diff --git a/roles/keystone/files/Dockerfile b/roles/keystone/files/Dockerfile index 9965a8c..d30f204 100644 --- a/roles/keystone/files/Dockerfile +++ b/roles/keystone/files/Dockerfile @@ -10,14 +10,13 @@ RUN apt-get update RUN apt-get install --yes keystone -# configure keystone to connect to mariadb host. -RUN sed -i "s|database]|database]\nconnection = mysql://keystone:keystone@mariadb/keystone|g" /etc/keystone/keystone.conf - # set admin token TODO: make this a secret -RUN sed -i 's/#admin_token = ADMIN/admin_token = SuperSecreteKeystoneToken/g' /etc/keystone/keystone.conf +ADD keystone.conf /etc/keystone/keystone.conf RUN mkdir /etc/keystone/fernet-keys +RUN chown keystone: /etc/keystone/fernet-keys + #RUN keystone-manage db_sync CMD apachectl -DFOREGROUND diff --git a/roles/keystone/files/keystone.service b/roles/keystone/files/keystone.service index ca76e79..14ff0f0 100644 --- a/roles/keystone/files/keystone.service +++ b/roles/keystone/files/keystone.service @@ -8,7 +8,9 @@ TimeoutStartSec=0 Restart=always ExecStartPre=-/usr/bin/docker stop %n ExecStartPre=-/usr/bin/docker rm %n -ExecStart=/usr/bin/docker run --name %n --add-host="mariadb:172.29.236.13" -p 5001:5000 -p 35357:35357 hpc/keystone +ExecStart=/usr/bin/docker run --name %n --add-host="mariadb:172.23.38.125" \ + -p 5001:5000 -p 35357:35357 hpc/keystone \ + -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys [Install] WantedBy=multi-user.target diff --git a/roles/keystone/scripts/initialize_db.sh b/roles/keystone/scripts/initialize_db.sh new file mode 100644 index 0000000..520856e --- /dev/null +++ b/roles/keystone/scripts/initialize_db.sh @@ -0,0 +1,6 @@ +#!/bin/bash +mysql -uroot -pgeheim --host 127.0.0.1 << EOF +CREATE DATABASE IF NOT EXISTS keystone; +GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; +GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; +EOF diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml index c8a3a41..e6c49ea 100644 --- a/roles/keystone/tasks/main.yml +++ b/roles/keystone/tasks/main.yml @@ -2,15 +2,18 @@ --- - include: ../common/tasks/docker.yml -- name: Make docker build dir +- name: Make build and persistent directories file: - path: /srv/keystone + path: "{{ item }}" state: directory - mode: 0755 + mode: 0777 + with_items: + - /srv/keystone + - /srv/keystone/fernet-keys - name: install Dockerfile copy: - src: files/Dockerfile + src: files/ dest: /srv/keystone - name: build keystone image @@ -33,3 +36,22 @@ systemd: name: keystone.service state: started + +- name: Initialize db + script: scripts/initialize_db.sh + +- name: keystone manage commands to setup db + command: > + /usr/bin/docker run --rm --add-host="mariadb:172.23.38.125" + -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys + hpc/keystone keystone-manage {{ item }} + with_items: + - db_sync + - fernet_setup --keystone-user keystone --keystone-group keystone + - credential_setup --keystone-user keystone --keystone-group keystone + - > + bootstrap --bootstrap-password geheim + --bootstrap-admin-url http://localhost:35357/v3/ + --bootstrap-internal-url http://localhost:35357/v3/ + --bootstrap-public-url http://localhost:5000/v3/ + --bootstrap-region-id RegionOne diff --git a/roles/mariadb/scripts/initialize_db.sh b/roles/mariadb/scripts/initialize_db.sh deleted file mode 100644 index 2553e75..0000000 --- a/roles/mariadb/scripts/initialize_db.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -mysql -uroot -pgeheim --host 127.0.0.1 << EOF -CREATE DATABASE IF NOT EXISTS KEYSTONE; -GRANT ALL PRIVILEGES ON KEYSTONE.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; -GRANT ALL PRIVILEGES ON KEYSTONE.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; -EOF diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index 578a3d3..f3f448a 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -14,5 +14,3 @@ systemd: name: mysql.service state: started -- name: Initialize db - script: scripts/initialize_db.sh