WORKDIR /app
-COPY scripts/start.sh /app/start.sh
-
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y && \
net-tools=1.60* \
mysql-client=8.0.* \
dnsutils=1:9.18.* && \
- rm -rf /var/lib/apt/lists/* && \
- chmod +x start.sh
+ rm -rf /var/lib/apt/lists/*
RUN pip3 install python-ldap==3.2.0 ldappool==3.0.0 python-openstackclient==6.2.0
mkdir -p /etc/sudoers.d && \
echo "%appuser ALL= NOPASSWD: /sbin/service apache2 *" > /etc/sudoers.d/appuser
-USER appuser
+COPY scripts/start.sh /app/start.sh
+
+RUN chmod +x start.sh
+
+USER root
# database
ENV DB_HOST keystone-db
# contact: esousa@whitestack.com or glavado@whitestack.com
##
+set -e
+
DB_EXISTS=""
USER_DB_EXISTS=""
DB_NOT_EMPTY=""
# Setting Keystone tokens
sed -i '/^\[token\]$/,/^\[/ s/^.*provider = .*/provider = fernet/' /etc/keystone/keystone.conf
+# Setting Keystone for the stderr
+sed -i '/\[DEFAULT\]/a use_stderr = true' /etc/keystone/keystone.conf
# Use LDAP authentication for Identity
if [ $LDAP_AUTHENTICATION_DOMAIN_NAME ]; then
# Bootstrap Keystone service
if [ -z $DB_EXISTS ] || [ -z $DB_NOT_EMPTY ]; then
+ echo "Bootstraping keystone"
keystone-manage bootstrap \
--bootstrap-username "$ADMIN_USERNAME" \
--bootstrap-password "$ADMIN_PASSWORD" \
source setup_env
+# Function to retry a command up to 5 times
+retry() {
+ local n=1
+ local max=5
+ local delay=5
+ while true; do
+ "$@" && break || {
+ if [[ $n -lt $max ]]; then
+ ((n++))
+ echo "Command failed. Attempt $n/$max:"
+ sleep $delay;
+ else
+ echo "The command has failed after $n attempts."
+ return 1
+ fi
+ }
+ done
+}
+
# Create NBI User
-if [ -z $DB_EXISTS ] || [ -z $DB_NOT_EMPTY ]; then
- openstack user create --domain default --password "$SERVICE_PASSWORD" "$SERVICE_USERNAME"
- openstack project create --domain default --description "Service Project" "$SERVICE_PROJECT"
- openstack role add --project "$SERVICE_PROJECT" --user "$SERVICE_USERNAME" admin
+if ! openstack user show nbi --domain default; then
+ echo "NBI user does not exist. Creating nbi user"
+ retry openstack user create --domain default --password "$SERVICE_PASSWORD" "$SERVICE_USERNAME" || exit 1
+ retry openstack project create --domain default --description "Service Project" "$SERVICE_PROJECT" || exit 1
+ retry openstack role add --project "$SERVICE_PROJECT" --user "$SERVICE_USERNAME" admin || exit 1
fi
+echo "Done creating the NBI user"
if [ $LDAP_AUTHENTICATION_DOMAIN_NAME ]; then
if !(openstack domain list | grep -q $LDAP_AUTHENTICATION_DOMAIN_NAME); then
while ps -ef | grep -v grep | grep -q apache2
do
- sleep 60
+ tail -f /var/log/keystone/keystone-manage.log
done
# Only reaches this point if apache2 stops running
-{{- if .Values.keystone.enabled -}}
+{{- if .Values.keystone.enabled }}
#######################################################################################
# Copyright ETSI Contributors and Others.
#
labels:
{{- include "osm.labels" . | nindent 4 }}
data:
+{{- if .Values.mysql.enabled }}
DB_HOST: "{{ .Values.global.db.mysql.mysqlService }}"
+{{- else }}
+ DB_HOST: ""
+{{- end }}
{{- end }}
\ No newline at end of file
-{{- if .Values.keystone.enabled -}}
+{{- if and .Values.keystone.enabled .Values.mysql.enabled -}}
#######################################################################################
# Copyright ETSI Contributors and Others.
#
- name: keystone
securityContext:
# readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- runAsNonRoot: true
- {{- toYaml .Values.global.securityContext | nindent 12 }}
+ allowPrivilegeEscalation: true
+ # runAsNonRoot: false
image: {{ include "osm.keystone.image" . }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
projects / osm / devops.git / commitdiff