Make keystone more generic

2017-06-16 16:33:45 +02:00 · 2017-06-16 16:33:45 +02:00 · 1f88030c87
commit 1f88030c87
parent cb6b389bc6
3 changed files with 12 additions and 22 deletions
--- a/roles/keystone/files/Dockerfile
+++ b/roles/keystone/files/Dockerfile
@ -5,23 +5,11 @@
 # $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"

 # wellicht ubuntu 16.04 of anders 18.04
-FROM ubuntu:16.04
-
-RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+FROM ubuntu:zesty

 RUN apt-get update

-RUN set -x \
-    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
-    && apt-get -y update \
-    && apt-get -y install ubuntu-cloud-keyring \
-    && apt-get -y update \
-    && apt-get -y install \
-        mysql-client \
-        python-mysqldb \
-        python-openstackclient \
-        keystone \
-    && apt-get -y clean
+RUN apt-get install --yes keystone python-openstackclient

 # set admin token TODO: make this a secret
 # in volume of met env
@ -31,9 +19,6 @@ RUN mkdir /etc/keystone/fernet-keys

 RUN chown keystone: /etc/keystone/fernet-keys

-# TODO: move this somewhere else
-ADD admin-openrc.sh /root/admin-openrc.sh
-
 #RUN keystone-manage db_sync
 CMD apachectl -DFOREGROUND

--- a/roles/keystone/files/keystone.conf
+++ b/roles/keystone/files/keystone.conf
@ -1,8 +1,12 @@
 [DEFAULT]

-[database]
+verbose = true

+[database]
 connection = mysql+pymysql://keystone:keystone@mariadb/keystone

 [token]
 provider = fernet
+
+[identity]
+default_domain_id = default
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@ -35,7 +35,7 @@
 - name: make sure service is started
  systemd:
    name: keystone.service
-    state: started
+    state: restarted

 - name: Initialize db
  script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
@ -52,7 +52,8 @@
      - credential_setup --keystone-user keystone --keystone-group keystone
      - >
          bootstrap --bootstrap-password geheim
-                    --bootstrap-admin-url http://localhost:35357/v3/
-                    --bootstrap-internal-url http://localhost:35357/v3/
-                    --bootstrap-public-url http://localhost:5000/v3/
+                    --bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
+                    --bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
+                    --bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
                    --bootstrap-region-id RegionOne
+