Adding a few more variables to Keystone Docker
It introduces the Keystone host variable which should help in
Kubernetes distributions. It also checks if the database was
created but it is empty.
Change-Id: I7c4bf7423023825f21accc1d34c4d858596b2fd9
Signed-off-by: Eduardo Sousa <esousa@whitestack.com>
diff --git a/docker/Keystone/Dockerfile b/docker/Keystone/Dockerfile
index 3d7683d..30144b4 100644
--- a/docker/Keystone/Dockerfile
+++ b/docker/Keystone/Dockerfile
@@ -26,9 +26,17 @@
ENV DB_PORT 3306
ENV ROOT_DB_USER root
ENV ROOT_DB_PASSWORD admin
-# keystone
ENV KEYSTONE_DB_PASSWORD admin
+# keystone
+ENV REGION_ID RegionOne
+ENV KEYSTONE_HOST keystone
+# admin user
+ENV ADMIN_USERNAME admin
ENV ADMIN_PASSWORD admin
-ENV NBI_PASSWORD nbi
+ENV ADMIN_PROJECT admin
+# nbi service user
+ENV SERVICE_USERNAME nbi
+ENV SERVICE_PASSWORD nbi
+ENV SERVICE_PROJECT service
ENTRYPOINT ./start.sh
diff --git a/docker/Keystone/scripts/start.sh b/docker/Keystone/scripts/start.sh
index 1e3709e..de7dfa6 100755
--- a/docker/Keystone/scripts/start.sh
+++ b/docker/Keystone/scripts/start.sh
@@ -1,6 +1,7 @@
#!/bin/bash
DB_EXISTS=""
+DB_NOT_EMPTY=""
max_attempts=120
function wait_db(){
@@ -46,6 +47,11 @@
mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "CREATE DATABASE keystone"
mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'"
mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'"
+else
+ if [ $(mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -sse "SELECT COUNT(*) FROM keystone;") -gt 0 ]; then
+ echo "DB keystone is empty"
+ DB_NOT_EMPTY="y"
+ fi
fi
# Setting Keystone database connection
@@ -55,7 +61,7 @@
sed -i "2934s%.*%provider = fernet%" /etc/keystone/keystone.conf
# Populate Keystone database
-if [ -z $DB_EXISTS ]; then
+if [ -z $DB_EXISTS ] || [ -z $DB_NOT_EMPTY ]; then
su -s /bin/sh -c "keystone-manage db_sync" keystone
fi
@@ -64,12 +70,15 @@
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# Bootstrap Keystone service
-if [ -z $DB_EXISTS ]; then
- keystone-manage bootstrap --bootstrap-password "$ADMIN_PASSWORD" \
- --bootstrap-admin-url http://keystone:5000/v3/ \
- --bootstrap-internal-url http://keystone:5000/v3/ \
- --bootstrap-public-url http://keystone:5000/v3/ \
- --bootstrap-region-id RegionOne
+if [ -z $DB_EXISTS ] || [ -z $DB_NOT_EMPTY ]; then
+ keystone-manage bootstrap \
+ --bootstrap-username "$ADMIN_USERNAME" \
+ --bootstrap-password "$ADMIN_PASSWORD" \
+ --bootstrap-project "$ADMIN_PROJECT" \
+ --bootstrap-admin-url "http://$KEYSTONE_HOST:5000/v3/" \
+ --bootstrap-internal-url "http://$KEYSTONE_HOST:5000/v3/" \
+ --bootstrap-public-url "http://$KEYSTONE_HOST:5000/v3/" \
+ --bootstrap-region-id "$REGION_ID"
fi
# Restart Apache Service
@@ -78,10 +87,10 @@
cat << EOF >> setup_env
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
-export OS_PROJECT_NAME=admin
-export OS_USERNAME=admin
+export OS_PROJECT_NAME=$ADMIN_PROJECT
+export OS_USERNAME=$ADMIN_USERNAME
export OS_PASSWORD=$ADMIN_PASSWORD
-export OS_AUTH_URL=http://keystone:5000/v3
+export OS_AUTH_URL=http://$KEYSTONE_HOST:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
@@ -89,10 +98,11 @@
source setup_env
# Create NBI User
-if [ -z $DB_EXISTS ]; then
- openstack user create --domain default --password "$NBI_PASSWORD" nbi
- openstack project create --domain default --description "Service Project" service
- openstack role add --project service --user nbi admin
+if [ -z $DB_EXISTS ] || [ -z $DB_NOT_EMPTY ]; then
+ openstack user create --domain default --password "$SERVICE_PASSWORD" "$SERVICE_USERNAME"
+ openstack project create --domain default --description "Service Project" "$SERVICE_PROJECT"
+ openstack role add --project "$SERVICE_PROJECT" --user "$SERVICE_USER" admin
+ openstack role delete _member_
fi
while ps -ef | grep -v grep | grep -q apache2