use "crux" for creating users/endpoints
this patch introduces the "crux" [1] tool for creating keystone users, services, and endpoints in an idempotent fashion. E.g., to create a user that doesn't exist: $ crux user-create -n lars -t lars -p secret creating new tenant created tenant lars (d74cec5023c4428da533066bb11943db) creating new user lars created user lars (adf2c2d92e894a3d90a403c5885f192e) And performing the same operation a second time: $ crux user-create -n lars -t lars -p secret using existing tenant lars (d74cec5023c4428da533066bb11943db) using existing user lars (adf2c2d92e894a3d90a403c5885f192e) The behavior is similar for creating keystone endpoints. [1]: https://github.com/larsks/crux Change-Id: I694e0c1bdcdde595e1af2ee8ef5d0f239a9ad4cd
This commit is contained in:
parent
cab0499c66
commit
9414ab5cad
@ -2,10 +2,13 @@ FROM kollaglue/fedora-rdo-base
|
|||||||
MAINTAINER Lars Kellogg-Stedman <lars@redhat.com>
|
MAINTAINER Lars Kellogg-Stedman <lars@redhat.com>
|
||||||
|
|
||||||
#Install required packages
|
#Install required packages
|
||||||
|
RUN yum -y install dnf dnf-plugins-core; yum clean all
|
||||||
|
RUN dnf copr enable -y larsks/crux
|
||||||
RUN yum install -y openstack-keystone \
|
RUN yum install -y openstack-keystone \
|
||||||
openstack-utils \
|
openstack-utils \
|
||||||
mariadb \
|
mariadb \
|
||||||
&& yum clean all
|
crux \
|
||||||
|
; yum clean all
|
||||||
|
|
||||||
ADD ./start.sh /start.sh
|
ADD ./start.sh /start.sh
|
||||||
|
|
||||||
|
@ -41,43 +41,36 @@ crudini --set /etc/keystone/keystone.conf DEFAULT use_stderr True
|
|||||||
cat /etc/keystone/keystone.conf
|
cat /etc/keystone/keystone.conf
|
||||||
|
|
||||||
/usr/bin/keystone-manage db_sync
|
/usr/bin/keystone-manage db_sync
|
||||||
|
|
||||||
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
|
/usr/bin/keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
|
||||||
|
|
||||||
|
MY_IP=$(ip route get $(ip route | awk '$1 == "default" {print $3}') |
|
||||||
|
awk '$4 == "src" {print $5}')
|
||||||
|
if [ -z "$KEYSTONEMASTER_35357_PORT_35357_TCP_ADDR" ]; then
|
||||||
|
KEYSTONEMASTER_35357_PORT_35357_TCP_ADDR=$MY_IP
|
||||||
|
fi
|
||||||
|
if [ -z "$KEYSTONEMASTER_5000_PORT_5000_TCP_ADDR" ]; then
|
||||||
|
KEYSTONEMASTER_5000_PORT_5000_TCP_ADDR=$MY_IP
|
||||||
|
fi
|
||||||
|
|
||||||
/usr/bin/keystone-all &
|
/usr/bin/keystone-all &
|
||||||
PID=$!
|
PID=$!
|
||||||
|
|
||||||
# TODO(sdake) better would be to retry each keystone operation
|
|
||||||
/usr/bin/sleep 5
|
|
||||||
|
|
||||||
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
|
export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
|
||||||
export SERVICE_ENDPOINT="http://127.0.0.1:35357/v2.0"
|
export SERVICE_ENDPOINT="http://127.0.0.1:35357/v2.0"
|
||||||
|
SERVICE_ENDPOINT_ADMIN="http://${KEYSTONEMASTER_35357_PORT_35357_TCP_ADDR}:35357/v2.0"
|
||||||
|
SERVICE_ENDPOINT_USER="http://${KEYSTONEMASTER_5000_PORT_5000_TCP_ADDR}:5000/v2.0"
|
||||||
|
|
||||||
# Create the admin user
|
# wait for keystone to become active
|
||||||
/usr/bin/keystone user-create --name admin --pass ${KEYSTONE_ADMIN_PASSWORD}
|
while ! curl -o /dev/null -s --fail ${SERVICE_ENDPOINT}; do
|
||||||
/usr/bin/keystone role-create --name admin
|
sleep 1;
|
||||||
/usr/bin/keystone tenant-create --name ${ADMIN_TENANT_NAME}
|
done
|
||||||
/usr/bin/keystone user-role-add --user admin --role admin --tenant ${ADMIN_TENANT_NAME}
|
|
||||||
|
|
||||||
# Create the keystone service and endpoint
|
crux user-create -n admin -p "${KEYSTONE_ADMIN_PASSWORD}" -t admin -r admin
|
||||||
/usr/bin/keystone service-create --name=keystone --type=identity --description="Identity Service"
|
crux endpoint-create -n keystone -t identity \
|
||||||
export SERVICE_ENDPOINT_USER="http://${KEYSTONEMASTER_PORT_5000_TCP_ADDR}:5000/v2.0"
|
-I "${SERVICE_ENDPOINT_USER}" \
|
||||||
export SERVICE_ENDPOINT_ADMIN="http://${KEYSTONEMASTER_PORT_35357_TCP_ADDR}:35357/v2.0"
|
-A "${SERVICE_ENDPOINT_ADMIN}"
|
||||||
/usr/bin/keystone endpoint-create \
|
|
||||||
--region RegionOne \
|
|
||||||
--service-id=`keystone service-list | grep keystone | tr -s ' ' | cut -d \ -f 2` \
|
|
||||||
--publicurl=${SERVICE_ENDPOINT_USER} \
|
|
||||||
--internalurl=${SERVICE_ENDPOINT_USER} \
|
|
||||||
--adminurl=http:${SERVICE_ENDPOINT_ADMIN}
|
|
||||||
|
|
||||||
|
|
||||||
# TODO(sdake) better would be to validate the database for the endpoint
|
|
||||||
/usr/bin/sleep 5
|
|
||||||
|
|
||||||
kill -TERM $PID
|
kill -TERM $PID
|
||||||
|
|
||||||
# TODO(sdake) better here would be to check ps for the existance of $PID
|
|
||||||
/usr/bin/sleep 2
|
|
||||||
|
|
||||||
echo "Running keystone service."
|
echo "Running keystone service."
|
||||||
exec /usr/bin/keystone-all
|
exec /usr/bin/keystone-all
|
||||||
|
Loading…
x
Reference in New Issue
Block a user