vexxhost/openstack-operator
Code Issues Proposed changes
Files
faaa48fa8c7c3835becadb9d6aeca4e75efe949b
openstack-operator/devstack/lib/keystone
okozachenko 720e8dcf58 Use daemonset instead of hpa+deployment for keystone 
- remove hpa
- use daemonset
- ensure absent of older deployments
- remove resource limit

Change-Id: I581182af2a5a67dfe112c7b10abc65247b77276b
2020-07-09 00:13:54 +03:00

83 lines
2.8 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# install_keystone() - Collect source and prepare
function install_keystone {
echo "Both installation and startup are included in the deployment of keystone crd."
}
export -f install_keystone
# init_keystone() - Initialize databases, etc.
function init_keystone {
kubectl create secret generic keystone-config --from-file=/etc/keystone/keystone.conf -n openstack
# NOTE(mnaser): Permissions here are bad but it's temporary so we don't care as much.
sudo chmod -Rv 777 /etc/keystone
if [[ "$RECREATE_KEYSTONE_DB" == True ]]; then
# (Re)create keystone database
recreate_database keystone
fi
}
export -f init_keystone
# start_keystone() - Start running processes
function start_keystone {
# rollout keystone
kubernetes_rollout_restart daemonset/keystone
kubernetes_rollout_status daemonset/keystone
# Get right service port for testing
local service_port=$KEYSTONE_SERVICE_PORT
local auth_protocol=$KEYSTONE_AUTH_PROTOCOL
if is_service_enabled tls-proxy; then
service_port=$KEYSTONE_SERVICE_PORT_INT
auth_protocol="http"
fi
proxy_pass_to_kubernetes /identity_admin keystone keystone-wsgi-admin
proxy_pass_to_kubernetes /identity keystone keystone-wsgi-public
echo "Waiting for keystone to start..."
# Check that the keystone service is running. Even if the tls tunnel
# should be enabled, make sure the internal port is checked using
# unencryted traffic at this point.
# If running in Apache, use the path rather than port.
local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v$IDENTITY_API_VERSION/
if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then
die $LINENO "keystone did not start"
fi
# Start proxies if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy keystone-service '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT
start_tls_proxy keystone-auth '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT
fi
# (re)start memcached to make sure we have a clean memcache.
kubectl rollout restart statefulset/memcached-devstack -n default
sleep 10
}
export -f start_keystone
# bootstrap_keystone() - Initialize user, role and project
function bootstrap_keystone {
echo noop
}
export -f bootstrap_keystone
View Git Blame Copy Permalink