From 1f88030c8776df298a480ed701abd57da3fc7fc9 Mon Sep 17 00:00:00 2001
From: Egon Rijpkema <git@egonrijpkema.nl>
Date: Fri, 16 Jun 2017 16:33:45 +0200
Subject: [PATCH] Make keystone more generic

---
 roles/keystone/files/Dockerfile    | 19 ++-----------------
 roles/keystone/files/keystone.conf |  6 +++++-
 roles/keystone/tasks/main.yml      |  9 +++++----
 3 files changed, 12 insertions(+), 22 deletions(-)

diff --git a/roles/keystone/files/Dockerfile b/roles/keystone/files/Dockerfile
index c12de64..3f80906 100644
--- a/roles/keystone/files/Dockerfile
+++ b/roles/keystone/files/Dockerfile
@@ -5,23 +5,11 @@
 # $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
 
 # wellicht ubuntu 16.04 of anders 18.04
-FROM ubuntu:16.04
-
-RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+FROM ubuntu:zesty
 
 RUN apt-get update
 
-RUN set -x \
-    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
-    && apt-get -y update \
-    && apt-get -y install ubuntu-cloud-keyring \
-    && apt-get -y update \
-    && apt-get -y install \
-        mysql-client \
-        python-mysqldb \
-        python-openstackclient \
-        keystone \
-    && apt-get -y clean
+RUN apt-get install --yes keystone python-openstackclient
 
 # set admin token TODO: make this a secret
 # in volume of met env
@@ -31,9 +19,6 @@ RUN mkdir /etc/keystone/fernet-keys
 
 RUN chown keystone: /etc/keystone/fernet-keys
 
-# TODO: move this somewhere else
-ADD admin-openrc.sh /root/admin-openrc.sh
-
 #RUN keystone-manage db_sync
 CMD apachectl -DFOREGROUND
 
diff --git a/roles/keystone/files/keystone.conf b/roles/keystone/files/keystone.conf
index 81e8149..ae08a24 100644
--- a/roles/keystone/files/keystone.conf
+++ b/roles/keystone/files/keystone.conf
@@ -1,8 +1,12 @@
 [DEFAULT]
 
-[database]
+verbose = true
 
+[database]
 connection = mysql+pymysql://keystone:keystone@mariadb/keystone
 
 [token]
 provider = fernet
+
+[identity]
+default_domain_id = default
diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml
index 1724166..32e4294 100644
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@@ -35,7 +35,7 @@
 - name: make sure service is started
   systemd:
     name: keystone.service
-    state: started
+    state: restarted
 
 - name: Initialize db
   script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
@@ -52,7 +52,8 @@
       - credential_setup --keystone-user keystone --keystone-group keystone
       - >
           bootstrap --bootstrap-password geheim
-                    --bootstrap-admin-url http://localhost:35357/v3/
-                    --bootstrap-internal-url http://localhost:35357/v3/
-                    --bootstrap-public-url http://localhost:5000/v3/
+                    --bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
+                    --bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
+                    --bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
                     --bootstrap-region-id RegionOne
+