openstack
/
kolla
Code Issues Proposed changes

Add initial config function and keystone support 

Add set_configs function that implements the flow from the proposed
ansible-multi spec. Move start.sh to config-internal.sh to preserve existing
behaviour.

config-externall.sh copies the appropriate configs in from the bind'd
location and sets permissions and ownership appropriately.

Partially Implements: blueprint ansible-multi

Change-Id: I53fca0660451087f273fefc3c63e0d8cf1a2c096
This commit is contained in:
Sam Yaple 2015-06-17 08:11:44 +00:00
parent 6370bf25cb
commit 3ac7da64d1
28 changed files with 623 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/group_vars/all.yml
View File

@ -1 +0,0 @@
koalla_directory: "/usr/share/kolla"

84
ansible/library/merge_configs Normal file
View File

@ -0,0 +1,84 @@
#!/usr/bin/python
# Copyright 2015 Sam Yaple
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
DOCUMENTATION = '''
---
module: merge_configs
short_description: Merge ini-style configs
description:
- ConfigParser is used to merge several ini-style configs into one
options:
dest:
description:
- The destination file name
required: True
type: str
sources:
description:
- A list of files on the destination node to merge together
default: None
required: True
type: str
author: Sam Yaple
'''
EXAMPLES = '''
Merge multiple configs:
- hosts: database
tasks:
- name: Merge configs
merge_configs:
sources:
- "/tmp/config_1.cnf"
- "/tmp/config_2.cnf"
- "/tmp/config_3.cnf"
dest:
- "/etc/mysql/my.cnf"
'''
import ConfigParser
def main():
module = AnsibleModule(
argument_spec = dict(
sources = dict(required=True, type='list'),
dest = dict(required=True, type='str'),
)
)
try:
sources = module.params.pop('sources')
dest = module.params.pop('dest')
config = ConfigParser.ConfigParser()
for source_file in sources:
config.read(source_file)
with open(dest, 'wb') as dest_file:
config.write(dest_file)
module.exit_json(changed=True)
except Exception, e:
changed = True
module.exit_json(failed=True, changed=changed, msg=repr(e))
# import module snippets
from ansible.module_utils.basic import *
if __name__ == '__main__':
main()

34
ansible/roles/bootstrap.yml Normal file
View File

@ -0,0 +1,34 @@
---
- name: Creating database
mysql_db:
login_host: "{{ database_address }}"
login_user: "{{ database_user }}"
login_password: "{{ database_password }}"
name: "{{ service_database_name }}"
register: database
run_once: True
- name: Creating database user and setting permissions
mysql_user:
login_host: "{{ database_address }}"
login_user: "{{ database_user }}"
login_password: "{{ database_password }}"
name: "{{ service_database_name }}"
password: "{{ service_database_password }}"
host: "%"
priv: "{{ service_database_name }}.*:ALL"
append_privs: "yes"
run_once: True
- include: start.yml
vars:
run_once: True
when: database|changed
- name: Cleaning up boostrap container
docker:
name: "{{ container_name }}"
image: "{{ container_image }}"
state: "absent"
run_once: True
when: database|changed

24
ansible/roles/config.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: Ensuring templates config directory exists
file:
path: "{{ node_templates_directory }}/{{ project_name }}"
state: "directory"
recurse: yes
- name: Ensuring config directory exists
file:
path: "{{ node_config_directory }}/{{ project_name }}"
state: "directory"
- name: Copying over config(s)
template:
src: "{{ item.0 }}"
dest: "{{ item.1 }}"
with_together:
- config_source
- config_template_dest
- name: Merging the config files and saving to the final destination
merge_configs:
sources: "{{ config_template_dest }}"
dest: "{{ config_dest }}"

42
ansible/roles/keystone/defaults/main.yml Normal file
View File

@ -0,0 +1,42 @@
---
project_name: "keystone"
####################
# Database
####################
keystone_database_name: "keystone"
keystone_database_user: "keystone"
keystone_database_address: "{{ kolla_internal_address }}"
# Do not override "service_*" variables
service_database_name: "{{ keystone_database_name }}"
service_database_user: "{{ keystone_database_user }}"
service_database_password: "{{ keystone_database_password }}"
####################
# Docker
####################
docker_keystone_registry: "{{ docker_registry }}"
docker_keystone_namespace: "{{ docker_namespace }}"
kolla_keystone_base_distro: "{{ kolla_base_distro }}"
kolla_keystone_install_type: "{{ kolla_install_type }}"
kolla_keystone_container_name: "keystone"
docker_keystone_image: "{{ docker_keystone_registry }}{{ docker_keystone_namespace }}/{{ kolla_keystone_base_distro }}-{{ kolla_keystone_install_type }}-{{ kolla_keystone_container_name }}"
docker_keystone_tag: "{{ openstack_release }}"
docker_keystone_image_full: "{{ docker_keystone_image }}:{{ docker_keystone_tag }}"
####################
# Openstack
####################
keystone_public_address: "{{ kolla_external_address }}"
keystone_admin_address: "{{ kolla_internal_address }}"
keystone_internal_address: "{{ kolla_internal_address }}"
keystone_public_port: "5000"
keystone_admin_port: "35357"
keystone_logging_verbose: "{{ openstack_logging_verbose }}"
keystone_logging_debug: "{{ openstack_logging_debug }}"

14
ansible/roles/keystone/tasks/bootstrap.yml Normal file
View File

@ -0,0 +1,14 @@
---
# "detach: False" ensures we will be able to wait until the database bootstrap
# is finished. We can also check the exit code and catch errors if the database
# initialization does not successfully finish
- include: ../../bootstrap.yml
vars:
container_detach: False
container_environment:
BOOTSTRAP:
CONFIG_STRATEGY: "{{ config_strategy }}"
container_image: "{{ docker_keystone_image_full }}"
container_name: "bootstrap_keystone"
container_volumes:
- "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro"

16
ansible/roles/keystone/tasks/config.yml Normal file
View File

@ -0,0 +1,16 @@
---
- include: ../../config.yml
vars:
config_source:
- "roles/keystone/templates/keystone.conf.j2"
- "/etc/kolla/config/global.conf"
- "/etc/kolla/config/database.conf"
- "/etc/kolla/config/messaging.conf"
- "/etc/kolla/config/keystone.conf"
config_template_dest:
- "{{ node_templates_directory }}/keystone/keystone.conf_minimal"
- "{{ node_templates_directory }}/keystone/keystone.conf_global"
- "{{ node_templates_directory }}/keystone/keystone.conf_database"
- "{{ node_templates_directory }}/keystone/keystone.conf_messaging"
- "{{ node_templates_directory }}/keystone/keystone.conf_augment"
config_dest: "{{ node_config_directory }}/keystone/keystone.conf"

13
ansible/roles/keystone/tasks/main.yml
View File

@ -1,7 +1,8 @@
---
- name: Bringing up keystone service(s)
docker_compose:
project_name: keystone
compose_file: "{{ koalla_directory }}/compose/keystone.yml"
command: up
no_recreate: true
- include: config.yml
- include: bootstrap.yml
- include: start.yml
#- include: register.yml

12
ansible/roles/keystone/tasks/register.yml Normal file
View File

@ -0,0 +1,12 @@
---
# NB: Not an Attorney
#
# Upstream ansible will have all of the new modules we need based on
# the shade library. They are written, but the keystone modules haven't3
# been merged yet. None of the modules will land before Ansible 2.0.
#
# These new modules will be relicensed using ASL2.0 as the result of a
# gentlemen's agreement that the Kolla authors will not alter the Shade code.
# This does not place additional restrictions on the license of this work. The
# relicense agreement is based upon trust, not something legally binding and
# has no binding impact on the license of Kolla..

9
ansible/roles/keystone/tasks/start.yml Normal file
View File

@ -0,0 +1,9 @@
---
- include: ../../start.yml
vars:
container_environment:
CONFIG_STRATEGY: "{{ config_strategy }}"
container_image: "{{ docker_keystone_image_full }}"
container_name: "keystone"
container_volumes:
- "{{ node_config_directory }}/keystone/:/opt/kolla/configs/keystone/:ro"

13
ansible/roles/keystone/templates/keystone.conf.j2 Normal file
View File

@ -0,0 +1,13 @@
[DEFAULT]
verbose = {{ keystone_logging_verbose }}
debug = {{ keystone_logging_debug }}
bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
admin_token = {{ keystone_admin_token }}
public_endpoint = http://{{ keystone_public_address }}:{{ keystone_public_port }}
admin_endpoint = http://{{ keystone_admin_address }}:{{ keystone_admin_port }}
[database]
connection = mysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}

30
ansible/roles/start.yml Normal file
View File

@ -0,0 +1,30 @@
---
# Using "state: reloaded" will restart the container if a new image is
# pulled or the paramaters are modified.
#
# "pull: always" will _always_ pull the latest image. It registers a
# change when the image has changed, regardless of "state"
#
# Due to a bug in the ansible docker module it doesnt properly supply the
# docker_api_version from docker-py, so we specify it here. This will be
# removed when the bugfix makes it downstream
- name: Starting the container
docker:
detach: "{{ container_detach | default('True') }}"
env: "{{ container_environment }}"
docker_api_version: "{{ docker_api_version }}"
image: "{{ container_image }}"
insecure_registry: "{{ docker_insecure_registry }}"
name: "{{ container_name }}"
net: host
password: "{{ docker_registry_password }}"
privileged: "{{ container_privileged | default('False') }}"
pull: "{{ docker_pull_policy }}"
registry: "{{ docker_registry }}"
restart_policy: "{{ docker_restart_policy }}"
restart_policy_retry: "{{ docker_restart_policy_retry }}"
state: reloaded
username: "{{ docker_registry_username }}"
volumes: "{{ container_volumes }}"
run_once: "{{ run_once | default('False') }}"

4
docker/centos/binary/keystone/Dockerfile
View File

@ -17,8 +17,8 @@ RUN chown -R keystone:keystone /var/www/cgi-bin/keystone
RUN chmod 755 /var/www/cgi-bin/keystone/*
# Add start-up and check scripts
COPY ./start.sh /start.sh
COPY ./check.sh /check.sh
COPY start.sh check.sh /
COPY config-internal.sh config-external.sh /opt/kolla/
# Run the Keystone start script
CMD ["/start.sh"]

1
docker/centos/binary/keystone/config-external.sh Symbolic link
View File

@ -0,0 +1 @@
../../../common/keystone/config-external.sh

1
docker/centos/binary/keystone/config-internal.sh Symbolic link
View File

@ -0,0 +1 @@
../../../common/keystone/config-internal.sh

24
docker/common/base/kolla-common.sh
View File

@ -168,3 +168,27 @@ dump_vars() {
set +o posix
}
set_configs() {
case $KOLLA_CONFIG_STRATEGY in
CONFIG_INTERNAL)
# exec is intentional to preserve existing behaviour
exec /opt/kolla/config-internal.sh
;;
CONFIG_EXTERNAL_COPY_ALWAYS)
source /opt/kolla/config-exernal.sh
;;
CONFIG_EXTERNAL_COPY_ONCE)
if [[ -f /configured ]]; then
echo 'INFO - This container has already been configured; Refusing to copy new configs'
return
fi
source /opt/kolla/config-exernal.sh
touch /configured
;;
*)
echo '$CONFIG_STRATEGY is not set properly'
exit 1
;;
esac
}

7
docker/common/keystone/config-external.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
if [[ -f /opt/kolla/keystone/keystone.conf ]]; then
cp /opt/kolla/keystone/keystone.conf /etc/keystone/keystone.conf
chown keystone: /etc/keystone/keystone.conf
chmod 0644 /etc/keystone/keystone.conf
fi

165
docker/common/keystone/config-internal.sh Executable file
View File

@ -0,0 +1,165 @@
#!/bin/bash
set -e
# Run Kolla common script
echo "Running the kolla-common script"
. /opt/kolla/kolla-common.sh
# Credentials, token, etc..
: ${ADMIN_USER:=admin}
: ${ADMIN_USER_PASSWORD:=password}
: ${ADMIN_TENANT_NAME:=admin}
: ${KEYSTONE_USER:=keystone}
: ${KEYSTONE_ADMIN_PASSWORD:=password}
: ${KEYSTONE_ADMIN_TOKEN:=changeme}
# DB Settings
: ${INIT_KEYSTONE_DB:=true}
: ${KEYSTONE_DB_NAME:=keystone}
: ${KEYSTONE_DB_USER:=keystone}
: ${DB_ROOT_PASSWORD:=password}
: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP}
: ${KEYSTONE_DB_PASSWORD:=password}
# Service Addresses/Ports/Version
: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP}
: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP}
: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000}
: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357}
: ${KEYSTONE_API_VERSION:=2.0}
# Logging
: ${LOG_FILE:=/var/log/keystone/keystone.log}
: ${VERBOSE_LOGGING:=true}
: ${DEBUG_LOGGING:=false}
: ${USE_STDERR:=false}
# Token provider, driver, etc..
: ${TOKEN_PROVIDER:=uuid}
: ${TOKEN_DRIVER:=sql}
## Check DB connectivity and required variables
echo "Checking connectivity to the DB"
fail_unless_db
echo "Checking for required variables"
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \
KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \
KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \
PUBLIC_IP INIT_KEYSTONE_DB
dump_vars
# Setup the Keystone DB
echo "Setting up Keystone DB"
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
CREATE DATABASE IF NOT EXISTS ${KEYSTONE_DB_NAME};
GRANT ALL PRIVILEGES ON ${KEYSTONE_DB_NAME}.* TO
'${KEYSTONE_DB_USER}'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
EOF
# File path and name used by crudini tool
cfg=/etc/keystone/keystone.conf
# Token Configuration
echo "Configuring keystone.conf"
crudini --set $cfg \
DEFAULT \
admin_token \
"${KEYSTONE_ADMIN_TOKEN}"
# Database Configuration
crudini --set $cfg \
database \
connection \
"mysql://${KEYSTONE_DB_USER}:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${KEYSTONE_DB_NAME}"
# Logging
crudini --del $cfg \
DEFAULT \
log_dir
crudini --set $cfg \
DEFAULT \
log_file \
${LOG_FILE}
crudini --set $cfg \
DEFAULT \
verbose \
${VERBOSE_LOGGING}
crudini --set $cfg \
DEFAULT \
debug \
${DEBUG_LOGGING}
crudini --set $cfg \
DEFAULT \
use_stderr \
${USE_STDERR}
# Token Management
crudini --set $cfg \
token \
provider \
keystone.token.providers."${TOKEN_PROVIDER}".Provider
crudini --set $cfg \
token \
driver \
keystone.token.persistence.backends."${TOKEN_DRIVER}".Token
crudini --set $cfg \
revoke \
driver \
keystone.contrib.revoke.backends."${TOKEN_DRIVER}".Revoke
# Setup the openrc auth file
cat > /openrc <<EOF
export OS_AUTH_URL=http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}
export OS_USERNAME=${KEYSTONE_USER}
export OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD}
export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
EOF
# Create keystone user and group if they don't exist
id -u keystone &>/dev/null || useradd --user-group keystone
# Run PKI Setup script
echo "Setting up PKI"
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# Fix permissions
chown -R keystone:keystone /var/log/keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
# Initialize the Keystone DB
echo "Initializing Keystone DB"
if [ "${INIT_KEYSTONE_DB}" == "true" ] ; then
su -s /bin/bash -c "keystone-manage db_sync" keystone
fi
# Start Keystone
echo "Starting Keystone"
/usr/sbin/httpd -DFOREGROUND &
PID=$!
# Export Keystone service environment variables
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
# Check to make sure the service is running
echo "Verifying Keystone is running"
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
echo "waiting for Keystone @ ${SERVICE_ENDPOINT}"
sleep 1;
done
echo "keystone is active @ ${SERVICE_ENDPOINT}"
# Create Keystone tenant, user, role, service and endpoints
echo "Creating Keystone tenant, user, role, service and endpoints"
crux user-create --update \
-n ${ADMIN_USER} -p "${ADMIN_USER_PASSWORD}" \
-t ${ADMIN_TENANT_NAME} -r admin
crux user-create --update \
-n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \
-t ${ADMIN_TENANT_NAME} -r admin
crux endpoint-create --remove-all \
-n keystone -t identity \
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
-P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
# Wait on all jobs to exit before proceeding (see man wait)
wait

168
docker/common/keystone/start.sh
View File

@ -1,165 +1,19 @@
#!/bin/bash
set -e
set -o errexit
# Run Kolla common script
echo "Running the kolla-common script"
. /opt/kolla/kolla-common.sh
CMD="/usr/bin/keystone-all"
ARGS=""
# Credentials, token, etc..
: ${ADMIN_USER:=admin}
: ${ADMIN_USER_PASSWORD:=password}
: ${ADMIN_TENANT_NAME:=admin}
: ${KEYSTONE_USER:=keystone}
: ${KEYSTONE_ADMIN_PASSWORD:=password}
: ${KEYSTONE_ADMIN_TOKEN:=changeme}
# DB Settings
: ${INIT_KEYSTONE_DB:=true}
: ${KEYSTONE_DB_NAME:=keystone}
: ${KEYSTONE_DB_USER:=keystone}
: ${DB_ROOT_PASSWORD:=password}
: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP}
: ${KEYSTONE_DB_PASSWORD:=password}
# Service Addresses/Ports/Version
: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP}
: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP}
: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000}
: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357}
: ${KEYSTONE_API_VERSION:=2.0}
# Logging
: ${LOG_FILE:=/var/log/keystone/keystone.log}
: ${VERBOSE_LOGGING:=true}
: ${DEBUG_LOGGING:=false}
: ${USE_STDERR:=false}
# Token provider, driver, etc..
: ${TOKEN_PROVIDER:=uuid}
: ${TOKEN_DRIVER:=sql}
# loading common functions
source /opt/kolla/kolla-common.sh
## Check DB connectivity and required variables
echo "Checking connectivity to the DB"
fail_unless_db
echo "Checking for required variables"
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \
KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \
KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \
PUBLIC_IP INIT_KEYSTONE_DB
dump_vars
set_configs
# Setup the Keystone DB
echo "Setting up Keystone DB"
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
CREATE DATABASE IF NOT EXISTS ${KEYSTONE_DB_NAME};
GRANT ALL PRIVILEGES ON ${KEYSTONE_DB_NAME}.* TO
'${KEYSTONE_DB_USER}'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
EOF
# File path and name used by crudini tool
cfg=/etc/keystone/keystone.conf
# Token Configuration
echo "Configuring keystone.conf"
crudini --set $cfg \
DEFAULT \
admin_token \
"${KEYSTONE_ADMIN_TOKEN}"
# Database Configuration
crudini --set $cfg \
database \
connection \
"mysql://${KEYSTONE_DB_USER}:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${KEYSTONE_DB_NAME}"
# Logging
crudini --del $cfg \
DEFAULT \
log_dir
crudini --set $cfg \
DEFAULT \
log_file \
${LOG_FILE}
crudini --set $cfg \
DEFAULT \
verbose \
${VERBOSE_LOGGING}
crudini --set $cfg \
DEFAULT \
debug \
${DEBUG_LOGGING}
crudini --set $cfg \
DEFAULT \
use_stderr \
${USE_STDERR}
# Token Management
crudini --set $cfg \
token \
provider \
keystone.token.providers."${TOKEN_PROVIDER}".Provider
crudini --set $cfg \
token \
driver \
keystone.token.persistence.backends."${TOKEN_DRIVER}".Token
crudini --set $cfg \
revoke \
driver \
keystone.contrib.revoke.backends."${TOKEN_DRIVER}".Revoke
# Setup the openrc auth file
cat > /openrc <<EOF
export OS_AUTH_URL=http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}
export OS_USERNAME=${KEYSTONE_USER}
export OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD}
export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
EOF
# Create keystone user and group if they don't exist
id -u keystone &>/dev/null || useradd --user-group keystone
# Run PKI Setup script
echo "Setting up PKI"
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# Fix permissions
chown -R keystone:keystone /var/log/keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
# Initialize the Keystone DB
echo "Initializing Keystone DB"
if [ "${INIT_KEYSTONE_DB}" == "true" ] ; then
su -s /bin/bash -c "keystone-manage db_sync" keystone
# Bootstrap and exit if BOOTSTRAP variable is set
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
su -c "keystone-manage db_sync" keystone
exit 0
fi
# Start Keystone
echo "Starting Keystone"
/usr/sbin/httpd -DFOREGROUND &
PID=$!
# Export Keystone service environment variables
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
# Check to make sure the service is running
echo "Verifying Keystone is running"
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
echo "waiting for Keystone @ ${SERVICE_ENDPOINT}"
sleep 1;
done
echo "keystone is active @ ${SERVICE_ENDPOINT}"
# Create Keystone tenant, user, role, service and endpoints
echo "Creating Keystone tenant, user, role, service and endpoints"
crux user-create --update \
-n ${ADMIN_USER} -p "${ADMIN_USER_PASSWORD}" \
-t ${ADMIN_TENANT_NAME} -r admin
crux user-create --update \
-n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \
-t ${ADMIN_TENANT_NAME} -r admin
crux endpoint-create --remove-all \
-n keystone -t identity \
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
-P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
# Wait on all jobs to exit before proceeding (see man wait)
wait
exec $CMD $ARGS

0
etc/kolla/config/database.conf Normal file
View File

0
etc/kolla/config/global.conf Normal file
View File

0
etc/kolla/config/keystone.conf Normal file
View File

0
etc/kolla/config/keystone/keystone.conf Normal file
View File

0
etc/kolla/config/messaging.conf Normal file
View File

20
etc/kolla/defaults.yml Normal file
View File

@ -0,0 +1,20 @@
---
# The options in this file can be overridden in 'globals.yml', but typically
# shouldn't be modified. A comment describing why the option exists should be
# included before each option.
# Ansible Docker module bug. This can be removed when Ansible 2.0 arrives
# https://github.com/ansible/ansible-modules-core/issues/1227
docker_api_version: "1.18"
# TODO(SamYaple): remove references to these variables in Ansible
kolla_directory: "/usr/share/kolla"
koalla_directory: "/usr/share/kolla"
# The "temp" files that are created before merge need to stay persistent due
# to the fact that ansible will register a "change" if it has to create them
# again. Persistent files allow for idempotency
node_templates_directory: "/usr/share/kolla/templates"
# The directory to store the config files on the destination node
node_config_directory: "/opt/kolla/config"

77
etc/kolla/globals.yml Normal file
View File

@ -0,0 +1,77 @@
---
# Please specify all passwords/secrets in the "/etc/kolla/passwords.yml"
###################
# Kolla options
###################
config_strategy: "CONFIG_EXTERNAL_COPY_ONCE"
kolla_base_distro: "centos"
kolla_install_type: "rdo"
# The Public address used to communicate with Openstack
# This must be set, but it can be an private ip. It can also be the same as the
# internal address.
kolla_external_address: "openstack.example.com"
kolla_internal_address: "10.10.10.254"
####################
# Database options
####################
database_address: "{{ keystone_internal_address }}"
database_user: "root"
####################
# Docker options
####################
docker_registry:
docker_namespace: "kollaglue"
docker_registry_username:
docker_insecure_registry: "False"
# Valid options are [ missing, always ]
docker_pull_policy: "always"
# Valid options are [ no, on-failure, always ]
docker_restart_policy: "always"
# '0' means unlimited retries
docker_restart_policy_retry: "10"
### Example: Private repository with authentication
#
# docker_registry: "172.16.0.10:5000"
# docker_namespace: "companyname"
# docker_registry_username: "sam"
# docker_registry_password: "correcthorsebatterystaple"
# docker_insecure_registry: "False"
####################
# Networking options
####################
# The interface to use for various services types
network_interface: "eth0"
# These can be adjusted for even more customization
api_interface: "{{ network_interface }}"
storage_interface: "{{ network_interface }}"
neutron_interface: "{{ network_interface }}"
####################
# Openstack options
####################
openstack_release: "latest"
openstack_logging_verbose: "True"
openstack_logging_debug: "False"
####################
# RabbitMQ options
####################
#placeholder

29
etc/kolla/passwords.yml Normal file
View File

@ -0,0 +1,29 @@
---
# TODO: SamYaple
# This file should have generated values by default. Propose Ansible vault for
# locking down the secrets properly.
###################
# Database options
####################
database_password: "password"
####################
# Docker options
####################
docker_registry_password:
####################
# Openstack options
####################
keystone_admin_token: "password"
keystone_database_password: "password"
####################
# RabbitMQ options
####################

1
tools/genenv
View File

@ -246,6 +246,7 @@ export OS_VOLUME_API_VERSION=$CINDER_API_VERSION
EOF
cat > ./compose/openstack.env <<EOF
CONFIG_STRATEGY=CONFIG_INTERNAL
DEBUG_LOGGING=$DEBUG_LOGGING
VERBOSE_LOGGING=$VERBOSE_LOGGING
NOVA_LOG_DIR=$NOVA_LOG_DIR