Update trymcp-day01 image scripts
Switch to nightly MCP_VERSION and add stuff for MM vm.
Related-Prod: PROD-27660
Related-Prod: PROD-29074
Change-Id: Ia9c0351bca244559e2a0cf326d3073a0f9af0823
diff --git a/trymcp-day01-image/files/etc/cloud/cloud.cfg b/trymcp-day01-image/files/etc/cloud/cloud.cfg
index 10290e1..ad73e20 100644
--- a/trymcp-day01-image/files/etc/cloud/cloud.cfg
+++ b/trymcp-day01-image/files/etc/cloud/cloud.cfg
@@ -77,14 +77,19 @@
hostname: cfg01.try-mcp.local
runcmd:
- - sed -i'.orig' -e's/PermitRootLogin.*/PermitRootLogin yes/g' -e's/PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config
- - service sshd restart
+ # TODO : add model update
+ #- salt-call state.apply reclass
- salt-call --timeout=120 test.ping
- salt-call saltutil.clear_cache
- salt-call saltutil.refresh_pillar
- salt-call saltutil.sync_all
+ #- salt-call state.sls salt.minion.ca
+ #- sleep 5
+ #- salt-call state.apply salt
+ - salt-call --timeout=120 test.ping
- systemctl restart docker
- sleep 20
+ - salt-call state.sls linux.system.user,openssh
- salt-call state.sls docker.swarm
- sleep 60
- salt-call state.sls nginx
@@ -93,9 +98,6 @@
- sleep 20
- salt-call state.sls docker.client
- sleep 60
- - salt-call state.sls openldap
- - sleep 20
- - salt-call state.sls gerrit
- - sleep 25
- salt-call state.sls jenkins
+ - bash /opt/add_keycloak_service_user.sh
- touch /done_cloud_init_bootstrap
diff --git a/trymcp-day01-image/files/opt/add_keycloak_service_user.sh b/trymcp-day01-image/files/opt/add_keycloak_service_user.sh
new file mode 100644
index 0000000..a38b236
--- /dev/null
+++ b/trymcp-day01-image/files/opt/add_keycloak_service_user.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+realm_name='drivetrain-realm'
+realm_user='operations-api'
+realm_usermail='drivetrain-eng@mirantis.com'
+echo "[ Getting Keycloak endpoint ]"
+keycloak_port=$(salt-call pillar.get --out=txt _param:haproxy_keycloak_exposed_port | awk '{print $2}')
+internal_address=$(salt-call pillar.get --out=txt _param:single_address | awk '{print $2}')
+keycloak_url="http://${internal_address}:${keycloak_port}"
+keycloak_admin_password=$(salt-call pillar.get --out=txt _param:keycloak_admin_password | awk '{print $2}')
+keycloak_user_password=$(salt-call pillar.get --out=txt _param:keycloak_user_password | awk '{print $2}')
+echo "[ Waiting for Keycloak server ]"
+until $(curl --output /dev/null --silent --head --fail ${keycloak_url}); do
+ sleep 2
+done
+
+KCADM="/opt/jboss/keycloak/bin/kcadm.sh"
+keycloak_container=$(docker ps --format '{{.Names}}' --filter 'name=keycloak-server')
+script="""
+$KCADM config credentials --server ${keycloak_url}/auth --realm master --user admin --password ${keycloak_admin_password} ;
+$KCADM create users -r ${realm_name} -s username=${realm_user} -s enabled=true -s emailVerified=true -s firstName=Operations-Service-User -s email=${realm_usermail} ;
+ID=\$($KCADM get users -r ${realm_name} --fields id -q username=${realm_user} -q email=${realm_usermail} | grep id | cut -f 2 -d \":\" | tr -d \"\\\"\" | tr -d \" \") ;
+$KCADM update users/\$ID/reset-password -r ${realm_name} -s type=password -s value=${keycloak_user_password} -s temporary=false -n ;
+"""
+
+docker exec -t ${keycloak_container} /bin/bash -c "${script}"
\ No newline at end of file