diff --git a/defaults/main.yml b/defaults/main.yml index 36256a9..ed8582c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,3 +13,6 @@ keystone_config: connection: "mysql+pymysql://root:weakpassword@mariadb:3306/keystone" token: provider: "fernet" + + admin_user: 'admin' + admin_password: 'weakpassword' diff --git a/tasks/hiera.yml b/tasks/hiera.yml index ab09f10..8fb25dc 100644 --- a/tasks/hiera.yml +++ b/tasks/hiera.yml @@ -5,6 +5,10 @@ hieradata: '{{hiera_data}}' hieradata_file: '{{hiera_data_file}}' schema: + # NOTE(flaper87): Needed for bootstrap + # operations + keystone::admin_password: admin_password + keystone::admin_token: DEFAULT.admin_token keystone::admin_workers: eventlet_server.admin_workers keystone::public_workers: eventlet_server.public_workers @@ -27,11 +31,11 @@ keystone::rabbit_userid: oslo_messaging_rabbit.rabbit_userid keystone::rabbit_password: oslo_messaging_rabbit.rabbit_password keystone::rabbit_host: oslo_messaging_rabbit.rabbit_host + default: '{{keystone_config}}' fact_variable: 'keystone_config' -# keystone::admin_password: DEFAULT.admin_password ? -# keystone::service_name: 'httpd' +# ? # keystone::cron::token_flush::destination: '/dev/null' # keystone::roles::admin::password: 211937d10baf281179d64c64533af6fcc1aa7475 # keystone::roles::admin::email: 'root@localhost' diff --git a/tasks/provision.yml b/tasks/provision.yml index 0991048..425b211 100644 --- a/tasks/provision.yml +++ b/tasks/provision.yml @@ -138,9 +138,12 @@ config_map: name: keystone - name: keystone-fernet + hostPath: + # directory location on host + path: /tmp/keystone-fernet state: present -- name: Create keystone fernet job +- name: Keystone fernet bootstrap k8s_v1_job: host: "{{coe_host}}" context: "{{kube_context}}" @@ -166,8 +169,60 @@ config_map: name: keystone - name: keystone-fernet + hostPath: + # directory location on host + path: /tmp/keystone-fernet state: present +- name: Keystone bootstrap + k8s_v1_job: + host: "{{coe_host}}" + context: "{{kube_context}}" + kubeconfig: "{{config_file}}" + name: keystone-bootstrap + namespace: openstack + state: present + restart_policy: OnFailure + containers: + - image: tripleoupstream/centos-binary-keystone + name: keystone-bootstrap + # NOTE(flaper87): We might want to set bootstrap URLs, project name, etc + command: + - keystone-manage + - --config-file + - /var/lib/kolla/config_files/keystone.conf + - bootstrap + - --bootstrap-password + - '{{keystone_config.admin_password}}' +# - --bootstrap-admin-url +# - http://keystone:35357/v3 +# - --bootstrap-internal-url +# - http://keystone:5000/v3 +# - --bootstrap-public-url +# - http://keystone:5000/v3 +# - --bootstrap-region-id +# - RegionOne + env: + - name: KOLLA_CONFIG_STRATEGY + value: COPY_ALWAYS + - name: KOLLA_BOOTSTRAP + value: '' + volume_mounts: + - name: kolla-config + mountPath: /var/lib/kolla/config_files/ + - name: keystone-fernet + mountPath: /etc/keystone/fernet-keys + volumes: + - name: kolla-config + config_map: + name: keystone + - name: keystone-fernet + hostPath: + # directory location on host + path: /tmp/keystone-fernet + state: present + + - name: Create keystone service k8s_v1_service: host: "{{coe_host}}" @@ -198,7 +253,7 @@ app: keystone-api containers: - name: keystone-api - image: docker.io/kolla/centos-binary-keystone:3.0.3 + image: tripleoupstream/centos-binary-keystone imagePullPolicy: IfNotPresent env: - name: KOLLA_CONFIG_STRATEGY @@ -220,5 +275,8 @@ config_map: name: keystone - name: keystone-fernet + hostPath: + # directory location on host + path: /tmp/keystone-fernet state: present register: create_service