Merge "Implements: blueprint container-set-api-control"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
cfc2e1fa80
@ -2,14 +2,13 @@ FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%base
|
|||||||
MAINTAINER Kolla Project (https://launchpad.net/kolla)
|
MAINTAINER Kolla Project (https://launchpad.net/kolla)
|
||||||
|
|
||||||
#Install required packages
|
#Install required packages
|
||||||
RUN yum install -y openstack-keystone \
|
RUN yum -y install openstack-keystone \
|
||||||
openstack-utils \
|
python-keystoneclient \
|
||||||
mariadb \
|
|
||||||
; yum clean all
|
; yum clean all
|
||||||
|
|
||||||
ADD ./start.sh /start.sh
|
# Add start-up and check scripts
|
||||||
ADD ./check.sh /check.sh
|
ADD ./start.sh /opt/kolla/start.sh
|
||||||
|
ADD ./check.sh /opt/kolla/check.sh
|
||||||
|
|
||||||
EXPOSE 5000 35357
|
# Run the Keystone start script
|
||||||
|
CMD ["/opt/kolla/start.sh"]
|
||||||
CMD ["/start.sh"]
|
|
||||||
|
|||||||
@ -2,77 +2,168 @@
|
|||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
: ${KEYSTONE_ADMIN_PASSWORD:=kolla}
|
# Run Kolla common script
|
||||||
: ${ADMIN_TENANT_NAME:=admin}
|
echo "Running the kolla-common script"
|
||||||
|
|
||||||
. /opt/kolla/kolla-common.sh
|
. /opt/kolla/kolla-common.sh
|
||||||
|
|
||||||
|
# Credentials, token, etc..
|
||||||
|
: ${KEYSTONE_USER:=keystone}
|
||||||
|
: ${KEYSTONE_ADMIN_PASSWORD:=password}
|
||||||
|
: ${ADMIN_TENANT_NAME:=admin}
|
||||||
|
: ${KEYSTONE_ADMIN_TOKEN:=changeme}
|
||||||
|
# DB Settings
|
||||||
|
: ${INIT_DB:=true}
|
||||||
|
: ${KEYSTONE_DB_NAME:=keystone}
|
||||||
|
: ${KEYSTONE_DB_USER:=keystone}
|
||||||
|
: ${DB_ROOT_PASSWORD:=password}
|
||||||
|
: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP}
|
||||||
|
: ${KEYSTONE_DB_PASSWORD:=password}
|
||||||
|
# Service Addresses/Ports/Version
|
||||||
|
: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP}
|
||||||
|
: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP}
|
||||||
|
: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000}
|
||||||
|
: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357}
|
||||||
|
: ${KEYSTONE_API_VERSION:=2.0}
|
||||||
|
# Logging
|
||||||
|
: ${LOG_FILE:=/var/log/keystone/keystone.log}
|
||||||
|
: ${VERBOSE_LOGGING:=true}
|
||||||
|
: ${DEBUG_LOGGING:=false}
|
||||||
|
: ${USE_STDERR:=false}
|
||||||
|
# Token provider, driver, etc..
|
||||||
|
: ${TOKEN_PROVIDER:=uuid}
|
||||||
|
: ${TOKEN_DRIVER:=sql}
|
||||||
|
|
||||||
|
## Check DB connectivity and required variables
|
||||||
|
echo "Checking connectivity to the DB"
|
||||||
check_for_db
|
check_for_db
|
||||||
|
echo "Checking for required variables"
|
||||||
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \
|
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \
|
||||||
KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \
|
KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \
|
||||||
KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \
|
KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \
|
||||||
PUBLIC_IP
|
PUBLIC_IP
|
||||||
dump_vars
|
dump_vars
|
||||||
|
|
||||||
|
# Setup the Keystone DB
|
||||||
|
echo "Setting up Keystone DB"
|
||||||
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
|
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
|
||||||
CREATE DATABASE IF NOT EXISTS keystone;
|
CREATE DATABASE IF NOT EXISTS ${KEYSTONE_DB_NAME};
|
||||||
GRANT ALL PRIVILEGES ON keystone.* TO
|
GRANT ALL PRIVILEGES ON ${KEYSTONE_DB_NAME}.* TO
|
||||||
'keystone'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
|
'${KEYSTONE_DB_USER}'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
crudini --set /etc/keystone/keystone.conf \
|
# File path and name used by crudini tool
|
||||||
database \
|
cfg=/etc/keystone/keystone.conf
|
||||||
connection \
|
|
||||||
"mysql://keystone:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/keystone"
|
# Token Configuration
|
||||||
crudini --set /etc/keystone/keystone.conf \
|
echo "Configuring keystone.conf"
|
||||||
|
crudini --set $cfg \
|
||||||
DEFAULT \
|
DEFAULT \
|
||||||
admin_token \
|
admin_token \
|
||||||
"${KEYSTONE_ADMIN_TOKEN}"
|
"${KEYSTONE_ADMIN_TOKEN}"
|
||||||
crudini --set /etc/keystone/keystone.conf \
|
|
||||||
DEFAULT \
|
# Database Configuration
|
||||||
log_file \
|
crudini --set $cfg \
|
||||||
""
|
database \
|
||||||
crudini --del /etc/keystone/keystone.conf \
|
connection \
|
||||||
|
"mysql://${KEYSTONE_DB_USER}:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${KEYSTONE_DB_NAME}"
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
crudini --del $cfg \
|
||||||
DEFAULT \
|
DEFAULT \
|
||||||
log_dir
|
log_dir
|
||||||
crudini --set /etc/keystone/keystone.conf DEFAULT use_stderr True
|
crudini --set $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
log_file \
|
||||||
|
${LOG_FILE}
|
||||||
|
crudini --set $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
verbose \
|
||||||
|
${VERBOSE_LOGGING}
|
||||||
|
crudini --set $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
debug \
|
||||||
|
${DEBUG_LOGGING}
|
||||||
|
crudini --set $cfg \
|
||||||
|
DEFAULT \
|
||||||
|
use_stderr \
|
||||||
|
${USE_STDERR}
|
||||||
|
|
||||||
|
# Token Management
|
||||||
|
crudini --set $cfg \
|
||||||
|
token \
|
||||||
|
provider \
|
||||||
|
keystone.token.providers."${TOKEN_PROVIDER}".Provider
|
||||||
|
crudini --set $cfg \
|
||||||
|
token \
|
||||||
|
driver \
|
||||||
|
keystone.token.persistence.backends."${TOKEN_DRIVER}".Token
|
||||||
|
crudini --set $cfg \
|
||||||
|
revoke \
|
||||||
|
driver \
|
||||||
|
keystone.contrib.revoke.backends."${TOKEN_DRIVER}".Revoke
|
||||||
|
|
||||||
|
# Setup the openrc auth file
|
||||||
cat > /openrc <<EOF
|
cat > /openrc <<EOF
|
||||||
export OS_AUTH_URL="http://${KEYSTONE_PUBLIC_SERVICE_HOST}:5000/v2.0"
|
export OS_AUTH_URL=http://"${KEYSTONE_PUBLIC_SERVICE_HOST}":"${KEYSTONE_PUBLIC_SERVICE_PORT}/v"${KEYSTONE_API_VERSION}"
|
||||||
export OS_USERNAME=admin
|
export OS_USERNAME=admin
|
||||||
export OS_PASSWORD="${KEYSTONE_ADMIN_PASSWORD}"
|
export OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD}
|
||||||
export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
|
export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
/usr/bin/keystone-manage db_sync
|
# Run PKI Setup script
|
||||||
|
echo "Setting up PKI"
|
||||||
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
|
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
|
||||||
|
|
||||||
|
# Fix permissions
|
||||||
|
chown -R keystone:keystone /var/log/keystone
|
||||||
|
chown -R keystone:keystone /etc/keystone/ssl
|
||||||
|
chmod -R o-rwx /etc/keystone/ssl
|
||||||
|
|
||||||
|
# Initialize the Keystone DB
|
||||||
|
echo "Initializing Keystone DB"
|
||||||
|
if [ "${INIT_DB}" == "true" ] ; then
|
||||||
|
su -s /bin/sh -c "keystone-manage db_sync" keystone
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Start Keystone
|
||||||
|
echo "Starting Keystone"
|
||||||
/usr/bin/keystone-all &
|
/usr/bin/keystone-all &
|
||||||
PID=$!
|
PID=$!
|
||||||
|
|
||||||
|
# Export Keystone service environment variables
|
||||||
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
|
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
|
||||||
export SERVICE_ENDPOINT="http://${PUBLIC_IP}:35357/v2.0"
|
export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
||||||
|
|
||||||
|
# Check to make sure the service is running
|
||||||
|
echo "Verifying Keystone is running"
|
||||||
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
|
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
|
||||||
echo "waiting for keystone @ ${SERVICE_ENDPOINT}"
|
echo "waiting for Keystone @ ${SERVICE_ENDPOINT}"
|
||||||
sleep 1;
|
sleep 1;
|
||||||
done
|
done
|
||||||
echo "keystone is active @ ${SERVICE_ENDPOINT}"
|
echo "keystone is active @ ${SERVICE_ENDPOINT}"
|
||||||
|
|
||||||
|
# Create Keystone tenant, user, role, service and endpoints
|
||||||
|
echo "Creating Keystone tenant, user, role, service and endpoints"
|
||||||
crux user-create --update \
|
crux user-create --update \
|
||||||
-n admin -p "${KEYSTONE_ADMIN_PASSWORD}" \
|
-n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \
|
||||||
-t admin -r admin
|
-t ${ADMIN_TENANT_NAME} -r admin
|
||||||
crux endpoint-create --remove-all \
|
crux endpoint-create --remove-all \
|
||||||
-n keystone -t identity \
|
-n keystone -t identity \
|
||||||
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:5000/v2.0" \
|
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
||||||
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:35357/v2.0" \
|
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
|
||||||
-P "http://${PUBLIC_IP}:5000/v2.0"
|
-P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
|
||||||
|
|
||||||
|
# Stop Keystone service
|
||||||
|
echo "Stopping Keystone for changes to take effect."
|
||||||
kill -TERM $PID
|
kill -TERM $PID
|
||||||
|
|
||||||
|
# Check to make sure the service is stopped
|
||||||
|
echo "Making sure the Keystone service is stopped."
|
||||||
while curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
|
while curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
|
||||||
echo "waiting for keystone @ ${SERVICE_ENDPOINT} to exit"
|
echo "waiting for keystone @ ${SERVICE_ENDPOINT} to exit"
|
||||||
sleep 1;
|
sleep 1;
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Start Keystone again for final changes to take effect
|
||||||
echo "Running keystone service."
|
echo "Running keystone service."
|
||||||
exec /usr/bin/keystone-all
|
exec /usr/bin/keystone-all
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user