diff options
| author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2015-02-18 16:40:04 +0000 |
|---|---|---|
| committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2015-03-25 10:23:33 +0000 |
| commit | 39aeb0c2f776e630a5d9c7d1261d7644f1965236 (patch) | |
| tree | 10a02b367fe8bad6d8e0afa2f47785cb1086f277 | |
| parent | 802627981ad91590743fa96fc5b62ea837c2db28 (diff) | |
| download | definitions-39aeb0c2f776e630a5d9c7d1261d7644f1965236.tar.gz | |
Keystone configuration to ansible
23 files changed, 231 insertions, 350 deletions
diff --git a/openstack-keystone.configure b/openstack-keystone.configure index d2d1171e..c8a7e9ff 100644 --- a/openstack-keystone.configure +++ b/openstack-keystone.configure @@ -20,37 +20,61 @@ set -e ROOT="$1" ########################################################################## -# Substitutions in configuration files + +ln -s "/etc/systemd/system/openstack-keystone-setup.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-keystone-setup.service" + +########################################################################## +# Check variables ########################################################################## -cat <<EOF > "$ROOT"/etc/openstack-keystone-setup.sed -s/##KEYSTONE_TEMPORARY_ADMIN_TOKEN##/$KEYSTONE_TEMPORARY_ADMIN_TOKEN/g -s/##KEYSTONE_TEMPORARY_ADMIN_PASSWORD##/$KEYSTONE_TEMPORARY_ADMIN_PASSWORD/g -s/##KEYSTONE_PUBLIC_URL##/$KEYSTONE_PUBLIC_URL/g -s/##KEYSTONE_INTERNAL_URL##/$KEYSTONE_INTERNAL_URL/g -s/##KEYSTONE_ADMIN_URL##/$KEYSTONE_ADMIN_URL/g -s/##OPENSTACK_AUTH_HOST##/$OPENSTACK_AUTH_HOST/g -s/##OPENSTACK_AUTH_PORT##/$OPENSTACK_AUTH_PORT/g -s/##IDENTITY_URI##/$IDENTITY_URI/g -s/##KEYSTONE_DB_USER##/$KEYSTONE_DB_USER/g -s/##KEYSTONE_DB_PASSWORD##/$KEYSTONE_DB_PASSWORD/g -EOF +if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -a \ + -z "$KEYSTONE_ADMIN_PASSWORD" -a \ + -z "$KEYSTONE_DB_USER" -a \ + -z "$KEYSTONE_DB_PASSWORD" -a \ + -z "$RABBITMQ_HOST" -a \ + -z "$RABBITMQ_PORT" -a \ + -z "$RABBITMQ_USER" -a \ + -z "$RABBITMQ_PASSWORD" -a \ + -z "$CONTROLLER_HOST_ADDRESS" ]; then + # No Keystone options defined, do nothing. + exit 0 +fi -sed -f "$ROOT"/etc/openstack-keystone-setup.sed -i \ - "$ROOT"/etc/keystone/keystone.conf \ - "$ROOT"/etc/glance/glance-api.conf \ - "$ROOT"/etc/glance/glance-registry.conf \ - "$ROOT"/etc/nova/nova.conf \ - "$ROOT"/etc/cinder/cinder.conf \ - "$ROOT"/etc/neutron/neutron.conf \ - "$ROOT"/etc/neutron/metadata_agent.ini \ - "$ROOT"/usr/share/openstack/openstack-keystone-setup \ - "$ROOT"/usr/share/openstack/openstack-glance-setup \ - "$ROOT"/usr/share/openstack/openstack-nova-setup \ - "$ROOT"/usr/share/openstack/openstack-neutron-setup \ - "$ROOT"/usr/share/openstack/openstack-cinder-setup +if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \ + -z "$KEYSTONE_ADMIN_PASSWORD" -o \ + -z "$KEYSTONE_DB_USER" -o \ + -z "$KEYSTONE_DB_PASSWORD" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$CONTROLLER_HOST_ADDRESS" ]; then + echo Some options required for Keystone were defined, but not all. + exit 1 +fi ########################################################################## +# Generate config variable shell snippet +########################################################################## -ln -s "/etc/systemd/system/openstack-keystone-setup.service" \ - "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-keystone-setup.service" +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/keystone.conf" +import os, sys, yaml + +keystone_configuration={ + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], + 'KEYSTONE_ADMIN_PASSWORD': os.environ['KEYSTONE_ADMIN_PASSWORD'], + 'KEYSTONE_DB_USER': os.environ['KEYSTONE_DB_USER'], + 'KEYSTONE_DB_PASSWORD': os.environ['KEYSTONE_DB_PASSWORD'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], +} + +yaml.dump(keystone_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack-rabbitmq.configure b/openstack-rabbitmq.configure deleted file mode 100644 index 40c37698..00000000 --- a/openstack-rabbitmq.configure +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -e - -ROOT="$1" - -########################################################################## -# Substitutions in configuration files -########################################################################## - -cat <<EOF > "$ROOT"/etc/openstack-rabbitmq-setup.sed -s/##RABBITMQ_HOST##/$RABBITMQ_HOST/g -s/##RABBITMQ_PORT##/$RABBITMQ_PORT/g -s/##RABBITMQ_USER##/$RABBITMQ_USER/g -s/##RABBITMQ_PASSWORD##/$RABBITMQ_PASSWORD/g -EOF - -sed -f "$ROOT"/etc/openstack-rabbitmq-setup.sed -i \ - "$ROOT"/etc/keystone/keystone.conf \ - "$ROOT"/etc/nova/nova.conf \ - "$ROOT"/etc/cinder/cinder.conf \ - "$ROOT"/etc/neutron/neutron.conf \ - "$ROOT"/etc/glance/glance-api.conf \ - "$ROOT"/usr/share/openstack/openstack-rabbitmq-setup - -########################################################################## - -ln -s "/etc/systemd/system/openstack-rabbitmq-setup.service" \ - "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-rabbitmq-setup.service" - -ln -s "/etc/systemd/system/openstack-rabbitmq-server.service" \ - "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-rabbitmq-server.service" diff --git a/openstack/etc/systemd/system/openstack-keystone-setup.service b/openstack/etc/systemd/system/openstack-keystone-setup.service index fb2793bb..9ea04c1d 100644 --- a/openstack/etc/systemd/system/openstack-keystone-setup.service +++ b/openstack/etc/systemd/system/openstack-keystone-setup.service @@ -1,11 +1,12 @@ [Unit] -Description=Run openstack-keystone-setup (once) +Description=Run keystone-setup Ansible scripts After=local-fs.target postgres-server.service +ConditionPathExists=/etc/openstack/keystone.conf [Service] +# Oneshot, since others setup have to wait until this service finishes Type=oneshot -ExecStart=/usr/share/openstack/openstack-keystone-setup -Restart=no +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/keystone.yml [Install] WantedBy=multi-user.target diff --git a/openstack/etc/systemd/system/openstack-rabbitmq-setup.service b/openstack/etc/systemd/system/openstack-rabbitmq-setup.service deleted file mode 100644 index 85257fd1..00000000 --- a/openstack/etc/systemd/system/openstack-rabbitmq-setup.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Run openstack-rabbitmq-setup (once) -Requires=local-fs.target -After=local-fs.target network.target - -[Service] -Type=oneshot -ExecStart=/usr/share/openstack/openstack-rabbitmq-setup -Restart=no - -[Install] -WantedBy=multi-user.target diff --git a/openstack/etc/systemd/system/postgres-server.service b/openstack/etc/systemd/system/postgres-server.service index 6ee25e98..42e88042 100644 --- a/openstack/etc/systemd/system/postgres-server.service +++ b/openstack/etc/systemd/system/postgres-server.service @@ -1,7 +1,5 @@ [Unit] Description=PostgreSQL database server -Requires=postgres-setup.service -After=postgres-setup.service [Service] Type=forking diff --git a/openstack/etc/systemd/system/postgres-setup.service b/openstack/etc/systemd/system/postgres-setup.service deleted file mode 100644 index 281d0d77..00000000 --- a/openstack/etc/systemd/system/postgres-setup.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Run postgres-setup (once) -After=network.target - -[Service] -Type=oneshot -ExecStart=/usr/share/openstack/postgres-setup -Restart=no - -[Install] -WantedBy=multi-user.target diff --git a/openstack/etc/systemd/system/openstack-rabbitmq-server.service b/openstack/etc/systemd/system/rabbitmq-server.service index 91bd6fa7..f0d60f51 100644 --- a/openstack/etc/systemd/system/openstack-rabbitmq-server.service +++ b/openstack/etc/systemd/system/rabbitmq-server.service @@ -1,7 +1,6 @@ [Unit] Description=RabbitMQ broker -After=syslog.target network.target openstack-rabbitmq-setup.service -Requires=openstack-rabbitmq-setup.service +After=syslog.target network.target [Service] Type=notify diff --git a/openstack/manifest b/openstack/manifest index 76e989d8..068233db 100644 --- a/openstack/manifest +++ b/openstack/manifest @@ -1,11 +1,18 @@ -0040755 0 0 /etc/keystone -0040755 0 0 /var/lib/keystone 0040755 0 0 /usr/share/openstack +0100644 0 0 /usr/share/openstack/hosts +0100644 0 0 /usr/share/openstack/keystone.yml +0040755 0 0 /usr/share/openstack/keystone 0100755 0 0 /usr/share/openstack/openstack-keystone-setup -0100644 0 0 /etc/keystone/logging.conf -0100644 0 0 /etc/keystone/keystone.conf -0100644 0 0 /etc/keystone/policy.json -0100644 0 0 /etc/keystone/keystone-paste.ini +0100644 0 0 /usr/share/openstack/keystone/logging.conf +0100644 0 0 /usr/share/openstack/keystone/keystone.conf +0100644 0 0 /usr/share/openstack/keystone/policy.json +0100644 0 0 /usr/share/openstack/keystone/keystone-paste.ini +0040755 0 0 /usr/share/openstack/postgres +0100644 0 0 /usr/share/openstack/postgres/pg_hba.conf +0100644 0 0 /usr/share/openstack/postgres/postgresql.conf +0040755 0 0 /usr/share/openstack/rabbitmq +0100644 0 0 /usr/share/openstack/rabbitmq/rabbitmq-env.conf +0100644 0 0 /usr/share/openstack/rabbitmq/rabbitmq.config 0100644 0 0 /etc/logrotate.d/openstack-keystone 0100644 0 0 /etc/systemd/system/openstack-keystone.service 0100644 0 0 /etc/systemd/system/openstack-keystone-setup.service @@ -49,10 +56,7 @@ 0100644 0 0 /etc/systemd/system/openstack-nova-novncproxy.service 0100644 0 0 /etc/systemd/system/openstack-nova-serialproxy.service 0100644 0 0 /etc/systemd/system/openstack-nova-cert.service -0100644 0 0 /etc/systemd/system/openstack-rabbitmq-setup.service -0100644 0 0 /etc/systemd/system/openstack-rabbitmq-server.service -0100755 0 0 /usr/share/openstack/openstack-rabbitmq-setup -0040755 0 0 /var/lib/rabbitmq +0100644 0 0 /etc/systemd/system/rabbitmq-server.service 0040755 0 0 /var/lib/cinder 0040755 0 0 /etc/cinder 0100644 0 0 /etc/cinder/cinder.conf @@ -145,8 +149,6 @@ 0100755 0 0 /usr/share/openstack/openstack-neutron-network-configuration-for-one-node 0100644 0 0 /etc/systemd/system/openstack-neutron-network-configuration-one-node.service 0100644 0 0 /etc/systemd/system/openvswitch-initialize-db.service -0100755 0 0 /usr/share/openstack/postgres-setup -0100644 0 0 /etc/systemd/system/postgres-setup.service 0100644 0 0 /etc/systemd/system/postgres-server.service 0100755 0 0 /usr/share/openstack/apache-httpd-server-setup 0100644 0 0 /etc/systemd/system/apache-httpd-server-setup.service diff --git a/openstack/usr/share/openstack/hosts b/openstack/usr/share/openstack/hosts new file mode 100644 index 00000000..5b97818d --- /dev/null +++ b/openstack/usr/share/openstack/hosts @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/openstack/usr/share/openstack/keystone.yml b/openstack/usr/share/openstack/keystone.yml new file mode 100644 index 00000000..b139b39f --- /dev/null +++ b/openstack/usr/share/openstack/keystone.yml @@ -0,0 +1,123 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/keystone.conf" + tasks: + + # RabbitMQ configuration, this may end up in a different playbook + - name: Create rabbitmq user + user: name=rabbitmq comment="Rabbitmq server daemon" shell=/sbin/nologin home=/var/lib/rabbitmq + + - name: Create the rabbitmq directories + file: path={{ item }} state=directory owner=rabbitmq group=rabbitmq + with_items: + - /var/run/rabbitmq + - /var/log/rabbitmq + - /etc/rabbitmq + + - name: Add the configuration needed for rabbitmq in /etc/rabbitmq using templates + template: src=/usr/share/openstack/rabbitmq/{{ item }} dest=/etc/rabbitmq/{{ item }} owner=rabbitmq group=rabbitmq mode=0644 + with_items: + - rabbitmq.config + - rabbitmq-env.conf + + - name: Enable and start rabbitmq services + service: name={{ item }} enabled=yes state=started + with_items: + - rabbitmq-server + + # Postgres configuration, this may end up in a different playbook + - name: Create postgres user + user: name=postgres comment="PostgreSQL Server" shell=/sbin/nologin home=/var/lib/pgsql + + - name: Create the postgres directories + file: path={{ item }} state=directory owner=postgres group=postgres + with_items: + - /var/run/postgresql + - /var/lib/pgsql/data + + - name: Initialise postgres database + shell: pg_ctl -D /var/lib/pgsql/data initdb creates=/var/lib/pgsql/data/base + sudo: yes + sudo_user: postgres + + - name: Add the configuration needed for postgres for Openstack + template: src=/usr/share/openstack/postgres/{{ item }} dest=/var/lib/pgsql/data/{{ item }} owner=postgres group=postgres mode=0600 + with_items: + - postgresql.conf + - pg_hba.conf + + - name: Enable and start postgres services + service: name={{ item }} enabled=yes state=started + with_items: + - postgres-server + + + # Keystone configuration + - name: Create the keystone user. + user: name=keystone comment="Openstack Keystone Daemons" shell=/sbin/nologin home=/var/lib/keystone + + - name: Create the /var folders for keystone + file: path={{ item }} state=directory owner=keystone group=keystone + with_items: + - /var/run/keystone + - /var/lock/keystone + - /var/log/keystone + - /var/lib/keystone + + - file: path=/etc/keystone state=directory + - name: Add the configuration needed for lorry in /etc using templates + template: src=/usr/share/openstack/keystone/{{ item }} dest=/etc/keystone/{{ item }} + with_lines: + - (cd /usr/share/openstack/keystone && find -type f) + + - postgresql_user: name={{ KEYSTONE_DB_USER }} password={{ KEYSTONE_DB_PASSWORD }} + sudo: yes + sudo_user: keystone + - postgresql_db: name=keystone owner={{ KEYSTONE_DB_USER }} + sudo: yes + sudo_user: keystone + + - keystone_manage: action=dbsync + sudo: yes + sudo_user: keystone + + - name: Enable and start openstack-keystone service + service: name=openstack-keystone.service enabled=yes state=started + + - keystone_user: > + tenant=admin + tenant_description="Admin Tenant" + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - keystone_user: > + user=admin + tenant=admin + password={{ KEYSTONE_ADMIN_PASSWORD }} + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - keystone_user: > + role=admin + user=admin + tenant=admin + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - keystone_user: > + tenant=service + tenant_description="Service Tenant" + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - keystone_service: > + name=keystone + type=identity + description="Keystone Identity Service" + publicurl=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + internalurl=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + adminurl=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + region='regionOne' + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 diff --git a/openstack/etc/keystone/keystone-paste.ini b/openstack/usr/share/openstack/keystone/keystone-paste.ini index cd132971..cd132971 100644 --- a/openstack/etc/keystone/keystone-paste.ini +++ b/openstack/usr/share/openstack/keystone/keystone-paste.ini diff --git a/openstack/etc/keystone/keystone.conf b/openstack/usr/share/openstack/keystone/keystone.conf index a46cc5fc..154a6a18 100644 --- a/openstack/etc/keystone/keystone.conf +++ b/openstack/usr/share/openstack/keystone/keystone.conf @@ -10,7 +10,7 @@ # recommended), remove AdminTokenAuthMiddleware from your # paste application pipelines (for example, in keystone- # paste.ini). (string value) -admin_token=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## +admin_token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} # The IP address of the network interface for the public # service to listen on. (string value) @@ -200,11 +200,11 @@ public_port=5000 # The RabbitMQ broker address where a single node is used. # (string value) -rabbit_host=##RABBITMQ_HOST## +rabbit_host={{ RABBITMQ_HOST }} # The RabbitMQ broker port where a single node is used. # (integer value) -rabbit_port=##RABBITMQ_PORT## +rabbit_port={{ RABBITMQ_PORT }} # RabbitMQ HA cluster host:port pairs. (list value) rabbit_hosts=$rabbit_host:$rabbit_port @@ -213,10 +213,10 @@ rabbit_hosts=$rabbit_host:$rabbit_port rabbit_use_ssl=false # The RabbitMQ userid. (string value) -rabbit_userid=##RABBITMQ_USER## +rabbit_userid={{ RABBITMQ_USER }} # The RabbitMQ password. (string value) -rabbit_password=##RABBITMQ_PASSWORD## +rabbit_password={{ RABBITMQ_PASSWORD }} # the RabbitMQ login method (string value) #rabbit_login_method=AMQPLAIN @@ -628,7 +628,7 @@ rpc_backend=rabbit # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection=<None> -connection=postgresql://##KEYSTONE_DB_USER##:##KEYSTONE_DB_PASSWORD##@onenode/keystone +connection=postgresql://{{ KEYSTONE_DB_USER }}:{{ KEYSTONE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/keystone # The SQLAlchemy connection string to use to connect to the # slave database. (string value) @@ -1207,7 +1207,7 @@ connection=postgresql://##KEYSTONE_DB_USER##:##KEYSTONE_DB_PASSWORD##@onenode/ke # An implementation of the backend for persisting revocation # events. (string value) -#driver=keystone.contrib.revoke.backends.kvs.Revoke +driver=keystone.contrib.revoke.backends.sql.Revoke # This value (calculated in seconds) is added to token # expiration before a revocation event may be removed from the @@ -1332,10 +1332,10 @@ connection=postgresql://##KEYSTONE_DB_USER##:##KEYSTONE_DB_PASSWORD##@onenode/ke # operations. Core providers are # "keystone.token.providers.[pkiz|pki|uuid].Provider". The # default provider is pkiz. (string value) -#provider=<None> +provider=keystone.token.providers.uuid.Provider # Token persistence backend driver. (string value) -#driver=keystone.token.backends.sql.Token +driver=keystone.token.backends.sql.Token # Toggle for token system cacheing. This has no effect unless # global caching is enabled. (boolean value) diff --git a/openstack/etc/keystone/logging.conf b/openstack/usr/share/openstack/keystone/logging.conf index 21d43c8d..21d43c8d 100644 --- a/openstack/etc/keystone/logging.conf +++ b/openstack/usr/share/openstack/keystone/logging.conf diff --git a/openstack/etc/keystone/policy.json b/openstack/usr/share/openstack/keystone/policy.json index 9c7e646e..9c7e646e 100644 --- a/openstack/etc/keystone/policy.json +++ b/openstack/usr/share/openstack/keystone/policy.json diff --git a/openstack/usr/share/openstack/openstack-keystone-setup b/openstack/usr/share/openstack/openstack-keystone-setup deleted file mode 100644 index 9c034c5b..00000000 --- a/openstack/usr/share/openstack/openstack-keystone-setup +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -e - -# Create required system users and groups - -getent group keystone >/dev/null || groupadd -r --gid 163 keystone -getent passwd keystone >/dev/null || \ - useradd --uid 163 -r -g keystone -d /var/lib/keystone -s /sbin/nologin \ - -c "OpenStack Keystone Daemons" keystone - -# Keystone compute configuration -if [ ! -d /var/run/keystone ]; then - mkdir -p /var/run/keystone - chown -R keystone:keystone /var/run/keystone -fi - -if [ ! -d /var/lock/keystone ]; then - mkdir -p /var/lock/keystone - chown -R keystone:keystone /var/lock/keystone -fi - -if [ ! -d /var/log/keystone ]; then - mkdir -p /var/log/keystone - chown -R keystone:keystone /var/log/keystone -fi - -# Setup the keystone database -if ! sudo -u postgres psql -lqt | grep -q keystone; then - # Create posgreSQL user - sudo -u postgres createuser \ - --pwprompt --encrypted \ - --no-adduser --no-createdb \ - --no-password \ - ##KEYSTONE_DB_USER## - - sudo -u postgres createdb \ - --owner=##KEYSTONE_DB_USER## \ - keystone - - sudo -u keystone keystone-manage db_sync -fi - -chown -R keystone:keystone /var/lib/keystone - -systemctl start openstack-keystone - -export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## -export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0' - -# This script creates a TEMPORARY admin user, with a password that may -# float arount on the system. Please delete this user once you have set up -# the real admin user with a real secure password. - -keystone tenant-create --name admin --description "Admin Tenant" -keystone role-create --name admin - -keystone user-create --name temporary_admin --pass ##KEYSTONE_TEMPORARY_ADMIN_PASSWORD## -keystone user-role-add --tenant admin --user temporary_admin --role admin - -keystone tenant-create --name service --description "Service Tenant" - -# Define a service for the Identity Service -keystone service-create --name keystone --type identity --description "Openstack Identity" - -# Specify an API endpoint for the Identity Service by using the returned service ID. -keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') \ - --publicurl ##KEYSTONE_PUBLIC_URL## \ - --internalurl ##KEYSTONE_INTERNAL_URL## \ - --adminurl ##KEYSTONE_ADMIN_URL## - -rm /etc/systemd/system/multi-user.target.wants/openstack-keystone-setup.service - -ln -s "/etc/systemd/system/openstack-keystone.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-keystone.service" - -exit 0 diff --git a/openstack/usr/share/openstack/openstack-rabbitmq-setup b/openstack/usr/share/openstack/openstack-rabbitmq-setup deleted file mode 100644 index dd491294..00000000 --- a/openstack/usr/share/openstack/openstack-rabbitmq-setup +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -e - -# Create required system users and groups -getent group rabbitmq >/dev/null || groupadd -r --gid 1002 rabbitmq -getent passwd rabbitmq >/dev/null || \ - useradd --uid 1002 -r -g rabbitmq -d /var/lib/rabbitmq -s /sbin/nologin \ - -c "Rabbitmq server daemon" rabbitmq - -chown -R rabbitmq:rabbitmq /var/lib/rabbitmq - -# Create directories and files needed to run openstack-rabbitmq-server -if [ ! -d /var/run/rabbitmq ]; then - mkdir -p /var/run/rabbitmq - chown -R rabbitmq:rabbitmq /var/run/rabbitmq - chmod 755 /var/run/rabbitmq -fi - -if [ ! -d /var/log/rabbitmq ]; then - mkdir -p /var/log/rabbitmq - chown -R rabbitmq:rabbitmq /var/log/rabbitmq - chmod 755 /var/log/rabbitmq -fi - -# Install rabbimq.config and rabbitmq-env.conf -install -D -m 644 /proc/self/fd/0 <<'EOF' /var/lib/rabbitmq/etc/rabbitmq/rabbitmq.config -%% -*- Rabbit configuration for Openstack in Baserock -[ - {rabbit, - [ - {default_user, <<"##RABBITMQ_USER##">>}, - {default_pass, <<"##RABBITMQ_PASSWORD##">>}, - {tcp_listeners, [##RABBITMQ_PORT##]} - ]} -]. -EOF - -install -D -m 644 /proc/self/fd/0 <<'EOF' /etc/rabbitmq/rabbitmq-env.conf -# NOTE: Install this file in /etc/rabbitmq/ because rabbitmq-server will load -# it only from this directory. - -# Configure port node where rabbitmq-server will listen from. -NODE_PORT=##RABBITMQ_PORT## -# Config file has to be in $RABBITMQ_HOME/etc/rabbitmq/rabbitmq.config -CONFIG_FILE=/var/lib/rabbitmq/etc/rabbitmq/rabbitmq -EOF - -chown -R rabbitmq:rabbitmq /var/lib/rabbitmq - -exit 0 diff --git a/openstack/usr/share/openstack/postgres-setup b/openstack/usr/share/openstack/postgres-setup deleted file mode 100644 index fb224fd8..00000000 --- a/openstack/usr/share/openstack/postgres-setup +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -e - -if [ -f /var/openstack/postgres-setup ]; then - exit 0 -fi - -# Create postgres directories -install -dm700 /var/lib/pgsql/data -install -dm755 /var/run/postgresql - -# Create required system users and groups -getent group postgress >/dev/null || groupadd -r -g 41 postgres -getent passwd postgres >/dev/null || \ - useradd --uid 41 -r -g postgres -d /var/lib/pgsql -s /sbin/nologin \ - -c "PostgreSQL Server" postgres - -chown -R postgres:postgres /var/lib/pgsql /var/run/postgresql - -test -d /var/lib/pgsql/data/base || sudo -u postgres pg_ctl -D /var/lib/pgsql/data initdb - -install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/postgres-setup -Postgres setup: success -EOF - -exit 0 diff --git a/openstack/usr/share/openstack/postgres/pg_hba.conf b/openstack/usr/share/openstack/postgres/pg_hba.conf new file mode 100644 index 00000000..7daf1b46 --- /dev/null +++ b/openstack/usr/share/openstack/postgres/pg_hba.conf @@ -0,0 +1,4 @@ +local all all trust +host all all 127.0.0.1/32 trust +host all all ::1/128 trust +host all all 0.0.0.0/0 trust diff --git a/openstack/usr/share/openstack/postgres/postgresql.conf b/openstack/usr/share/openstack/postgres/postgresql.conf new file mode 100644 index 00000000..e4ff9582 --- /dev/null +++ b/openstack/usr/share/openstack/postgres/postgresql.conf @@ -0,0 +1,11 @@ +listen_addresses = '0.0.0.0' +max_connections = 100 +shared_buffers = 128MB +log_timezone = 'UTC' +datestyle = 'iso, mdy' +timezone = 'UTC' +lc_messages = 'C' +lc_monetary = 'C' +lc_numeric = 'C' +lc_time = 'C' +default_text_search_config = 'pg_catalog.english' diff --git a/openstack/usr/share/openstack/rabbitmq/rabbitmq-env.conf b/openstack/usr/share/openstack/rabbitmq/rabbitmq-env.conf new file mode 100644 index 00000000..d4c58dae --- /dev/null +++ b/openstack/usr/share/openstack/rabbitmq/rabbitmq-env.conf @@ -0,0 +1,3 @@ +# Configure port node where rabbitmq-server will listen from. +NODE_PORT={{ RABBITMQ_PORT }} +CONFIG_FILE=/etc/rabbitmq/rabbitmq diff --git a/openstack/usr/share/openstack/rabbitmq/rabbitmq.config b/openstack/usr/share/openstack/rabbitmq/rabbitmq.config new file mode 100644 index 00000000..9b93881e --- /dev/null +++ b/openstack/usr/share/openstack/rabbitmq/rabbitmq.config @@ -0,0 +1,9 @@ +%% -*- Rabbit configuration for Openstack in Baserock +[ + {rabbit, + [ + {default_user, <<"{{ RABBITMQ_USER }}">>}, + {default_pass, <<"{{ RABBITMQ_PASSWORD }}">>}, + {tcp_listeners, [{{ RABBITMQ_PORT }}]} + ]} +]. diff --git a/postgres.configure b/postgres.configure deleted file mode 100644 index 257cf56c..00000000 --- a/postgres.configure +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -e - -ROOT="$1" - -ln -sf "/etc/systemd/system/postgres-server.service" \ - "$ROOT/etc/systemd/system/multi-user.target.wants/postgres-server.service" diff --git a/systems/openstack-server.morph b/systems/openstack-server.morph index f0294d33..c403a18f 100644 --- a/systems/openstack-server.morph +++ b/systems/openstack-server.morph @@ -69,5 +69,4 @@ configuration-extensions: - openstack-cinder - openstack-neutron - openvswitch -- postgres - apache-httpd-server |