From 0d497bd3ac571c55d578faf21a5370e6cbf3edc9 Mon Sep 17 00:00:00 2001 From: WuKong Date: Tue, 18 Jul 2017 17:55:10 +0200 Subject: review moonv4 Change-Id: Iaadd2d24871ebca3e8ba741ae21d2c0dc2d6879a Signed-off-by: WuKong --- moonv4/README.md | 154 +++++---------------- moonv4/bin/build_all.sh | 2 + moonv4/development.md | 129 +++++++++++++++++ .../moon_orchestrator/moon_orchestrator/dockers.py | 1 + .../moon_orchestrator/moon_orchestrator/server.py | 4 +- moonv4/templates/docker/keystone/Dockerfile | 25 ---- moonv4/templates/docker/keystone/README.md | 62 --------- moonv4/templates/docker/keystone/run.sh | 136 ------------------ moonv4/templates/moon_keystone/Dockerfile | 25 ++++ moonv4/templates/moon_keystone/README.md | 65 +++++++++ moonv4/templates/moon_keystone/run.sh | 136 ++++++++++++++++++ 11 files changed, 391 insertions(+), 348 deletions(-) create mode 100644 moonv4/development.md delete mode 100644 moonv4/templates/docker/keystone/Dockerfile delete mode 100644 moonv4/templates/docker/keystone/README.md delete mode 100644 moonv4/templates/docker/keystone/run.sh create mode 100644 moonv4/templates/moon_keystone/Dockerfile create mode 100644 moonv4/templates/moon_keystone/README.md create mode 100644 moonv4/templates/moon_keystone/run.sh diff --git a/moonv4/README.md b/moonv4/README.md index e47f763c..ba334a7d 100644 --- a/moonv4/README.md +++ b/moonv4/README.md @@ -30,67 +30,59 @@ sudo gpasswd -a ${USER} docker sudo service docker restart ``` -### Get the code +## Launch MySql, RabbitMQ, Keystone containers +TODO: put all the containers to `dockerhub` +### moon_mysql:v4.1 + +### moon_rabbitmq:v4.1 +### moon_keystone:v4.1 ```bash -git clone https://opnfv.org/moon -cd moon/moonv4 -export MOON_HOME=$(pwd) -sudo ln -s $(pwd)/conf /etc/moon +docker container run -dti --net moon --hostname keystone --name keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 asteroide/keystone_mitaka:latest ``` -## Create an OpenStack environment -see the templates/docker/keystone/README.md -Or execute directly `bin/start.sh` +## Install Orchestrator +### Get the code -## Launch all other containers of Moon -### Build python packages for all components -TODO: containerize moon_orchestrator ```bash -cd ${MOON_HOME}/moon_orchestrator -sudo pip3 install pip --upgrade -cd ${MOON_HOME}/bin -source build_all.sh +git clone https://git.opnfv.org/moon +cd moon/moonv4 +export MOON_HOME=$(pwd) +sudo ln -s $(pwd)/conf /etc/moon ``` -## Moon_Orchestrator ### Start Orchestrator To start the Moon platform, you have to run the Orchestrator. +TODO: put all Python packages to PIP + ```bash cd ${MOON_HOME}/moon_orchestrator -sudo apt-get install python3-venv (or apt-get install -y python3 python-virtualenv on Ubuntu 14.04) -pyvenv tests/venv (or virtualenv tests/venv on Ubuntu 14.04) +sudo apt install python3-venv +pyvenv tests/venv . tests/venv/bin/activate -sudo pip3 install -r requirements.txt --upgrade -sudo pip3 install dist/moon_db-0.1.0.tar.gz --upgrade -sudo pip3 install dist/moon_utilities-0.1.0.tar.gz --upgrade -sudo pip3 install . --upgrade -# Check the proxy settings and edit dist_dir variable in $(MOON_HOME)/moon_orchestrator/etc/moon.conf -# Adapt the path used in the cd command in $(MOON_HOME)/bin/start.sh -source ../bin/start.sh +pip3 install -r requirements.txt --upgrade +pip3 install dist/moon_db-0.1.0.tar.gz --upgrade +pip3 install dist/moon_utilities-0.1.0.tar.gz --upgrade +pip3 install . --upgrade +moon_db_manager upgrade ``` -### Tests -```bash -sudo pip3 install pytest -cd ${MOON_HOME}/moon_interface/tests/apitests -pytest -``` +### `/etc/moon/moon.conf` +- edit `dist_dir` variable +- check each `container` variable -## Configure DB -### Relaunch Keystone docker -If error of `get_keystone_projects()`, then relaunch the Keystone docker, and wait 40 seconds!!! +Launch `Moon Orchestrator` ```bash -docker rm -f keystone -docker run -dti --net moon --name keystone --hostname=keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka +moon_orchestrator ``` -### Add default data in DB -Pre-fill the DB with a RBAC policy +### Tests +In the Python venv ```bash +pip3 install pytest cd ${MOON_HOME}/moon_interface/tests/apitests -python3 populate_default_values.py scenario/ rbac.py +pytest ``` ## Log @@ -102,87 +94,3 @@ docker logs keystone docker logs moon_router docker logs moon_interface ``` - -### Get some statistics -```bash -docker stats --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.PIDs}}" -``` - -### Get the API in PDF -```bash -cd ${MOON_HOME}/moon_interface/tools -sudo pip3 install requests -sudo apt-get install pandoc -/usr/bin/python3 api2rst.py -sudo apt-get install texlive-latex-extra -pandoc api.rst -o api.pdf -evince api.pdf -``` - - -## How to hack the Moon platform -### Force the build of components - -If you want to rebuild one or more component, you have to modify the configuration file `moon.conf`. - -For example, if you want to rebuild the moon_interface, got to the `[interface]` section and delete the -value of the container key like this: - -``` -[interface] -host=172.18.0.11 -port=38001 -# Name of the container to download (if empty build from scratch) -# example: container=moon/moon_interface:latest -container= -``` - -You can configure the interface, the router and both the security_function and security_policy. -You can also force the version of the component like this: `container=moon/moon_interface:4.0.0` - -### Update the moon_interface - -Go to the directory `${MOON_HOME}/moon_interface` and update the code accordingly to your needs, -then update the python package. - -```bash -cd ${MOON_HOME}/moon_interface -python setup.py sdist -cp dist/moon_interface_* ../moon_orchestrator/dist -# kill moon_orchestrator if needed and restart it -``` - -### Update the moon_secrouter - -Go to the directory `${MOON_HOME}/moon_secrouter` and update the code accordingly to your needs, -then update the python package. - -```bash -cd ${MOON_HOME}/moon_secrouter -python setup.py sdist -cp dist/moon_secrouter* ../moon_orchestrator/dist -# kill moon_orchestrator if needed and restart it -``` - -## Problems that may arise - -If the moon_orchestrator doesn't want to start -(with, for example, the following error: `docker.errors.APIError: 409 Client Error: Conflict`), -check if the router and interface containers still exist and kill and delete them: - -```bash -docker kill moon_interface -docker kill moon_router -docker rm moon_interface -docker rm moon_router -``` - -If the moon_orchestrator complains that it cannot request the RabbitMQ server, -check if the messenger server is up and running: - -```bash -docker ps -# you must see the messenger running here -# if not, restart it -docker run -dti --net=moon --hostname messenger --name messenger --link messenger:messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=password -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -p 5671:5671 -p 5672:5672 rabbitmq:3-management -``` diff --git a/moonv4/bin/build_all.sh b/moonv4/bin/build_all.sh index 62f3276b..b6879a57 100644 --- a/moonv4/bin/build_all.sh +++ b/moonv4/bin/build_all.sh @@ -32,3 +32,5 @@ echo Building Moon_Authz cd $MOON_HOME/moon_authz python3 setup.py sdist > /tmp/moon_authz.log mv dist/*.tar.gz $MOON_HOME/moon_orchestrator/dist + +# TODO: build container images diff --git a/moonv4/development.md b/moonv4/development.md new file mode 100644 index 00000000..bc5f7e97 --- /dev/null +++ b/moonv4/development.md @@ -0,0 +1,129 @@ +# Build Python Packages and Containers + +## Python Package +### Get the code + +```bash +git clone https://git.opnfv.org/moon +cd moon/moonv4 +export MOON_HOME=$(pwd) +sudo ln -s $(pwd)/conf /etc/moon +``` + +### Build python packages for all components +```bash +sudo pip3 install pip --upgrade +cd ${MOON_HOME}/bin +source build_all.sh +``` + +### moon_db + + +### utilities + + +### moon_orchestrator + + +## Container +## keystone_mitaka +see `templates/docker/keystone/README.md` to build the `keystone_mitaka` container + + +### moon_router + + +### moon_interface + + +### moon_manager + + +### moon_authz + + +### moon_gui + + +## How to hack the Moon platform +### Force the build of components + +If you want to rebuild one or more component, you have to modify the configuration file `moon.conf`. + +For example, if you want to rebuild the moon_interface, got to the `[interface]` section and delete the +value of the container key like this: + +``` +[interface] +host=172.18.0.11 +port=38001 +# Name of the container to download (if empty build from scratch) +# example: container=moon/moon_interface:latest +container= +``` + +You can configure the interface, the router and both the security_function and security_policy. +You can also force the version of the component like this: `container=moon/moon_interface:4.0.0` + +### Update the moon_interface + +Go to the directory `${MOON_HOME}/moon_interface` and update the code accordingly to your needs, +then update the python package. + +```bash +cd ${MOON_HOME}/moon_interface +python setup.py sdist +cp dist/moon_interface_* ../moon_orchestrator/dist +# kill moon_orchestrator if needed and restart it +``` + +### Update the moon_secrouter + +Go to the directory `${MOON_HOME}/moon_secrouter` and update the code accordingly to your needs, +then update the python package. + +```bash +cd ${MOON_HOME}/moon_secrouter +python setup.py sdist +cp dist/moon_secrouter* ../moon_orchestrator/dist +# kill moon_orchestrator if needed and restart it +``` + +## Problems that may arise + +If the moon_orchestrator doesn't want to start +(with, for example, the following error: `docker.errors.APIError: 409 Client Error: Conflict`), +check if the router and interface containers still exist and kill and delete them: + +```bash +docker kill moon_interface +docker kill moon_router +docker rm moon_interface +docker rm moon_router +``` + +If the moon_orchestrator complains that it cannot request the RabbitMQ server, +check if the messenger server is up and running: + +```bash +docker ps +# you must see the messenger running here +# if not, restart it +docker run -dti --net=moon --hostname messenger --name messenger --link messenger:messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=password -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -p 5671:5671 -p 5672:5672 rabbitmq:3-management +``` + +## Configure DB +### Relaunch Keystone docker +If error of `get_keystone_projects()`, then relaunch the Keystone docker, and wait 40 seconds!!! +```bash +docker rm -f keystone +docker run -dti --net moon --name keystone --hostname=keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka +``` + +### Add default data in DB +Pre-fill the DB with a RBAC policy +```bash +cd ${MOON_HOME}/moon_interface/tests/apitests +python3 populate_default_values.py scenario/ rbac.py +``` diff --git a/moonv4/moon_orchestrator/moon_orchestrator/dockers.py b/moonv4/moon_orchestrator/moon_orchestrator/dockers.py index 0b53de96..3a754ea3 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/dockers.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/dockers.py @@ -98,6 +98,7 @@ RUN pip3 install --upgrade . shutil.copy(_file, os.path.join(self.tmp_dir, "dist")) try: + # TODO: check the symbol link shutil.copytree(os.path.dirname(self.conf_file), os.path.join(self.tmp_dir, "conf")) except OSError as exc: if exc.errno == errno.ENOTDIR: diff --git a/moonv4/moon_orchestrator/moon_orchestrator/server.py b/moonv4/moon_orchestrator/moon_orchestrator/server.py index c9629c61..c5a7d79b 100644 --- a/moonv4/moon_orchestrator/moon_orchestrator/server.py +++ b/moonv4/moon_orchestrator/moon_orchestrator/server.py @@ -123,7 +123,7 @@ def server(): network_config = create_docker_network() - LOG.info("Creating Security Router") + LOG.info("Creating Router") router = SecurityRouter(options.filename, docker=docker, network_config=network_config) CONTAINERS[router.id] = router @@ -131,7 +131,7 @@ def server(): manager = SecurityManager(options.filename, docker=docker, network_config=network_config) CONTAINERS[manager.id] = manager - LOG.info("Creating Security Interface") + LOG.info("Creating Interface") interface = SecurityInterface(options.filename, docker=docker, network_config=network_config) CONTAINERS[interface.id] = interface diff --git a/moonv4/templates/docker/keystone/Dockerfile b/moonv4/templates/docker/keystone/Dockerfile deleted file mode 100644 index 1ab24de9..00000000 --- a/moonv4/templates/docker/keystone/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -FROM ubuntu:latest - -ENV ADMIN_TOKEN=p4ssw0rd -ENV ADMIN_PASSWORD=p4ssw0rd -ENV DB_CONNECTION="mysql+pymysql" -ENV DB_DRIVER=sql -ENV DB_HOST=localhost -ENV DB_DATABASE=keystonedb -ENV DB_USER=keystone -ENV DB_PASSWORD=p4ssw0rd -ENV DB_USER_ROOT=root -ENV DB_PASSWORD_ROOT=p4sswOrd1 -ENV RABBIT_NODE=server -ENV INTERFACE_HOST="http://localhost:3001" - -RUN apt-get update && apt-get install apache2 rabbitmq-server keystone python-openstackclient libapache2-mod-wsgi mysql-client -y - -RUN apt-get update && apt-get install iputils-ping net-tools -y - -ADD run.sh /root - -EXPOSE 35357 -EXPOSE 5000 - -CMD ["/bin/bash", "/root/run.sh"] \ No newline at end of file diff --git a/moonv4/templates/docker/keystone/README.md b/moonv4/templates/docker/keystone/README.md deleted file mode 100644 index 34926b91..00000000 --- a/moonv4/templates/docker/keystone/README.md +++ /dev/null @@ -1,62 +0,0 @@ -# Keystone container - -## build keystone image - -### without proxy: -```bash -docker build -t keystone:mitaka . -``` - -### with a proxy: -```bash -docker build --build-arg https_proxy=http://proxy:3128 --build-arg http_proxy=http://proxy:3128 -t keystone:mitaka . -``` - - -## set up an execution environment - -### clean up if necessary -```bash -docker container rm -f $(docker ps -a | grep moon | cut -d " " -f 1) 2>/dev/null -docker container rm -f messenger db keystone 2>/dev/null -``` - -### create a network -```bash -docker network create -d bridge --subnet=172.18.0.0/16 --gateway=172.18.0.1 moon -``` - -### Start RabbitMQ -```bash -docker container run -dti --net=moon --hostname messenger --name messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=p4sswOrd1 -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -e RABBITMQ_HIPE_COMPILE=1 -p 5671:5671 -p 5672:5672 -p 8080:15672 rabbitmq:3-management -``` - - -### Start MySQL server -```bash -docker container run -dti --net=moon --hostname db --name db -e MYSQL_ROOT_PASSWORD=p4sswOrd1 -e MYSQL_DATABASE=moon -e MYSQL_USER=moon -e MYSQL_PASSWORD=p4sswOrd1 -p 3306:3306 mysql:latest -``` - -## launch a Keystone container -```bash -docker container run -dti --net moon --hostname keystone --name keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka -``` - -## check -### log -```bash -docker logs keystone -``` - - -### access to the container -```bash -docker container exec -ti keystone /bin/bash -export OS_USERNAME=admin -export OS_PASSWORD=p4ssw0rd -export OS_REGION_NAME=Orange -export OS_TENANT_NAME=admin -export OS_AUTH_URL=http://localhost:5000/v3 -export OS_DOMAIN_NAME=Default -openstack project list -``` diff --git a/moonv4/templates/docker/keystone/run.sh b/moonv4/templates/docker/keystone/run.sh deleted file mode 100644 index b80dd3f1..00000000 --- a/moonv4/templates/docker/keystone/run.sh +++ /dev/null @@ -1,136 +0,0 @@ -#!/usr/bin/env bash - -MY_HOSTNAME=localhost - -echo DB_HOST=$DB_HOST -echo DB_DATABASE=$DB_DATABASE -echo RABBIT_NODE=$RABBIT_NODE -echo RABBIT_NODE=$[RABBIT_NODE] -echo INTERFACE_HOST=$INTERFACE_HOST - -sed "s/#admin_token = /admin_token=$ADMIN_TOKEN/g" -i /etc/keystone/keystone.conf -sed "s/connection = sqlite:\/\/\/\/var\/lib\/keystone\/keystone.db/connection = $DB_CONNECTION:\/\/$DB_USER:$DB_PASSWORD@$DB_HOST\/$DB_DATABASE/g" -i /etc/keystone/keystone.conf -sed "s/#driver = sql/driver = $DB_DRIVER/g" -i /etc/keystone/keystone.conf - -cat << EOF | tee -a /etc/keystone/keystone.conf -[cors] -allowed_origin = $INTERFACE_HOST -max_age = 3600 -allow_methods = POST,DELETE -EOF - -mysql -h $DB_HOST -u$DB_USER_ROOT -p$DB_PASSWORD_ROOT < - WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-public - WSGIScriptAlias / /usr/bin/keystone-wsgi-public - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - - - WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-admin - WSGIScriptAlias / /usr/bin/keystone-wsgi-admin - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - -EOF - -a2ensite wsgi-keystone - -service keystone stop -echo "manual" | tee /etc/init/keystone.override - -service apache2 restart - -netstat -tanpeo - -export http_proxy= -export https_proxy= - -keystone-manage db_sync - -keystone-manage bootstrap \ - --bootstrap-password ${ADMIN_PASSWORD} \ - --bootstrap-username admin \ - --bootstrap-project-name admin \ - --bootstrap-role-name admin \ - --bootstrap-service-name keystone \ - --bootstrap-region-id Orange \ - --bootstrap-admin-url http://localhost:35357 \ - --bootstrap-public-url http://localhost:5000 \ - --bootstrap-internal-url http://localhost:5000 - - -export OS_USERNAME=admin -export OS_PASSWORD=${ADMIN_PASSWORD} -export OS_REGION_NAME=Orange -export OS_TENANT_NAME=admin -export OS_AUTH_URL=http://localhost:5000/v3 -export OS_DOMAIN_NAME=Default - -openstack project create --description "Service Project" demo -openstack role create user -openstack role add --project demo --user demo user - -echo -e "\n Project list:" -openstack project list - -echo -e "\n Users list:" -openstack user list - -echo -e "\n Roles list:" -openstack role list - -echo -e "\n Service list:" -openstack service list - -echo -e "\n Endpoint list:" -openstack endpoint list --long - - -tail -f /var/log/apache2/keystone.log \ No newline at end of file diff --git a/moonv4/templates/moon_keystone/Dockerfile b/moonv4/templates/moon_keystone/Dockerfile new file mode 100644 index 00000000..1ab24de9 --- /dev/null +++ b/moonv4/templates/moon_keystone/Dockerfile @@ -0,0 +1,25 @@ +FROM ubuntu:latest + +ENV ADMIN_TOKEN=p4ssw0rd +ENV ADMIN_PASSWORD=p4ssw0rd +ENV DB_CONNECTION="mysql+pymysql" +ENV DB_DRIVER=sql +ENV DB_HOST=localhost +ENV DB_DATABASE=keystonedb +ENV DB_USER=keystone +ENV DB_PASSWORD=p4ssw0rd +ENV DB_USER_ROOT=root +ENV DB_PASSWORD_ROOT=p4sswOrd1 +ENV RABBIT_NODE=server +ENV INTERFACE_HOST="http://localhost:3001" + +RUN apt-get update && apt-get install apache2 rabbitmq-server keystone python-openstackclient libapache2-mod-wsgi mysql-client -y + +RUN apt-get update && apt-get install iputils-ping net-tools -y + +ADD run.sh /root + +EXPOSE 35357 +EXPOSE 5000 + +CMD ["/bin/bash", "/root/run.sh"] \ No newline at end of file diff --git a/moonv4/templates/moon_keystone/README.md b/moonv4/templates/moon_keystone/README.md new file mode 100644 index 00000000..77c90e98 --- /dev/null +++ b/moonv4/templates/moon_keystone/README.md @@ -0,0 +1,65 @@ +# Keystone container + +## build keystone image + +without proxy: +```bash +docker build -t keystone:mitaka . +``` + +with a proxy: +```bash +docker build --build-arg https_proxy=http://proxy:3128 --build-arg http_proxy=http://proxy:3128 -t keystone:mitaka . +``` + + +## set up an execution environment + +### clean up if necessary +```bash +docker container rm -f $(docker ps -a | grep moon | cut -d " " -f 1) 2>/dev/null +docker container rm -f messenger db keystone 2>/dev/null +``` + +### create a network +```bash +docker network create -d bridge --subnet=172.18.0.0/16 --gateway=172.18.0.1 moon +``` + +### Start RabbitMQ +TODO: use our own container +```bash +docker container run -dti --net=moon --hostname messenger --name messenger -e RABBITMQ_DEFAULT_USER=moon -e RABBITMQ_DEFAULT_PASS=p4sswOrd1 -e RABBITMQ_NODENAME=rabbit@messenger -e RABBITMQ_DEFAULT_VHOST=moon -e RABBITMQ_HIPE_COMPILE=1 -p 5671:5671 -p 5672:5672 -p 8080:15672 rabbitmq:3-management +``` + + +### Start MySQL server +TODO: user our own containter +```bash +docker container run -dti --net=moon --hostname db --name db -e MYSQL_ROOT_PASSWORD=p4sswOrd1 -e MYSQL_DATABASE=moon -e MYSQL_USER=moon -e MYSQL_PASSWORD=p4sswOrd1 -p 3306:3306 mysql:latest +``` + +## launch a Keystone container +TODO: user our own containter +```bash +docker container run -dti --net moon --hostname keystone --name keystone -e DB_HOST=db -e DB_PASSWORD_ROOT=p4sswOrd1 -p 35357:35357 -p 5000:5000 keystone:mitaka +``` + +## check +### log +```bash +docker logs keystone -f +``` + + +### access to the container +```bash +docker container exec -ti keystone /bin/bash +export OS_USERNAME=admin +export OS_PASSWORD=p4ssw0rd +export OS_REGION_NAME=Orange +export OS_TENANT_NAME=admin +export OS_AUTH_URL=http://localhost:5000/v3 +export OS_DOMAIN_NAME=Default +openstack project list +``` \ No newline at end of file diff --git a/moonv4/templates/moon_keystone/run.sh b/moonv4/templates/moon_keystone/run.sh new file mode 100644 index 00000000..b80dd3f1 --- /dev/null +++ b/moonv4/templates/moon_keystone/run.sh @@ -0,0 +1,136 @@ +#!/usr/bin/env bash + +MY_HOSTNAME=localhost + +echo DB_HOST=$DB_HOST +echo DB_DATABASE=$DB_DATABASE +echo RABBIT_NODE=$RABBIT_NODE +echo RABBIT_NODE=$[RABBIT_NODE] +echo INTERFACE_HOST=$INTERFACE_HOST + +sed "s/#admin_token = /admin_token=$ADMIN_TOKEN/g" -i /etc/keystone/keystone.conf +sed "s/connection = sqlite:\/\/\/\/var\/lib\/keystone\/keystone.db/connection = $DB_CONNECTION:\/\/$DB_USER:$DB_PASSWORD@$DB_HOST\/$DB_DATABASE/g" -i /etc/keystone/keystone.conf +sed "s/#driver = sql/driver = $DB_DRIVER/g" -i /etc/keystone/keystone.conf + +cat << EOF | tee -a /etc/keystone/keystone.conf +[cors] +allowed_origin = $INTERFACE_HOST +max_age = 3600 +allow_methods = POST,DELETE +EOF + +mysql -h $DB_HOST -u$DB_USER_ROOT -p$DB_PASSWORD_ROOT < + WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-public + WSGIScriptAlias / /usr/bin/keystone-wsgi-public + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + = 2.4> + ErrorLogFormat "%{cu}t %M" + + ErrorLog /var/log/apache2/keystone.log + CustomLog /var/log/apache2/keystone_access.log combined + + + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + + + + + WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-admin + WSGIScriptAlias / /usr/bin/keystone-wsgi-admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + = 2.4> + ErrorLogFormat "%{cu}t %M" + + ErrorLog /var/log/apache2/keystone.log + CustomLog /var/log/apache2/keystone_access.log combined + + + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + + + +EOF + +a2ensite wsgi-keystone + +service keystone stop +echo "manual" | tee /etc/init/keystone.override + +service apache2 restart + +netstat -tanpeo + +export http_proxy= +export https_proxy= + +keystone-manage db_sync + +keystone-manage bootstrap \ + --bootstrap-password ${ADMIN_PASSWORD} \ + --bootstrap-username admin \ + --bootstrap-project-name admin \ + --bootstrap-role-name admin \ + --bootstrap-service-name keystone \ + --bootstrap-region-id Orange \ + --bootstrap-admin-url http://localhost:35357 \ + --bootstrap-public-url http://localhost:5000 \ + --bootstrap-internal-url http://localhost:5000 + + +export OS_USERNAME=admin +export OS_PASSWORD=${ADMIN_PASSWORD} +export OS_REGION_NAME=Orange +export OS_TENANT_NAME=admin +export OS_AUTH_URL=http://localhost:5000/v3 +export OS_DOMAIN_NAME=Default + +openstack project create --description "Service Project" demo +openstack role create user +openstack role add --project demo --user demo user + +echo -e "\n Project list:" +openstack project list + +echo -e "\n Users list:" +openstack user list + +echo -e "\n Roles list:" +openstack role list + +echo -e "\n Service list:" +openstack service list + +echo -e "\n Endpoint list:" +openstack endpoint list --long + + +tail -f /var/log/apache2/keystone.log \ No newline at end of file -- cgit