Keystone: build time incremental/programatic user additions

Instead of creating tenant/user/role and service/endpoint for all openstack services in keystone postinstall, now each of the services creates keystone identities by itself in its own postinstall. The exiting identity.bbclass has been re-written so that each of the individual postinstalls will queue up keystone identity creation in /etc/keystone/service-user-setup at runtime. And service-user-setup will be run as the last postinstall to create keytstone identities for all the services. Signed-off-by: Andy Ning <andy.ning@windriver.com>
author: Andy Ning <andy.ning@windriver.com> 2014-07-16 11:28:48 -0400
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2014-07-30 10:46:55 -0400
commit: e73626b8c9b502a00cfe29b36c1b3b85442c140a (patch)
tree: 8fd04b7a5c3b615714bd16000ac167f3f0ff791a
parent: 354e385c90a6005271eb69102cd2818cdee27237 (diff)
download: meta-cloud-services-e73626b8c9b502a00cfe29b36c1b3b85442c140a.tar.gz
1 files changed, 178 insertions, 4 deletions
diff --git a/meta-openstack/classes/identity.bbclass b/meta-openstack/classes/identity.bbclass
index 70191a5..424d946 100644
--- a/meta-openstack/classes/identity.bbclass
+++ b/meta-openstack/classes/identity.bbclass
@@ -1,7 +1,181 @@
+#
+# Copyright (C) 2014 Wind River Systems, Inc.
+#
+# The identity class provides utilities for services to add tenant/role/users,
+# and service/endpoints into keystone database
+#
 SERVICE_TOKEN = "password"
-ADMIN_PASSWORD = "password"
+METADATA_SHARED_SECRET = "password"
-SERVICE_PASSWORD = "password"
-SERVICE_TENANT_NAME = "service"
 DB_USER = "admin"
 DB_PASSWORD = "admin"
-METADATA_SHARED_SECRET = "password"
+SERVICE_TENANT_NAME = "service"
+SERVICE_PASSWORD = "password"
+ADMIN_TENANT = "admin"
+ADMIN_USER = "admin"
+ADMIN_PASSWORD = "password"
+ADMIN_ROLE = "admin"
+ADMIN_USER_EMAIL = "admin@domain.com"
+MEMBER_ROLE = "Member"
+RUN_POSTINSTS_FILE = "${@base_contains('DISTRO_FEATURES', 'sysvinit', '/etc/rcS.d/S98run-postinsts', '', d)}"
+# Add service and user setup into S98run-postinst running list
+ROOTFS_POSTPROCESS_COMMAND += "update_run_postinsts ; "
+POST_SERVICE_SETUP_COMMAND = "/etc/keystone/service-user-setup"
+update_run_postinsts() {
+    if [ -f "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" ]; then
+        cat >> "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" << EOF
+# run service and user setup
+if [ -f ${POST_SERVICE_SETUP_COMMAND} ]; then
+    chmod 755 ${POST_SERVICE_SETUP_COMMAND}
+    ${POST_SERVICE_SETUP_COMMAND}
+fi
+# run hybrid backend setup
+if [ -f ${POST_KEYSTONE_SETUP_COMMAND} ]; then
+    chmod 755 ${POST_KEYSTONE_SETUP_COMMAND}
+    ${POST_KEYSTONE_SETUP_COMMAND}
+fi
+EOF
+    fi
+}
+# Create user and service in package postinst, common part
+servicecreate_postinst_common () {
+    # create service and user setup postinstall file
+    if [ ! -e ${POST_SERVICE_SETUP_COMMAND} ]; then
+        cat > ${POST_SERVICE_SETUP_COMMAND} << EOF
+#!/bin/sh
+EOF
+    fi
+}
+# Create user in package postinst
+servicecreate_postinst_user () {
+    # create tenant/user/role in keystone
+    cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF
+    /etc/keystone/identity.sh user-create USERCREATE_PARAM
+EOF
+}
+# Create service in package postinst
+servicecreate_postinst_service () {
+    # create service/endpoint in keystone
+    cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF
+    /etc/keystone/identity.sh service-create SERVICECREATE_PARAM
+EOF
+}
+# Recipe parse-time sanity checks
+def sanity_check(d):
+    servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or ""
+    for pkg in servicecreate_packages.split():
+        # User parameters checking.
+        if not d.getVar('USERCREATE_PARAM_%s' % pkg, True) and not d.getVar('SERVICECREATE_PARAM_%s' % pkg, True):
+            raise bb.build.FuncFailed, "%s SERVICECREATE_PACKAGES includes %s, but neither USERCREATE_PARAM_%s nor SERVICECREATE_PARAM_%s is set" % (d.getVar('FILE'), pkg, pkg, pkg)
+python __anonymous() {
+    sanity_check(d)
+}
+# Get user variables from recipe and return a string that will be passed to identity.sh
+def usercreate_param(d, pkg):
+    # Default values
+    param_defaults = {'name':'${SRCNAME}',\
+                      'pass':'${SERVICE_PASSWORD}',\
+                      'tenant':'${SERVICE_TENANT_NAME}',\
+                      'role':'${ADMIN_ROLE}',\
+                      'email':'${SRCNAME}@domain.com'}
+    param = d.getVar('USERCREATE_PARAM_%s' % pkg, True)
+    param_flags = d.getVarFlags('USERCREATE_PARAM_%s' % pkg) or {}
+    for key, value in param_defaults.items():
+        if key in param.split():
+            if param_flags.has_key(key):
+                param_defaults[key] = param_flags[key]
+        else:
+            param_defaults[key] = ''
+    user_param = '--name=' + param_defaults['name'] + ' ' \
+               + '--pass=' + param_defaults['pass'] + ' ' \
+               + '--tenant=' + param_defaults['tenant'] + ' ' \
+               + '--role=' + param_defaults['role'] + ' ' \
+               + '--email=' + param_defaults['email']
+    bb.debug(1, 'user_param = %s' % user_param)
+    return user_param
+# Get service variables from recipe and return a string that will be passed to identity.sh
+def servicecreate_param(d, pkg):
+    # Default values
+    param_defaults = {'name':'${SRCNAME}',\
+                      'type':'',\
+                      'description':'',\
+                      'region':'RegionOne',\
+                      'publicurl':'',\
+                      'adminurl':'',\
+                      'internalurl':''}
+    param = d.getVar('SERVICECREATE_PARAM_%s' % pkg, True)
+    param_flags = d.getVarFlags('SERVICECREATE_PARAM_%s' % pkg) or {}
+    for key, value in param_defaults.items():
+        if key in param.split():
+            if param_flags.has_key(key):
+                param_defaults[key] = param_flags[key]
+        else:
+            param_defaults[key] = ''
+    service_param = '--name=' + param_defaults['name'] + ' ' \
+                  + '--type=' + param_defaults['type'] + ' ' \
+                  + '--description=' + param_defaults['description'] + ' ' \
+                  + '--region=' + param_defaults['region'] + ' ' \
+                  + '--publicurl=' + param_defaults['publicurl'] + ' ' \
+                  + '--adminurl=' + param_defaults['adminurl'] + ' ' \
+                  + '--internalurl=' + param_defaults['internalurl']
+    bb.debug(1, 'service_param = %s' % service_param)
+    return service_param
+# Add the postinst script into the generated package
+python populate_packages_append () {
+    servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or ""
+    servicecreate_postinst_common_copy = d.getVar('servicecreate_postinst_common', True)
+    servicecreate_postinst_user_copy = d.getVar('servicecreate_postinst_user', True)
+    servicecreate_postinst_service_copy = d.getVar('servicecreate_postinst_service', True)
+    for pkg in servicecreate_packages.split():
+        bb.debug(1, 'Adding service/user creation calls to postinst for %s' % pkg)
+        postinst = d.getVar('pkg_postinst_%s' % pkg, True) or d.getVar('pkg_postinst', True)
+        if not postinst:
+            postinst = '    if [ "x$D" != "x" ]; then\n' + \
+                       '        exit 1\n' + \
+                       '    fi\n'
+        postinst += servicecreate_postinst_common_copy
+        if d.getVar('USERCREATE_PARAM_%s' % pkg, True):
+            servicecreate_postinst_user = servicecreate_postinst_user_copy.replace("USERCREATE_PARAM", usercreate_param(d, pkg))
+            postinst += servicecreate_postinst_user
+        if d.getVar('SERVICECREATE_PARAM_%s' % pkg, True):
+            servicecreate_postinst_service = servicecreate_postinst_service_copy.replace("SERVICECREATE_PARAM", servicecreate_param(d, pkg))
+            postinst += servicecreate_postinst_service
+        d.setVar('pkg_postinst_%s' % pkg, postinst)
+        bb.debug(1, 'pkg_postinst_%s = %s' % (pkg, d.getVar('pkg_postinst_%s' % pkg, True)))
+}
author	Andy Ning <andy.ning@windriver.com>	2014-07-16 11:28:48 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2014-07-30 10:46:55 -0400
commit	e73626b8c9b502a00cfe29b36c1b3b85442c140a (patch)
tree	8fd04b7a5c3b615714bd16000ac167f3f0ff791a
parent	354e385c90a6005271eb69102cd2818cdee27237 (diff)
download	meta-cloud-services-e73626b8c9b502a00cfe29b36c1b3b85442c140a.tar.gz

diff --git a/meta-openstack/classes/identity.bbclass b/meta-openstack/classes/identity.bbclass index 70191a5..424d946 100644 --- a/meta-openstack/classes/identity.bbclass +++ b/meta-openstack/classes/identity.bbclass
@@ -1,7 +1,181 @@
		1	#
		2	# Copyright (C) 2014 Wind River Systems, Inc.
		3	#
		4	# The identity class provides utilities for services to add tenant/role/users,
		5	# and service/endpoints into keystone database
		6	#
		7
1	SERVICE_TOKEN = "password"	8	SERVICE_TOKEN = "password"
2	ADMIN_PASSWORD = "password"	9	METADATA_SHARED_SECRET = "password"
3	SERVICE_PASSWORD = "password"	10
4	SERVICE_TENANT_NAME = "service"
5	DB_USER = "admin"	11	DB_USER = "admin"
6	DB_PASSWORD = "admin"	12	DB_PASSWORD = "admin"
7	METADATA_SHARED_SECRET = "password"	13
		14	SERVICE_TENANT_NAME = "service"
		15	SERVICE_PASSWORD = "password"
		16
		17	ADMIN_TENANT = "admin"
		18	ADMIN_USER = "admin"
		19	ADMIN_PASSWORD = "password"
		20	ADMIN_ROLE = "admin"
		21	ADMIN_USER_EMAIL = "admin@domain.com"
		22
		23	MEMBER_ROLE = "Member"
		24
		25	RUN_POSTINSTS_FILE = "${@base_contains('DISTRO_FEATURES', 'sysvinit', '/etc/rcS.d/S98run-postinsts', '', d)}"
		26
		27	# Add service and user setup into S98run-postinst running list
		28	ROOTFS_POSTPROCESS_COMMAND += "update_run_postinsts ; "
		29	POST_SERVICE_SETUP_COMMAND = "/etc/keystone/service-user-setup"
		30
		31	update_run_postinsts() {
		32	if [ -f "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" ]; then
		33	cat >> "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" << EOF
		34
		35	# run service and user setup
		36	if [ -f ${POST_SERVICE_SETUP_COMMAND} ]; then
		37	chmod 755 ${POST_SERVICE_SETUP_COMMAND}
		38	${POST_SERVICE_SETUP_COMMAND}
		39	fi
		40
		41	# run hybrid backend setup
		42	if [ -f ${POST_KEYSTONE_SETUP_COMMAND} ]; then
		43	chmod 755 ${POST_KEYSTONE_SETUP_COMMAND}
		44	${POST_KEYSTONE_SETUP_COMMAND}
		45	fi
		46	EOF
		47	fi
		48	}
		49
		50	# Create user and service in package postinst, common part
		51	servicecreate_postinst_common () {
		52
		53	# create service and user setup postinstall file
		54	if [ ! -e ${POST_SERVICE_SETUP_COMMAND} ]; then
		55	cat > ${POST_SERVICE_SETUP_COMMAND} << EOF
		56	#!/bin/sh
		57	EOF
		58	fi
		59	}
		60
		61	# Create user in package postinst
		62	servicecreate_postinst_user () {
		63
		64	# create tenant/user/role in keystone
		65	cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF
		66
		67	/etc/keystone/identity.sh user-create USERCREATE_PARAM
		68	EOF
		69	}
		70
		71	# Create service in package postinst
		72	servicecreate_postinst_service () {
		73
		74	# create service/endpoint in keystone
		75	cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF
		76
		77	/etc/keystone/identity.sh service-create SERVICECREATE_PARAM
		78	EOF
		79	}
		80
		81	# Recipe parse-time sanity checks
		82	def sanity_check(d):
		83	servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or ""
		84
		85	for pkg in servicecreate_packages.split():
		86	# User parameters checking.
		87	if not d.getVar('USERCREATE_PARAM_%s' % pkg, True) and not d.getVar('SERVICECREATE_PARAM_%s' % pkg, True):
		88	raise bb.build.FuncFailed, "%s SERVICECREATE_PACKAGES includes %s, but neither USERCREATE_PARAM_%s nor SERVICECREATE_PARAM_%s is set" % (d.getVar('FILE'), pkg, pkg, pkg)
		89
		90	python __anonymous() {
		91	sanity_check(d)
		92	}
		93
		94	# Get user variables from recipe and return a string that will be passed to identity.sh
		95	def usercreate_param(d, pkg):
		96	# Default values
		97	param_defaults = {'name':'${SRCNAME}',\
		98	'pass':'${SERVICE_PASSWORD}',\
		99	'tenant':'${SERVICE_TENANT_NAME}',\
		100	'role':'${ADMIN_ROLE}',\
		101	'email':'${SRCNAME}@domain.com'}
		102
		103	param = d.getVar('USERCREATE_PARAM_%s' % pkg, True)
		104	param_flags = d.getVarFlags('USERCREATE_PARAM_%s' % pkg) or {}
		105
		106	for key, value in param_defaults.items():
		107	if key in param.split():
		108	if param_flags.has_key(key):
		109	param_defaults[key] = param_flags[key]
		110	else:
		111	param_defaults[key] = ''
		112
		113	user_param = '--name=' + param_defaults['name'] + ' ' \
		114	+ '--pass=' + param_defaults['pass'] + ' ' \
		115	+ '--tenant=' + param_defaults['tenant'] + ' ' \
		116	+ '--role=' + param_defaults['role'] + ' ' \
		117	+ '--email=' + param_defaults['email']
		118
		119	bb.debug(1, 'user_param = %s' % user_param)
		120	return user_param
		121
		122	# Get service variables from recipe and return a string that will be passed to identity.sh
		123	def servicecreate_param(d, pkg):
		124	# Default values
		125	param_defaults = {'name':'${SRCNAME}',\
		126	'type':'',\
		127	'description':'',\
		128	'region':'RegionOne',\
		129	'publicurl':'',\
		130	'adminurl':'',\
		131	'internalurl':''}
		132
		133	param = d.getVar('SERVICECREATE_PARAM_%s' % pkg, True)
		134	param_flags = d.getVarFlags('SERVICECREATE_PARAM_%s' % pkg) or {}
		135
		136	for key, value in param_defaults.items():
		137	if key in param.split():
		138	if param_flags.has_key(key):
		139	param_defaults[key] = param_flags[key]
		140	else:
		141	param_defaults[key] = ''
		142
		143	service_param = '--name=' + param_defaults['name'] + ' ' \
		144	+ '--type=' + param_defaults['type'] + ' ' \
		145	+ '--description=' + param_defaults['description'] + ' ' \
		146	+ '--region=' + param_defaults['region'] + ' ' \
		147	+ '--publicurl=' + param_defaults['publicurl'] + ' ' \
		148	+ '--adminurl=' + param_defaults['adminurl'] + ' ' \
		149	+ '--internalurl=' + param_defaults['internalurl']
		150
		151	bb.debug(1, 'service_param = %s' % service_param)
		152	return service_param
		153
		154	# Add the postinst script into the generated package
		155	python populate_packages_append () {
		156	servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or ""
		157
		158	servicecreate_postinst_common_copy = d.getVar('servicecreate_postinst_common', True)
		159	servicecreate_postinst_user_copy = d.getVar('servicecreate_postinst_user', True)
		160	servicecreate_postinst_service_copy = d.getVar('servicecreate_postinst_service', True)
		161	for pkg in servicecreate_packages.split():
		162	bb.debug(1, 'Adding service/user creation calls to postinst for %s' % pkg)
		163
		164	postinst = d.getVar('pkg_postinst_%s' % pkg, True) or d.getVar('pkg_postinst', True)
		165	if not postinst:
		166	postinst = ' if [ "x$D" != "x" ]; then\n' + \
		167	' exit 1\n' + \
		168	' fi\n'
		169	postinst += servicecreate_postinst_common_copy
		170
		171	if d.getVar('USERCREATE_PARAM_%s' % pkg, True):
		172	servicecreate_postinst_user = servicecreate_postinst_user_copy.replace("USERCREATE_PARAM", usercreate_param(d, pkg))
		173	postinst += servicecreate_postinst_user
		174
		175	if d.getVar('SERVICECREATE_PARAM_%s' % pkg, True):
		176	servicecreate_postinst_service = servicecreate_postinst_service_copy.replace("SERVICECREATE_PARAM", servicecreate_param(d, pkg))
		177	postinst += servicecreate_postinst_service
		178
		179	d.setVar('pkg_postinst_%s' % pkg, postinst)
		180	bb.debug(1, 'pkg_postinst_%s = %s' % (pkg, d.getVar('pkg_postinst_%s' % pkg, True)))
		181	}