Made Roles use repo wide secrets file.

Made keystone use repo wide secrets file.

Made glance-controller use repo wide secrets file.

kill and then remove image

Made neutron-controller use repo wide secrets file.

Made nova-controller use repo wide secrets file

Made nova-compute use repo wide secrets file.

 Made rabbitmq use repo wide secrets file.

Allow creation of admin-openrc.sh in docker.

added provider_interfaces.

added persistent root folder.

make each dir explicitely

added missing env vars.

mapped kvm machine-id from host
This commit is contained in:
Egon Rijpkema
2017-08-14 16:40:06 +02:00
parent f06a943916
commit 7a6c9ac360
21 changed files with 138 additions and 121 deletions

View File

@ -1,31 +0,0 @@
# Build keystone. It needs to be run with
# --add-host=mariadb:<ip mariadb listens tp>
# Wen starting with an initialized db,
# run keystone-manage db_sync from this docker first:
# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
FROM ubuntu:16.04
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
RUN set -x \
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
&& apt-get -y update \
&& apt-get -y install \
&& apt-get -y install keystone python-openstackclient \
&& apt-get -y clean
# set admin token TODO: make this a secret
# in volume of met env
COPY keystone.conf /etc/keystone/keystone.conf
RUN mkdir /etc/keystone/fernet-keys
RUN chown keystone: /etc/keystone/fernet-keys
COPY admin-openrc.sh root/admin-openrc.sh
COPY bootstrap.sh /etc/bootstrap.sh
#RUN keystone-manage db_sync
CMD apachectl -DFOREGROUND

View File

@ -1,16 +0,0 @@
#!/bin/bash
source /root/admin-openrc.sh
openstack project create --domain default \
--description "Service Project" service
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password geheim demo
openstack role create user
openstack role add --project demo --user demo user

View File

@ -1,12 +0,0 @@
[DEFAULT]
verbose = true
[database]
connection = mysql+pymysql://keystone:keystone@mariadb/keystone
[token]
provider = fernet
[identity]
default_domain_id = default

View File

@ -1,6 +1,6 @@
#!/bin/bash
# Start a mariadb container to use its mysql client to initialize the keystone database.
docker run --rm -i mariadb:10.2 mysql -uroot -pgeheim --host "$1" << EOF
docker run --rm -i mariadb:10.2 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" --host "$DB_HOST" << EOF
CREATE DATABASE IF NOT EXISTS keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

View File

@ -1,10 +1,20 @@
# Build and install a docker image for keystone.
---
- name: include secrets
include_vars:
file: ../../secrets.yml
name: secrets
- name: Make persistent directories
file:
path: /srv/keystone/fernet-keys
path: "{{ item }}"
state: directory
mode: 0777
with_items:
- /srv
- /srv/keystone
- /srv/keystone/fernet-keys
- /srv/keystone/root
- set_fact:
docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest
@ -26,7 +36,10 @@
command: systemctl daemon-reload
- name: Initialize db
script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
script: scripts/initialize_db.sh
environment:
MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
DB_HOST: "{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
register: result
until: result|succeeded
# sometimes the initial connect fails.
@ -47,7 +60,7 @@
- fernet_setup --keystone-user keystone --keystone-group keystone
- credential_setup --keystone-user keystone --keystone-group keystone
- >
bootstrap --bootstrap-password geheim
bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
--bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
--bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
--bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
@ -63,5 +76,8 @@
/usr/bin/docker run --rm
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-v /srv/keystone/root:/root
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
-e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
{{ docker_image }} bash /etc/bootstrap.sh

View File

@ -1,5 +1,5 @@
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=geheim
export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }}
export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3
export OS_IDENTITY_API_VERSION=3

View File

@ -6,12 +6,14 @@ Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker rm -f %n
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
-p 5000:5000 -p 35357:35357 \
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
-v /srv/keystone/root:/root \
{{ docker_image }}
[Install]