Made Roles use repo wide secrets file.
Made keystone use repo wide secrets file. Made glance-controller use repo wide secrets file. kill and then remove image Made neutron-controller use repo wide secrets file. Made nova-controller use repo wide secrets file Made nova-compute use repo wide secrets file. Made rabbitmq use repo wide secrets file. Allow creation of admin-openrc.sh in docker. added provider_interfaces. added persistent root folder. make each dir explicitely added missing env vars. mapped kvm machine-id from host
This commit is contained in:
@ -1,31 +0,0 @@
|
||||
# Build keystone. It needs to be run with
|
||||
# --add-host=mariadb:<ip mariadb listens tp>
|
||||
# Wen starting with an initialized db,
|
||||
# run keystone-manage db_sync from this docker first:
|
||||
# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
|
||||
|
||||
FROM ubuntu:16.04
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
&& apt-get -y install keystone python-openstackclient \
|
||||
&& apt-get -y clean
|
||||
|
||||
# set admin token TODO: make this a secret
|
||||
# in volume of met env
|
||||
COPY keystone.conf /etc/keystone/keystone.conf
|
||||
|
||||
RUN mkdir /etc/keystone/fernet-keys
|
||||
|
||||
RUN chown keystone: /etc/keystone/fernet-keys
|
||||
|
||||
COPY admin-openrc.sh root/admin-openrc.sh
|
||||
|
||||
COPY bootstrap.sh /etc/bootstrap.sh
|
||||
|
||||
#RUN keystone-manage db_sync
|
||||
CMD apachectl -DFOREGROUND
|
@ -1,16 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
source /root/admin-openrc.sh
|
||||
|
||||
openstack project create --domain default \
|
||||
--description "Service Project" service
|
||||
|
||||
openstack project create --domain default \
|
||||
--description "Demo Project" demo
|
||||
|
||||
openstack user create --domain default \
|
||||
--password geheim demo
|
||||
|
||||
openstack role create user
|
||||
|
||||
openstack role add --project demo --user demo user
|
@ -1,12 +0,0 @@
|
||||
[DEFAULT]
|
||||
|
||||
verbose = true
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://keystone:keystone@mariadb/keystone
|
||||
|
||||
[token]
|
||||
provider = fernet
|
||||
|
||||
[identity]
|
||||
default_domain_id = default
|
@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
# Start a mariadb container to use its mysql client to initialize the keystone database.
|
||||
docker run --rm -i mariadb:10.2 mysql -uroot -pgeheim --host "$1" << EOF
|
||||
docker run --rm -i mariadb:10.2 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" --host "$DB_HOST" << EOF
|
||||
CREATE DATABASE IF NOT EXISTS keystone;
|
||||
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
|
||||
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
|
||||
|
@ -1,10 +1,20 @@
|
||||
# Build and install a docker image for keystone.
|
||||
---
|
||||
- name: include secrets
|
||||
include_vars:
|
||||
file: ../../secrets.yml
|
||||
name: secrets
|
||||
|
||||
- name: Make persistent directories
|
||||
file:
|
||||
path: /srv/keystone/fernet-keys
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0777
|
||||
with_items:
|
||||
- /srv
|
||||
- /srv/keystone
|
||||
- /srv/keystone/fernet-keys
|
||||
- /srv/keystone/root
|
||||
|
||||
- set_fact:
|
||||
docker_image: webhost12.service.rug.nl/hpc/openstack-keystone:latest
|
||||
@ -26,7 +36,10 @@
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: Initialize db
|
||||
script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
||||
script: scripts/initialize_db.sh
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
DB_HOST: "{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
register: result
|
||||
until: result|succeeded
|
||||
# sometimes the initial connect fails.
|
||||
@ -47,7 +60,7 @@
|
||||
- fernet_setup --keystone-user keystone --keystone-group keystone
|
||||
- credential_setup --keystone-user keystone --keystone-group keystone
|
||||
- >
|
||||
bootstrap --bootstrap-password geheim
|
||||
bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
|
||||
--bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
|
||||
--bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
|
||||
--bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
|
||||
@ -63,5 +76,8 @@
|
||||
/usr/bin/docker run --rm
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
|
||||
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
|
||||
-v /srv/keystone/root:/root
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
{{ docker_image }} bash /etc/bootstrap.sh
|
||||
|
@ -1,5 +1,5 @@
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=geheim
|
||||
export OS_PASSWORD={{ hostvars[groups['keystone'][0]]['OS_PASSWORD'] }}
|
||||
export OS_AUTH_URL=http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
@ -6,12 +6,14 @@ Requires=docker.service
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-p 5000:5000 -p 35357:35357 \
|
||||
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
|
||||
-v /srv/keystone/root:/root \
|
||||
{{ docker_image }}
|
||||
|
||||
[Install]
|
||||
|
Reference in New Issue
Block a user