diff --git a/keystone/templates/bin/_init.sh.tpl b/keystone/templates/bin/_init.sh.tpl deleted file mode 100644 index 020e245b..00000000 --- a/keystone/templates/bin/_init.sh.tpl +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex -export HOME=/tmp - -ansible localhost -vvv \ - -m mysql_db -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \ - login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \ - login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \ - login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \ - name='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}'" - -ansible localhost -vvv \ - -m mysql_user -a "login_host='{{ .Values.endpoints.oslo_db.hosts.internal | default .Values.endpoints.oslo_db.hosts.default }}' \ - login_port='{{ .Values.endpoints.oslo_db.port.mysql }}' \ - login_user='{{ .Values.endpoints.oslo_db.auth.admin.username }}' \ - login_password='{{ .Values.endpoints.oslo_db.auth.admin.password }}' \ - name='{{ .Values.endpoints.oslo_db.auth.user.username }}' \ - password='{{ .Values.endpoints.oslo_db.auth.user.password }}' \ - host='%' \ - priv='{{ .Values.endpoints.oslo_db.path | trimAll "/" }}.*:ALL' \ - append_privs='yes'" diff --git a/keystone/templates/configmap-bin.yaml b/keystone/templates/configmap-bin.yaml index 75c90284..f91c2953 100644 --- a/keystone/templates/configmap-bin.yaml +++ b/keystone/templates/configmap-bin.yaml @@ -19,9 +19,9 @@ kind: ConfigMap metadata: name: keystone-bin data: + db-init.py: | +{{- include "helm-toolkit.db_init" . | indent 4 }} db-sync.sh: | {{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} - init.sh: | -{{ tuple "bin/_init.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} start.sh: | {{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.template" | indent 4 }} diff --git a/keystone/templates/job-db-init.yaml b/keystone/templates/job-db-init.yaml index 574899d6..93593af8 100644 --- a/keystone/templates/job-db-init.yaml +++ b/keystone/templates/job-db-init.yaml @@ -36,7 +36,7 @@ spec: - name: keystone-db-init image: {{ .Values.images.db_init }} imagePullPolicy: {{ .Values.images.pull_policy }} - {{- if .Values.resources.enabled }} + {{- if .Values.resources.enabled }} resources: limits: cpu: {{ .Values.resources.jobs.init.limits.cpu | quote }} @@ -45,11 +45,22 @@ spec: cpu: {{ .Values.resources.jobs.init.requests.cpu | quote }} memory: {{ .Values.resources.jobs.init.requests.memory | quote }} {{- end }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: keystone-db-root + key: DB_CONNECTION + - name: OPENSTACK_CONFIG_FILE + value: /etc/keystone/keystone.conf + - name: OPENSTACK_CONFIG_DB_SECTION + value: database + - name: OPENSTACK_CONFIG_DB_KEY + value: connection command: - - bash - - /tmp/init.sh - volumeMounts: + - python + - /tmp/db-init.py + volumeMounts: {{ toYaml $mounts_keystone_db_init.volumeMounts | indent 12 }} volumes: {{ toYaml $mounts_keystone_db_init.volumes | indent 8 }} - diff --git a/keystone/templates/secret-db-root.env.yaml b/keystone/templates/secret-db-root.env.yaml new file mode 100644 index 00000000..62da0ff3 --- /dev/null +++ b/keystone/templates/secret-db-root.env.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: keystone-db-root +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.authenticated_endpoint_uri_lookup" | b64enc }} diff --git a/keystone/values.yaml b/keystone/values.yaml index a9a1edad..24526c0d 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -24,7 +24,7 @@ labels: node_selector_value: enabled images: - db_init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton + db_init: quay.io/stackanetes/stackanetes-keystone-api:newton db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton api: quay.io/stackanetes/stackanetes-keystone-api:newton dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.1.1 @@ -97,15 +97,27 @@ resources: mounts: keystone_db_init: init_container: null - keystone_db_init: + keystone_db_init: volumes: + - name: empty + emptyDir: {} + - name: keystone-etc + configMap: + name: keystone-etc - name: keystone-bin configMap: - name: keystone-bin + name: keystone-bin volumeMounts: + - name: empty + mountPath: /etc/keystone + - name: keystone-etc + mountPath: /etc/keystone/keystone.conf + subPath: keystone.conf + readOnly: true - name: keystone-bin - mountPath: /tmp/init.sh - subPath: init.sh + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true keystone_db_sync: init_container: null keystone_db_sync: @@ -117,7 +129,7 @@ mounts: name: keystone-etc - name: keystone-bin configMap: - name: keystone-bin + name: keystone-bin volumeMounts: - name: empty mountPath: /etc/keystone @@ -128,7 +140,7 @@ mounts: - name: keystone-bin mountPath: /tmp/db-sync.sh subPath: db-sync.sh - readOnly: true + readOnly: true keystone_api: init_container: null keystone_api: @@ -140,7 +152,7 @@ mounts: name: keystone-etc - name: keystone-bin configMap: - name: keystone-bin + name: keystone-bin volumeMounts: - name: empty mountPath: /etc/keystone @@ -171,7 +183,7 @@ mounts: - name: keystone-bin mountPath: /tmp/start.sh subPath: start.sh - readOnly: true + readOnly: true conf: paste: @@ -183,7 +195,7 @@ conf: keystone: override: append: - token: + token: keystone: provider: uuid database: @@ -231,7 +243,7 @@ endpoints: path: /openstack scheme: rabbit port: - amqp: 5672 + amqp: 5672 oslo_cache: hosts: default: memcache