Adding application definition for keystone

Change-Id: I78501d26ee633fba32f5d9919bfb49faedd8d8f9
2016-06-08 17:47:21 +03:00 · 2016-06-08 17:47:21 +03:00 · 26e2873f58
parent 73cae2c9e1
commit 26e2873f58
11 changed files with 104 additions and 128 deletions
--- a/docker/keystone/Dockerfile.j2
+++ b/docker/keystone/Dockerfile.j2
@ -27,12 +27,5 @@ RUN mv keystone*/ keystone-{{ branch }}/ \
 RUN chown -R keystone: /var/www/cgi-bin/keystone \
    && chmod 755 /var/www/cgi-bin/keystone/*

-
-COPY keystone.conf /etc/keystone/keystone.conf
-
-COPY wsgi-keystone.conf /etc/apache2/conf-enabled/wsgi-keystone.conf
-
-COPY bootstrap.sh /usr/local/bin/bootstrap.sh
-RUN chmod 755 /usr/local/bin/bootstrap.sh
-
-CMD ["bootstrap.sh"]
+COPY daemon.sh /usr/local/bin/daemon.sh
+RUN chmod 755 /usr/local/bin/daemon.sh
--- a/docker/keystone/bootstrap.sh
+++ b/docker/keystone/bootstrap.sh
@ -1,56 +0,0 @@
-#!/bin/bash
-
-source /etc/apache2/envvars
-
-sed -i "s/keystone_user/${KEYSTONE_USER}/g" /etc/keystone/keystone.conf
-sed -i "s/keystone_pass/${KEYSTONE_PASS}/g" /etc/keystone/keystone.conf
-sed -i "s/keystone_addr/${DB_HOST}/g" /etc/keystone/keystone.conf
-sed -i "s/keystone_db/${KEYSTONE_DB}/g" /etc/keystone/keystone.conf
-
-nc -z -v -w5 ${DB_HOST} 3306
-if [ $? -ne 0 ]
-then
-    exit 1
-fi
-
-controller=`hostname -i`
-
-# bootstrap db
-echo "Creating database for keystone"
-mysql -u root -p${ROOT_DB_PASS} -h ${DB_HOST} -e "create database ${KEYSTONE_DB}"
-mysql -u root -p${ROOT_DB_PASS} -h ${DB_HOST} -e "grant all privileges on ${KEYSTONE_DB}.* to '${KEYSTONE_USER}'@'%' identified by '${KEYSTONE_PASS}';"
-
-echo "Keystone db_sync"
-keystone-manage db_sync
-
-echo "Keystone bootstrap"
-keystone-manage bootstrap --bootstrap-password ${KEYSTONE_PASS}
-
-/usr/sbin/apachectl start
-
-export OS_URL=http://127.0.0.1:35357/v3
-export OS_TOKEN=adm_tok
-export OS_IDENTITY_API_VERSION=3
-
-id=`openstack service list | awk '/ identity / {print $2}' | wc -l`
-
-if [ "$id" -eq "0" ]
-then
-    echo 'Keystone users\endoint creation'
-    openstack service create --name keystone --description "OpenStack Identity" identity
-
-    openstack endpoint create --region RegionOne \
-	  identity public http://$controller:5000/v3
-
-    openstack endpoint create --region RegionOne \
-	  identity internal http://$controller:5000/v3
-
-    openstack endpoint create --region RegionOne \
-	  identity admin http://$controller:35357/v3
-fi
-/usr/sbin/apachectl stop
-
-sleep 5
-
-echo "Keystone apache process start"
-/usr/sbin/apache2ctl -D FOREGROUND
--- a/docker/keystone/daemon.sh
+++ b/docker/keystone/daemon.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+source /etc/apache2/envvars
+/usr/sbin/apache2ctl -D FOREGROUND
--- a/docker/keystone/keystone.conf
+++ b/docker/keystone/keystone.conf
@ -1,10 +0,0 @@
-[DEFAULT]
-debug = False
-use_syslog = False
-#syslog_log_facility=LOG_LOCAL0
-use_stderr = True
-
-admin_token = adm_tok
-
-[database]
-connection = mysql+pymysql://keystone_user:keystone_pass@keystone_addr/keystone_db
--- a/service/files/create-project.sh.j2
+++ b/service/files/create-project.sh.j2
@ -0,0 +1,11 @@
+#!/bin/bash
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_USERNAME={{ openstack_user_name }}
+export OS_PASSWORD={{ openstack_user_password }}
+export OS_AUTH_URL=http://keystone:{{ keystone_public_port }}/v3
+export OS_IDENTITY_API_VERSION=3
+
+openstack project create service
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@ -0,0 +1,12 @@
+configs:
+    keystone_public_port: 5000
+    keystone_admin_port: 35357
+
+    keystone_db_password: password
+    keystone_db_name: keystone
+    keystone_db_username: keystone
+
+    openstack_user_name: admin
+    openstack_user_password: password
+    openstack_project_name: admin
+    openstack_role_name: admin
--- a/service/files/keystone.conf.j2
+++ b/service/files/keystone.conf.j2
@ -0,0 +1,8 @@
+[DEFAULT]
+debug = False
+use_syslog = False
+#syslog_log_facility=LOG_LOCAL0
+use_stderr = True
+
+[database]
+connection = mysql+pymysql://{{ keystone_db_username }}:{{ keystone_db_password }}@mariadb/{{ keystone_db_name }}
--- a/service/files/wsgi-keystone.conf.j2
+++ b/service/files/wsgi-keystone.conf.j2
@ -1,7 +1,7 @@
-Listen 5000
-Listen 35357
+Listen {{ keystone_public_port }}
+Listen {{ keystone_admin_port }}

-<VirtualHost *:5000>
+<VirtualHost *:{{ keystone_public_port }}>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} python-path=/var/lib/microservices/venv/lib/python2.7/site-packages
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /var/www/cgi-bin/keystone/main
@ -17,7 +17,7 @@ Listen 35357
    CustomLog "/var/log/apache2/keystone-access.log" combined
 </VirtualHost>

-<VirtualHost *:35357>
+<VirtualHost *:{{ keystone_admin_port }}>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} python-path=/var/lib/microservices/venv/lib/python2.7/site-packages
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
@ -29,4 +29,4 @@ Listen 35357
    # Check the comment above.
    ErrorLog /proc/1/fd/2
    CustomLog "/var/log/apache2/keystone-access.log" combined
-</VirtualHost>
+</VirtualHost>
--- a/service/keystone.yaml
+++ b/service/keystone.yaml
@ -0,0 +1,62 @@
+service:
+    name: keystone
+    ports:
+        - keystone_public_port
+        - keystone_admin_port
+    probes:
+        readiness: "true"
+        liveness: "true"
+    pre:
+        - name: keystone-db-create
+          dependencies:
+              - mariadb
+          type: single
+          command:
+              mysql -u root -p{{ db_root_password }} -h mariadb -e "create database {{ keystone_db_name }};
+              grant all privileges on {{ keystone_db_name }}.* to '{{ keystone_db_username }}'@'%' identified by '{{ keystone_db_password }}'"
+
+        - name: keystone-db-sync
+          files:
+              - keystone-conf
+          dependencies:
+              - keystone-db-create
+          type: single
+          command: keystone-manage db_sync
+
+        - name: keystone-db-bootstrap
+          files:
+              - keystone-conf
+          dependencies:
+              - keystone-db-sync
+          type: single
+          command: keystone-manage bootstrap
+                   --bootstrap-password {{ openstack_user_password }}
+                   --bootstrap-username {{ openstack_user_name }}
+                   --bootstrap-project-name {{ openstack_project_name }}
+                   --bootstrap-role-name {{ openstack_role_name }}
+                   --bootstrap-service-name keystone --bootstrap-region-id RegionOne
+                   --bootstrap-admin-url http://keystone:{{ keystone_admin_port }}
+                   --bootstrap-public-url http://keystone:{{ keystone_public_port }}
+                   --bootstrap-internal-url http://keystone:{{ keystone_public_port }}
+    daemon:
+        files:
+            - keystone-conf
+            - wsgi-keystone-conf
+        command: daemon.sh
+    post:
+        - name: keystone-create-project
+          files:
+              - create-project.sh
+          type: single
+          command: /tmp/create-project.sh
+files:
+    keystone-conf:
+        path: /etc/keystone/keystone.conf
+        content: keystone.conf.j2
+    wsgi-keystone-conf:
+        path: /etc/apache2/conf-enabled/wsgi-keystone.conf
+        content: wsgi-keystone.conf.j2
+    create-project.sh:
+        path: /tmp/create-project.sh
+        content: create-project.sh.j2
+        perm: "0755"
--- a/service/keystone.yaml.j2
+++ b/service/keystone.yaml.j2
@ -1,27 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: keystone
-  labels:
-    app: keystone
-spec:
-  containers:
-    - name: keystone
-      image: {{ namespace }}/keystone:{{ tag }}
-      env:
-        - name: DB_HOST
-          value: openstack-mysql.default.svc.cluster.local
-        - name: ROOT_DB_PASS
-          value: password
-        - name: KEYSTONE_USER
-          value: keystone
-        - name: KEYSTONE_PASS
-          value: password
-        - name: KEYSTONE_DB
-          value: keystone
-      imagePullPolicy: Always
-      ports:
-        - containerPort: 5000
-          hostPort: 5000
-        - containerPort: 35357
-          hostPort: 35357
--- a/service/service-keystone.yaml.j2
+++ b/service/service-keystone.yaml.j2
@ -1,21 +0,0 @@
-kind: "Service"
-apiVersion: "v1"
-metadata:
-  name: "keystone-service"
-spec:
-  selector:
-    app: "keystone"
-  ports:
-    -
-      name: "admin"
-      protocol: "TCP"
-      port: 5000
-      targetPort: 5000
-      nodePort: 30500
-    -
-      name: "public"
-      protocol: "TCP"
-      port: 35357
-      targetPort: 35357
-      nodePort: 30357
-  type: "NodePort"