From 73caaf06daf688080f41014d1df0a488ea0f9480 Mon Sep 17 00:00:00 2001
From: pprokop <piotr.prokop@intel.com>
Date: Fri, 18 Nov 2016 16:45:56 +0100
Subject: [PATCH] Adding keystone

---
 keystone/Chart.yaml                        |  3 +
 keystone/templates/db-sync.sh.yaml         | 11 ++++
 keystone/templates/db-sync.yaml            | 43 +++++++++++++
 keystone/templates/deployment.yaml         | 70 ++++++++++++++++++++++
 keystone/templates/init.sh.yaml            | 13 ++++
 keystone/templates/init.yaml               | 37 ++++++++++++
 keystone/templates/keystone.conf.yaml      | 26 ++++++++
 keystone/templates/mpm_event.conf.yaml     | 15 +++++
 keystone/templates/service.yaml            | 12 ++++
 keystone/templates/start.sh.yaml           | 15 +++++
 keystone/templates/wsgi-keystone.conf.yaml | 34 +++++++++++
 keystone/values.yaml                       | 31 ++++++++++
 12 files changed, 310 insertions(+)
 create mode 100644 keystone/Chart.yaml
 create mode 100644 keystone/templates/db-sync.sh.yaml
 create mode 100644 keystone/templates/db-sync.yaml
 create mode 100644 keystone/templates/deployment.yaml
 create mode 100644 keystone/templates/init.sh.yaml
 create mode 100644 keystone/templates/init.yaml
 create mode 100644 keystone/templates/keystone.conf.yaml
 create mode 100644 keystone/templates/mpm_event.conf.yaml
 create mode 100644 keystone/templates/service.yaml
 create mode 100644 keystone/templates/start.sh.yaml
 create mode 100644 keystone/templates/wsgi-keystone.conf.yaml
 create mode 100644 keystone/values.yaml

diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml
new file mode 100644
index 0000000000..e83f42b08c
--- /dev/null
+++ b/keystone/Chart.yaml
@@ -0,0 +1,3 @@
+description: A Helm chart for keystone
+name: keystone
+version: 0.1.0
diff --git a/keystone/templates/db-sync.sh.yaml b/keystone/templates/db-sync.sh.yaml
new file mode 100644
index 0000000000..de1ddaff46
--- /dev/null
+++ b/keystone/templates/db-sync.sh.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: keystone-dbsyncsh
+data:
+  db-sync.sh: |+
+    #!/bin/bash
+    set -ex
+
+    keystone-manage db_sync
+      kolla_keystone_bootstrap {{ .Values.global.keystone.admin_user }} {{ .Values.global.keystone.admin_password }} {{ .Values.global.keystone.admin_project_name }} admin http://keystone-api:{{ .Values.global.network.port.admin }}/v3 http://keystone-api:{{ .Values.global.network.port.public }}/v3 http://keystone-api:{{ .Values.global.network.port.public }}/v3 {{ .Values.global.keystone.admin_region_name }}
diff --git a/keystone/templates/db-sync.yaml b/keystone/templates/db-sync.yaml
new file mode 100644
index 0000000000..f7ea254127
--- /dev/null
+++ b/keystone/templates/db-sync.yaml
@@ -0,0 +1,43 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: keystone-db-sync
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: keystone-init
+          image: {{ .Values.global.deployment.image.db_sync }}
+          imagePullPolicy: Always
+          env:
+            - name: INTERFACE_NAME
+              value: "eth0"
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "bash /tmp/db-sync.sh"
+            - name: DEPENDENCY_JOBS
+              value: "keystone-init,mariadb-seed"
+            - name: DEPENDENCY_SERVICE
+              value: "mariadb"
+          volumeMounts:
+            - name: keystoneconf
+              mountPath: /etc/keystone/keystone.conf
+              subPath: keystone.conf
+            - name: dbsyncsh
+              mountPath: /tmp/db-sync.sh
+              subPath: db-sync.sh
+      volumes:
+        - name: keystoneconf
+          configMap:
+            name: keystone-keystoneconf
+        - name: dbsyncsh
+          configMap:
+            name: keystone-dbsyncsh
diff --git a/keystone/templates/deployment.yaml b/keystone/templates/deployment.yaml
new file mode 100644
index 0000000000..7e52451b2c
--- /dev/null
+++ b/keystone/templates/deployment.yaml
@@ -0,0 +1,70 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: keystone-api
+spec:
+  replicas: {{ .Values.global.deployment.replicas }}
+  template:
+    metadata:
+      labels:
+        app: keystone-api
+    spec:
+      nodeSelector:
+        {{ .Values.global.deployment.control_node_label }}: enabled
+      containers:
+        - name: keystone-api
+          image: {{ .Values.global.deployment.image.api }}
+          env:
+            - name: INTERFACE_NAME
+              value: "eth0"
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "bash /tmp/start.sh"
+            - name: DEPENDENCY_JOBS
+              value: "keystone-init,keystone-db-sync,mariadb-seed"
+            - name: DEPENDENCY_SERVICE
+              value: "mariadb,rabbitmq"
+            - name: DEPENDENCY_CONFIG
+              value: "/etc/apache2/conf-enabled/wsgi-keystone.conf"
+          ports:
+            - containerPort: {{ .Values.global.network.port.public }}
+            - containerPort: {{ .Values.global.network.port.admin }}
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.global.network.port.public }}
+          volumeMounts:
+            - name: keystoneconf
+              mountPath: /etc/keystone/keystone.conf
+              subPath: keystone.conf
+            - name: wsgikeystone
+              mountPath: /configmaps/wsgi-keystone.conf
+            - name: mpmeventconf
+              mountPath: /etc/apache2/mods-available/mpm_event.conf
+              subPath: mpm_event.conf
+            - name: startsh
+              mountPath: /tmp/start.sh
+              subPath: start.sh
+      volumes:
+        - name: keystoneconf
+          configMap:
+            name: keystone-keystoneconf
+        - name: wsgikeystone
+          configMap:
+            name: keystone-wsgikeystone
+        - name: mpmeventconf
+          configMap:
+            name: keystone-mpmeventconf
+            # https://github.com/kubernetes/kubernetes/issues/23722
+            items:
+            - key: mpm-event.conf
+              path: mpm_event.conf
+        - name: startsh
+          configMap:
+            name: keystone-startsh
diff --git a/keystone/templates/init.sh.yaml b/keystone/templates/init.sh.yaml
new file mode 100644
index 0000000000..872b259623
--- /dev/null
+++ b/keystone/templates/init.sh.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: keystone-initsh
+data:
+  init.sh: |+
+    #!/bin/bash
+    set -ex
+    export HOME=/tmp
+    
+    ansible localhost -vvv -m mysql_db -a "login_host='{{ .Values.global.database.address }}' login_port='{{ .Values.global.database.port }}' login_user='{{ .Values.global.database.root_user }}' login_password='{{ .Values.global.database.root_password }}' name='{{ .Values.global.database.keystone_database_name }}'"
+    ansible localhost -vvv -m mysql_user -a "login_host='{{ .Values.global.database.address }}' login_port='{{ .Values.global.database.port }}' login_user='{{ .Values.global.database.root_user }}' login_password='{{ .Values.global.database.root_password }}' name='{{ .Values.global.database.keystone_user }}' password='{{ .Values.global.database.keystone_password }}' host='%' priv='{{ .Values.global.database.keystone_database_name }}.*:ALL' append_privs='yes'"
+
diff --git a/keystone/templates/init.yaml b/keystone/templates/init.yaml
new file mode 100644
index 0000000000..dc559c8822
--- /dev/null
+++ b/keystone/templates/init.yaml
@@ -0,0 +1,37 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: keystone-init
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: keystone-init
+          image: {{ .Values.global.deployment.image.init }}
+          imagePullPolicy: Always
+          env:
+            - name: INTERFACE_NAME
+              value: "eth0"
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: COMMAND
+              value: "bash /tmp/init.sh"
+            - name: DEPENDENCY_JOBS
+              value: "mariadb-seed"
+            - name: DEPENDENCY_SERVICE
+              value: "mariadb"
+          volumeMounts:
+            - name: initsh
+              mountPath: /tmp/init.sh
+              subPath: init.sh
+      volumes:
+        - name: initsh
+          configMap:
+            name: keystone-initsh
diff --git a/keystone/templates/keystone.conf.yaml b/keystone/templates/keystone.conf.yaml
new file mode 100644
index 0000000000..b4d482596f
--- /dev/null
+++ b/keystone/templates/keystone.conf.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: keystone-keystoneconf
+data:
+  keystone.conf: |+
+    [DEFAULT]
+    debug = {{ .Values.global.misc.debug }}
+    use_syslog = False
+    use_stderr = True
+    workers = {{ .Values.global.misc.workers }}
+
+    [database]
+    connection = mysql+pymysql://{{ .Values.global.database.keystone_user }}:{{ .Values.global.database.keystone_password }}@{{ .Values.global.database.address }}/{{ .Values.global.database.keystone_database_name }}
+    max_retries = -1
+
+    [memcache]
+    servers = {{ .Values.global.memcached.address }}
+
+    [cache]
+    backend = dogpile.cache.memcached
+    memcache_servers = {{.Values.global.memcached.address}}
+    config_prefix = cache.keystone
+    distributed_lock = True
+    enabled = True
+
diff --git a/keystone/templates/mpm_event.conf.yaml b/keystone/templates/mpm_event.conf.yaml
new file mode 100644
index 0000000000..8e5555c949
--- /dev/null
+++ b/keystone/templates/mpm_event.conf.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata: 
+  name: keystone-mpmeventconf
+data:
+  mpm-event.conf: |+
+    <IfModule mpm_event_module>
+      ServerLimit         1024
+      StartServers        32
+      MinSpareThreads     32
+      MaxSpareThreads     256
+      ThreadsPerChild     25
+      MaxRequestsPerChild 128
+      ThreadLimit         720
+    </IfModule>
diff --git a/keystone/templates/service.yaml b/keystone/templates/service.yaml
new file mode 100644
index 0000000000..e6f3ac85e4
--- /dev/null
+++ b/keystone/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: keystone-api
+spec:
+  ports:
+  - name: keystone-api-public
+    port: {{ .Values.global.network.port.public }}
+  - name: keystone-api-admin
+    port: {{ .Values.global.network.port.admin }}
+  selector:
+    app: keystone-api
diff --git a/keystone/templates/start.sh.yaml b/keystone/templates/start.sh.yaml
new file mode 100644
index 0000000000..f42d9deb45
--- /dev/null
+++ b/keystone/templates/start.sh.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: keystone-startsh
+data:
+  start.sh: |+
+    #!/bin/bash
+    set -ex
+
+    # Loading Apache2 ENV variables
+    source /etc/apache2/envvars
+    rm -rf /var/run/apache2/*
+    APACHE_DIR="apache2"
+
+    apache2 -DFOREGROUND
diff --git a/keystone/templates/wsgi-keystone.conf.yaml b/keystone/templates/wsgi-keystone.conf.yaml
new file mode 100644
index 0000000000..b39af2a4f7
--- /dev/null
+++ b/keystone/templates/wsgi-keystone.conf.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: keystone-wsgikeystone
+data:
+  wsgi-keystone.conf: |+
+    Listen {{ .Values.global.network.ip_address }}:{{ .Values.global.network.port.public }}
+    Listen {{ .Values.global.network.ip_address }}:{{ .Values.global.network.port.admin }}
+
+    <VirtualHost *:{{ .Values.global.network.port.public }}>
+        WSGIDaemonProcess keystone-public processes=16 threads=6 user=keystone group=keystone display-name=%{GROUP}
+        WSGIProcessGroup keystone-public
+        WSGIScriptAlias / /var/www/cgi-bin/keystone/main
+        WSGIApplicationGroup %{GLOBAL}
+        WSGIPassAuthorization On
+        <IfVersion >= 2.4>
+          ErrorLogFormat "%{cu}t %M"
+        </IfVersion>
+        ErrorLog "|$/bin/cat 1>&2"
+        CustomLog "|/bin/cat" combined
+    </VirtualHost>
+
+    <VirtualHost *:{{ .Values.global.network.port.admin }}>
+        WSGIDaemonProcess keystone-admin processes=16 threads=5 user=keystone group=keystone display-name=%{GROUP}
+        WSGIProcessGroup keystone-admin
+        WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
+        WSGIApplicationGroup %{GLOBAL}
+        WSGIPassAuthorization On
+        <IfVersion >= 2.4>
+          ErrorLogFormat "%{cu}t %M"
+        </IfVersion>
+        ErrorLog "|$/bin/cat 1>&2"
+        CustomLog "|/bin/cat" combined
+    </VirtualHost>
diff --git a/keystone/values.yaml b/keystone/values.yaml
new file mode 100644
index 0000000000..ce40550a23
--- /dev/null
+++ b/keystone/values.yaml
@@ -0,0 +1,31 @@
+global:
+  deployment:
+    replicas: 1
+    control_node_label: openstack-control-plane
+    image:
+      db_sync: quay.io/stackanetes/stackanetes-keystone-api:newton
+      api: quay.io/stackanetes/stackanetes-keystone-api:newton 
+      init: quay.io/stackanetes/stackanetes-kolla-toolbox:newton
+  network:
+    port:
+      admin: 35357
+      public: 5000
+    ip_address: "{{ .IP }}"
+  database:
+    address: mariadb
+    port: 3306
+    root_user: root
+    root_password: password
+    keystone_database_name: keystone
+    keystone_password: password
+    keystone_user: keystone
+  keystone:
+    admin_region_name: RegionOne 
+    admin_user: admin
+    admin_password: password
+    admin_project_name: admin
+  memcached:
+    address: memcached
+  misc:
+    workers: 8
+    debug: false