From 83b35db4edf23bb5ac2d8c4e5c9a332955854b27 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Wed, 27 May 2015 18:04:31 +0200
Subject: [PATCH 01/19] Glance resource and deployment added

---
 example.py                                    |  20 +-
 resources/glance_config/actions/run.yml       |  26 +++
 resources/glance_config/meta.yaml             |  30 +++
 .../templates/glance-api-paste.ini            |  77 +++++++
 .../glance_config/templates/glance-api.conf   |  35 +++
 .../glance_config/templates/glance-cache.conf | 200 ++++++++++++++++++
 .../templates/glance-registry-paste.ini       |  30 +++
 .../templates/glance-registry.conf            |  22 ++
 .../templates/glance-scrubber.conf            | 108 ++++++++++
 resources/glance_config/templates/policy.json |  52 +++++
 .../glance_config/templates/schema-image.json |  28 +++
 11 files changed, 626 insertions(+), 2 deletions(-)
 create mode 100644 resources/glance_config/actions/run.yml
 create mode 100644 resources/glance_config/meta.yaml
 create mode 100644 resources/glance_config/templates/glance-api-paste.ini
 create mode 100644 resources/glance_config/templates/glance-api.conf
 create mode 100644 resources/glance_config/templates/glance-cache.conf
 create mode 100644 resources/glance_config/templates/glance-registry-paste.ini
 create mode 100644 resources/glance_config/templates/glance-registry.conf
 create mode 100644 resources/glance_config/templates/glance-scrubber.conf
 create mode 100644 resources/glance_config/templates/policy.json
 create mode 100644 resources/glance_config/templates/schema-image.json

diff --git a/example.py b/example.py
index 193c634e..9d6a0f3e 100644
--- a/example.py
+++ b/example.py
@@ -25,6 +25,7 @@ def deploy():
 
     node1 = resource.create('node1', 'resources/ro_node/', {'ip': '10.0.0.3', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev2/virtualbox/private_key', 'ssh_user': 'vagrant'})
     node2 = resource.create('node2', 'resources/ro_node/', {'ip': '10.0.0.4', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev3/virtualbox/private_key', 'ssh_user': 'vagrant'})
+    node3 = resource.create('node3', 'resources/ro_node/', {'ip':'10.0.0.5', 'ssh_key' : '/vagrant/.vagrant/machines/solar-dev4/virtualbox/private_key', 'ssh_user':'vagrant'})
 
     mariadb_service1 = resource.create('mariadb_service1', 'resources/mariadb_service', {'image': 'mariadb', 'root_password': 'mariadb', 'port': 3306, 'ip': '', 'ssh_user': '', 'ssh_key': ''})
     keystone_db = resource.create('keystone_db', 'resources/mariadb_db/', {'db_name': 'keystone_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
@@ -36,11 +37,13 @@ def deploy():
     keystone_config2 = resource.create('keystone_config2', 'resources/keystone_config/', {'config_dir': '/etc/solar/keystone', 'ip': '', 'ssh_user': '', 'ssh_key': '', 'admin_token': 'admin', 'db_password': '', 'db_name': '', 'db_user': '', 'db_host': '', 'db_port': ''})
     keystone_service2 = resource.create('keystone_service2', 'resources/keystone_service/', {'port': 5002, 'admin_port': 35357, 'image': '', 'ip': '', 'ssh_key': '', 'ssh_user': '', 'config_dir': ''})
 
-
     haproxy_keystone_config = resource.create('haproxy_keystone1_config', 'resources/haproxy_keystone_config/', {'name': 'keystone_config', 'listen_port':5000, 'servers':[], 'ports':[]})
     haproxy_config = resource.create('haproxy_config', 'resources/haproxy', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'configs_names':[], 'configs_ports':[], 'listen_ports':[], 'configs':[], 'config_dir': ''})
     haproxy_service = resource.create('haproxy_service', 'resources/docker_container/', {'image': 'tutum/haproxy', 'ports': [], 'host_binds': [], 'volume_binds':[], 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
+    glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': ''})
+    glance_container = resource.create('glance_container', 'resources/docker_container/', {'image' : 'krystism/openstack-glance', 'ports': [{'value': [{'value': 9191}, {'value': 9292}]}], 'host_binds': [], 'volume_binds':[], 'ip':'', 'ssh_key':'', 'ssh_user':''})
+
 
     ####
     # connections
@@ -81,6 +84,12 @@ def deploy():
     signals.connect(node2, haproxy_service)
     signals.connect(haproxy_config, haproxy_service, {'listen_ports': 'ports', 'config_dir': 'host_binds'})
 
+    signals.connect(node3, glance_config)
+    signals.connect(haproxy_keystone_config, glance_config, {'listen_port': 'keystone_port'})
+    signals.connect(haproxy_service, glance_config, {'ip': 'keystone_ip'})
+    signals.connect(node3, glance_container)
+    signals.connect(glance_config, glance_container, {'config_dir': 'host_binds'})
+
 
     has_errors = False
     for r in [node1,
@@ -94,7 +103,9 @@ def deploy():
               keystone_service2,
               haproxy_keystone_config,
               haproxy_config,
-              haproxy_service]:
+              haproxy_service,
+              glance_config,
+              glance_container]:
         errors = validation.validate_resource(r)
         if errors:
             has_errors = True
@@ -115,12 +126,17 @@ def deploy():
     actions.resource_action(keystone_service2, 'run')
     actions.resource_action(haproxy_config, 'run')
     actions.resource_action(haproxy_service, 'run')
+    actions.resource_action(glance_config, 'run')
+    actions.resource_action(glance_container, 'run')
+    time.sleep(10)
 
 
     # test working configuration
     requests.get('http://%s:%s' % (keystone_service1.args['ip'].value, keystone_service1.args['port'].value))
     requests.get('http://%s:%s' % (keystone_service2.args['ip'].value, keystone_service2.args['port'].value))
     requests.get('http://%s:%s' % (haproxy_service.args['ip'].value, haproxy_service.args['ports'].value[0]['value'][0]['value']))
+    requests.get('http://%s:%s' % (glance_container.args['ip'].value, glance_container.args['ports'].value[0]['value'][0]['value']))
+    requests.get('http://%s:%s' % (glance_container.args['ip'].value, glance_container.args['ports'].value[0]['value'][1]['value']))
 
 
 
diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml
new file mode 100644
index 00000000..ceda54e1
--- /dev/null
+++ b/resources/glance_config/actions/run.yml
@@ -0,0 +1,26 @@
+- hosts: [{{ ip }}]
+  sudo: yes
+  vars:
+    api_port: {{ api_port }}
+    registry_port: {{ registry_port }}
+    keystone_ip: {{ keystone_ip }}
+    keystone_port: {{ keystone_port }}
+    config_dir: {src: {{ config_dir.value['src'] }}, dst: {{ config_dir.value['dst'] }}}
+  tasks:
+    - file: path={{ config_dir.value['src'] }}/ state=directory
+    - file: path={{ config_dir.value['src'] }}/glance-api.conf state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-api-paste.ini state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-cache.conf state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-registry.conf state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-registry-paste.ini state=touch
+    - file: path={{ config_dir.value['src'] }}/glance-scrubber.conf state=touch
+    - file: path={{ config_dir.value['src'] }}/policy.json state=touch
+    - file: path={{ config_dir.value['src'] }}/schema-image.json state=touch
+    - template: src={{ resource_dir }}/templates/glance-api.conf dest={{ config_dir.value['src'] }}/glance-api.conf
+    - template: src={{ resource_dir }}/templates/glance-api-paste.ini dest={{ config_dir.value['src'] }}/glance-api-paste.ini
+    - template: src={{ resource_dir }}/templates/glance-cache.conf dest={{ config_dir.value['src'] }}/glance-cache.conf
+    - template: src={{ resource_dir }}/templates/glance-registry.conf dest={{ config_dir.value['src'] }}/glance-registry.conf
+    - template: src={{ resource_dir }}/templates/glance-registry-paste.ini dest={{ config_dir.value['src'] }}/glance-registry-paste.ini
+    - template: src={{ resource_dir }}/templates/glance-scrubber.conf dest={{ config_dir.value['src'] }}/glance-scrubber.conf
+    - template: src={{ resource_dir }}/templates/policy.json dest={{ config_dir.value['src'] }}/policy.json
+    - template: src={{ resource_dir }}/templates/schema-image.json dest={{ config_dir.value['src'] }}/schema-image.json
diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml
new file mode 100644
index 00000000..439614fd
--- /dev/null
+++ b/resources/glance_config/meta.yaml
@@ -0,0 +1,30 @@
+id: glance_config
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+      schema: str!
+      value:
+    ssh_user:
+      schema: str!
+      value: []
+    ssh_key:
+      schema: str!
+      value: []
+
+    config_dir:
+      schema: {src: str!, dst: str!}
+      value: {src: /etc/solar/glance, dst: /etc/glance}
+    api_port:
+      schema: int!
+      value: 9292
+    registry_port:
+      schema: int!
+      value: 9191
+    keystone_ip:
+      schema: str!
+      value:
+    keystone_port:
+      schema: int!
+      value: 5000
+
diff --git a/resources/glance_config/templates/glance-api-paste.ini b/resources/glance_config/templates/glance-api-paste.ini
new file mode 100644
index 00000000..86a4cdb1
--- /dev/null
+++ b/resources/glance_config/templates/glance-api-paste.ini
@@ -0,0 +1,77 @@
+# Use this pipeline for no auth or image caching - DEFAULT
+[pipeline:glance-api]
+pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
+
+# Use this pipeline for image caching and no auth
+[pipeline:glance-api-caching]
+pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
+
+# Use this pipeline for caching w/ management interface but no auth
+[pipeline:glance-api-cachemanagement]
+pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-api-keystone]
+pipeline = versionnegotiation osprofiler authtoken context  rootapp
+
+# Use this pipeline for keystone auth with image caching
+[pipeline:glance-api-keystone+caching]
+pipeline = versionnegotiation osprofiler authtoken context cache rootapp
+
+# Use this pipeline for keystone auth with caching and cache management
+[pipeline:glance-api-keystone+cachemanagement]
+pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-api-trusted-auth]
+pipeline = versionnegotiation osprofiler context rootapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user and uses cache management
+[pipeline:glance-api-trusted-auth+cachemanagement]
+pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
+
+[composite:rootapp]
+paste.composite_factory = glance.api:root_app_factory
+/: apiversions
+/v1: apiv1app
+/v2: apiv2app
+
+[app:apiversions]
+paste.app_factory = glance.api.versions:create_resource
+
+[app:apiv1app]
+paste.app_factory = glance.api.v1.router:API.factory
+
+[app:apiv2app]
+paste.app_factory = glance.api.v2.router:API.factory
+
+[filter:versionnegotiation]
+paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
+
+[filter:cache]
+paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
+
+[filter:cachemanage]
+paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+delay_auth_decision = true
+
+[filter:gzip]
+paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY
+enabled = yes
diff --git a/resources/glance_config/templates/glance-api.conf b/resources/glance_config/templates/glance-api.conf
new file mode 100644
index 00000000..928f872e
--- /dev/null
+++ b/resources/glance_config/templates/glance-api.conf
@@ -0,0 +1,35 @@
+[DEFAULT]
+default_store = file
+bind_host = 0.0.0.0
+bind_port = {{ api_port }}
+log_file = /var/log/glance/api.log
+backlog = 4096
+registry_host = 0.0.0.0
+registry_port = {{ registry_port }}
+registry_client_protocol = http
+
+delayed_delete = False
+scrub_time = 43200
+scrubber_datadir = /var/lib/glance/scrubber
+image_cache_dir = /var/lib/glance/image-cache/
+
+[database]
+connection = mysql://glance:GLANCE_DBPASS@mysql/glance
+backend = sqlalchemy
+
+[keystone_authtoken]
+auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
+identity_uri = http://{{ keystone_ip }}:35357
+admin_tenant_name = service
+admin_user = glance
+admin_password = GLANCE_PASS
+revocation_cache_time = 10
+
+[paste_deploy]
+flavor=keystone+cachemanagement
+
+[glance_store]
+filesystem_store_datadir = /var/lib/glance/images/
+sheepdog_store_address = localhost
+sheepdog_store_port = 7000
+sheepdog_store_chunk_size = 64
diff --git a/resources/glance_config/templates/glance-cache.conf b/resources/glance_config/templates/glance-cache.conf
new file mode 100644
index 00000000..0246b672
--- /dev/null
+++ b/resources/glance_config/templates/glance-cache.conf
@@ -0,0 +1,200 @@
+[DEFAULT]
+# Show more verbose log output (sets INFO log level output)
+#verbose = False
+
+# Show debugging output in logs (sets DEBUG log level output)
+#debug = False
+
+# Log to this file. Make sure you do not set the same log file for both the API
+# and registry servers!
+#
+# If `log_file` is omitted and `use_syslog` is false, then log messages are
+# sent to stdout as a fallback.
+log_file = /var/log/glance/image-cache.log
+
+# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
+#use_syslog = False
+
+# Directory that the Image Cache writes data to
+image_cache_dir = /var/lib/glance/image-cache/
+
+# Number of seconds after which we should consider an incomplete image to be
+# stalled and eligible for reaping
+image_cache_stall_time = 86400
+
+# Max cache size in bytes
+image_cache_max_size = 10737418240
+
+# Address to find the registry server
+registry_host = 0.0.0.0
+
+# Port the registry server is listening on
+registry_port = 9191
+
+# Auth settings if using Keystone
+# auth_url = http://127.0.0.1:5000/v2.0/
+# admin_tenant_name = %SERVICE_TENANT_NAME%
+# admin_user = %SERVICE_USER%
+# admin_password = %SERVICE_PASSWORD%
+
+# List of which store classes and store class locations are
+# currently known to glance at startup.
+# known_stores = glance.store.filesystem.Store,
+#                glance.store.http.Store,
+#                glance.store.rbd.Store,
+#                glance.store.s3.Store,
+#                glance.store.swift.Store,
+#                glance.store.sheepdog.Store,
+#                glance.store.cinder.Store,
+#                glance.store.vmware_datastore.Store,
+
+# ============ Filesystem Store Options ========================
+
+# Directory that the Filesystem backend store
+# writes image data to
+filesystem_store_datadir = /var/lib/glance/images/
+
+# ============ Swift Store Options =============================
+
+# Version of the authentication service to use
+# Valid versions are '2' for keystone and '1' for swauth and rackspace
+swift_store_auth_version = 2
+
+# Address where the Swift authentication service lives
+# Valid schemes are 'http://' and 'https://'
+# If no scheme specified,  default to 'https://'
+# For swauth, use something like '127.0.0.1:8080/v1.0/'
+swift_store_auth_address = 127.0.0.1:5000/v2.0/
+
+# User to authenticate against the Swift authentication service
+# If you use Swift authentication service, set it to 'account':'user'
+# where 'account' is a Swift storage account and 'user'
+# is a user in that account
+swift_store_user = jdoe:jdoe
+
+# Auth key for the user authenticating against the
+# Swift authentication service
+swift_store_key = a86850deb2742ec3cb41518e26aa2d89
+
+# Container within the account that the account should use
+# for storing images in Swift
+swift_store_container = glance
+
+# Do we create the container if it does not exist?
+swift_store_create_container_on_put = False
+
+# What size, in MB, should Glance start chunking image files
+# and do a large object manifest in Swift? By default, this is
+# the maximum object size in Swift, which is 5GB
+swift_store_large_object_size = 5120
+
+# When doing a large object manifest, what size, in MB, should
+# Glance write chunks to Swift? This amount of data is written
+# to a temporary disk buffer during the process of chunking
+# the image file, and the default is 200MB
+swift_store_large_object_chunk_size = 200
+
+# Whether to use ServiceNET to communicate with the Swift storage servers.
+# (If you aren't RACKSPACE, leave this False!)
+#
+# To use ServiceNET for authentication, prefix hostname of
+# `swift_store_auth_address` with 'snet-'.
+# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
+swift_enable_snet = False
+
+# ============ S3 Store Options =============================
+
+# Address where the S3 authentication service lives
+# Valid schemes are 'http://' and 'https://'
+# If no scheme specified,  default to 'http://'
+s3_store_host = 127.0.0.1:8080/v1.0/
+
+# User to authenticate against the S3 authentication service
+s3_store_access_key = <20-char AWS access key>
+
+# Auth key for the user authenticating against the
+# S3 authentication service
+s3_store_secret_key = <40-char AWS secret key>
+
+# Container within the account that the account should use
+# for storing images in S3. Note that S3 has a flat namespace,
+# so you need a unique bucket name for your glance images. An
+# easy way to do this is append your AWS access key to "glance".
+# S3 buckets in AWS *must* be lowercased, so remember to lowercase
+# your AWS access key if you use it in your bucket name below!
+s3_store_bucket = <lowercased 20-char aws access key>glance
+
+# Do we create the bucket if it does not exist?
+s3_store_create_bucket_on_put = False
+
+# When sending images to S3, the data will first be written to a
+# temporary buffer on disk. By default the platform's temporary directory
+# will be used. If required, an alternative directory can be specified here.
+# s3_store_object_buffer_dir = /path/to/dir
+
+# ============ Cinder Store Options ===========================
+
+# Info to match when looking for cinder in the service catalog
+# Format is : separated values of the form:
+# <service_type>:<service_name>:<endpoint_type> (string value)
+#cinder_catalog_info = volume:cinder:publicURL
+
+# Override service catalog lookup with template for cinder endpoint
+# e.g. http://localhost:8776/v1/%(project_id)s (string value)
+#cinder_endpoint_template = <None>
+
+# Region name of this node (string value)
+#os_region_name = <None>
+
+# Location of ca certicates file to use for cinder client requests
+# (string value)
+#cinder_ca_certificates_file = <None>
+
+# Number of cinderclient retries on failed http calls (integer value)
+#cinder_http_retries = 3
+
+# Allow to perform insecure SSL requests to cinder (boolean value)
+#cinder_api_insecure = False
+
+# ============ VMware Datastore Store Options =====================
+
+# ESX/ESXi or vCenter Server target system.
+# The server value can be an IP address or a DNS name
+# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
+#vmware_server_host = <None>
+
+# Server username (string value)
+#vmware_server_username = <None>
+
+# Server password (string value)
+#vmware_server_password = <None>
+
+# Inventory path to a datacenter (string value)
+# Value optional when vmware_server_ip is an ESX/ESXi host: if specified
+# should be `ha-datacenter`.
+#vmware_datacenter_path = <None>
+
+# Datastore associated with the datacenter (string value)
+#vmware_datastore_name = <None>
+
+# The number of times we retry on failures
+# e.g., socket error, etc (integer value)
+#vmware_api_retry_count = 10
+
+# The interval used for polling remote tasks
+# invoked on VMware ESX/VC server in seconds (integer value)
+#vmware_task_poll_interval = 5
+
+# Absolute path of the folder containing the images in the datastore
+# (string value)
+#vmware_store_image_dir = /openstack_glance
+
+# Allow to perform insecure SSL requests to the target system (boolean value)
+#vmware_api_insecure = False
+
+# ================= Security Options ==========================
+
+# AES key for encrypting store 'location' metadata, including
+# -- if used -- Swift or S3 credentials
+# Should be set to a random string of length 16, 24 or 32 bytes
+# metadata_encryption_key = <16, 24 or 32 char registry metadata key>
diff --git a/resources/glance_config/templates/glance-registry-paste.ini b/resources/glance_config/templates/glance-registry-paste.ini
new file mode 100644
index 00000000..df403f6e
--- /dev/null
+++ b/resources/glance_config/templates/glance-registry-paste.ini
@@ -0,0 +1,30 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glance-registry]
+pipeline = osprofiler unauthenticated-context registryapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-registry-keystone]
+pipeline = osprofiler authtoken context registryapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-registry-trusted-auth]
+pipeline = osprofiler context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.registry.api:API.factory
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY
+enabled = yes
diff --git a/resources/glance_config/templates/glance-registry.conf b/resources/glance_config/templates/glance-registry.conf
new file mode 100644
index 00000000..d195004f
--- /dev/null
+++ b/resources/glance_config/templates/glance-registry.conf
@@ -0,0 +1,22 @@
+[DEFAULT]
+bind_host = 0.0.0.0
+bind_port = 9191
+log_file = /var/log/glance/registry.log
+backlog = 4096
+api_limit_max = 1000
+limit_param_default = 25
+
+[database]
+backend = sqlalchemy
+connection = mysql://glance:GLANCE_DBPASS@mysql/glance
+
+[keystone_authtoken]
+auth_uri = http://keystone:5000/v2.0
+identity_uri = http://keystone:35357
+admin_tenant_name = service
+admin_user = glance
+admin_password = GLANCE_PASS
+
+[paste_deploy]
+flavor=keystone
+[profiler]
diff --git a/resources/glance_config/templates/glance-scrubber.conf b/resources/glance_config/templates/glance-scrubber.conf
new file mode 100644
index 00000000..ecfc7bff
--- /dev/null
+++ b/resources/glance_config/templates/glance-scrubber.conf
@@ -0,0 +1,108 @@
+[DEFAULT]
+# Show more verbose log output (sets INFO log level output)
+#verbose = False
+
+# Show debugging output in logs (sets DEBUG log level output)
+#debug = False
+
+# Log to this file. Make sure you do not set the same log file for both the API
+# and registry servers!
+#
+# If `log_file` is omitted and `use_syslog` is false, then log messages are
+# sent to stdout as a fallback.
+log_file = /var/log/glance/scrubber.log
+
+# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
+#use_syslog = False
+
+# Should we run our own loop or rely on cron/scheduler to run us
+daemon = False
+
+# Loop time between checking for new items to schedule for delete
+wakeup_time = 300
+
+# Directory that the scrubber will use to remind itself of what to delete
+# Make sure this is also set in glance-api.conf
+scrubber_datadir = /var/lib/glance/scrubber
+
+# Only one server in your deployment should be designated the cleanup host
+cleanup_scrubber = False
+
+# pending_delete items older than this time are candidates for cleanup
+cleanup_scrubber_time = 86400
+
+# Address to find the registry server for cleanups
+registry_host = 0.0.0.0
+
+# Port the registry server is listening on
+registry_port = 9191
+
+# Auth settings if using Keystone
+# auth_url = http://127.0.0.1:5000/v2.0/
+# admin_tenant_name = %SERVICE_TENANT_NAME%
+# admin_user = %SERVICE_USER%
+# admin_password = %SERVICE_PASSWORD%
+
+# Directory to use for lock files. Default to a temp directory
+# (string value). This setting needs to be the same for both
+# glance-scrubber and glance-api.
+#lock_path=<None>
+
+# API to use for accessing data. Default value points to sqlalchemy
+# package, it is also possible to use: glance.db.registry.api
+#data_api = glance.db.sqlalchemy.api
+
+# ================= Security Options ==========================
+
+# AES key for encrypting store 'location' metadata, including
+# -- if used -- Swift or S3 credentials
+# Should be set to a random string of length 16, 24 or 32 bytes
+#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
+
+# ================= Database Options ===============+==========
+
+[database]
+
+# The SQLAlchemy connection string used to connect to the
+# database (string value)
+#connection=sqlite:////glance/openstack/common/db/$sqlite_db
+
+# The SQLAlchemy connection string used to connect to the
+# slave database (string value)
+#slave_connection=
+
+# timeout before idle sql connections are reaped (integer
+# value)
+#idle_timeout=3600
+
+# Minimum number of SQL connections to keep open in a pool
+# (integer value)
+#min_pool_size=1
+
+# Maximum number of SQL connections to keep open in a pool
+# (integer value)
+#max_pool_size=<None>
+
+# maximum db connection retries during startup. (setting -1
+# implies an infinite retry count) (integer value)
+#max_retries=10
+
+# interval between retries of opening a sql connection
+# (integer value)
+#retry_interval=10
+
+# If set, use this value for max_overflow with sqlalchemy
+# (integer value)
+#max_overflow=<None>
+
+# Verbosity of SQL debugging information. 0=None,
+# 100=Everything (integer value)
+#connection_debug=0
+
+# Add python stack traces to SQL as comment strings (boolean
+# value)
+#connection_trace=false
+
+# If set, use this value for pool_timeout with sqlalchemy
+# (integer value)
+#pool_timeout=<None>
diff --git a/resources/glance_config/templates/policy.json b/resources/glance_config/templates/policy.json
new file mode 100644
index 00000000..325f00b2
--- /dev/null
+++ b/resources/glance_config/templates/policy.json
@@ -0,0 +1,52 @@
+{
+    "context_is_admin":  "role:admin",
+    "default": "",
+
+    "add_image": "",
+    "delete_image": "",
+    "get_image": "",
+    "get_images": "",
+    "modify_image": "",
+    "publicize_image": "role:admin",
+    "copy_from": "",
+
+    "download_image": "",
+    "upload_image": "",
+
+    "delete_image_location": "",
+    "get_image_location": "",
+    "set_image_location": "",
+
+    "add_member": "",
+    "delete_member": "",
+    "get_member": "",
+    "get_members": "",
+    "modify_member": "",
+
+    "manage_image_cache": "role:admin",
+
+    "get_task": "",
+    "get_tasks": "",
+    "add_task": "",
+    "modify_task": "",
+
+    "get_metadef_namespace": "",
+    "get_metadef_namespaces":"",
+    "modify_metadef_namespace":"",
+    "add_metadef_namespace":"",
+
+    "get_metadef_object":"",
+    "get_metadef_objects":"",
+    "modify_metadef_object":"",
+    "add_metadef_object":"",
+
+    "list_metadef_resource_types":"",
+    "get_metadef_resource_type":"",
+    "add_metadef_resource_type_association":"",
+
+    "get_metadef_property":"",
+    "get_metadef_properties":"",
+    "modify_metadef_property":"",
+    "add_metadef_property":""
+
+}
diff --git a/resources/glance_config/templates/schema-image.json b/resources/glance_config/templates/schema-image.json
new file mode 100644
index 00000000..5aafd6b3
--- /dev/null
+++ b/resources/glance_config/templates/schema-image.json
@@ -0,0 +1,28 @@
+{
+    "kernel_id": {
+        "type": "string",
+        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
+        "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
+    },
+    "ramdisk_id": {
+        "type": "string",
+        "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
+        "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
+    },
+    "instance_uuid": {
+        "type": "string",
+        "description": "ID of instance used to create this image."
+    },
+    "architecture": {
+        "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
+        "type": "string"
+    },
+    "os_distro": {
+        "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
+        "type": "string"
+    },
+    "os_version": {
+        "description": "Operating system version as specified by the distributor",
+        "type": "string"
+    }
+}

From 8518e61185750688782b8d3a41a527d91b20afaf Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Thu, 28 May 2015 13:06:45 +0200
Subject: [PATCH 02/19] Glance: add mariadb config

---
 example.py                                    | 23 ++++++++++++++++++-
 main.yml                                      |  3 +++
 resources/glance_config/actions/run.yml       |  4 ++++
 resources/glance_config/meta.yaml             | 13 ++++++++++-
 .../templates/glance-api-paste.ini            |  9 ++++++--
 .../glance_config/templates/glance-api.conf   |  8 +++----
 .../templates/glance-registry-paste.ini       |  7 +++++-
 7 files changed, 58 insertions(+), 9 deletions(-)

diff --git a/example.py b/example.py
index 9d6a0f3e..6cb90bbd 100644
--- a/example.py
+++ b/example.py
@@ -41,7 +41,10 @@ def deploy():
     haproxy_config = resource.create('haproxy_config', 'resources/haproxy', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'configs_names':[], 'configs_ports':[], 'listen_ports':[], 'configs':[], 'config_dir': ''})
     haproxy_service = resource.create('haproxy_service', 'resources/docker_container/', {'image': 'tutum/haproxy', 'ports': [], 'host_binds': [], 'volume_binds':[], 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
-    glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': ''})
+    glance_db = resource.create('glance_db', 'resources/mariadb_db/', {'db_name':'glance_db', 'login_password':'', 'login_user':'root', 'login_port': '', 'ip':'', 'ssh_user':'', 'ssh_key':''})
+    glance_db_user = resource.create('glance_db_user', 'resources/mariadb_user/', {'new_user_name' : 'glance', 'new_user_password' : 'glance', 'db_name':'', 'login_password':'', 'login_user':'root', 'login_port': '', 'ip':'', 'ssh_user':'', 'ssh_key':''})
+
+    glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': ''})
     glance_container = resource.create('glance_container', 'resources/docker_container/', {'image' : 'krystism/openstack-glance', 'ports': [{'value': [{'value': 9191}, {'value': 9292}]}], 'host_binds': [], 'volume_binds':[], 'ip':'', 'ssh_key':'', 'ssh_user':''})
 
 
@@ -84,9 +87,19 @@ def deploy():
     signals.connect(node2, haproxy_service)
     signals.connect(haproxy_config, haproxy_service, {'listen_ports': 'ports', 'config_dir': 'host_binds'})
 
+    # glance
+    signals.connect(node1, glance_db)
+    signals.connect(mariadb_service1, glance_db, {'root_password':'login_password', 'port':'login_port'})
+    signals.connect(node1, glance_db_user)
+    signals.connect(mariadb_service1, glance_db_user, {'root_password':'login_password', 'port':'login_port'})
+    signals.connect(glance_db, glance_db_user, {'db_name':'db_name'})
+
     signals.connect(node3, glance_config)
     signals.connect(haproxy_keystone_config, glance_config, {'listen_port': 'keystone_port'})
     signals.connect(haproxy_service, glance_config, {'ip': 'keystone_ip'})
+    signals.connect(mariadb_service1, glance_config, {'ip': 'mysql_ip'})
+    signals.connect(glance_db, glance_config, {'db_name': 'mysql_db'})
+    signals.connect(glance_db_user, glance_config, {'new_user_name': 'mysql_user', 'new_user_password': 'mysql_password'})
     signals.connect(node3, glance_container)
     signals.connect(glance_config, glance_container, {'config_dir': 'host_binds'})
 
@@ -105,6 +118,8 @@ def deploy():
               haproxy_config,
               haproxy_service,
               glance_config,
+              glance_db,
+              glance_db_user,
               glance_container]:
         errors = validation.validate_resource(r)
         if errors:
@@ -126,6 +141,8 @@ def deploy():
     actions.resource_action(keystone_service2, 'run')
     actions.resource_action(haproxy_config, 'run')
     actions.resource_action(haproxy_service, 'run')
+    actions.resource_action(glance_db, 'run')
+    actions.resource_action(glance_db_user, 'run')
     actions.resource_action(glance_config, 'run')
     actions.resource_action(glance_container, 'run')
     time.sleep(10)
@@ -148,6 +165,10 @@ def undeploy():
     resources = map(resource.wrap_resource, db.get_list('resource'))
     resources = {r.name: r for r in resources}
 
+    actions.resource_action(resources['glance_container'], 'run')
+    actions.resource_action(resources['glance_config'], 'run')
+    actions.resource_action(resources['glance_db_user'], 'run')
+    actions.resource_action(resources['glance_db'], 'run')
     actions.resource_action(resources['haproxy_service'], 'remove')
     actions.resource_action(resources['haproxy_config'], 'remove')
     actions.resource_action(resources['keystone_service2'], 'remove')
diff --git a/main.yml b/main.yml
index be6bf279..8a4e93fd 100644
--- a/main.yml
+++ b/main.yml
@@ -13,8 +13,11 @@
     - apt: name=python-pudb state=present
     - apt: name=python-pip state=present
     - apt: name=python-mysqldb state=present
+    - apt: name=jq state=present
     - shell: pip install docker-py==1.1.0
 
+    - shell: pip install httpie
+
     # requirements
     - shell: pip install -r /vagrant/requirements.txt
 
diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml
index ceda54e1..067392b4 100644
--- a/resources/glance_config/actions/run.yml
+++ b/resources/glance_config/actions/run.yml
@@ -5,6 +5,10 @@
     registry_port: {{ registry_port }}
     keystone_ip: {{ keystone_ip }}
     keystone_port: {{ keystone_port }}
+    mysql_ip: {{ mysql_ip }}
+    mysql_db: {{ mysql_db }}
+    mysql_user: {{ mysql_user }}
+    mysql_password: {{ mysql_password }}
     config_dir: {src: {{ config_dir.value['src'] }}, dst: {{ config_dir.value['dst'] }}}
   tasks:
     - file: path={{ config_dir.value['src'] }}/ state=directory
diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml
index 439614fd..2d7f600e 100644
--- a/resources/glance_config/meta.yaml
+++ b/resources/glance_config/meta.yaml
@@ -27,4 +27,15 @@ input:
     keystone_port:
       schema: int!
       value: 5000
-
+    mysql_ip:
+      schema: str!
+      value:
+    mysql_db:
+      schema: str!
+      value:
+    mysql_user:
+      schema: str!
+      value:
+    mysql_password:
+      schema: str!
+      value:
diff --git a/resources/glance_config/templates/glance-api-paste.ini b/resources/glance_config/templates/glance-api-paste.ini
index 86a4cdb1..f701b5dd 100644
--- a/resources/glance_config/templates/glance-api-paste.ini
+++ b/resources/glance_config/templates/glance-api-paste.ini
@@ -1,6 +1,7 @@
 # Use this pipeline for no auth or image caching - DEFAULT
 [pipeline:glance-api]
-pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
+#pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
+pipeline = versionnegotiation authtoken context appv1app
 
 # Use this pipeline for image caching and no auth
 [pipeline:glance-api-caching]
@@ -66,7 +67,11 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl
 
 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-delay_auth_decision = true
+identity_uri = http://{{ keystone_ip }}:35357
+admin_user = glance_admin
+admin_tenant_name = service_admins
+admin_password = password1234
+#delay_auth_decision = true
 
 [filter:gzip]
 paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
diff --git a/resources/glance_config/templates/glance-api.conf b/resources/glance_config/templates/glance-api.conf
index 928f872e..5199d697 100644
--- a/resources/glance_config/templates/glance-api.conf
+++ b/resources/glance_config/templates/glance-api.conf
@@ -14,15 +14,15 @@ scrubber_datadir = /var/lib/glance/scrubber
 image_cache_dir = /var/lib/glance/image-cache/
 
 [database]
-connection = mysql://glance:GLANCE_DBPASS@mysql/glance
+connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
 backend = sqlalchemy
 
 [keystone_authtoken]
 auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
 identity_uri = http://{{ keystone_ip }}:35357
-admin_tenant_name = service
-admin_user = glance
-admin_password = GLANCE_PASS
+admin_tenant_name = service_admins
+admin_user = glance_admin
+admin_password = password1234
 revocation_cache_time = 10
 
 [paste_deploy]
diff --git a/resources/glance_config/templates/glance-registry-paste.ini b/resources/glance_config/templates/glance-registry-paste.ini
index df403f6e..9d939906 100644
--- a/resources/glance_config/templates/glance-registry-paste.ini
+++ b/resources/glance_config/templates/glance-registry-paste.ini
@@ -1,6 +1,7 @@
 # Use this pipeline for no auth - DEFAULT
 [pipeline:glance-registry]
-pipeline = osprofiler unauthenticated-context registryapp
+#pipeline = osprofiler unauthenticated-context registryapp
+pipeline = authtoke context registryapp
 
 # Use this pipeline for keystone auth
 [pipeline:glance-registry-keystone]
@@ -23,6 +24,10 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl
 
 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+identity_uri = http://{{ keystone_ip }}:35357
+admin_user = glance_admin
+admin_tenant_name = service_admins
+admin_password = password1234
 
 [filter:osprofiler]
 paste.filter_factory = osprofiler.web:WsgiMiddleware.factory

From 49e56886a6f002cefd20056b92b39a4d5991acfc Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Thu, 28 May 2015 13:27:33 +0200
Subject: [PATCH 03/19] Glance /v2/images GET works now with glance_admin token

---
 example.py                                           |  2 +-
 resources/glance_config/actions/run.yml              |  3 +++
 resources/glance_config/meta.yaml                    |  9 +++++++++
 .../glance_config/templates/glance-api-paste.ini     |  6 +++---
 resources/glance_config/templates/glance-api.conf    |  6 +++---
 .../templates/glance-registry-paste.ini              |  6 +++---
 .../glance_config/templates/glance-registry.conf     | 12 ++++++------
 7 files changed, 28 insertions(+), 16 deletions(-)

diff --git a/example.py b/example.py
index 6cb90bbd..19253c66 100644
--- a/example.py
+++ b/example.py
@@ -44,7 +44,7 @@ def deploy():
     glance_db = resource.create('glance_db', 'resources/mariadb_db/', {'db_name':'glance_db', 'login_password':'', 'login_user':'root', 'login_port': '', 'ip':'', 'ssh_user':'', 'ssh_key':''})
     glance_db_user = resource.create('glance_db_user', 'resources/mariadb_user/', {'new_user_name' : 'glance', 'new_user_password' : 'glance', 'db_name':'', 'login_password':'', 'login_user':'root', 'login_port': '', 'ip':'', 'ssh_user':'', 'ssh_key':''})
 
-    glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': ''})
+    glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_tenant': ''})
     glance_container = resource.create('glance_container', 'resources/docker_container/', {'image' : 'krystism/openstack-glance', 'ports': [{'value': [{'value': 9191}, {'value': 9292}]}], 'host_binds': [], 'volume_binds':[], 'ip':'', 'ssh_key':'', 'ssh_user':''})
 
 
diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml
index 067392b4..99debf03 100644
--- a/resources/glance_config/actions/run.yml
+++ b/resources/glance_config/actions/run.yml
@@ -5,6 +5,9 @@
     registry_port: {{ registry_port }}
     keystone_ip: {{ keystone_ip }}
     keystone_port: {{ keystone_port }}
+    keystone_admin_user: {{ keystone_admin_user }}
+    keystone_admin_password: {{ keystone_admin_password }}
+    keystone_admin_tenant: {{ keystone_admin_tenant }}
     mysql_ip: {{ mysql_ip }}
     mysql_db: {{ mysql_db }}
     mysql_user: {{ mysql_user }}
diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml
index 2d7f600e..a52c6ae5 100644
--- a/resources/glance_config/meta.yaml
+++ b/resources/glance_config/meta.yaml
@@ -27,6 +27,15 @@ input:
     keystone_port:
       schema: int!
       value: 5000
+    keystone_admin_user:
+      schema: str!
+      value: glance_admin
+    keystone_admin_password:
+      schema: str!
+      value: password1234
+    keystone_admin_tenant:
+      schema: str!
+      value: service_admins
     mysql_ip:
       schema: str!
       value:
diff --git a/resources/glance_config/templates/glance-api-paste.ini b/resources/glance_config/templates/glance-api-paste.ini
index f701b5dd..ad2c8b51 100644
--- a/resources/glance_config/templates/glance-api-paste.ini
+++ b/resources/glance_config/templates/glance-api-paste.ini
@@ -68,9 +68,9 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl
 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
 identity_uri = http://{{ keystone_ip }}:35357
-admin_user = glance_admin
-admin_tenant_name = service_admins
-admin_password = password1234
+admin_user = {{ keystone_admin_user }}
+admin_tenant_name = {{ keystone_admin_tenant }}
+admin_password = {{ keystone_admin_password }}
 #delay_auth_decision = true
 
 [filter:gzip]
diff --git a/resources/glance_config/templates/glance-api.conf b/resources/glance_config/templates/glance-api.conf
index 5199d697..70e508b6 100644
--- a/resources/glance_config/templates/glance-api.conf
+++ b/resources/glance_config/templates/glance-api.conf
@@ -20,9 +20,9 @@ backend = sqlalchemy
 [keystone_authtoken]
 auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
 identity_uri = http://{{ keystone_ip }}:35357
-admin_tenant_name = service_admins
-admin_user = glance_admin
-admin_password = password1234
+admin_tenant_name = {{ keystone_admin_tenant }}
+admin_user = {{ keystone_admin_user }}
+admin_password = {{ keystone_admin_password }}
 revocation_cache_time = 10
 
 [paste_deploy]
diff --git a/resources/glance_config/templates/glance-registry-paste.ini b/resources/glance_config/templates/glance-registry-paste.ini
index 9d939906..d46db774 100644
--- a/resources/glance_config/templates/glance-registry-paste.ini
+++ b/resources/glance_config/templates/glance-registry-paste.ini
@@ -25,9 +25,9 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl
 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
 identity_uri = http://{{ keystone_ip }}:35357
-admin_user = glance_admin
-admin_tenant_name = service_admins
-admin_password = password1234
+admin_user = {{ keystone_admin_user }}
+admin_tenant_name = {{ keystone_admin_tenant }}
+admin_password = {{ keystone_admin_password }}
 
 [filter:osprofiler]
 paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
diff --git a/resources/glance_config/templates/glance-registry.conf b/resources/glance_config/templates/glance-registry.conf
index d195004f..c55bc7a9 100644
--- a/resources/glance_config/templates/glance-registry.conf
+++ b/resources/glance_config/templates/glance-registry.conf
@@ -8,14 +8,14 @@ limit_param_default = 25
 
 [database]
 backend = sqlalchemy
-connection = mysql://glance:GLANCE_DBPASS@mysql/glance
+connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
 
 [keystone_authtoken]
-auth_uri = http://keystone:5000/v2.0
-identity_uri = http://keystone:35357
-admin_tenant_name = service
-admin_user = glance
-admin_password = GLANCE_PASS
+auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
+identity_uri = http://{{ keystone_ip }}:35357
+admin_tenant_name = {{ keystone_admin_tenant }}
+admin_user = {{ keystone_admin_user }}
+admin_password = {{ keystone_admin_password }}
 
 [paste_deploy]
 flavor=keystone

From b104d3706f95e32bc8cf35a482e9849172a1e60c Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Thu, 28 May 2015 14:00:48 +0200
Subject: [PATCH 04/19] Keystone Glance script, should be later moved to some
 other resource

---
 resources/glance_config/keystone-glance.sh | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 resources/glance_config/keystone-glance.sh

diff --git a/resources/glance_config/keystone-glance.sh b/resources/glance_config/keystone-glance.sh
new file mode 100644
index 00000000..a495b3e9
--- /dev/null
+++ b/resources/glance_config/keystone-glance.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+export OS_SERVICE_TOKEN=admin
+export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0
+
+keystone tenant-create --name=service_admins
+keystone user-create --name=glance_admin --password=passsword1234
+keystone role-create --name=service_role
+keystone user-role-add --user=glance_admin --tenant=service_admins --role=service_role

From 6176cf0e17431d8f907e7ddf3b17ef44d2fd322b Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Thu, 28 May 2015 15:17:25 +0200
Subject: [PATCH 05/19] Added glance keystone user resource instance

---
 example.py                                 | 25 ++++++++++++++++------
 resources/glance_config/keystone-glance.sh |  9 --------
 resources/keystone_user/actions/run.yml    |  4 ++--
 resources/keystone_user/meta.yaml          |  2 +-
 solar/solar/core/resource.py               |  2 +-
 5 files changed, 22 insertions(+), 20 deletions(-)
 delete mode 100644 resources/glance_config/keystone-glance.sh

diff --git a/example.py b/example.py
index 19253c66..33c5a1bd 100644
--- a/example.py
+++ b/example.py
@@ -11,6 +11,7 @@ from solar.core import validation
 from solar.interfaces.db import get_db
 
 
+
 @click.group()
 def main():
     pass
@@ -44,6 +45,8 @@ def deploy():
     glance_db = resource.create('glance_db', 'resources/mariadb_db/', {'db_name':'glance_db', 'login_password':'', 'login_user':'root', 'login_port': '', 'ip':'', 'ssh_user':'', 'ssh_key':''})
     glance_db_user = resource.create('glance_db_user', 'resources/mariadb_user/', {'new_user_name' : 'glance', 'new_user_password' : 'glance', 'db_name':'', 'login_password':'', 'login_user':'root', 'login_port': '', 'ip':'', 'ssh_user':'', 'ssh_key':''})
 
+    glance_keystone_user = resource.create('glance_keystone_user', 'resources/keystone_user', {'user_name': 'glance_admin', 'user_password': 'password1234', 'tenant_name': 'service_admins', 'keystone_host': '', 'keystone_port': '', 'login_user': '', 'login_token': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+
     glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_tenant': ''})
     glance_container = resource.create('glance_container', 'resources/docker_container/', {'image' : 'krystism/openstack-glance', 'ports': [{'value': [{'value': 9191}, {'value': 9292}]}], 'host_binds': [], 'volume_binds':[], 'ip':'', 'ssh_key':'', 'ssh_user':''})
 
@@ -87,13 +90,21 @@ def deploy():
     signals.connect(node2, haproxy_service)
     signals.connect(haproxy_config, haproxy_service, {'listen_ports': 'ports', 'config_dir': 'host_binds'})
 
-    # glance
+    # glance db
     signals.connect(node1, glance_db)
-    signals.connect(mariadb_service1, glance_db, {'root_password':'login_password', 'port':'login_port'})
+    signals.connect(mariadb_service1, glance_db, {'root_password': 'login_password', 'port': 'login_port'})
     signals.connect(node1, glance_db_user)
-    signals.connect(mariadb_service1, glance_db_user, {'root_password':'login_password', 'port':'login_port'})
-    signals.connect(glance_db, glance_db_user, {'db_name':'db_name'})
+    signals.connect(mariadb_service1, glance_db_user, {'root_password': 'login_password', 'port': 'login_port'})
+    signals.connect(glance_db, glance_db_user, {'db_name': 'db_name'})
 
+    # glance keystone user
+    signals.connect(haproxy_keystone_config, glance_keystone_user, {'listen_port': 'keystone_port'})
+    signals.connect(haproxy_service, glance_keystone_user)  # standard ip, ssh_key, ssh_user
+    signals.connect(haproxy_service, glance_keystone_user, {'ip': 'keystone_host'})
+    signals.connect(keystone_config1, glance_keystone_user, {'admin_token': 'login_token'})
+    signals.connect(glance_keystone_user, glance_config, {'user_name': 'keystone_admin_user', 'user_password': 'keystone_admin_password', 'tenant_name': 'keystone_admin_tenant'})
+
+    # glance
     signals.connect(node3, glance_config)
     signals.connect(haproxy_keystone_config, glance_config, {'listen_port': 'keystone_port'})
     signals.connect(haproxy_service, glance_config, {'ip': 'keystone_ip'})
@@ -117,9 +128,10 @@ def deploy():
               haproxy_keystone_config,
               haproxy_config,
               haproxy_service,
-              glance_config,
+              glance_keystone_user,
               glance_db,
               glance_db_user,
+              glance_config,
               glance_container]:
         errors = validation.validate_resource(r)
         if errors:
@@ -141,6 +153,7 @@ def deploy():
     actions.resource_action(keystone_service2, 'run')
     actions.resource_action(haproxy_config, 'run')
     actions.resource_action(haproxy_service, 'run')
+    actions.resource_action(glance_keystone_user, 'run')
     actions.resource_action(glance_db, 'run')
     actions.resource_action(glance_db_user, 'run')
     actions.resource_action(glance_config, 'run')
@@ -156,8 +169,6 @@ def deploy():
     requests.get('http://%s:%s' % (glance_container.args['ip'].value, glance_container.args['ports'].value[0]['value'][1]['value']))
 
 
-
-
 @click.command()
 def undeploy():
     db = get_db()
diff --git a/resources/glance_config/keystone-glance.sh b/resources/glance_config/keystone-glance.sh
deleted file mode 100644
index a495b3e9..00000000
--- a/resources/glance_config/keystone-glance.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-export OS_SERVICE_TOKEN=admin
-export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0
-
-keystone tenant-create --name=service_admins
-keystone user-create --name=glance_admin --password=passsword1234
-keystone role-create --name=service_role
-keystone user-role-add --user=glance_admin --tenant=service_admins --role=service_role
diff --git a/resources/keystone_user/actions/run.yml b/resources/keystone_user/actions/run.yml
index 1a7a5469..c7063998 100644
--- a/resources/keystone_user/actions/run.yml
+++ b/resources/keystone_user/actions/run.yml
@@ -2,5 +2,5 @@
   sudo: yes
   tasks:
     - name: keystone user
-    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ tenant={{tenant_name}} state=present
-    - keystone_user: endpoint=http://{keystone_host}}:{{keystone_port}}/v2.0/ user={{user_name}} password={{user_password}} tenant={{tenant_name}} state=present
+    - keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ tenant={{ tenant_name }} token={{ login_token }} state=present
+    - keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} token={{ login_token }} state=present
diff --git a/resources/keystone_user/meta.yaml b/resources/keystone_user/meta.yaml
index 971469f6..8c9ffb15 100644
--- a/resources/keystone_user/meta.yaml
+++ b/resources/keystone_user/meta.yaml
@@ -9,7 +9,7 @@ input:
       schema: int!
       value:
     login_user:
-      schema: str!
+      schema: str
       value:
     login_token:
       schema: str!
diff --git a/solar/solar/core/resource.py b/solar/solar/core/resource.py
index d23b1410..79b9c599 100644
--- a/solar/solar/core/resource.py
+++ b/solar/solar/core/resource.py
@@ -44,7 +44,7 @@ class Resource(object):
 
     def __repr__(self):
         return ("Resource(name='{name}', metadata={metadata}, args={args}, "
-                "tags={tags})").format(**self.to_dict)
+                "tags={tags})").format(**self.to_dict()
 
     def to_dict(self):
         return {

From 5ced9d62b4701c8e474873df4bd0a4298eb29984 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Fri, 29 May 2015 16:13:54 +0200
Subject: [PATCH 06/19] Glance: more configs, keystone_user fix

---
 resources/glance_config/actions/run.yml     | 2 ++
 resources/glance_config/templates/exports   | 4 ++++
 resources/keystone_config/actions/run.yml   | 3 +++
 resources/keystone_config/templates/exports | 2 ++
 resources/keystone_user/actions/run.yml     | 9 +++++++--
 resources/keystone_user/meta.yaml           | 5 ++++-
 resources/mariadb_service/actions/run.yml   | 5 +++++
 7 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 resources/glance_config/templates/exports
 create mode 100644 resources/keystone_config/templates/exports

diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml
index 99debf03..9fa72072 100644
--- a/resources/glance_config/actions/run.yml
+++ b/resources/glance_config/actions/run.yml
@@ -23,6 +23,7 @@
     - file: path={{ config_dir.value['src'] }}/glance-scrubber.conf state=touch
     - file: path={{ config_dir.value['src'] }}/policy.json state=touch
     - file: path={{ config_dir.value['src'] }}/schema-image.json state=touch
+    - file: path={{ config_dir.value['src'] }}/exports state=touch
     - template: src={{ resource_dir }}/templates/glance-api.conf dest={{ config_dir.value['src'] }}/glance-api.conf
     - template: src={{ resource_dir }}/templates/glance-api-paste.ini dest={{ config_dir.value['src'] }}/glance-api-paste.ini
     - template: src={{ resource_dir }}/templates/glance-cache.conf dest={{ config_dir.value['src'] }}/glance-cache.conf
@@ -31,3 +32,4 @@
     - template: src={{ resource_dir }}/templates/glance-scrubber.conf dest={{ config_dir.value['src'] }}/glance-scrubber.conf
     - template: src={{ resource_dir }}/templates/policy.json dest={{ config_dir.value['src'] }}/policy.json
     - template: src={{ resource_dir }}/templates/schema-image.json dest={{ config_dir.value['src'] }}/schema-image.json
+    - template: src={{ resource_dir }}/templates/exports dest={{ config_dir.value['src'] }}/glance-export
diff --git a/resources/glance_config/templates/exports b/resources/glance_config/templates/exports
new file mode 100644
index 00000000..c617e27b
--- /dev/null
+++ b/resources/glance_config/templates/exports
@@ -0,0 +1,4 @@
+export OS_TENANT_NAME={{ keystone_admin_tenant }}
+export OS_USERNAME={{ keystone_admin_user }}
+export OS_PASSWORD={{ keystone_admin_password }}
+export OS_AUTH_URL=http://{{ keystone_ip }}:35357/v2.0
\ No newline at end of file
diff --git a/resources/keystone_config/actions/run.yml b/resources/keystone_config/actions/run.yml
index e24d0fae..ad457c53 100644
--- a/resources/keystone_config/actions/run.yml
+++ b/resources/keystone_config/actions/run.yml
@@ -2,6 +2,8 @@
   sudo: yes
   vars:
     admin_token: {{admin_token}}
+    keystone_host: {{ ip }}
+    keystone_port: {{ port }}
     db_user: {{db_user}}
     db_password: {{db_password}}
     db_host: {{db_host}}
@@ -12,3 +14,4 @@
     - template: src={{resource_dir}}/templates/default_catalog.templates dest={{config_dir}}/default_catalog.templates
     - template: src={{resource_dir}}/templates/logging.conf dest={{config_dir}}/logging.conf
     - template: src={{resource_dir}}/templates/policy.json dest={{config_dir}}/policy.json
+    - template: src={{resource_dir}}/templates/exports dest={{ config_dir }}/keystone-exports
diff --git a/resources/keystone_config/templates/exports b/resources/keystone_config/templates/exports
new file mode 100644
index 00000000..cc3a1c1c
--- /dev/null
+++ b/resources/keystone_config/templates/exports
@@ -0,0 +1,2 @@
+export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0/
+export OS_SERVICE_TOKEN={{ admin_token }}
diff --git a/resources/keystone_user/actions/run.yml b/resources/keystone_user/actions/run.yml
index c7063998..7a861d75 100644
--- a/resources/keystone_user/actions/run.yml
+++ b/resources/keystone_user/actions/run.yml
@@ -1,6 +1,11 @@
 - hosts: [{{ ip }}]
   sudo: yes
   tasks:
+    - name: install python-keystoneclient
+      shell: pip install python-keystoneclient
+    - name: keystone tenant
+      keystone_user: endpoint=http://localhost:35357/v2.0/ tenant={{ tenant_name }} token={{ login_token }} state=present
     - name: keystone user
-    - keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ tenant={{ tenant_name }} token={{ login_token }} state=present
-    - keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} token={{ login_token }} state=present
+      keystone_user: endpoint=http://localhost:35357/v2.0/ user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} token={{ login_token }} state=present
+    - name: keystone role
+      keystone_user: endpoint=http://localhost:35357/v2.0/ role={{ role_name }} user={{ user_name }} tenant={{ tenant_name }} token={{ login_token }} state=present
diff --git a/resources/keystone_user/meta.yaml b/resources/keystone_user/meta.yaml
index 8c9ffb15..07d445a5 100644
--- a/resources/keystone_user/meta.yaml
+++ b/resources/keystone_user/meta.yaml
@@ -5,7 +5,7 @@ input:
     keystone_host:
       schema: str!
       value:
-    keystone_port:
+    keystone_admin_port:
       schema: int!
       value:
     login_user:
@@ -14,6 +14,9 @@ input:
     login_token:
       schema: str!
       value:
+    role_name:
+      schema: str!
+      value:
     user_name:
       schema: str!
       value:
diff --git a/resources/mariadb_service/actions/run.yml b/resources/mariadb_service/actions/run.yml
index b1e9d87f..3be093d2 100644
--- a/resources/mariadb_service/actions/run.yml
+++ b/resources/mariadb_service/actions/run.yml
@@ -10,3 +10,8 @@
         - {{ port }}:3306
         env:
             MYSQL_ROOT_PASSWORD: {{ root_password }}
+    - shell: docker exec -t {{ name }} mysql -p{{ root_password }} -uroot -e "select 1"
+      register: result
+      until: result.rc == 0
+      retries: 10
+      delay: 0.5

From eb2b49a51204283f766c2bcf65cb8b799f2d0d28 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Mon, 1 Jun 2015 12:16:10 +0200
Subject: [PATCH 07/19] Fixes to example.py and Vagrantfile

---
 Vagrantfile                               | 6 +++---
 example.py                                | 6 +++---
 resources/mariadb_service/actions/run.yml | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 09297615..3a37201c 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -3,7 +3,7 @@
 
 # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 VAGRANTFILE_API_VERSION = "2"
-SLAVES_COUNT = 2
+SLAVES_COUNT = 3
 
 init_script = <<SCRIPT
 apt-get update
@@ -31,14 +31,14 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
   SLAVES_COUNT.times do |i|
     index = i + 1
-    ip_index = i + 2
+    ip_index = i + 3
     config.vm.define "solar-dev#{index}" do |config|
       config.vm.provision "shell", inline: init_script, privileged: true
       config.vm.network "private_network", ip: "10.0.0.#{ip_index}"
       config.vm.host_name = "solar-dev#{index}"
 
       config.vm.provider :virtualbox do |v|
-        v.customize ["modifyvm", :id, "--memory", 256]
+        v.customize ["modifyvm", :id, "--memory", 512]
         v.name = "solar-dev#{index}"
       end
     end
diff --git a/example.py b/example.py
index 33c5a1bd..01290e27 100644
--- a/example.py
+++ b/example.py
@@ -24,9 +24,9 @@ def deploy():
 
     signals.Connections.clear()
 
-    node1 = resource.create('node1', 'resources/ro_node/', {'ip': '10.0.0.3', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev2/virtualbox/private_key', 'ssh_user': 'vagrant'})
-    node2 = resource.create('node2', 'resources/ro_node/', {'ip': '10.0.0.4', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev3/virtualbox/private_key', 'ssh_user': 'vagrant'})
-    node3 = resource.create('node3', 'resources/ro_node/', {'ip':'10.0.0.5', 'ssh_key' : '/vagrant/.vagrant/machines/solar-dev4/virtualbox/private_key', 'ssh_user':'vagrant'})
+    node1 = resource.create('node1', 'resources/ro_node/', {'ip': '10.0.0.3', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev1/virtualbox/private_key', 'ssh_user': 'vagrant'})
+    node2 = resource.create('node2', 'resources/ro_node/', {'ip': '10.0.0.4', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev2/virtualbox/private_key', 'ssh_user': 'vagrant'})
+    node3 = resource.create('node3', 'resources/ro_node/', {'ip': '10.0.0.5', 'ssh_key' : '/vagrant/.vagrant/machines/solar-dev3/virtualbox/private_key', 'ssh_user': 'vagrant'})
 
     mariadb_service1 = resource.create('mariadb_service1', 'resources/mariadb_service', {'image': 'mariadb', 'root_password': 'mariadb', 'port': 3306, 'ip': '', 'ssh_user': '', 'ssh_key': ''})
     keystone_db = resource.create('keystone_db', 'resources/mariadb_db/', {'db_name': 'keystone_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
diff --git a/resources/mariadb_service/actions/run.yml b/resources/mariadb_service/actions/run.yml
index 3be093d2..089b66ad 100644
--- a/resources/mariadb_service/actions/run.yml
+++ b/resources/mariadb_service/actions/run.yml
@@ -13,5 +13,5 @@
     - shell: docker exec -t {{ name }} mysql -p{{ root_password }} -uroot -e "select 1"
       register: result
       until: result.rc == 0
-      retries: 10
+      retries: 20
       delay: 0.5

From 06e9aae038e3543047aee1223f24c5a38fb1eac5 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Mon, 1 Jun 2015 12:31:10 +0200
Subject: [PATCH 08/19] 2 Vagrant slave machines

---
 Vagrantfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Vagrantfile b/Vagrantfile
index 3a37201c..eda077ad 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -3,7 +3,7 @@
 
 # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
 VAGRANTFILE_API_VERSION = "2"
-SLAVES_COUNT = 3
+SLAVES_COUNT = 2
 
 init_script = <<SCRIPT
 apt-get update

From b38db8d98aed1f1c38bb55b4cca4af42044b307d Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Mon, 1 Jun 2015 14:06:36 +0200
Subject: [PATCH 09/19] Glance docker container is up

But for some reason docker ports aren't exposed
---
 example.py                                  | 41 +++++++++++++++------
 resources/docker_container/meta.yaml        |  4 +-
 resources/glance_config/meta.yaml           |  4 +-
 resources/glance_service/actions/remove.yml |  6 +++
 resources/glance_service/actions/run.yml    | 33 +++++++++++++++++
 resources/glance_service/meta.yaml          | 40 ++++++++++++++++++++
 resources/mariadb_service/actions/run.yml   |  2 +-
 solar/solar/core/handlers/ansible.py        |  7 +++-
 8 files changed, 118 insertions(+), 19 deletions(-)
 create mode 100644 resources/glance_service/actions/remove.yml
 create mode 100644 resources/glance_service/actions/run.yml
 create mode 100644 resources/glance_service/meta.yaml

diff --git a/example.py b/example.py
index 01290e27..c228d61b 100644
--- a/example.py
+++ b/example.py
@@ -26,7 +26,6 @@ def deploy():
 
     node1 = resource.create('node1', 'resources/ro_node/', {'ip': '10.0.0.3', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev1/virtualbox/private_key', 'ssh_user': 'vagrant'})
     node2 = resource.create('node2', 'resources/ro_node/', {'ip': '10.0.0.4', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev2/virtualbox/private_key', 'ssh_user': 'vagrant'})
-    node3 = resource.create('node3', 'resources/ro_node/', {'ip': '10.0.0.5', 'ssh_key' : '/vagrant/.vagrant/machines/solar-dev3/virtualbox/private_key', 'ssh_user': 'vagrant'})
 
     mariadb_service1 = resource.create('mariadb_service1', 'resources/mariadb_service', {'image': 'mariadb', 'root_password': 'mariadb', 'port': 3306, 'ip': '', 'ssh_user': '', 'ssh_key': ''})
     keystone_db = resource.create('keystone_db', 'resources/mariadb_db/', {'db_name': 'keystone_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
@@ -38,17 +37,17 @@ def deploy():
     keystone_config2 = resource.create('keystone_config2', 'resources/keystone_config/', {'config_dir': '/etc/solar/keystone', 'ip': '', 'ssh_user': '', 'ssh_key': '', 'admin_token': 'admin', 'db_password': '', 'db_name': '', 'db_user': '', 'db_host': '', 'db_port': ''})
     keystone_service2 = resource.create('keystone_service2', 'resources/keystone_service/', {'port': 5002, 'admin_port': 35357, 'image': '', 'ip': '', 'ssh_key': '', 'ssh_user': '', 'config_dir': ''})
 
-    haproxy_keystone_config = resource.create('haproxy_keystone1_config', 'resources/haproxy_keystone_config/', {'name': 'keystone_config', 'listen_port':5000, 'servers':[], 'ports':[]})
-    haproxy_config = resource.create('haproxy_config', 'resources/haproxy', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'configs_names':[], 'configs_ports':[], 'listen_ports':[], 'configs':[], 'config_dir': ''})
-    haproxy_service = resource.create('haproxy_service', 'resources/docker_container/', {'image': 'tutum/haproxy', 'ports': [], 'host_binds': [], 'volume_binds':[], 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    haproxy_keystone_config = resource.create('haproxy_keystone1_config', 'resources/haproxy_keystone_config/', {'name': 'keystone_config', 'listen_port': 5000, 'servers': [], 'ports':[]})
+    haproxy_config = resource.create('haproxy_config', 'resources/haproxy', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'configs_names': [], 'configs_ports': [], 'listen_ports': [], 'configs':[], 'config_dir': ''})
+    haproxy_service = resource.create('haproxy_service', 'resources/docker_container/', {'image': 'tutum/haproxy', 'ports': [], 'host_binds': [], 'volume_binds': [], 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
-    glance_db = resource.create('glance_db', 'resources/mariadb_db/', {'db_name':'glance_db', 'login_password':'', 'login_user':'root', 'login_port': '', 'ip':'', 'ssh_user':'', 'ssh_key':''})
-    glance_db_user = resource.create('glance_db_user', 'resources/mariadb_user/', {'new_user_name' : 'glance', 'new_user_password' : 'glance', 'db_name':'', 'login_password':'', 'login_user':'root', 'login_port': '', 'ip':'', 'ssh_user':'', 'ssh_key':''})
+    glance_db = resource.create('glance_db', 'resources/mariadb_db/', {'db_name': 'glance_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+    glance_db_user = resource.create('glance_db_user', 'resources/mariadb_user/', {'new_user_name': 'glance', 'new_user_password': 'glance', 'db_name': '', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
 
-    glance_keystone_user = resource.create('glance_keystone_user', 'resources/keystone_user', {'user_name': 'glance_admin', 'user_password': 'password1234', 'tenant_name': 'service_admins', 'keystone_host': '', 'keystone_port': '', 'login_user': '', 'login_token': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    glance_keystone_user = resource.create('glance_keystone_user', 'resources/keystone_user', {'user_name': 'glance_admin', 'user_password': 'password1234', 'tenant_name': 'service_admins', 'role_name': 'glance_admin', 'keystone_host': '', 'keystone_admin_port': '', 'login_user': '', 'login_token': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
     glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_tenant': ''})
-    glance_container = resource.create('glance_container', 'resources/docker_container/', {'image' : 'krystism/openstack-glance', 'ports': [{'value': [{'value': 9191}, {'value': 9292}]}], 'host_binds': [], 'volume_binds':[], 'ip':'', 'ssh_key':'', 'ssh_user':''})
+    glance_container = resource.create('glance_container', 'resources/glance_service/', {'image': 'cgenie/centos-rdo-glance-api', 'ports': [{'value': [{'value': 9191}, {'value': 9292}]}], 'host_binds': [], 'volume_binds': [], 'db_password': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
 
     ####
@@ -98,22 +97,27 @@ def deploy():
     signals.connect(glance_db, glance_db_user, {'db_name': 'db_name'})
 
     # glance keystone user
-    signals.connect(haproxy_keystone_config, glance_keystone_user, {'listen_port': 'keystone_port'})
+    signals.connect(haproxy_keystone_config, glance_keystone_user, {'listen_port': 'keystone_admin_port'})
     signals.connect(haproxy_service, glance_keystone_user)  # standard ip, ssh_key, ssh_user
     signals.connect(haproxy_service, glance_keystone_user, {'ip': 'keystone_host'})
     signals.connect(keystone_config1, glance_keystone_user, {'admin_token': 'login_token'})
     signals.connect(glance_keystone_user, glance_config, {'user_name': 'keystone_admin_user', 'user_password': 'keystone_admin_password', 'tenant_name': 'keystone_admin_tenant'})
 
     # glance
-    signals.connect(node3, glance_config)
+    signals.connect(node2, glance_config)
     signals.connect(haproxy_keystone_config, glance_config, {'listen_port': 'keystone_port'})
     signals.connect(haproxy_service, glance_config, {'ip': 'keystone_ip'})
     signals.connect(mariadb_service1, glance_config, {'ip': 'mysql_ip'})
     signals.connect(glance_db, glance_config, {'db_name': 'mysql_db'})
     signals.connect(glance_db_user, glance_config, {'new_user_name': 'mysql_user', 'new_user_password': 'mysql_password'})
-    signals.connect(node3, glance_container)
+    signals.connect(node2, glance_container)
     signals.connect(glance_config, glance_container, {'config_dir': 'host_binds'})
 
+    signals.connect(glance_db_user, glance_container, {'new_user_password': 'db_password'})
+    signals.connect(glance_keystone_user, glance_container, {'user_password': 'keystone_password'})
+    signals.connect(glance_keystone_user, glance_container, {'login_token': 'keystone_admin_token'})
+    signals.connect(haproxy_config, glance_container, {'ip': 'keystone_host'})
+
 
     has_errors = False
     for r in [node1,
@@ -144,7 +148,6 @@ def deploy():
 
     # run
     actions.resource_action(mariadb_service1, 'run')
-    time.sleep(10)
     actions.resource_action(keystone_db, 'run')
     actions.resource_action(keystone_db_user, 'run')
     actions.resource_action(keystone_config1, 'run')
@@ -165,6 +168,20 @@ def deploy():
     requests.get('http://%s:%s' % (keystone_service1.args['ip'].value, keystone_service1.args['port'].value))
     requests.get('http://%s:%s' % (keystone_service2.args['ip'].value, keystone_service2.args['port'].value))
     requests.get('http://%s:%s' % (haproxy_service.args['ip'].value, haproxy_service.args['ports'].value[0]['value'][0]['value']))
+
+    requests.post(
+        'http://%s:%s/v2.0/tokens' % (haproxy_service.args['ip'].value, haproxy_keystone_config.args['listen_port'].value),
+        {
+            'auth': {
+                'tenantName': glance_keystone_user.args['tenant_name'],
+                'passwordCredentials': {
+                    'username': glance_keystone_user.args['user_name'],
+                    'password': glance_keystone_user.args['user_password'],
+                }
+            }
+        }
+    )
+
     requests.get('http://%s:%s' % (glance_container.args['ip'].value, glance_container.args['ports'].value[0]['value'][0]['value']))
     requests.get('http://%s:%s' % (glance_container.args['ip'].value, glance_container.args['ports'].value[0]['value'][1]['value']))
 
diff --git a/resources/docker_container/meta.yaml b/resources/docker_container/meta.yaml
index 9808149d..76a25600 100644
--- a/resources/docker_container/meta.yaml
+++ b/resources/docker_container/meta.yaml
@@ -12,10 +12,10 @@ input:
       schema: [{value: [{value: int}]}]
       value: []
     host_binds:
-      schema: [{value: {src: str, dst: str}}]
+      schema: [{value: {src: str, dst: str, mode: str}}]
       value: []
     volume_binds:
-      schema: [{src: str, dst: str}]
+      schema: [{src: str, dst: str, mode: str}]
       value: []
     ssh_user:
       schema: str!
diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml
index a52c6ae5..01f66385 100644
--- a/resources/glance_config/meta.yaml
+++ b/resources/glance_config/meta.yaml
@@ -13,8 +13,8 @@ input:
       value: []
 
     config_dir:
-      schema: {src: str!, dst: str!}
-      value: {src: /etc/solar/glance, dst: /etc/glance}
+      schema: {src: str!, dst: str!, mode: str}
+      value: {src: /etc/solar/glance, dst: /etc/glance, mode: rw}
     api_port:
       schema: int!
       value: 9292
diff --git a/resources/glance_service/actions/remove.yml b/resources/glance_service/actions/remove.yml
new file mode 100644
index 00000000..d3c3149f
--- /dev/null
+++ b/resources/glance_service/actions/remove.yml
@@ -0,0 +1,6 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: docker stop {{ name }}
+    - shell: docker rm {{ name }}
diff --git a/resources/glance_service/actions/run.yml b/resources/glance_service/actions/run.yml
new file mode 100644
index 00000000..fa365283
--- /dev/null
+++ b/resources/glance_service/actions/run.yml
@@ -0,0 +1,33 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - docker:
+       name: {{ name }}
+       image: {{ image }}
+       state: running
+       net: host
+       {% if ports.value %}
+       ports:
+         {% for port in ports.value %}
+         {% for p in port['value'] %}
+         - {{ p['value'] }}:{{ p['value'] }}
+         {% endfor %}
+         {% endfor %}
+       {% endif %}
+       {% if host_binds.value %}
+       volumes:
+         # TODO: host_binds might need more work
+         # Currently it's not that trivial to pass custom src: dst here
+         # (when a config variable is passed here from other resource)
+         # so we mount it to the same directory as on host
+         {% for bind in host_binds.value %}
+         - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
+         {% endfor %}
+       {% endif %}
+       env:
+         GLANCE_DB_PASSWORD: {{ db_password }}
+         GLANCE_KEYSTONE_PASSWORD: {{ keystone_password }}
+         KEYSTONE_ADMIN_SERVICE_HOST: {{ keystone_host }}
+         KEYSTONE_ADMIN_TOKEN: {{ keystone_admin_token }}
+         KEYSTONE_PUBLIC_SERVICE_HOST: {{ keystone_host }}
diff --git a/resources/glance_service/meta.yaml b/resources/glance_service/meta.yaml
new file mode 100644
index 00000000..f1f06b6c
--- /dev/null
+++ b/resources/glance_service/meta.yaml
@@ -0,0 +1,40 @@
+id: container
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+      schema: str!
+      value:
+    image:
+      schema: str!
+      value:
+    ports:
+      schema: [{value: [{value: int}]}]
+      value: []
+    host_binds:
+      schema: [{value: {src: str, dst: str, mode: str}}]
+      value: []
+    volume_binds:
+      schema: [{src: str, dst: str, mode: str}]
+      value: []
+    ssh_user:
+      schema: str!
+      value: []
+    ssh_key:
+      schema: str!
+      value: []
+
+    db_password:
+      schema: str!
+      value:
+    keystone_admin_token:
+      schema: str!
+      value:
+    keystone_password:
+      schema: str!
+      value:
+    keystone_host:
+      schema: str!
+      value:
+
+tags: [resource/container]
diff --git a/resources/mariadb_service/actions/run.yml b/resources/mariadb_service/actions/run.yml
index 089b66ad..08fa7cd1 100644
--- a/resources/mariadb_service/actions/run.yml
+++ b/resources/mariadb_service/actions/run.yml
@@ -9,7 +9,7 @@
         ports:
         - {{ port }}:3306
         env:
-            MYSQL_ROOT_PASSWORD: {{ root_password }}
+          MYSQL_ROOT_PASSWORD: {{ root_password }}
     - shell: docker exec -t {{ name }} mysql -p{{ root_password }} -uroot -e "select 1"
       register: result
       until: result.rc == 0
diff --git a/solar/solar/core/handlers/ansible.py b/solar/solar/core/handlers/ansible.py
index edba4b36..a812c19c 100644
--- a/solar/solar/core/handlers/ansible.py
+++ b/solar/solar/core/handlers/ansible.py
@@ -1,7 +1,6 @@
 # -*- coding: utf-8 -*-
 import os
 import subprocess
-import yaml
 
 from solar.core.handlers.base import BaseHandler
 
@@ -14,7 +13,11 @@ class Ansible(BaseHandler):
         print 'playbook_file', playbook_file
         call_args = ['ansible-playbook', '-i', inventory_file, playbook_file]
         print 'EXECUTING: ', ' '.join(call_args)
-        subprocess.call(call_args)
+        try:
+            subprocess.check_output(call_args)
+        except subprocess.CalledProcessError as e:
+            print e.output
+            raise
 
     #def _get_connection(self, resource):
     #    return {'ssh_user': '',

From 5afef37a39b2aa800d98d625ab2dc8396872cb73 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Mon, 1 Jun 2015 14:35:06 +0200
Subject: [PATCH 10/19] Move glance_service to glance_api_service resource

---
 .../{glance_service => glance_api_service}/actions/remove.yml     | 0
 resources/{glance_service => glance_api_service}/actions/run.yml  | 0
 resources/{glance_service => glance_api_service}/meta.yaml        | 0
 3 files changed, 0 insertions(+), 0 deletions(-)
 rename resources/{glance_service => glance_api_service}/actions/remove.yml (100%)
 rename resources/{glance_service => glance_api_service}/actions/run.yml (100%)
 rename resources/{glance_service => glance_api_service}/meta.yaml (100%)

diff --git a/resources/glance_service/actions/remove.yml b/resources/glance_api_service/actions/remove.yml
similarity index 100%
rename from resources/glance_service/actions/remove.yml
rename to resources/glance_api_service/actions/remove.yml
diff --git a/resources/glance_service/actions/run.yml b/resources/glance_api_service/actions/run.yml
similarity index 100%
rename from resources/glance_service/actions/run.yml
rename to resources/glance_api_service/actions/run.yml
diff --git a/resources/glance_service/meta.yaml b/resources/glance_api_service/meta.yaml
similarity index 100%
rename from resources/glance_service/meta.yaml
rename to resources/glance_api_service/meta.yaml

From e76198138a832168f65fa746bad9bd8afd78dec7 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Mon, 1 Jun 2015 15:05:49 +0200
Subject: [PATCH 11/19] glance_registry_service works

---
 example.py                                    | 40 +++++++++-----
 .../actions/remove.yml                        |  6 +++
 .../glance_registry_service/actions/run.yml   | 37 +++++++++++++
 resources/glance_registry_service/meta.yaml   | 52 +++++++++++++++++++
 4 files changed, 122 insertions(+), 13 deletions(-)
 create mode 100644 resources/glance_registry_service/actions/remove.yml
 create mode 100644 resources/glance_registry_service/actions/run.yml
 create mode 100644 resources/glance_registry_service/meta.yaml

diff --git a/example.py b/example.py
index c228d61b..e01427bb 100644
--- a/example.py
+++ b/example.py
@@ -37,7 +37,7 @@ def deploy():
     keystone_config2 = resource.create('keystone_config2', 'resources/keystone_config/', {'config_dir': '/etc/solar/keystone', 'ip': '', 'ssh_user': '', 'ssh_key': '', 'admin_token': 'admin', 'db_password': '', 'db_name': '', 'db_user': '', 'db_host': '', 'db_port': ''})
     keystone_service2 = resource.create('keystone_service2', 'resources/keystone_service/', {'port': 5002, 'admin_port': 35357, 'image': '', 'ip': '', 'ssh_key': '', 'ssh_user': '', 'config_dir': ''})
 
-    haproxy_keystone_config = resource.create('haproxy_keystone1_config', 'resources/haproxy_keystone_config/', {'name': 'keystone_config', 'listen_port': 5000, 'servers': [], 'ports':[]})
+    haproxy_keystone_config = resource.create('haproxy_keystone_config', 'resources/haproxy_keystone_config/', {'name': 'keystone_config', 'listen_port': 5000, 'servers': [], 'ports':[]})
     haproxy_config = resource.create('haproxy_config', 'resources/haproxy', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'configs_names': [], 'configs_ports': [], 'listen_ports': [], 'configs':[], 'config_dir': ''})
     haproxy_service = resource.create('haproxy_service', 'resources/docker_container/', {'image': 'tutum/haproxy', 'ports': [], 'host_binds': [], 'volume_binds': [], 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
@@ -47,7 +47,8 @@ def deploy():
     glance_keystone_user = resource.create('glance_keystone_user', 'resources/keystone_user', {'user_name': 'glance_admin', 'user_password': 'password1234', 'tenant_name': 'service_admins', 'role_name': 'glance_admin', 'keystone_host': '', 'keystone_admin_port': '', 'login_user': '', 'login_token': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
     glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_tenant': ''})
-    glance_container = resource.create('glance_container', 'resources/glance_service/', {'image': 'cgenie/centos-rdo-glance-api', 'ports': [{'value': [{'value': 9191}, {'value': 9292}]}], 'host_binds': [], 'volume_binds': [], 'db_password': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    glance_api_container = resource.create('glance_api_container', 'resources/glance_api_service/', {'image': 'cgenie/centos-rdo-glance-api', 'ports': [{'value': [{'value': 9292}]}], 'host_binds': [], 'volume_binds': [], 'db_password': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    glance_registry_container = resource.create('glance_registry_container', 'resources/glance_registry_service/', {'image': 'cgenie/centos-rdo-glance-registry', 'ports': [{'value': [{'value': 9191}]}], 'host_binds': [], 'volume_binds': [], 'db_host': '', 'db_root_password': '', 'db_password': '', 'db_name': '', 'db_user': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
 
     ####
@@ -110,13 +111,23 @@ def deploy():
     signals.connect(mariadb_service1, glance_config, {'ip': 'mysql_ip'})
     signals.connect(glance_db, glance_config, {'db_name': 'mysql_db'})
     signals.connect(glance_db_user, glance_config, {'new_user_name': 'mysql_user', 'new_user_password': 'mysql_password'})
-    signals.connect(node2, glance_container)
-    signals.connect(glance_config, glance_container, {'config_dir': 'host_binds'})
+    signals.connect(node2, glance_api_container)
+    signals.connect(glance_config, glance_api_container, {'config_dir': 'host_binds'})
 
-    signals.connect(glance_db_user, glance_container, {'new_user_password': 'db_password'})
-    signals.connect(glance_keystone_user, glance_container, {'user_password': 'keystone_password'})
-    signals.connect(glance_keystone_user, glance_container, {'login_token': 'keystone_admin_token'})
-    signals.connect(haproxy_config, glance_container, {'ip': 'keystone_host'})
+    signals.connect(glance_db_user, glance_api_container, {'new_user_password': 'db_password'})
+    signals.connect(glance_keystone_user, glance_api_container, {'user_password': 'keystone_password'})
+    signals.connect(glance_keystone_user, glance_api_container, {'login_token': 'keystone_admin_token'})
+    signals.connect(haproxy_config, glance_api_container, {'ip': 'keystone_host'})
+
+    signals.connect(node2, glance_registry_container)
+    signals.connect(glance_config, glance_registry_container, {'config_dir': 'host_binds'})
+
+    signals.connect(mariadb_service1, glance_registry_container, {'ip': 'db_host'})
+    signals.connect(glance_db, glance_registry_container, {'db_name': 'db_name', 'login_password': 'db_root_password'})
+    signals.connect(glance_db_user, glance_registry_container, {'new_user_name': 'db_user', 'new_user_password': 'db_password'})
+    signals.connect(glance_keystone_user, glance_registry_container, {'user_password': 'keystone_password'})
+    signals.connect(glance_keystone_user, glance_registry_container, {'login_token': 'keystone_admin_token'})
+    signals.connect(haproxy_config, glance_registry_container, {'ip': 'keystone_host'})
 
 
     has_errors = False
@@ -136,7 +147,8 @@ def deploy():
               glance_db,
               glance_db_user,
               glance_config,
-              glance_container]:
+              glance_api_container,
+              glance_registry_container]:
         errors = validation.validate_resource(r)
         if errors:
             has_errors = True
@@ -160,7 +172,8 @@ def deploy():
     actions.resource_action(glance_db, 'run')
     actions.resource_action(glance_db_user, 'run')
     actions.resource_action(glance_config, 'run')
-    actions.resource_action(glance_container, 'run')
+    actions.resource_action(glance_api_container, 'run')
+    actions.resource_action(glance_registry_container, 'run')
     time.sleep(10)
 
 
@@ -182,8 +195,8 @@ def deploy():
         }
     )
 
-    requests.get('http://%s:%s' % (glance_container.args['ip'].value, glance_container.args['ports'].value[0]['value'][0]['value']))
-    requests.get('http://%s:%s' % (glance_container.args['ip'].value, glance_container.args['ports'].value[0]['value'][1]['value']))
+    requests.get('http://%s:%s' % (glance_api_container.args['ip'].value, glance_api_container.args['ports'].value[0]['value'][0]['value']))
+    requests.get('http://%s:%s' % (glance_registry_container.args['ip'].value, glance_registry_container.args['ports'].value[0]['value'][0]['value']))
 
 
 @click.command()
@@ -193,7 +206,8 @@ def undeploy():
     resources = map(resource.wrap_resource, db.get_list('resource'))
     resources = {r.name: r for r in resources}
 
-    actions.resource_action(resources['glance_container'], 'run')
+    actions.resource_action(resources['glance_registry_container'], 'run')
+    actions.resource_action(resources['glance_api_container'], 'run')
     actions.resource_action(resources['glance_config'], 'run')
     actions.resource_action(resources['glance_db_user'], 'run')
     actions.resource_action(resources['glance_db'], 'run')
diff --git a/resources/glance_registry_service/actions/remove.yml b/resources/glance_registry_service/actions/remove.yml
new file mode 100644
index 00000000..d3c3149f
--- /dev/null
+++ b/resources/glance_registry_service/actions/remove.yml
@@ -0,0 +1,6 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: docker stop {{ name }}
+    - shell: docker rm {{ name }}
diff --git a/resources/glance_registry_service/actions/run.yml b/resources/glance_registry_service/actions/run.yml
new file mode 100644
index 00000000..52c68eeb
--- /dev/null
+++ b/resources/glance_registry_service/actions/run.yml
@@ -0,0 +1,37 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - docker:
+       name: {{ name }}
+       image: {{ image }}
+       state: running
+       net: host
+       {% if ports.value %}
+       ports:
+         {% for port in ports.value %}
+         {% for p in port['value'] %}
+         - {{ p['value'] }}:{{ p['value'] }}
+         {% endfor %}
+         {% endfor %}
+       {% endif %}
+       {% if host_binds.value %}
+       volumes:
+         # TODO: host_binds might need more work
+         # Currently it's not that trivial to pass custom src: dst here
+         # (when a config variable is passed here from other resource)
+         # so we mount it to the same directory as on host
+         {% for bind in host_binds.value %}
+         - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
+         {% endfor %}
+       {% endif %}
+       env:
+         DB_ROOT_PASSWORD: {{ db_root_password }}
+         GLANCE_DB_PASSWORD: {{ db_password }}
+         GLANCE_DB_NAME: {{ db_name }}
+         GLANCE_DB_USER: {{ db_user }}
+         GLANCE_KEYSTONE_PASSWORD: {{ keystone_password }}
+         KEYSTONE_ADMIN_SERVICE_HOST: {{ keystone_host }}
+         KEYSTONE_ADMIN_TOKEN: {{ keystone_admin_token }}
+         KEYSTONE_PUBLIC_SERVICE_HOST: {{ keystone_host }}
+         MARIADB_SERVICE_HOST: {{ db_host }}
diff --git a/resources/glance_registry_service/meta.yaml b/resources/glance_registry_service/meta.yaml
new file mode 100644
index 00000000..4b51f07b
--- /dev/null
+++ b/resources/glance_registry_service/meta.yaml
@@ -0,0 +1,52 @@
+id: container
+handler: ansible
+version: 1.0.0
+input:
+    ip:
+      schema: str!
+      value:
+    image:
+      schema: str!
+      value:
+    ports:
+      schema: [{value: [{value: int}]}]
+      value: []
+    host_binds:
+      schema: [{value: {src: str, dst: str, mode: str}}]
+      value: []
+    volume_binds:
+      schema: [{src: str, dst: str, mode: str}]
+      value: []
+    ssh_user:
+      schema: str!
+      value: []
+    ssh_key:
+      schema: str!
+      value: []
+
+    db_host:
+      schema: str!
+      value:
+    db_root_password:
+      schema: str!
+      value:
+    db_name:
+      schema: str!
+      value:
+    db_password:
+      schema: str!
+      value:
+    db_user:
+      schema: str!
+      value:
+    keystone_admin_token:
+      schema: str!
+      value:
+    keystone_password:
+      schema: str!
+      value:
+    keystone_host:
+      schema: str!
+      value:
+
+tags: [resource/container]

From 604943fea79f42f0df743500462dce62fb6fd27c Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Mon, 1 Jun 2015 16:12:11 +0200
Subject: [PATCH 12/19] glance: registry & api fixes

---
 example.py                                        | 14 +++++++-------
 resources/glance_api_service/actions/run.yml      |  7 +------
 resources/glance_config/actions/remove.yml        |  5 +++++
 resources/glance_registry_service/actions/run.yml | 11 +----------
 resources/glance_registry_service/meta.yaml       |  6 ++++++
 5 files changed, 20 insertions(+), 23 deletions(-)
 create mode 100644 resources/glance_config/actions/remove.yml

diff --git a/example.py b/example.py
index e01427bb..070b2cbd 100644
--- a/example.py
+++ b/example.py
@@ -48,7 +48,7 @@ def deploy():
 
     glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_tenant': ''})
     glance_api_container = resource.create('glance_api_container', 'resources/glance_api_service/', {'image': 'cgenie/centos-rdo-glance-api', 'ports': [{'value': [{'value': 9292}]}], 'host_binds': [], 'volume_binds': [], 'db_password': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
-    glance_registry_container = resource.create('glance_registry_container', 'resources/glance_registry_service/', {'image': 'cgenie/centos-rdo-glance-registry', 'ports': [{'value': [{'value': 9191}]}], 'host_binds': [], 'volume_binds': [], 'db_host': '', 'db_root_password': '', 'db_password': '', 'db_name': '', 'db_user': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    glance_registry_container = resource.create('glance_registry_container', 'resources/glance_registry_service/', {'image': 'cgenie/centos-rdo-glance-registry', 'ports': [{'value': [{'value': 9191}]}], 'host_binds': [], 'volume_binds': [], 'db_host': '', 'db_root_password': '', 'db_password': '', 'db_name': '', 'db_user': '', 'keystone_admin_tenant': '', 'keystone_password': '', 'keystone_user': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
 
     ####
@@ -125,7 +125,7 @@ def deploy():
     signals.connect(mariadb_service1, glance_registry_container, {'ip': 'db_host'})
     signals.connect(glance_db, glance_registry_container, {'db_name': 'db_name', 'login_password': 'db_root_password'})
     signals.connect(glance_db_user, glance_registry_container, {'new_user_name': 'db_user', 'new_user_password': 'db_password'})
-    signals.connect(glance_keystone_user, glance_registry_container, {'user_password': 'keystone_password'})
+    signals.connect(glance_keystone_user, glance_registry_container, {'tenant_name': 'keystone_admin_tenant', 'user_name': 'keystone_user', 'user_password': 'keystone_password'})
     signals.connect(glance_keystone_user, glance_registry_container, {'login_token': 'keystone_admin_token'})
     signals.connect(haproxy_config, glance_registry_container, {'ip': 'keystone_host'})
 
@@ -206,11 +206,11 @@ def undeploy():
     resources = map(resource.wrap_resource, db.get_list('resource'))
     resources = {r.name: r for r in resources}
 
-    actions.resource_action(resources['glance_registry_container'], 'run')
-    actions.resource_action(resources['glance_api_container'], 'run')
-    actions.resource_action(resources['glance_config'], 'run')
-    actions.resource_action(resources['glance_db_user'], 'run')
-    actions.resource_action(resources['glance_db'], 'run')
+    actions.resource_action(resources['glance_registry_container'], 'remove')
+    actions.resource_action(resources['glance_api_container'], 'remove')
+    actions.resource_action(resources['glance_config'], 'remove')
+    actions.resource_action(resources['glance_db_user'], 'remove')
+    actions.resource_action(resources['glance_db'], 'remove')
     actions.resource_action(resources['haproxy_service'], 'remove')
     actions.resource_action(resources['haproxy_config'], 'remove')
     actions.resource_action(resources['keystone_service2'], 'remove')
diff --git a/resources/glance_api_service/actions/run.yml b/resources/glance_api_service/actions/run.yml
index fa365283..567748b0 100644
--- a/resources/glance_api_service/actions/run.yml
+++ b/resources/glance_api_service/actions/run.yml
@@ -3,6 +3,7 @@
   sudo: yes
   tasks:
     - docker:
+       command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-api"
        name: {{ name }}
        image: {{ image }}
        state: running
@@ -25,9 +26,3 @@
          - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
          {% endfor %}
        {% endif %}
-       env:
-         GLANCE_DB_PASSWORD: {{ db_password }}
-         GLANCE_KEYSTONE_PASSWORD: {{ keystone_password }}
-         KEYSTONE_ADMIN_SERVICE_HOST: {{ keystone_host }}
-         KEYSTONE_ADMIN_TOKEN: {{ keystone_admin_token }}
-         KEYSTONE_PUBLIC_SERVICE_HOST: {{ keystone_host }}
diff --git a/resources/glance_config/actions/remove.yml b/resources/glance_config/actions/remove.yml
new file mode 100644
index 00000000..a0a79ad4
--- /dev/null
+++ b/resources/glance_config/actions/remove.yml
@@ -0,0 +1,5 @@
+
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: echo 'removed'
diff --git a/resources/glance_registry_service/actions/run.yml b/resources/glance_registry_service/actions/run.yml
index 52c68eeb..0235203b 100644
--- a/resources/glance_registry_service/actions/run.yml
+++ b/resources/glance_registry_service/actions/run.yml
@@ -3,6 +3,7 @@
   sudo: yes
   tasks:
     - docker:
+       command: /bin/bash -c "glance-manage db_sync && /usr/bin/keystone-registry"
        name: {{ name }}
        image: {{ image }}
        state: running
@@ -25,13 +26,3 @@
          - {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
          {% endfor %}
        {% endif %}
-       env:
-         DB_ROOT_PASSWORD: {{ db_root_password }}
-         GLANCE_DB_PASSWORD: {{ db_password }}
-         GLANCE_DB_NAME: {{ db_name }}
-         GLANCE_DB_USER: {{ db_user }}
-         GLANCE_KEYSTONE_PASSWORD: {{ keystone_password }}
-         KEYSTONE_ADMIN_SERVICE_HOST: {{ keystone_host }}
-         KEYSTONE_ADMIN_TOKEN: {{ keystone_admin_token }}
-         KEYSTONE_PUBLIC_SERVICE_HOST: {{ keystone_host }}
-         MARIADB_SERVICE_HOST: {{ db_host }}
diff --git a/resources/glance_registry_service/meta.yaml b/resources/glance_registry_service/meta.yaml
index 4b51f07b..41734322 100644
--- a/resources/glance_registry_service/meta.yaml
+++ b/resources/glance_registry_service/meta.yaml
@@ -42,6 +42,12 @@ input:
     keystone_admin_token:
       schema: str!
       value:
+    keystone_admin_tenant:
+      schema: str!
+      value:
+    keystone_user:
+      schema: str!
+      value:
     keystone_password:
       schema: str!
       value:

From a7b9bcb8a29e817eb78e4cbf50e56558ffda1f06 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Mon, 1 Jun 2015 16:41:07 +0200
Subject: [PATCH 13/19] Increase slave RAM to 1024 MB

---
 Vagrantfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Vagrantfile b/Vagrantfile
index eda077ad..4cfb4c30 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -38,7 +38,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       config.vm.host_name = "solar-dev#{index}"
 
       config.vm.provider :virtualbox do |v|
-        v.customize ["modifyvm", :id, "--memory", 512]
+        v.customize ["modifyvm", :id, "--memory", 1024]
         v.name = "solar-dev#{index}"
       end
     end

From 488dc08ac747e51e99b0c6ef141ee02e9e3adda3 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Mon, 1 Jun 2015 16:41:34 +0200
Subject: [PATCH 14/19] Better validation by taking resource.Resource
 subclasses

---
 example.py | 28 ++--------------------------
 1 file changed, 2 insertions(+), 26 deletions(-)

diff --git a/example.py b/example.py
index 4d5166f2..a18e8098 100644
--- a/example.py
+++ b/example.py
@@ -105,7 +105,7 @@ def deploy():
     signals.connect(node2, haproxy_service)
     signals.connect(haproxy_config, haproxy_service, {'listen_ports': 'ports', 'config_dir': 'host_binds'})
 
-    #keystone configuration
+    # keystone configuration
     signals.connect(keystone_config1, admin_tenant)
     signals.connect(keystone_service1, admin_tenant, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
     signals.connect(admin_tenant, admin_user)
@@ -155,31 +155,7 @@ def deploy():
 
 
     has_errors = False
-    for r in [node1,
-              node2,
-              mariadb_service1,
-              keystone_db,
-              rabbitmq_service1,
-              openstack_vhost,
-              openstack_rabbitmq_user,
-              keystone_db_user,
-              keystone_config1,
-              keystone_service1,
-              keystone_config2,
-              keystone_service2,
-              haproxy_keystone_config,
-              haproxy_config,
-              haproxy_service,
-              admin_tenant,
-              admin_user,
-              admin_role,
-              keystone_service_endpoint,
-              glance_keystone_user,
-              glance_db,
-              glance_db_user,
-              glance_config,
-              glance_api_container,
-              glance_registry_container]:
+    for r in resource.Resource.__subclasses__():
         errors = validation.validate_resource(r)
         if errors:
             has_errors = True

From 50c48ee1e55d01a875bb829230e58645c83fb00f Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Mon, 1 Jun 2015 19:05:53 +0200
Subject: [PATCH 15/19] Glance registry finally working

---
 example.py                                    | 63 ++++++++++++-------
 resources/glance_config/actions/run.yml       |  1 +
 resources/glance_config/meta.yaml             |  3 +
 resources/glance_config/templates/exports     |  2 +-
 .../templates/glance-api-paste.ini            |  2 +-
 .../glance_config/templates/glance-api.conf   |  4 +-
 .../templates/glance-registry-paste.ini       |  2 +-
 .../templates/glance-registry.conf            |  4 +-
 .../glance_registry_service/actions/run.yml   |  3 +-
 resources/keystone_role/actions/run.yml       |  2 +
 .../actions/remove.yaml                       |  4 ++
 resources/keystone_tenant/actions/run.yml     |  2 +
 resources/keystone_user/actions/run.yml       |  1 +
 resources/keystone_user/meta.yaml             |  5 +-
 14 files changed, 65 insertions(+), 33 deletions(-)

diff --git a/example.py b/example.py
index a18e8098..ad394ce5 100644
--- a/example.py
+++ b/example.py
@@ -1,4 +1,5 @@
 import click
+import json
 import requests
 import sys
 import time
@@ -27,9 +28,9 @@ def deploy():
     node1 = resource.create('node1', 'resources/ro_node/', {'ip': '10.0.0.3', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev1/virtualbox/private_key', 'ssh_user': 'vagrant'})
     node2 = resource.create('node2', 'resources/ro_node/', {'ip': '10.0.0.4', 'ssh_key': '/vagrant/.vagrant/machines/solar-dev2/virtualbox/private_key', 'ssh_user': 'vagrant'})
 
-    rabbitmq_service1 = resource.create('rabbitmq_service1', 'resources/rabbitmq_service/', {'ssh_user':'', 'ip':'','management_port':'15672', 'port':'5672', 'ssh_key':'', 'container_name': 'rabbitmq_service1', 'image': 'rabbitmq:3-management'})
-    openstack_vhost = resource.create('openstack_vhost', 'resources/rabbitmq_vhost/', {'ssh_user':'', 'ip':'', 'ssh_key':'', 'vhost_name' : 'openstack', 'container_name':''})
-    openstack_rabbitmq_user = resource.create('openstack_rabbitmq_user', 'resources/rabbitmq_user/', {'ssh_user':'', 'ip':'', 'ssh_key':'', 'vhost_name' : '', 'user_name':'openstack', 'password':'openstack_password', 'container_name':''})
+    rabbitmq_service1 = resource.create('rabbitmq_service1', 'resources/rabbitmq_service/', {'ssh_user': '', 'ip': '','management_port': '15672', 'port': '5672', 'ssh_key': '', 'container_name': 'rabbitmq_service1', 'image': 'rabbitmq:3-management'})
+    openstack_vhost = resource.create('openstack_vhost', 'resources/rabbitmq_vhost/', {'ssh_user': '', 'ip': '', 'ssh_key': '', 'vhost_name': 'openstack', 'container_name': ''})
+    openstack_rabbitmq_user = resource.create('openstack_rabbitmq_user', 'resources/rabbitmq_user/', {'ssh_user': '', 'ip': '', 'ssh_key': '', 'vhost_name': '', 'user_name': 'openstack', 'password': 'openstack_password', 'container_name': ''})
 
     mariadb_service1 = resource.create('mariadb_service1', 'resources/mariadb_service', {'image': 'mariadb', 'root_password': 'mariadb', 'port': 3306, 'ip': '', 'ssh_user': '', 'ssh_key': ''})
     keystone_db = resource.create('keystone_db', 'resources/mariadb_db/', {'db_name': 'keystone_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
@@ -48,16 +49,19 @@ def deploy():
     glance_db = resource.create('glance_db', 'resources/mariadb_db/', {'db_name': 'glance_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
     glance_db_user = resource.create('glance_db_user', 'resources/mariadb_user/', {'new_user_name': 'glance', 'new_user_password': 'glance', 'db_name': '', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
 
-    glance_keystone_user = resource.create('glance_keystone_user', 'resources/keystone_user', {'user_name': 'glance_admin', 'user_password': 'password1234', 'tenant_name': 'service_admins', 'role_name': 'glance_admin', 'keystone_host': '', 'keystone_admin_port': '', 'login_user': '', 'login_token': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    services_tenant = resource.create('glance_keystone_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': 'services', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
 
-    glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_tenant': ''})
+    glance_keystone_user = resource.create('glance_keystone_user', 'resources/keystone_user', {'user_name': 'glance_admin', 'user_password': 'password1234', 'tenant_name': 'service_admins', 'role_name': 'glance_admin', 'keystone_host': '', 'keystone_port': '', 'admin_token': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    glance_keystone_role = resource.create('glance_keystone_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+
+    glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_port': '', 'keystone_admin_tenant': ''})
     glance_api_container = resource.create('glance_api_container', 'resources/glance_api_service/', {'image': 'cgenie/centos-rdo-glance-api', 'ports': [{'value': [{'value': 9292}]}], 'host_binds': [], 'volume_binds': [], 'db_password': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
     glance_registry_container = resource.create('glance_registry_container', 'resources/glance_registry_service/', {'image': 'cgenie/centos-rdo-glance-registry', 'ports': [{'value': [{'value': 9191}]}], 'host_binds': [], 'volume_binds': [], 'db_host': '', 'db_root_password': '', 'db_password': '', 'db_name': '', 'db_user': '', 'keystone_admin_tenant': '', 'keystone_password': '', 'keystone_user': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
 
-    admin_tenant = resource.create('admin_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port':'', 'login_user': 'admin', 'admin_token':'', 'tenant_name' : 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
-    admin_user = resource.create('admin_user', 'resources/keystone_user', {'keystone_host': '', 'keystone_port':'', 'login_user': 'admin', 'admin_token':'', 'tenant_name' : '', 'user_name': 'admin', 'user_password':'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
-    admin_role = resource.create('admin_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port':'', 'login_user': 'admin', 'admin_token':'', 'tenant_name' : '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
-    keystone_service_endpoint = resource.create('keystone_service_endpoint', 'resources/keystone_service_endpoint/', {'ip':'', 'ssh_key' : '', 'ssh_user':'', 'admin_port':'', 'admin_token':'', 'adminurl':'http://{{ip}}:{{admin_port}}/v2.0', 'internalurl':'http://{{ip}}:{{port}}/v2.0', 'publicurl':'http://{{ip}}:{{port}}/v2.0', 'description':'OpenStack Identity Service', 'keystone_host':'', 'keystone_port':'', 'name':'keystone', 'port':'', 'type':'identity'})
+    admin_tenant = resource.create('admin_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+    admin_user = resource.create('admin_user', 'resources/keystone_user', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': 'admin', 'user_password': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+    admin_role = resource.create('admin_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
+    keystone_service_endpoint = resource.create('keystone_service_endpoint', 'resources/keystone_service_endpoint/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'admin_port': '', 'admin_token': '', 'adminurl': 'http://{{ip}}:{{admin_port}}/v2.0', 'internalurl': 'http://{{ip}}:{{port}}/v2.0', 'publicurl': 'http://{{ip}}:{{port}}/v2.0', 'description': 'OpenStack Identity Service', 'keystone_host': '', 'keystone_port': '', 'name': 'keystone', 'port': '', 'type': 'identity'})
 
 
     ####
@@ -111,7 +115,7 @@ def deploy():
     signals.connect(admin_tenant, admin_user)
     signals.connect(admin_user, admin_role)
     signals.connect(keystone_config1, keystone_service_endpoint)
-    signals.connect(keystone_service1, keystone_service_endpoint, {'ip': 'keystone_host','admin_port':'admin_port', 'port':'port'})
+    signals.connect(keystone_service1, keystone_service_endpoint, {'ip': 'keystone_host','admin_port': 'admin_port', 'port': 'port'})
     signals.connect(keystone_service1, keystone_service_endpoint, {'admin_port': 'keystone_port'})
 
     # glance db
@@ -122,11 +126,14 @@ def deploy():
     signals.connect(glance_db, glance_db_user, {'db_name': 'db_name'})
 
     # glance keystone user
-    signals.connect(haproxy_keystone_config, glance_keystone_user, {'listen_port': 'keystone_admin_port'})
-    signals.connect(haproxy_service, glance_keystone_user)  # standard ip, ssh_key, ssh_user
-    signals.connect(haproxy_service, glance_keystone_user, {'ip': 'keystone_host'})
-    signals.connect(keystone_config1, glance_keystone_user, {'admin_token': 'login_token'})
+    signals.connect(keystone_config1, services_tenant)
+    signals.connect(keystone_service1, services_tenant, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
+    signals.connect(services_tenant, glance_keystone_user)  # standard ip, ssh_key, ssh_user
+    signals.connect(glance_keystone_user, glance_keystone_role)
+    signals.connect(keystone_service1, glance_keystone_user, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
+    signals.connect(keystone_config1, glance_keystone_user, {'admin_token': 'admin_token'})
     signals.connect(glance_keystone_user, glance_config, {'user_name': 'keystone_admin_user', 'user_password': 'keystone_admin_password', 'tenant_name': 'keystone_admin_tenant'})
+    signals.connect(keystone_service2, glance_config, {'admin_port': 'keystone_admin_port'})
 
     # glance
     signals.connect(node2, glance_config)
@@ -140,7 +147,7 @@ def deploy():
 
     signals.connect(glance_db_user, glance_api_container, {'new_user_password': 'db_password'})
     signals.connect(glance_keystone_user, glance_api_container, {'user_password': 'keystone_password'})
-    signals.connect(glance_keystone_user, glance_api_container, {'login_token': 'keystone_admin_token'})
+    signals.connect(glance_keystone_user, glance_api_container, {'admin_token': 'keystone_admin_token'})
     signals.connect(haproxy_config, glance_api_container, {'ip': 'keystone_host'})
 
     signals.connect(node2, glance_registry_container)
@@ -150,12 +157,13 @@ def deploy():
     signals.connect(glance_db, glance_registry_container, {'db_name': 'db_name', 'login_password': 'db_root_password'})
     signals.connect(glance_db_user, glance_registry_container, {'new_user_name': 'db_user', 'new_user_password': 'db_password'})
     signals.connect(glance_keystone_user, glance_registry_container, {'tenant_name': 'keystone_admin_tenant', 'user_name': 'keystone_user', 'user_password': 'keystone_password'})
-    signals.connect(glance_keystone_user, glance_registry_container, {'login_token': 'keystone_admin_token'})
+    signals.connect(glance_keystone_user, glance_registry_container, {'admin_token': 'keystone_admin_token'})
     signals.connect(haproxy_config, glance_registry_container, {'ip': 'keystone_host'})
 
 
     has_errors = False
     for r in resource.Resource.__subclasses__():
+        print 'Validating {}'.format(r.name)
         errors = validation.validate_resource(r)
         if errors:
             has_errors = True
@@ -186,11 +194,14 @@ def deploy():
     actions.resource_action(admin_role, 'run')
     actions.resource_action(keystone_service_endpoint, 'run')
 
+    actions.resource_action(services_tenant, 'run')
     actions.resource_action(glance_keystone_user, 'run')
+    actions.resource_action(glance_keystone_role, 'run')
     actions.resource_action(glance_db, 'run')
     actions.resource_action(glance_db_user, 'run')
     actions.resource_action(glance_config, 'run')
     actions.resource_action(glance_api_container, 'run')
+    time.sleep(10) #TODO fix
     actions.resource_action(glance_registry_container, 'run')
     time.sleep(10)
 
@@ -199,9 +210,9 @@ def deploy():
     requests.get('http://%s:%s' % (keystone_service2.args['ip'].value, keystone_service2.args['port'].value))
     requests.get('http://%s:%s' % (haproxy_service.args['ip'].value, haproxy_service.args['ports'].value[0]['value'][0]['value']))
 
-    requests.post(
+    token_data = requests.post(
         'http://%s:%s/v2.0/tokens' % (haproxy_service.args['ip'].value, haproxy_keystone_config.args['listen_port'].value),
-        {
+        json.dumps({
             'auth': {
                 'tenantName': glance_keystone_user.args['tenant_name'],
                 'passwordCredentials': {
@@ -209,13 +220,20 @@ def deploy():
                     'password': glance_keystone_user.args['user_password'],
                 }
             }
-        }
+        }),
+        headers={'Content-Type': 'application/json'}
     )
 
+    token = token_data.json()['access']['token']['id']
+    print 'TOKEN: {}'.format(token)
+
     requests.get('http://%s:%s' % (rabbitmq_service1.args['ip'].value, rabbitmq_service1.args['management_port'].value))
 
     requests.get('http://%s:%s' % (glance_api_container.args['ip'].value, glance_api_container.args['ports'].value[0]['value'][0]['value']))
-    requests.get('http://%s:%s' % (glance_registry_container.args['ip'].value, glance_registry_container.args['ports'].value[0]['value'][0]['value']))
+    requests.get(
+        'http://%s:%s' % (glance_registry_container.args['ip'].value, glance_registry_container.args['ports'].value[0]['value'][0]['value']),
+        headers={'X-Auth-Token': token}
+    )
 
 
 @click.command()
@@ -225,11 +243,14 @@ def undeploy():
     resources = map(resource.wrap_resource, db.get_list('resource'))
     resources = {r.name: r for r in resources}
 
-    actions.resource_action(resources['glance_registry_container'], 'remove')
     actions.resource_action(resources['glance_api_container'], 'remove')
+    actions.resource_action(resources['glance_registry_container'], 'remove')
     actions.resource_action(resources['glance_config'], 'remove')
     actions.resource_action(resources['glance_db_user'], 'remove')
     actions.resource_action(resources['glance_db'], 'remove')
+    actions.resource_action(resources['glance_keystone_role'], 'run')
+    actions.resource_action(resources['glance_keystone_user'], 'run')
+    actions.resource_action(resources['glance_keystone_tenant'], 'run')
 
     actions.resource_action(resources['keystone_service_endpoint'], 'remove')
     actions.resource_action(resources['admin_role'], 'remove')
diff --git a/resources/glance_config/actions/run.yml b/resources/glance_config/actions/run.yml
index 9fa72072..b1195753 100644
--- a/resources/glance_config/actions/run.yml
+++ b/resources/glance_config/actions/run.yml
@@ -7,6 +7,7 @@
     keystone_port: {{ keystone_port }}
     keystone_admin_user: {{ keystone_admin_user }}
     keystone_admin_password: {{ keystone_admin_password }}
+    keystone_admin_port: {{ keystone_admin_port }}
     keystone_admin_tenant: {{ keystone_admin_tenant }}
     mysql_ip: {{ mysql_ip }}
     mysql_db: {{ mysql_db }}
diff --git a/resources/glance_config/meta.yaml b/resources/glance_config/meta.yaml
index 01f66385..d2a4c94e 100644
--- a/resources/glance_config/meta.yaml
+++ b/resources/glance_config/meta.yaml
@@ -33,6 +33,9 @@ input:
     keystone_admin_password:
       schema: str!
       value: password1234
+    keystone_admin_port:
+      schema: int!
+      value:
     keystone_admin_tenant:
       schema: str!
       value: service_admins
diff --git a/resources/glance_config/templates/exports b/resources/glance_config/templates/exports
index c617e27b..d9d35bc8 100644
--- a/resources/glance_config/templates/exports
+++ b/resources/glance_config/templates/exports
@@ -1,4 +1,4 @@
 export OS_TENANT_NAME={{ keystone_admin_tenant }}
 export OS_USERNAME={{ keystone_admin_user }}
 export OS_PASSWORD={{ keystone_admin_password }}
-export OS_AUTH_URL=http://{{ keystone_ip }}:35357/v2.0
\ No newline at end of file
+export OS_AUTH_URL=http://{{ keystone_ip }}:{{ keystone_admin_port }}/v2.0
\ No newline at end of file
diff --git a/resources/glance_config/templates/glance-api-paste.ini b/resources/glance_config/templates/glance-api-paste.ini
index ad2c8b51..03667961 100644
--- a/resources/glance_config/templates/glance-api-paste.ini
+++ b/resources/glance_config/templates/glance-api-paste.ini
@@ -67,7 +67,7 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl
 
 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-identity_uri = http://{{ keystone_ip }}:35357
+identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
 admin_user = {{ keystone_admin_user }}
 admin_tenant_name = {{ keystone_admin_tenant }}
 admin_password = {{ keystone_admin_password }}
diff --git a/resources/glance_config/templates/glance-api.conf b/resources/glance_config/templates/glance-api.conf
index 70e508b6..9e379fb4 100644
--- a/resources/glance_config/templates/glance-api.conf
+++ b/resources/glance_config/templates/glance-api.conf
@@ -15,11 +15,11 @@ image_cache_dir = /var/lib/glance/image-cache/
 
 [database]
 connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
-backend = sqlalchemy
+backend = mysql
 
 [keystone_authtoken]
 auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
-identity_uri = http://{{ keystone_ip }}:35357
+identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
 admin_tenant_name = {{ keystone_admin_tenant }}
 admin_user = {{ keystone_admin_user }}
 admin_password = {{ keystone_admin_password }}
diff --git a/resources/glance_config/templates/glance-registry-paste.ini b/resources/glance_config/templates/glance-registry-paste.ini
index d46db774..01994804 100644
--- a/resources/glance_config/templates/glance-registry-paste.ini
+++ b/resources/glance_config/templates/glance-registry-paste.ini
@@ -24,7 +24,7 @@ paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddl
 
 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-identity_uri = http://{{ keystone_ip }}:35357
+identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
 admin_user = {{ keystone_admin_user }}
 admin_tenant_name = {{ keystone_admin_tenant }}
 admin_password = {{ keystone_admin_password }}
diff --git a/resources/glance_config/templates/glance-registry.conf b/resources/glance_config/templates/glance-registry.conf
index c55bc7a9..7efe994a 100644
--- a/resources/glance_config/templates/glance-registry.conf
+++ b/resources/glance_config/templates/glance-registry.conf
@@ -7,12 +7,12 @@ api_limit_max = 1000
 limit_param_default = 25
 
 [database]
-backend = sqlalchemy
+backend = mysql
 connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
 
 [keystone_authtoken]
 auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
-identity_uri = http://{{ keystone_ip }}:35357
+identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
 admin_tenant_name = {{ keystone_admin_tenant }}
 admin_user = {{ keystone_admin_user }}
 admin_password = {{ keystone_admin_password }}
diff --git a/resources/glance_registry_service/actions/run.yml b/resources/glance_registry_service/actions/run.yml
index 0235203b..51b208b6 100644
--- a/resources/glance_registry_service/actions/run.yml
+++ b/resources/glance_registry_service/actions/run.yml
@@ -3,7 +3,8 @@
   sudo: yes
   tasks:
     - docker:
-       command: /bin/bash -c "glance-manage db_sync && /usr/bin/keystone-registry"
+       #command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-registry"
+       command: /usr/bin/glance-registry
        name: {{ name }}
        image: {{ image }}
        state: running
diff --git a/resources/keystone_role/actions/run.yml b/resources/keystone_role/actions/run.yml
index 88960081..4d3df76c 100644
--- a/resources/keystone_role/actions/run.yml
+++ b/resources/keystone_role/actions/run.yml
@@ -1,5 +1,7 @@
 - hosts: [{{ ip }}]
   sudo: yes
   tasks:
+    - name: install python-keystoneclient
+      shell: pip install python-keystoneclient
     - name: keystone role
       keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} user={{user_name}} tenant={{tenant_name}} role={{role_name}} state=present
diff --git a/resources/keystone_service_endpoint/actions/remove.yaml b/resources/keystone_service_endpoint/actions/remove.yaml
index b15fe775..0b30ff48 100644
--- a/resources/keystone_service_endpoint/actions/remove.yaml
+++ b/resources/keystone_service_endpoint/actions/remove.yaml
@@ -1 +1,5 @@
 #todo
+- hosts: [{{ ip }}]
+  sudo: yes
+  tasks:
+    - shell: echo 1
diff --git a/resources/keystone_tenant/actions/run.yml b/resources/keystone_tenant/actions/run.yml
index 5122a7d8..1cf2597f 100644
--- a/resources/keystone_tenant/actions/run.yml
+++ b/resources/keystone_tenant/actions/run.yml
@@ -1,5 +1,7 @@
 - hosts: [{{ ip }}]
   sudo: yes
   tasks:
+    - name: install python-keystoneclient
+      shell: pip install python-keystoneclient
     - name: keystone tenant
       keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} tenant={{tenant_name}} state=present
diff --git a/resources/keystone_user/actions/run.yml b/resources/keystone_user/actions/run.yml
index 2deae25f..eb3c3743 100644
--- a/resources/keystone_user/actions/run.yml
+++ b/resources/keystone_user/actions/run.yml
@@ -3,4 +3,5 @@
   tasks:
     - name: install python-keystoneclient
       shell: pip install python-keystoneclient
+    - name: keystone user
       keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ token={{ admin_token }} user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} state=present
diff --git a/resources/keystone_user/meta.yaml b/resources/keystone_user/meta.yaml
index 32b4ce24..edaa75d6 100644
--- a/resources/keystone_user/meta.yaml
+++ b/resources/keystone_user/meta.yaml
@@ -5,15 +5,12 @@ input:
     keystone_host:
       schema: str!
       value:
-    keystone_admin_port:
+    keystone_port:
       schema: int!
       value:
     admin_token:
       schema: str!
       value:
-    role_name:
-      schema: str!
-      value:
     user_name:
       schema: str!
       value:

From d38def532321f5e05b31ee19e20cec6d3a945964 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Tue, 2 Jun 2015 08:06:38 +0200
Subject: [PATCH 16/19] Json.dumps fix for Obervable values

---
 example.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/example.py b/example.py
index ad394ce5..18c6f05c 100644
--- a/example.py
+++ b/example.py
@@ -214,10 +214,10 @@ def deploy():
         'http://%s:%s/v2.0/tokens' % (haproxy_service.args['ip'].value, haproxy_keystone_config.args['listen_port'].value),
         json.dumps({
             'auth': {
-                'tenantName': glance_keystone_user.args['tenant_name'],
+                'tenantName': glance_keystone_user.args['tenant_name'].value,
                 'passwordCredentials': {
-                    'username': glance_keystone_user.args['user_name'],
-                    'password': glance_keystone_user.args['user_password'],
+                    'username': glance_keystone_user.args['user_name'].value,
+                    'password': glance_keystone_user.args['user_password'].value,
                 }
             }
         }),

From b2c1d3f1c91767f6c263a800361af03a3f66e671 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Tue, 2 Jun 2015 10:33:06 +0200
Subject: [PATCH 17/19] Validation fix

Not Resource.__subclasses__ but instances...
---
 example.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/example.py b/example.py
index 18c6f05c..57f66100 100644
--- a/example.py
+++ b/example.py
@@ -162,7 +162,10 @@ def deploy():
 
 
     has_errors = False
-    for r in resource.Resource.__subclasses__():
+    for r in locals().values():
+        if not isinstance(r, resource.Resource):
+            continue
+
         print 'Validating {}'.format(r.name)
         errors = validation.validate_resource(r)
         if errors:

From 1cc956672a212e46fa26ba6a96d9afbdf7e9aea0 Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Tue, 2 Jun 2015 11:44:05 +0200
Subject: [PATCH 18/19] Glance: Keystone API endpoint added

---
 example.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/example.py b/example.py
index 57f66100..ff7a3db9 100644
--- a/example.py
+++ b/example.py
@@ -57,6 +57,10 @@ def deploy():
     glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_port': '', 'keystone_admin_tenant': ''})
     glance_api_container = resource.create('glance_api_container', 'resources/glance_api_service/', {'image': 'cgenie/centos-rdo-glance-api', 'ports': [{'value': [{'value': 9292}]}], 'host_binds': [], 'volume_binds': [], 'db_password': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
     glance_registry_container = resource.create('glance_registry_container', 'resources/glance_registry_service/', {'image': 'cgenie/centos-rdo-glance-registry', 'ports': [{'value': [{'value': 9191}]}], 'host_binds': [], 'volume_binds': [], 'db_host': '', 'db_root_password': '', 'db_password': '', 'db_name': '', 'db_user': '', 'keystone_admin_tenant': '', 'keystone_password': '', 'keystone_user': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
+    # TODO: admin_port should be refactored, we need to rethink docker
+    # container resource and make it common for all
+    # resources used in this demo
+    glance_api_endpoint = resource.create('glance_api_endpoint', 'resources/keystone_service_endpoint/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'admin_port': 9292, 'admin_token': '', 'adminurl': 'http://{{ip}}:{{admin_port}}', 'internalurl': 'http://{{ip}}:{{port}}', 'publicurl': 'http://{{ip}}:{{port}}', 'description': 'OpenStack Image Service', 'keystone_host': '', 'keystone_port': '', 'name': 'glance', 'port': 9292, 'type': 'image'})
 
     admin_tenant = resource.create('admin_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
     admin_user = resource.create('admin_user', 'resources/keystone_user', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': 'admin', 'user_password': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
@@ -160,6 +164,11 @@ def deploy():
     signals.connect(glance_keystone_user, glance_registry_container, {'admin_token': 'keystone_admin_token'})
     signals.connect(haproxy_config, glance_registry_container, {'ip': 'keystone_host'})
 
+    # glance keystone endpoint
+    signals.connect(glance_api_container, glance_api_endpoint, {'ip': 'ip', 'ssh_user': 'ssh_user', 'ssh_key': 'ssh_key'})
+    signals.connect(keystone_config1, glance_api_endpoint, {'admin_token': 'admin_token'})
+    signals.connect(keystone_service1, glance_api_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port'})
+
 
     has_errors = False
     for r in locals().values():
@@ -207,6 +216,7 @@ def deploy():
     time.sleep(10) #TODO fix
     actions.resource_action(glance_registry_container, 'run')
     time.sleep(10)
+    actions.resource_action(glance_api_endpoint, 'run')
 
     # test working configuration
     requests.get('http://%s:%s' % (keystone_service1.args['ip'].value, keystone_service1.args['port'].value))
@@ -246,6 +256,7 @@ def undeploy():
     resources = map(resource.wrap_resource, db.get_list('resource'))
     resources = {r.name: r for r in resources}
 
+    actions.resource_action(resources['glance_api_endpoint'], 'remove')
     actions.resource_action(resources['glance_api_container'], 'remove')
     actions.resource_action(resources['glance_registry_container'], 'remove')
     actions.resource_action(resources['glance_config'], 'remove')

From b8b6c91b394e885a324bc0ad1b7c2d7e819ce44a Mon Sep 17 00:00:00 2001
From: Przemyslaw Kaminski <pkaminski@mirantis.com>
Date: Tue, 2 Jun 2015 12:03:29 +0200
Subject: [PATCH 19/19] Fix remove actions

---
 example.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/example.py b/example.py
index ff7a3db9..e7bff062 100644
--- a/example.py
+++ b/example.py
@@ -262,9 +262,9 @@ def undeploy():
     actions.resource_action(resources['glance_config'], 'remove')
     actions.resource_action(resources['glance_db_user'], 'remove')
     actions.resource_action(resources['glance_db'], 'remove')
-    actions.resource_action(resources['glance_keystone_role'], 'run')
-    actions.resource_action(resources['glance_keystone_user'], 'run')
-    actions.resource_action(resources['glance_keystone_tenant'], 'run')
+    actions.resource_action(resources['glance_keystone_role'], 'remove')
+    actions.resource_action(resources['glance_keystone_user'], 'remove')
+    actions.resource_action(resources['glance_keystone_tenant'], 'remove')
 
     actions.resource_action(resources['keystone_service_endpoint'], 'remove')
     actions.resource_action(resources['admin_role'], 'remove')