||||
echo "Initializing Keystone DB"
|
||||
if [ "${INIT_KEYSTONE_DB}" == "true" ] ; then
|
||||
su -s /bin/bash -c "keystone-manage db_sync" keystone
|
||||
fi
|
||||
|
||||
# Start Keystone
|
||||
echo "Starting Keystone"
|
||||
/usr/sbin/httpd -DFOREGROUND &
|
||||
PID=$!
|
||||
|
||||
# Export Keystone service environment variables
|
||||
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
|
||||
export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
||||
|
||||
# Check to make sure the service is running
|
||||
echo "Verifying Keystone is running"
|
||||
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
|
||||
echo "waiting for Keystone @ ${SERVICE_ENDPOINT}"
|
||||
sleep 1;
|
||||
done
|
||||
echo "keystone is active @ ${SERVICE_ENDPOINT}"
|
||||
|
||||
# Create Keystone tenant, user, role, service and endpoints
|
||||
echo "Creating Keystone tenant, user, role, service and endpoints"
|
||||
crux user-create --update \
|
||||
-n ${ADMIN_USER} -p "${ADMIN_USER_PASSWORD}" \
|
||||
-t ${ADMIN_TENANT_NAME} -r admin
|
||||
crux user-create --update \
|
||||
-n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \
|
||||
-t ${ADMIN_TENANT_NAME} -r admin
|
||||
crux endpoint-create --remove-all \
|
||||
-n keystone -t identity \
|
||||
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
||||
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
||||
-P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
||||
|
||||
# Wait on all jobs to exit before proceeding (see man wait)
|
||||
wait
|
@ -1,165 +1,19 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
set -o errexit
|
||||
|
||||
# Run Kolla common script
|
||||
echo "Running the kolla-common script"
|
||||
. /opt/kolla/kolla-common.sh
|
||||
CMD="/usr/bin/keystone-all"
|
||||
ARGS=""
|
||||
|
||||
# Credentials, token, etc..
|
||||
: ${ADMIN_USER:=admin}
|
||||
: ${ADMIN_USER_PASSWORD:=password}
|
||||
: ${ADMIN_TENANT_NAME:=admin}
|
||||
: ${KEYSTONE_USER:=keystone}
|
||||
: ${KEYSTONE_ADMIN_PASSWORD:=password}
|
||||
: ${KEYSTONE_ADMIN_TOKEN:=changeme}
|
||||
# DB Settings
|
||||
: ${INIT_KEYSTONE_DB:=true}
|
||||
: ${KEYSTONE_DB_NAME:=keystone}
|
||||
: ${KEYSTONE_DB_USER:=keystone}
|
||||
: ${DB_ROOT_PASSWORD:=password}
|
||||
: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP}
|
||||
: ${KEYSTONE_DB_PASSWORD:=password}
|
||||
# Service Addresses/Ports/Version
|
||||
: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP}
|
||||
: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP}
|
||||
: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000}
|
||||
: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357}
|
||||
: ${KEYSTONE_API_VERSION:=2.0}
|
||||
# Logging
|
||||
: ${LOG_FILE:=/var/log/keystone/keystone.log}
|
||||
: ${VERBOSE_LOGGING:=true}
|
||||
: ${DEBUG_LOGGING:=false}
|
||||
: ${USE_STDERR:=false}
|
||||
# Token provider, driver, etc..
|
||||
: ${TOKEN_PROVIDER:=uuid}
|
||||
: ${TOKEN_DRIVER:=sql}
|
||||
# loading common functions
|
||||
source /opt/kolla/kolla-common.sh
|
||||
|
||||
## Check DB connectivity and required variables
|
||||
echo "Checking connectivity to the DB"
|
||||
fail_unless_db
|
||||
echo "Checking for required variables"
|
||||
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \
|
||||
KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \
|
||||
KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \
|
||||
PUBLIC_IP INIT_KEYSTONE_DB
|
||||
dump_vars
|
||||
set_configs
|
||||
|
||||
# Setup the Keystone DB
|
||||
echo "Setting up Keystone DB"
|
||||
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
|
||||
CREATE DATABASE IF NOT EXISTS ${KEYSTONE_DB_NAME};
|
||||
GRANT ALL PRIVILEGES ON ${KEYSTONE_DB_NAME}.* TO
|
||||
'${KEYSTONE_DB_USER}'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
|
||||
EOF
|
||||
|
||||
# File path and name used by crudini tool
|
||||
cfg=/etc/keystone/keystone.conf
|
||||
|
||||
# Token Configuration
|
||||
echo "Configuring keystone.conf"
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
admin_token \
|
||||
"${KEYSTONE_ADMIN_TOKEN}"
|
||||
|
||||
# Database Configuration
|
||||
crudini --set $cfg \
|
||||
database \
|
||||
connection \
|
||||
"mysql://${KEYSTONE_DB_USER}:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${KEYSTONE_DB_NAME}"
|
||||
|
||||
# Logging
|
||||
crudini --del $cfg \
|
||||
DEFAULT \
|
||||
log_dir
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
log_file \
|
||||
${LOG_FILE}
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
verbose \
|
||||
${VERBOSE_LOGGING}
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
debug \
|
||||
${DEBUG_LOGGING}
|
||||
crudini --set $cfg \
|
||||
DEFAULT \
|
||||
use_stderr \
|
||||
${USE_STDERR}
|
||||
|
||||
# Token Management
|
||||
crudini --set $cfg \
|
||||
token \
|
||||
provider \
|
||||
keystone.token.providers."${TOKEN_PROVIDER}".Provider
|
||||
crudini --set $cfg \
|
||||
token \
|
||||
driver \
|
||||
keystone.token.persistence.backends."${TOKEN_DRIVER}".Token
|
||||
crudini --set $cfg \
|
||||
revoke \
|
||||
driver \
|
||||
keystone.contrib.revoke.backends."${TOKEN_DRIVER}".Revoke
|
||||
|
||||
# Setup the openrc auth file
|
||||
cat > /openrc <<EOF
|
||||
export OS_AUTH_URL=http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}
|
||||
export OS_USERNAME=${KEYSTONE_USER}
|
||||
export OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD}
|
||||
export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
|
||||
EOF
|
||||
|
||||
# Create keystone user and group if they don't exist
|
||||
id -u keystone &>/dev/null || useradd --user-group keystone
|
||||
|
||||
# Run PKI Setup script
|
||||
echo "Setting up PKI"
|
||||
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
|
||||
|
||||
# Fix permissions
|
||||
chown -R keystone:keystone /var/log/keystone
|
||||
chown -R keystone:keystone /etc/keystone/ssl
|
||||
chmod -R o-rwx /etc/keystone/ssl
|
||||
|
||||
# Initialize the Keystone DB
|
||||
echo "Initializing Keystone DB"
|
||||
if [ "${INIT_KEYSTONE_DB}" == "true" ] ; then
|
||||
su -s /bin/bash -c "keystone-manage db_sync" keystone
|
||||
# Bootstrap and exit if BOOTSTRAP variable is set
|
||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||
su -c "keystone-manage db_sync" keystone
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Start Keystone
|
||||
echo "Starting Keystone"
|
||||
/usr/sbin/httpd -DFOREGROUND &
|
||||
PID=$!
|
||||
|
||||
# Export Keystone service environment variables
|
||||
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
|
||||
export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
||||
|
||||
# Check to make sure the service is running
|
||||
echo "Verifying Keystone is running"
|
||||
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
|
||||
echo "waiting for Keystone @ ${SERVICE_ENDPOINT}"
|
||||
sleep 1;
|
||||
done
|
||||
echo "keystone is active @ ${SERVICE_ENDPOINT}"
|
||||
|
||||
# Create Keystone tenant, user, role, service and endpoints
|
||||
echo "Creating Keystone tenant, user, role, service and endpoints"
|
||||
crux user-create --update \
|
||||
-n ${ADMIN_USER} -p "${ADMIN_USER_PASSWORD}" \
|
||||
-t ${ADMIN_TENANT_NAME} -r admin
|
||||
crux user-create --update \
|
||||
-n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \
|
||||
-t ${ADMIN_TENANT_NAME} -r admin
|
||||
crux endpoint-create --remove-all \
|
||||
-n keystone -t identity \
|
||||
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
||||
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
||||
-P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
||||
|
||||
# Wait on all jobs to exit before proceeding (see man wait)
|
||||
wait
|
||||
exec $CMD $ARGS
|
||||
|
0
etc/kolla/config/database.conf
Normal file
0
etc/kolla/config/database.conf
Normal file
0
etc/kolla/config/global.conf
Normal file
0
etc/kolla/config/global.conf
Normal file
0
etc/kolla/config/keystone.conf
Normal file
0
etc/kolla/config/keystone.conf
Normal file
0
etc/kolla/config/keystone/keystone.conf
Normal file
0
etc/kolla/config/keystone/keystone.conf
Normal file
0
etc/kolla/config/messaging.conf
Normal file
0
etc/kolla/config/messaging.conf
Normal file
20
etc/kolla/defaults.yml
Normal file
20
etc/kolla/defaults.yml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
# The options in this file can be overridden in 'globals.yml', but typically
|
||||
# shouldn't be modified. A comment describing why the option exists should be
|
||||
# included before each option.
|
||||
|
||||
# Ansible Docker module bug. This can be removed when Ansible 2.0 arrives
|
||||
# https://github.com/ansible/ansible-modules-core/issues/1227
|
||||
docker_api_version: "1.18"
|
||||
|
||||
# TODO(SamYaple): remove references to these variables in Ansible
|
||||
kolla_directory: "/usr/share/kolla"
|
||||
koalla_directory: "/usr/share/kolla"
|
||||
|
||||
# The "temp" files that are created before merge need to stay persistent due
|
||||
# to the fact that ansible will register a "change" if it has to create them
|
||||
# again. Persistent files allow for idempotency
|
||||
node_templates_directory: "/usr/share/kolla/templates"
|
||||
|
||||
# The directory to store the config files on the destination node
|
||||
node_config_directory: "/opt/kolla/config"
|
77
etc/kolla/globals.yml
Normal file
77
etc/kolla/globals.yml
Normal file
@ -0,0 +1,77 @@
|
||||
---
|
||||
# Please specify all passwords/secrets in the "/etc/kolla/passwords.yml"
|
||||
|
||||
###################
|
||||
# Kolla options
|
||||
###################
|
||||
config_strategy: "CONFIG_EXTERNAL_COPY_ONCE"
|
||||
|
||||
kolla_base_distro: "centos"
|
||||
kolla_install_type: "rdo"
|
||||
|
||||
# The Public address used to communicate with Openstack
|
||||
# This must be set, but it can be an private ip. It can also be the same as the
|
||||
# internal address.
|
||||
kolla_external_address: "openstack.example.com"
|
||||
kolla_internal_address: "10.10.10.254"
|
||||
|
||||
|
||||
####################
|
||||
# Database options
|
||||
####################
|
||||
database_address: "{{ keystone_internal_address }}"
|
||||
database_user: "root"
|
||||
|
||||
|
||||
####################
|
||||
# Docker options
|
||||
####################
|
||||
docker_registry:
|
||||
docker_namespace: "kollaglue"
|
||||
docker_registry_username:
|
||||
docker_insecure_registry: "False"
|
||||
|
||||
# Valid options are [ missing, always ]
|
||||
docker_pull_policy: "always"
|
||||
|
||||
# Valid options are [ no, on-failure, always ]
|
||||
docker_restart_policy: "always"
|
||||
|
||||
# '0' means unlimited retries
|
||||
docker_restart_policy_retry: "10"
|
||||
|
||||
### Example: Private repository with authentication
|
||||
#
|
||||
# docker_registry: "172.16.0.10:5000"
|
||||
# docker_namespace: "companyname"
|
||||
# docker_registry_username: "sam"
|
||||
# docker_registry_password: "correcthorsebatterystaple"
|
||||
# docker_insecure_registry: "False"
|
||||
|
||||
|
||||
####################
|
||||
# Networking options
|
||||
####################
|
||||
# The interface to use for various services types
|
||||
network_interface: "eth0"
|
||||
|
||||
# These can be adjusted for even more customization
|
||||
api_interface: "{{ network_interface }}"
|
||||
storage_interface: "{{ network_interface }}"
|
||||
neutron_interface: "{{ network_interface }}"
|
||||
|
||||
|
||||
####################
|
||||
# Openstack options
|
||||
####################
|
||||
openstack_release: "latest"
|
||||
|
||||
openstack_logging_verbose: "True"
|
||||
openstack_logging_debug: "False"
|
||||
|
||||
|
||||
####################
|
||||
# RabbitMQ options
|
||||
####################
|
||||
#placeholder
|
||||
|
29
etc/kolla/passwords.yml
Normal file
29
etc/kolla/passwords.yml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
# TODO: SamYaple
|
||||
# This file should have generated values by default. Propose Ansible vault for
|
||||
# locking down the secrets properly.
|
||||
|
||||
|
||||
###################
|
||||
# Database options
|
||||
####################
|
||||
database_password: "password"
|
||||
|
||||
|
||||
####################
|
||||
# Docker options
|
||||
####################
|
||||
docker_registry_password:
|
||||
|
||||
|
||||
####################
|
||||
# Openstack options
|
||||
####################
|
||||
keystone_admin_token: "password"
|
||||
keystone_database_password: "password"
|
||||
|
||||
|
||||
####################
|
||||
# RabbitMQ options
|
||||
####################
|
||||
|
@ -246,6 +246,7 @@ export OS_VOLUME_API_VERSION=$CINDER_API_VERSION
|
||||
EOF
|
||||
|
||||
cat > ./compose/openstack.env <<EOF
|
||||
CONFIG_STRATEGY=CONFIG_INTERNAL
|
||||
DEBUG_LOGGING=$DEBUG_LOGGING
|
||||
VERBOSE_LOGGING=$VERBOSE_LOGGING
|
||||
NOVA_LOG_DIR=$NOVA_LOG_DIR
|
||||
|
Loading…
Reference in New Issue
Block a user