Working bootstrap

defaults/main.yml

@@ -13,3 +13,6 @@ keystone_config:
     connection: "mysql+pymysql://root:weakpassword@mariadb:3306/keystone"
   token:
     provider: "fernet"
+
+  admin_user: 'admin'
+  admin_password: 'weakpassword'

tasks/hiera.yml

@@ -5,6 +5,10 @@
     hieradata: '{{hiera_data}}'
     hieradata_file: '{{hiera_data_file}}'
     schema:
+      # NOTE(flaper87): Needed for bootstrap
+      # operations
+      keystone::admin_password: admin_password
+
       keystone::admin_token: DEFAULT.admin_token
       keystone::admin_workers: eventlet_server.admin_workers
       keystone::public_workers: eventlet_server.public_workers
@@ -27,11 +31,11 @@
       keystone::rabbit_userid: oslo_messaging_rabbit.rabbit_userid
       keystone::rabbit_password: oslo_messaging_rabbit.rabbit_password
       keystone::rabbit_host: oslo_messaging_rabbit.rabbit_host
+    default: '{{keystone_config}}'
     fact_variable: 'keystone_config'
 
 
-#     keystone::admin_password: DEFAULT.admin_password ?
-#      keystone::service_name: 'httpd'
+#      ?
 #      keystone::cron::token_flush::destination: '/dev/null'
 #      keystone::roles::admin::password: 211937d10baf281179d64c64533af6fcc1aa7475
 #      keystone::roles::admin::email: 'root@localhost'

tasks/provision.yml

@@ -138,9 +138,12 @@
         config_map:
           name: keystone
       - name: keystone-fernet
+        hostPath:
+          # directory location on host
+          path: /tmp/keystone-fernet
     state: present
 
-- name: Create keystone fernet job
+- name: Keystone fernet bootstrap
   k8s_v1_job:
     host: "{{coe_host}}"
     context: "{{kube_context}}"
@@ -166,8 +169,60 @@
         config_map:
           name: keystone
       - name: keystone-fernet
+        hostPath:
+          # directory location on host
+          path: /tmp/keystone-fernet
     state: present
 
+- name: Keystone bootstrap
+  k8s_v1_job:
+    host: "{{coe_host}}"
+    context: "{{kube_context}}"
+    kubeconfig: "{{config_file}}"
+    name: keystone-bootstrap
+    namespace: openstack
+    state: present
+    restart_policy: OnFailure
+    containers:
+      - image: tripleoupstream/centos-binary-keystone
+        name: keystone-bootstrap
+        # NOTE(flaper87): We might want to set bootstrap URLs, project name, etc
+        command:
+          - keystone-manage
+          - --config-file
+          - /var/lib/kolla/config_files/keystone.conf
+          - bootstrap
+          - --bootstrap-password
+          - '{{keystone_config.admin_password}}'
+#          - --bootstrap-admin-url
+#          - http://keystone:35357/v3
+#          - --bootstrap-internal-url
+#          - http://keystone:5000/v3
+#          - --bootstrap-public-url
+#          - http://keystone:5000/v3
+#          - --bootstrap-region-id
+#          - RegionOne
+        env:
+          - name: KOLLA_CONFIG_STRATEGY
+            value: COPY_ALWAYS
+          - name: KOLLA_BOOTSTRAP
+            value: ''
+        volume_mounts:
+        - name: kolla-config
+          mountPath: /var/lib/kolla/config_files/
+        - name: keystone-fernet
+          mountPath: /etc/keystone/fernet-keys
+    volumes:
+      - name: kolla-config
+        config_map:
+          name: keystone
+      - name: keystone-fernet
+        hostPath:
+          # directory location on host
+          path: /tmp/keystone-fernet
+    state: present
+
+
 - name: Create keystone service
   k8s_v1_service:
     host: "{{coe_host}}"
@@ -198,7 +253,7 @@
       app: keystone-api
     containers:
       - name: keystone-api
-        image: docker.io/kolla/centos-binary-keystone:3.0.3
+        image: tripleoupstream/centos-binary-keystone
         imagePullPolicy: IfNotPresent
         env:
         - name: KOLLA_CONFIG_STRATEGY
@@ -220,5 +275,8 @@
         config_map:
           name: keystone
       - name: keystone-fernet
+        hostPath:
+          # directory location on host
+          path: /tmp/keystone-fernet
     state: present
   register: create_service