From 09a1e974bb70fb9b02a9a0fb41f421fdf7457cbd Mon Sep 17 00:00:00 2001 From: Eduardo Sousa Date: Fri, 21 Sep 2018 11:06:32 +0100 Subject: [PATCH] Adding Keystone to MDG Dockerfiles Included environment files. Admin password selection and storage needs to be discussed. Change-Id: Ibcaa818bcc3ae6fd013507b0b114b15b70e60150 Signed-off-by: Eduardo Sousa --- docker/Keystone/Dockerfile | 45 +++++++++++++ docker/Keystone/Makefile | 3 + docker/Keystone/scripts/start.sh | 91 +++++++++++++++++++++++++++ docker/Makefile | 2 +- installers/docker/__keystone-db__.env | 1 + installers/docker/__keystone__.env | 4 ++ installers/docker/docker-compose.yaml | 21 +++++++ installers/full_install_osm.sh | 19 ++++++ 8 files changed, 185 insertions(+), 1 deletion(-) create mode 100644 docker/Keystone/Dockerfile create mode 100644 docker/Keystone/Makefile create mode 100755 docker/Keystone/scripts/start.sh create mode 100644 installers/docker/__keystone-db__.env create mode 100644 installers/docker/__keystone__.env diff --git a/docker/Keystone/Dockerfile b/docker/Keystone/Dockerfile new file mode 100644 index 00000000..571e8873 --- /dev/null +++ b/docker/Keystone/Dockerfile @@ -0,0 +1,45 @@ +FROM ubuntu:16.04 + +LABEL Maintainer="esousa@whitestack.com" \ + Description="Openstack Keystone Instance" \ + Version="1.0" \ + Author="Eduardo Sousa" + +EXPOSE 5000 + +WORKDIR /keystone + +COPY scripts/start.sh /keystone/start.sh + +RUN apt-get update && \ + apt-get upgrade -y && \ + apt-get autoremove -y && \ + apt-get install -y software-properties-common && \ + add-apt-repository -y cloud-archive:queens && \ + apt-get update && apt dist-upgrade -y && \ + apt-get install -y python-openstackclient keystone apache2 libapache2-mod-wsgi net-tools mysql-client && \ + rm -rf /var/lib/apt/lists/* && \ + chmod +x start.sh + +# DB Hostname +ENV DB_HOST keystone-db + +# DB Port +ENV DB_PORT 3306 + +# DB Root User +ENV ROOT_DB_USER root + +# DB Root Password +ENV ROOT_DB_PASSWORD admin + +# Keystone user password +ENV KEYSTONE_DB_PASSWORD admin + +# Admin password +ENV ADMIN_PASSWORD admin + +# NBI password +ENV NBI_PASSWORD nbi + +ENTRYPOINT ./install.sh \ No newline at end of file diff --git a/docker/Keystone/Makefile b/docker/Keystone/Makefile new file mode 100644 index 00000000..d64462ab --- /dev/null +++ b/docker/Keystone/Makefile @@ -0,0 +1,3 @@ +include ../mk/Makefile.include + +MDG=$(shell basename $(CURDIR)) diff --git a/docker/Keystone/scripts/start.sh b/docker/Keystone/scripts/start.sh new file mode 100755 index 00000000..15303873 --- /dev/null +++ b/docker/Keystone/scripts/start.sh @@ -0,0 +1,91 @@ +#!/bin/bash + +max_attempts=120 +function wait_db(){ + db_host=$1 + db_port=$2 + attempt=0 + echo "Wait until $max_attempts seconds for MySQL mano Server ${db_host}:${db_port} " + while ! mysqladmin ping -h"$db_host" -P"$db_port" --silent; do + #wait 120 sec + if [ $attempt -ge $max_attempts ]; then + echo + echo "Can not connect to database ${db_host}:${db_port} during $max_attempts sec" + return 1 + fi + attempt=$[$attempt+1] + echo -n "." + sleep 1 + done + return 0 +} + +function is_db_created() { + db_host=$1 + db_port=$2 + db_user=$3 + db_pswd=$4 + db_name=$5 + + RESULT=`mysqlshow -h"$db_host" -P"$db_port" -u"$db_user" -p"$db_pswd" | grep -v Wildcard | grep -o $db_name` + if [ "$RESULT" == "$db_name" ]; then + echo "DB $db_name exists" + return 0 + else + echo "DB $db_name does not exist" + return 1 + fi +} + +KEYSTONE_IP=`ifconfig eth0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*'` + +wait_db "$DB_HOST" "$DB_PORT" || exit 1 + +is_db_created "$DB_HOST" "$DB_PORT" "$ROOT_DB_USER" "$ROOT_DB_PASSWORD" "keystone" && DB_EXISTS="Y" + +if [ -z $DB_EXISTS ]; then + mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "CREATE DATABASE keystone" + mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'" + mysql -h"$DB_HOST" -P"$DB_PORT" -u"$ROOT_DB_USER" -p"$ROOT_DB_PASSWORD" --default_character_set utf8 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'" +fi + +# Setting Keystone database connection +sed -i "721s%.*%connection = mysql+pymysql://keystone:$KEYSTONE_DB_PASSWORD@$DB_HOST:$DB_PORT/keystone%" /etc/keystone/keystone.conf + +# Setting Keystone tokens +sed -i "2934s%.*%provider = fernet%" /etc/keystone/keystone.conf + +# Populate Keystone database +if [ -z $DB_EXISTS ]; then + su -s /bin/sh -c "keystone-manage db_sync" keystone +fi + +# Initialize Fernet key repositories +keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone +keystone-manage credential_setup --keystone-user keystone --keystone-group keystone + +# Bootstrap Keystone service +if [ -z $DB_EXISTS ]; then + keystone-manage bootstrap --bootstrap-password "$ADMIN_PASSWORD" \ + --bootstrap-admin-url http://"$KEYSTONE_IP":5000/v3/ \ + --bootstrap-internal-url http://"$KEYSTONE_IP":5000/v3/ \ + --bootstrap-public-url http://"$KEYSTONE_IP":5000/v3/ \ + --bootstrap-region-id RegionOne +fi + +# Restart Apache Service +service apache2 restart + +# Create NBI User +if [ -z $DB_EXISTS ]; then + openstack user create --domain default --password "$NBI_PASSWORD" nbi + openstack project create --domain defaul --description "Service Project" service + openstack role add --project service --user nbi admin +fi + +while [ $(ps -ef | grep -v grep | grep apache2 | wc -l) -ne 0 ] +do + sleep 60 +done + +exit 1 diff --git a/docker/Makefile b/docker/Makefile index b0dc1f19..0dcb3dfe 100644 --- a/docker/Makefile +++ b/docker/Makefile @@ -13,5 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. # -SUBDIRS = MON NBI osmclient RO LCM light-ui pm +SUBDIRS = MON NBI osmclient RO LCM light-ui pm Keystone include mk/dirs.mk diff --git a/installers/docker/__keystone-db__.env b/installers/docker/__keystone-db__.env new file mode 100644 index 00000000..ac2a8d80 --- /dev/null +++ b/installers/docker/__keystone-db__.env @@ -0,0 +1 @@ +MYSQL_ROOT_PASSWORD=__MYSQL_ROOT_PASSWORD__ diff --git a/installers/docker/__keystone__.env b/installers/docker/__keystone__.env new file mode 100644 index 00000000..0b937e4e --- /dev/null +++ b/installers/docker/__keystone__.env @@ -0,0 +1,4 @@ +ROOT_DB_PASSWORD=__MYSQL_ROOT_PASSWORD__ +KEYSTONE_DB_PASSWORD=__KEYSTONE_DB_PASSWORD__ +#ADMIN_PASSWORD=__ADMIN_PASSWORD__ +NBI_PASSWORD=__NBI_PASSWORD__ diff --git a/installers/docker/docker-compose.yaml b/installers/docker/docker-compose.yaml index c09de863..3917c9ee 100644 --- a/installers/docker/docker-compose.yaml +++ b/installers/docker/docker-compose.yaml @@ -4,6 +4,7 @@ volumes: mongo_db: mon_db: osm_packages: + keystone_db: networks: netOSM: external: @@ -45,6 +46,26 @@ services: - netOSM volumes: - mongo_db:/data/db + keystone-db: + image: mariadb:10 + networks: + - netOSM + volumes: + - keystone_db:/var/lib/mysql + env_file: + - ./keystone-db.env +# ports: +# - "3306:3306" + keystone: + image: osm/keystone:${TAG:-latest} + networks: + - netOSM + environment: + DB_HOST: keystone-db + env_file: + - ./keystone.env + ports: + - "${OSM_KEYSTONE_PORTS:-5000:5000}" nbi: image: osm/nbi:${TAG:-latest} networks: diff --git a/installers/full_install_osm.sh b/installers/full_install_osm.sh index f96bfae0..02ed4278 100755 --- a/installers/full_install_osm.sh +++ b/installers/full_install_osm.sh @@ -165,6 +165,7 @@ function uninstall_lightweight() { docker image rm osm/ro docker image rm osm/lcm docker image rm osm/light-ui + docker image rm osm/keystone docker image rm osm/nbi docker image rm osm/mon docker image rm osm/pm @@ -715,6 +716,21 @@ function generate_docker_env_files() { if [ ! -f $OSM_DOCKER_WORK_DIR/ro.env ]; then echo "RO_DB_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/ro.env fi + + MYSQL_ROOT_PASSWORD=`date +%s | sha256sum | base64 | head -c 32` && sleep 1 + KEYSTONE_DB_PASSWORD=`date +%s | sha256sum | base64 | head -c 32` && sleep 1 + #ADMIN_PASSWORD=`date +%s | sha256sum | base64 | head -c 32` && sleep 1 + NBI_PASSWORD=`date +%s | sha256sum | base64 | head -c 32` + if [ ! -f $OSM_DOCKER_WORK_DIR/keystone-db.env ]; then + echo "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/keystone-db.env + fi + if [ ! -f $OSM_DOCKER_WORK_DIR/keystone.env ]; then + echo "ROOT_DB_PASSWORD=${MYSQL_ROOT_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/keystone.env + echo "KEYSTONE_DB_PASSWORD=${KEYSTONE_DB_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/keystone.env + #echo "ADMIN_PASSWORD=${ADMIN_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/keystone.env + echo "NBI_PASSWORD=${NBI_PASSWORD}" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/keystone.env + fi + echo "OS_NOTIFIER_URI=http://${DEFAULT_IP}:8662" |$WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/mon.env echo "Finished generation of docker env files" @@ -747,15 +763,18 @@ function deploy_lightweight() { echo "Deploying lightweight build" OSM_NBI_PORT=9999 OSM_RO_PORT=9090 + OSM_KEYSTONE_PORT=5000 OSM_UI_PORT=80 if [ -n "$NO_HOST_PORTS" ]; then OSM_PORTS+=(OSM_NBI_PORTS=$OSM_NBI_PORT) OSM_PORTS+=(OSM_RO_PORTS=$OSM_RO_PORT) + OSM_PORTS+=(OSM_KEYSTONE_PORTS=$OSM_KEYSTONE_PORT) OSM_PORTS+=(OSM_UI_PORTS=$OSM_UI_PORT) else OSM_PORTS+=(OSM_NBI_PORTS=$OSM_NBI_PORT:$OSM_NBI_PORT) OSM_PORTS+=(OSM_RO_PORTS=$OSM_RO_PORT:$OSM_RO_PORT) + OSM_PORTS+=(OSM_KEYSTONE_PORTS=$OSM_KEYSTONE_PORT:$OSM_KEYSTONE_PORT) OSM_PORTS+=(OSM_UI_PORTS=$OSM_UI_PORT:$OSM_UI_PORT) fi echo "export ${OSM_PORTS[@]}" | $WORKDIR_SUDO tee $OSM_DOCKER_WORK_DIR/osm_ports.sh -- 2.25.1