return 0
}
+function wait_keystone_host(){
+ attempt=0
+ timeout=2
+ echo "Wait until Keystone hostname can be resolved "
+ while ! nslookup $KEYSTONE_HOST; do
+ #wait 120 sec
+ if [ $attempt -ge $max_attempts ]; then
+ echo
+ echo "Can not resolve ${KEYSTONE_HOST} during $max_attempts sec"
+ return 1
+ fi
+ attempt=$[$attempt+1]
+ echo -n "."
+ sleep 1
+ done
+ return 0
+}
+
function is_db_created() {
db_host=$1
db_port=$2
mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'"
mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'"
else
- if [ $(mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -sse "SELECT COUNT(*) FROM keystone;") -gt 0 ]; then
+ if [ $(mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -sse "SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'keystone';") -gt 0 ]; then
echo "DB keystone is empty"
DB_NOT_EMPTY="y"
fi
fi
# Setting Keystone database connection
-sed -i "721s%.*%connection = mysql+pymysql://keystone:$KEYSTONE_DB_PASSWORD@$DB_HOST:$DB_PORT/keystone%" /etc/keystone/keystone.conf
+sed -i '/^\[database\]$/,/^\[/ s/^connection = .*/connection = mysql+pymysql:\/\/keystone:'$KEYSTONE_DB_PASSWORD'@'$DB_HOST':'$DB_PORT'\/keystone/' /etc/keystone/keystone.conf
# Setting Keystone tokens
-sed -i "2934s%.*%provider = fernet%" /etc/keystone/keystone.conf
+sed -i '/^\[token\]$/,/^\[/ s/^.*provider = .*/provider = fernet/' /etc/keystone/keystone.conf
# Use LDAP authentication for Identity
group_allow_delete=false
query_scope = sub
EOF
- if [ $LDAP_BIND_USER ]; then
+ if [ "$LDAP_BIND_USER" ]; then
echo "user = $LDAP_BIND_USER" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_BIND_PASSWORD ]; then
+ if [ "$LDAP_BIND_PASSWORD" ]; then
echo "password = $LDAP_BIND_PASSWORD" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_TREE_DN ]; then
+ if [ "$LDAP_CHASE_REFERRALS" ]; then
+ echo "chase_referrals = $LDAP_CHASE_REFERRALS" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
+ fi
+ if [ "$LDAP_PAGE_SIZE" ]; then
+ echo "page_size = $LDAP_PAGE_SIZE" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
+ fi
+ if [ "$LDAP_USER_TREE_DN" ]; then
echo "user_tree_dn = $LDAP_USER_TREE_DN" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_OBJECTCLASS ]; then
+ if [ "$LDAP_USER_OBJECTCLASS" ]; then
echo "user_objectclass = $LDAP_USER_OBJECTCLASS" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_ID_ATTRIBUTE ]; then
+ if [ "$LDAP_USER_ID_ATTRIBUTE" ]; then
echo "user_id_attribute = $LDAP_USER_ID_ATTRIBUTE" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_NAME_ATTRIBUTE ]; then
+ if [ "$LDAP_USER_NAME_ATTRIBUTE" ]; then
echo "user_name_attribute = $LDAP_USER_NAME_ATTRIBUTE" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_PASS_ATTRIBUTE ]; then
+ if [ "$LDAP_USER_PASS_ATTRIBUTE" ]; then
echo "user_pass_attribute = $LDAP_USER_PASS_ATTRIBUTE" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_FILTER ]; then
+ if [ "$LDAP_USER_FILTER" ]; then
echo "user_filter = $LDAP_USER_FILTER" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_ENABLED_ATTRIBUTE ]; then
+ if [ "$LDAP_USER_ENABLED_ATTRIBUTE" ]; then
echo "user_enabled_attribute = $LDAP_USER_ENABLED_ATTRIBUTE" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_ENABLED_MASK ]; then
+ if [ "$LDAP_USER_ENABLED_MASK" ]; then
echo "user_enabled_mask = $LDAP_USER_ENABLED_MASK" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_ENABLED_DEFAULT ]; then
+ if [ "$LDAP_USER_ENABLED_DEFAULT" ]; then
echo "user_enabled_default = $LDAP_USER_ENABLED_DEFAULT" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USER_ENABLED_INVERT ]; then
+ if [ "$LDAP_USER_ENABLED_INVERT" ]; then
echo "user_enabled_invert = $LDAP_USER_ENABLED_INVERT" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
- if [ $LDAP_USE_STARTTLS ] && [ "$LDAP_USE_STARTTLS" == "true" ]; then
+ if [ "$LDAP_GROUP_OBJECTCLASS" ]; then
+ echo "group_objectclass = $LDAP_GROUP_OBJECTCLASS" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
+ fi
+ if [ "$LDAP_GROUP_TREE_DN" ]; then
+ echo "group_tree_dn = $LDAP_GROUP_TREE_DN" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
+ fi
+ if [ "$LDAP_TLS_CACERT_BASE64" ]; then
+ mkdir -p /etc/ssl/certs/
+ echo "-----BEGIN CERTIFICATE-----" >> /etc/ssl/certs/ca-certificates.crt
+ echo $LDAP_TLS_CACERT_BASE64 >> /etc/ssl/certs/ca-certificates.crt
+ echo "-----END CERTIFICATE-----" >> /etc/ssl/certs/ca-certificates.crt
+ fi
+ if [ "$LDAP_USE_STARTTLS" ] && [ "$LDAP_USE_STARTTLS" == "true" ]; then
echo "use_tls = true" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
mkdir -p /etc/keystone/ssl/certs/
echo "-----BEGIN CERTIFICATE-----" > /etc/keystone/ssl/certs/ca.pem
echo $LDAP_TLS_CACERT_BASE64 >> /etc/keystone/ssl/certs/ca.pem
echo "-----END CERTIFICATE-----" >> /etc/keystone/ssl/certs/ca.pem
echo "tls_cacertfile = /etc/keystone/ssl/certs/ca.pem" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
- if [ $LDAP_TLS_REQ_CERT ]; then
+ if [ "$LDAP_TLS_REQ_CERT" ]; then
echo "tls_req_cert = $LDAP_TLS_REQ_CERT" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
fi
fi
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
+wait_keystone_host
+
# Bootstrap Keystone service
if [ -z $DB_EXISTS ] || [ -z $DB_NOT_EMPTY ]; then
keystone-manage bootstrap \
--bootstrap-region-id "$REGION_ID"
fi
+echo "ServerName $KEYSTONE_HOST" >> /etc/apache2/apache2.conf
# Restart Apache Service
service apache2 restart
projects / osm / devops.git / blobdiff