From: Eduardo Sousa Date: Mon, 8 Apr 2019 16:17:54 +0000 (+0100) Subject: Adding a few more variables to Keystone Docker X-Git-Tag: v6.0.0~26 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F91%2F7391%2F4;p=osm%2Fdevops.git Adding a few more variables to Keystone Docker It introduces the Keystone host variable which should help in Kubernetes distributions. It also checks if the database was created but it is empty. Change-Id: I7c4bf7423023825f21accc1d34c4d858596b2fd9 Signed-off-by: Eduardo Sousa --- diff --git a/docker/Keystone/Dockerfile b/docker/Keystone/Dockerfile index 3d7683d6..30144b4d 100644 --- a/docker/Keystone/Dockerfile +++ b/docker/Keystone/Dockerfile @@ -26,9 +26,17 @@ ENV DB_HOST keystone-db ENV DB_PORT 3306 ENV ROOT_DB_USER root ENV ROOT_DB_PASSWORD admin -# keystone ENV KEYSTONE_DB_PASSWORD admin +# keystone +ENV REGION_ID RegionOne +ENV KEYSTONE_HOST keystone +# admin user +ENV ADMIN_USERNAME admin ENV ADMIN_PASSWORD admin -ENV NBI_PASSWORD nbi +ENV ADMIN_PROJECT admin +# nbi service user +ENV SERVICE_USERNAME nbi +ENV SERVICE_PASSWORD nbi +ENV SERVICE_PROJECT service ENTRYPOINT ./start.sh diff --git a/docker/Keystone/scripts/start.sh b/docker/Keystone/scripts/start.sh index 1e3709e4..de7dfa66 100755 --- a/docker/Keystone/scripts/start.sh +++ b/docker/Keystone/scripts/start.sh @@ -1,6 +1,7 @@ #!/bin/bash DB_EXISTS="" +DB_NOT_EMPTY="" max_attempts=120 function wait_db(){ @@ -46,6 +47,11 @@ if [ -z $DB_EXISTS ]; then mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "CREATE DATABASE keystone" mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'" mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'" +else + if [ $(mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -sse "SELECT COUNT(*) FROM keystone;") -gt 0 ]; then + echo "DB keystone is empty" + DB_NOT_EMPTY="y" + fi fi # Setting Keystone database connection @@ -55,7 +61,7 @@ sed -i "721s%.*%connection = mysql+pymysql://keystone:$KEYSTONE_DB_PASSWORD@$DB_ sed -i "2934s%.*%provider = fernet%" /etc/keystone/keystone.conf # Populate Keystone database -if [ -z $DB_EXISTS ]; then +if [ -z $DB_EXISTS ] || [ -z $DB_NOT_EMPTY ]; then su -s /bin/sh -c "keystone-manage db_sync" keystone fi @@ -64,12 +70,15 @@ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone # Bootstrap Keystone service -if [ -z $DB_EXISTS ]; then - keystone-manage bootstrap --bootstrap-password "$ADMIN_PASSWORD" \ - --bootstrap-admin-url http://keystone:5000/v3/ \ - --bootstrap-internal-url http://keystone:5000/v3/ \ - --bootstrap-public-url http://keystone:5000/v3/ \ - --bootstrap-region-id RegionOne +if [ -z $DB_EXISTS ] || [ -z $DB_NOT_EMPTY ]; then + keystone-manage bootstrap \ + --bootstrap-username "$ADMIN_USERNAME" \ + --bootstrap-password "$ADMIN_PASSWORD" \ + --bootstrap-project "$ADMIN_PROJECT" \ + --bootstrap-admin-url "http://$KEYSTONE_HOST:5000/v3/" \ + --bootstrap-internal-url "http://$KEYSTONE_HOST:5000/v3/" \ + --bootstrap-public-url "http://$KEYSTONE_HOST:5000/v3/" \ + --bootstrap-region-id "$REGION_ID" fi # Restart Apache Service @@ -78,10 +87,10 @@ service apache2 restart cat << EOF >> setup_env export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default -export OS_PROJECT_NAME=admin -export OS_USERNAME=admin +export OS_PROJECT_NAME=$ADMIN_PROJECT +export OS_USERNAME=$ADMIN_USERNAME export OS_PASSWORD=$ADMIN_PASSWORD -export OS_AUTH_URL=http://keystone:5000/v3 +export OS_AUTH_URL=http://$KEYSTONE_HOST:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF @@ -89,10 +98,11 @@ EOF source setup_env # Create NBI User -if [ -z $DB_EXISTS ]; then - openstack user create --domain default --password "$NBI_PASSWORD" nbi - openstack project create --domain default --description "Service Project" service - openstack role add --project service --user nbi admin +if [ -z $DB_EXISTS ] || [ -z $DB_NOT_EMPTY ]; then + openstack user create --domain default --password "$SERVICE_PASSWORD" "$SERVICE_USERNAME" + openstack project create --domain default --description "Service Project" "$SERVICE_PROJECT" + openstack role add --project "$SERVICE_PROJECT" --user "$SERVICE_USER" admin + openstack role delete _member_ fi while ps -ef | grep -v grep | grep -q apache2 diff --git a/installers/docker/__keystone__.env b/installers/docker/__keystone__.env index 0b937e4e..da65f1f9 100644 --- a/installers/docker/__keystone__.env +++ b/installers/docker/__keystone__.env @@ -1,4 +1,4 @@ ROOT_DB_PASSWORD=__MYSQL_ROOT_PASSWORD__ KEYSTONE_DB_PASSWORD=__KEYSTONE_DB_PASSWORD__ #ADMIN_PASSWORD=__ADMIN_PASSWORD__ -NBI_PASSWORD=__NBI_PASSWORD__ +SERVICE_PASSWORD=__SERVICE_PASSWORD__ diff --git a/installers/full_install_osm.sh b/installers/full_install_osm.sh index 6381c7e7..dba0fbf1 100755 --- a/installers/full_install_osm.sh +++ b/installers/full_install_osm.sh @@ -782,19 +782,19 @@ function generate_docker_env_files() { # Keystone KEYSTONE_DB_PASSWORD=$(generate_secret) - NBI_PASSWORD=$(generate_secret) + SERVICE_PASSWORD=$(generate_secret) if [ ! -f $OSM_DOCKER_WORK_DIR/keystone-db.env ]; then echo "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/keystone-db.env fi if [ ! -f $OSM_DOCKER_WORK_DIR/keystone.env ]; then echo "ROOT_DB_PASSWORD=${MYSQL_ROOT_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/keystone.env echo "KEYSTONE_DB_PASSWORD=${KEYSTONE_DB_PASSWORD}" |$WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/keystone.env - echo "NBI_PASSWORD=${NBI_PASSWORD}" |$WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/keystone.env + echo "SERVICE_PASSWORD=${SERVICE_PASSWORD}" |$WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/keystone.env fi # NBI if [ ! -f $OSM_DOCKER_WORK_DIR/nbi.env ]; then - echo "OSMNBI_AUTHENTICATION_SERVICE_PASSWORD=${NBI_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/nbi.env + echo "OSMNBI_AUTHENTICATION_SERVICE_PASSWORD=${SERVICE_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/nbi.env echo "OSMNBI_DATABASE_COMMONKEY=${OSM_DATABASE_COMMONKEY}" | $WORKDIR_SUDO tee -a $OSM_DOCKER_WORK_DIR/nbi.env fi