Implements: blueprint container-set-api-control

Adds Keystone Container-Set support

Previously, Keystone containers were configured for use in a
Kubernetes environment. This patch removed k8s dependencies and
adds container set functionality.

Change-Id: I131ce205857110bbee49fe81a4a005f9e273ce09
This commit is contained in:
Daneyon Hansen 2015-02-27 03:02:48 +00:00
parent 787f5d1b80
commit dafbaf05ed
2 changed files with 126 additions and 36 deletions

View File

@ -2,14 +2,13 @@ FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%base
MAINTAINER Kolla Project (https://launchpad.net/kolla)
#Install required packages
RUN yum install -y openstack-keystone \
openstack-utils \
mariadb \
; yum clean all
RUN yum -y install openstack-keystone \
python-keystoneclient \
; yum clean all
ADD ./start.sh /start.sh
ADD ./check.sh /check.sh
# Add start-up and check scripts
ADD ./start.sh /opt/kolla/start.sh
ADD ./check.sh /opt/kolla/check.sh
EXPOSE 5000 35357
CMD ["/start.sh"]
# Run the Keystone start script
CMD ["/opt/kolla/start.sh"]

View File

@ -2,77 +2,168 @@
set -e
: ${KEYSTONE_ADMIN_PASSWORD:=kolla}
: ${ADMIN_TENANT_NAME:=admin}
# Run Kolla common script
echo "Running the kolla-common script"
. /opt/kolla/kolla-common.sh
# Credentials, token, etc..
: ${KEYSTONE_USER:=keystone}
: ${KEYSTONE_ADMIN_PASSWORD:=password}
: ${ADMIN_TENANT_NAME:=admin}
: ${KEYSTONE_ADMIN_TOKEN:=changeme}
# DB Settings
: ${INIT_DB:=true}
: ${KEYSTONE_DB_NAME:=keystone}
: ${KEYSTONE_DB_USER:=keystone}
: ${DB_ROOT_PASSWORD:=password}
: ${MARIADB_SERVICE_HOST:=$PUBLIC_IP}
: ${KEYSTONE_DB_PASSWORD:=password}
# Service Addresses/Ports/Version
: ${KEYSTONE_PUBLIC_SERVICE_HOST:=$PUBLIC_IP}
: ${KEYSTONE_ADMIN_SERVICE_HOST:=$PUBLIC_IP}
: ${KEYSTONE_PUBLIC_SERVICE_PORT:=5000}
: ${KEYSTONE_ADMIN_SERVICE_PORT:=35357}
: ${KEYSTONE_API_VERSION:=2.0}
# Logging
: ${LOG_FILE:=/var/log/keystone/keystone.log}
: ${VERBOSE_LOGGING:=true}
: ${DEBUG_LOGGING:=false}
: ${USE_STDERR:=false}
# Token provider, driver, etc..
: ${TOKEN_PROVIDER:=uuid}
: ${TOKEN_DRIVER:=sql}
## Check DB connectivity and required variables
echo "Checking connectivity to the DB"
check_for_db
echo "Checking for required variables"
check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_DB_PASSWORD \
KEYSTONE_ADMIN_PASSWORD ADMIN_TENANT_NAME \
KEYSTONE_PUBLIC_SERVICE_HOST KEYSTONE_ADMIN_SERVICE_HOST \
PUBLIC_IP
dump_vars
# Setup the Keystone DB
echo "Setting up Keystone DB"
mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
CREATE DATABASE IF NOT EXISTS keystone;
GRANT ALL PRIVILEGES ON keystone.* TO
'keystone'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
CREATE DATABASE IF NOT EXISTS ${KEYSTONE_DB_NAME};
GRANT ALL PRIVILEGES ON ${KEYSTONE_DB_NAME}.* TO
'${KEYSTONE_DB_USER}'@'%' IDENTIFIED BY '${KEYSTONE_DB_PASSWORD}'
EOF
crudini --set /etc/keystone/keystone.conf \
database \
connection \
"mysql://keystone:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/keystone"
crudini --set /etc/keystone/keystone.conf \
# File path and name used by crudini tool
cfg=/etc/keystone/keystone.conf
# Token Configuration
echo "Configuring keystone.conf"
crudini --set $cfg \
DEFAULT \
admin_token \
"${KEYSTONE_ADMIN_TOKEN}"
crudini --set /etc/keystone/keystone.conf \
DEFAULT \
log_file \
""
crudini --del /etc/keystone/keystone.conf \
# Database Configuration
crudini --set $cfg \
database \
connection \
"mysql://${KEYSTONE_DB_USER}:${KEYSTONE_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${KEYSTONE_DB_NAME}"
# Logging
crudini --del $cfg \
DEFAULT \
log_dir
crudini --set /etc/keystone/keystone.conf DEFAULT use_stderr True
crudini --set $cfg \
DEFAULT \
log_file \
${LOG_FILE}
crudini --set $cfg \
DEFAULT \
verbose \
${VERBOSE_LOGGING}
crudini --set $cfg \
DEFAULT \
debug \
${DEBUG_LOGGING}
crudini --set $cfg \
DEFAULT \
use_stderr \
${USE_STDERR}
# Token Management
crudini --set $cfg \
token \
provider \
keystone.token.providers."${TOKEN_PROVIDER}".Provider
crudini --set $cfg \
token \
driver \
keystone.token.persistence.backends."${TOKEN_DRIVER}".Token
crudini --set $cfg \
revoke \
driver \
keystone.contrib.revoke.backends."${TOKEN_DRIVER}".Revoke
# Setup the openrc auth file
cat > /openrc <<EOF
export OS_AUTH_URL="http://${KEYSTONE_PUBLIC_SERVICE_HOST}:5000/v2.0"
export OS_AUTH_URL=http://"${KEYSTONE_PUBLIC_SERVICE_HOST}":"${KEYSTONE_PUBLIC_SERVICE_PORT}/v"${KEYSTONE_API_VERSION}"
export OS_USERNAME=admin
export OS_PASSWORD="${KEYSTONE_ADMIN_PASSWORD}"
export OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD}
export OS_TENANT_NAME=${ADMIN_TENANT_NAME}
EOF
/usr/bin/keystone-manage db_sync
# Run PKI Setup script
echo "Setting up PKI"
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# Fix permissions
chown -R keystone:keystone /var/log/keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
# Initialize the Keystone DB
echo "Initializing Keystone DB"
if [ "${INIT_DB}" == "true" ] ; then
su -s /bin/sh -c "keystone-manage db_sync" keystone
fi
# Start Keystone
echo "Starting Keystone"
/usr/bin/keystone-all &
PID=$!
# Export Keystone service environment variables
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
export SERVICE_ENDPOINT="http://${PUBLIC_IP}:35357/v2.0"
export SERVICE_ENDPOINT="http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
# Check to make sure the service is running
echo "Verifying Keystone is running"
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
echo "waiting for keystone @ ${SERVICE_ENDPOINT}"
echo "waiting for Keystone @ ${SERVICE_ENDPOINT}"
sleep 1;
done
echo "keystone is active @ ${SERVICE_ENDPOINT}"
# Create Keystone tenant, user, role, service and endpoints
echo "Creating Keystone tenant, user, role, service and endpoints"
crux user-create --update \
-n admin -p "${KEYSTONE_ADMIN_PASSWORD}" \
-t admin -r admin
-n ${KEYSTONE_USER} -p "${KEYSTONE_ADMIN_PASSWORD}" \
-t ${ADMIN_TENANT_NAME} -r admin
crux endpoint-create --remove-all \
-n keystone -t identity \
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:5000/v2.0" \
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:35357/v2.0" \
-P "http://${PUBLIC_IP}:5000/v2.0"
-I "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
-A "http://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v${KEYSTONE_API_VERSION}" \
-P "http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v${KEYSTONE_API_VERSION}"
# Stop Keystone service
echo "Stopping Keystone for changes to take effect."
kill -TERM $PID
# Check to make sure the service is stopped
echo "Making sure the Keystone service is stopped."
while curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
echo "waiting for keystone @ ${SERVICE_ENDPOINT} to exit"
sleep 1;
done
# Start Keystone again for final changes to take effect
echo "Running keystone service."
exec /usr/bin/keystone-all