Support for docker
Change-Id: I1b9d17785a094e98bd8ff837307e641c42886cc7
diff --git a/keystone/client.sls b/keystone/client.sls
index 2f6edbd..c5887e8 100644
--- a/keystone/client.sls
+++ b/keystone/client.sls
@@ -5,11 +5,20 @@
pkg.installed:
- names: {{ client.pkgs }}
+keystone_salt_config:
+ file.managed:
+ - name: /etc/salt/minion.d/keystone.conf
+ - template: jinja
+ - source: salt://keystone/files/salt-minion.conf
+ - mode: 600
+
{%- if client.tenant is defined %}
keystone_client_roles:
keystone.role_present:
- names: {{ client.roles }}
+ - require:
+ - file: keystone_salt_config
{%- for tenant_name, tenant in client.get('tenant', {}).iteritems() %}
diff --git a/keystone/files/entrypoint.sh b/keystone/files/entrypoint.sh
new file mode 100644
index 0000000..b139f2e
--- /dev/null
+++ b/keystone/files/entrypoint.sh
@@ -0,0 +1,14 @@
+{%- from "keystone/map.jinja" import server with context -%}
+#!/bin/bash -e
+
+cat /srv/salt/pillar/keystone-server.sls | envsubst > /tmp/keystone-server.sls
+mv /tmp/keystone-server.sls /srv/salt/pillar/keystone-server.sls
+
+salt-call --local --retcode-passthrough state.highstate
+service {{ server.service_name }} stop || true
+
+su keystone --shell=/bin/sh -c '/usr/bin/keystone-all --config-file=/etc/keystone/keystone.conf'
+
+{#-
+vim: syntax=jinja
+-#}
diff --git a/keystone/files/salt-minion.conf b/keystone/files/salt-minion.conf
new file mode 100644
index 0000000..7032b08
--- /dev/null
+++ b/keystone/files/salt-minion.conf
@@ -0,0 +1,15 @@
+{%- if pillar.keystone.get('server', {'enabled': False}).enabled -%}
+{%- from "keystone/map.jinja" import server with context -%}
+keystone.token: '{{ server.service_token }}'
+keystone.endpoint: 'http://{{ server.bind.private_address }}:{{ server.bind.private_port }}/v2.0'
+{%- else -%}
+{%- from "keystone/map.jinja" import client with context -%}
+keystone.user: '{{ client.server.user }}'
+keystone.password: '{{ client.server.password }}'
+keystone.tenant: '{{ client.server.tenant }}'
+keystone.auth_url: 'http://{{ client.server.host }}:{{ client.server.public_port }}/v2.0/'
+{%- endif %}
+
+{#-
+vim: syntax=jinja
+-#}
diff --git a/keystone/map.jinja b/keystone/map.jinja
index 31c1c49..7eeff81 100644
--- a/keystone/map.jinja
+++ b/keystone/map.jinja
@@ -1,7 +1,7 @@
{% set server = salt['grains.filter_by']({
'Debian': {
- 'pkgs': ['keystone', 'python-keystone', 'python-keystoneclient', 'python-psycopg2', 'python-mysqldb', 'mysql-client', 'python-six', 'python-memcache', 'python-openstackclient'],
+ 'pkgs': ['keystone', 'python-keystone', 'python-keystoneclient', 'python-psycopg2', 'python-mysqldb', 'mysql-client', 'python-six', 'python-memcache', 'python-openstackclient', 'gettext-base'],
'service_name': 'keystone',
'version': 'icehouse',
'api_version': '2',
diff --git a/keystone/server.sls b/keystone/server.sls
index 311b4b0..0772576 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls
@@ -5,6 +5,13 @@
pkg.installed:
- names: {{ server.pkgs }}
+keystone_salt_config:
+ file.managed:
+ - name: /etc/salt/minion.d/keystone.conf
+ - template: jinja
+ - source: salt://keystone/files/salt-minion.conf
+ - mode: 600
+
{%- if not salt['user.info']('keystone') %}
keystone_user:
@@ -43,16 +50,20 @@
- template: jinja
- require:
- pkg: keystone_packages
+ {%- if not grains.get('noservices', False) %}
- watch_in:
- service: keystone_service
+ {%- endif %}
/etc/keystone/policy.json:
file.managed:
- source: salt://keystone/files/{{ server.version }}/policy-v{{ server.api_version }}.json
- require:
- pkg: keystone_packages
+ {%- if not grains.get('noservices', False) %}
- watch_in:
- service: keystone_service
+ {%- endif %}
{%- if server.get("domain", {}) %}
@@ -70,8 +81,10 @@
- template: jinja
- require:
- file: /etc/keystone/domains
+ {%- if not grains.get('noservices', False) %}
- watch_in:
- service: keystone_service
+ {%- endif %}
- defaults:
domain_name: {{ domain_name }}
@@ -83,11 +96,14 @@
- contents_pillar: keystone:server:domain:{{ domain_name }}:ldap:tls:cacert
- require:
- file: /etc/keystone/domains
+ {%- if not grains.get('noservices', False) %}
- watch_in:
- service: keystone_service
+ {%- endif %}
{%- endif %}
+{%- if not grains.get('noservices', False) %}
keystone_domain_{{ domain_name }}:
cmd.run:
- name: source /root/keystonercv3 && openstack domain create --description "{{ domain.description }}" {{ domain_name }}
@@ -95,6 +111,7 @@
- require:
- file: /root/keystonercv3
- service: keystone_service
+{%- endif %}
{%- endfor %}
@@ -108,17 +125,30 @@
- contents_pillar: keystone:server:ldap:tls:cacert
- require:
- pkg: keystone_packages
+ {%- if not grains.get('noservices', False) %}
- watch_in:
- service: keystone_service
+ {%- endif %}
{%- endif %}
+{%- if not grains.get('noservices', False) %}
keystone_service:
service.running:
- name: {{ server.service_name }}
- enable: True
- watch:
- file: /etc/keystone/keystone.conf
+{%- endif %}
+
+{%- if grains.get('virtual_subtype', None) == "Docker" %}
+keystone_entrypoint:
+ file.managed:
+ - name: /entrypoint.sh
+ - template: jinja
+ - source: salt://keystone/files/entrypoint.sh
+ - mode: 755
+{%- endif %}
/root/keystonerc:
file.managed:
@@ -134,11 +164,13 @@
- require:
- pkg: keystone_packages
+{%- if not grains.get('noservices', False) %}
keystone_syncdb:
cmd.run:
- name: keystone-manage db_sync
- require:
- service: keystone_service
+{%- endif %}
{% if server.tokens.engine == 'fernet' %}
@@ -153,20 +185,24 @@
- require_in:
- service: keystone_fernet_setup
+{%- if not grains.get('noservices', False) %}
keystone_fernet_setup:
cmd.run:
- name: keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
- require:
- service: keystone_service
- file: keystone_fernet_keys
+{%- endif %}
{% endif %}
+{%- if not grains.get('noservices', False) %}
keystone_service_tenant:
keystone.tenant_present:
- name: {{ server.service_tenant }}
- require:
- cmd: keystone_syncdb
+ - file: keystone_salt_config
keystone_admin_tenant:
keystone.tenant_present:
@@ -212,6 +248,7 @@
- region: {{ service.get('region', 'RegionOne') }}
- require:
- keystone: keystone_{{ service_name }}_service
+ - file: keystone_salt_config
{% if service.user is defined %}
@@ -260,5 +297,6 @@
{%- endfor %}
{%- endfor %}
+{%- endif %} {# end noservices #}
{%- endif %}