diff options
author | Andy Ning <andy.ning@windriver.com> | 2014-07-16 11:37:37 -0400 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2014-07-30 00:50:59 -0400 |
commit | 0aec82d70fa032bfe616ea5058d504f860e241f8 (patch) | |
tree | cd88ce4f6c7ac88308b85d1ce66941877978cc51 /meta-openstack/recipes-devtools/python/python-keystone_git.bb | |
parent | ceecd0d46de35111f4c3c1e65176e09cb2117ecb (diff) | |
download | meta-cloud-services-0aec82d70fa032bfe616ea5058d504f860e241f8.tar.gz |
Keystone: package service/user additions
Instead of creating tenant/user/role and service/endpoint for all
openstack services in keystone postinstall, now each of the services
creates its own keystone identities by queueing them up in its postinstall
to a file /etc/keystone/service-user-setup. service-user-setup
script, when run as the last postinstall, calls identity.sh with keystone
identity parameters to create necessary identities for the services.
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Diffstat (limited to 'meta-openstack/recipes-devtools/python/python-keystone_git.bb')
-rw-r--r-- | meta-openstack/recipes-devtools/python/python-keystone_git.bb | 50 |
1 files changed, 36 insertions, 14 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb index 7ce2548..59d2b7f 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb +++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb | |||
@@ -30,6 +30,33 @@ TOKEN_FORMAT ?= "PKI" | |||
30 | 30 | ||
31 | LDAP_DN ?= "dc=my-domain,dc=com" | 31 | LDAP_DN ?= "dc=my-domain,dc=com" |
32 | 32 | ||
33 | SERVICECREATE_PACKAGES = "${SRCNAME}-setup" | ||
34 | KEYSTONE_HOST="${CONTROLLER_IP}" | ||
35 | |||
36 | # USERCREATE_PARAM and SERVICECREATE_PARAM contain the list of parameters to be set. | ||
37 | # If the flag for a parameter in the list is not set here, the default value will be given to that parameter. | ||
38 | # Parameters not in the list will be set to empty. | ||
39 | |||
40 | USERCREATE_PARAM_${SRCNAME}-setup = "name pass tenant role email" | ||
41 | python () { | ||
42 | flags = {'name':'${ADMIN_USER}',\ | ||
43 | 'pass':'${ADMIN_PASSWORD}',\ | ||
44 | 'tenant':'${ADMIN_TENANT}',\ | ||
45 | 'role':'${ADMIN_ROLE}',\ | ||
46 | 'email':'${ADMIN_USER_EMAIL}',\ | ||
47 | } | ||
48 | d.setVarFlags("USERCREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags) | ||
49 | } | ||
50 | SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl adminurl internalurl" | ||
51 | python () { | ||
52 | flags = {'type':'identity',\ | ||
53 | 'description':'OpenStack Identity',\ | ||
54 | 'publicurl':"'http://${KEYSTONE_HOST}:5000/v2.0'",\ | ||
55 | 'adminurl':"'http://${KEYSTONE_HOST}:35357/v2.0'",\ | ||
56 | 'internalurl':"'http://${KEYSTONE_HOST}:5000/v2.0'"} | ||
57 | d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags) | ||
58 | } | ||
59 | |||
33 | do_install_append() { | 60 | do_install_append() { |
34 | 61 | ||
35 | KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone | 62 | KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone |
@@ -40,7 +67,7 @@ do_install_append() { | |||
40 | install -d ${D}${localstatedir}/log/${SRCNAME} | 67 | install -d ${D}${localstatedir}/log/${SRCNAME} |
41 | 68 | ||
42 | install -m 600 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/ | 69 | install -m 600 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/ |
43 | install -m 600 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/ | 70 | install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/ |
44 | install -m 600 ${WORKDIR}/openrc ${KEYSTONE_CONF_DIR}/ | 71 | install -m 600 ${WORKDIR}/openrc ${KEYSTONE_CONF_DIR}/ |
45 | install -m 600 ${S}/etc/logging.conf.sample ${KEYSTONE_CONF_DIR}/logging.conf | 72 | install -m 600 ${S}/etc/logging.conf.sample ${KEYSTONE_CONF_DIR}/logging.conf |
46 | install -m 600 ${S}/etc/policy.json ${KEYSTONE_CONF_DIR}/policy.json | 73 | install -m 600 ${S}/etc/policy.json ${KEYSTONE_CONF_DIR}/policy.json |
@@ -125,20 +152,15 @@ pkg_postinst_${SRCNAME}-setup () { | |||
125 | sleep 2 | 152 | sleep 2 |
126 | fi | 153 | fi |
127 | 154 | ||
128 | sudo -u postgres createdb keystone | 155 | # This is to make sure keystone is configured and running |
129 | keystone-manage db_sync | 156 | PIDFILE="/var/run/keystone-all.pid" |
130 | keystone-manage pki_setup --keystone-user=root --keystone-group=root | 157 | if [ -z `cat $PIDFILE 2>/dev/null` ]; then |
158 | sudo -u postgres createdb keystone | ||
159 | keystone-manage db_sync | ||
160 | keystone-manage pki_setup --keystone-user=root --keystone-group=root | ||
131 | 161 | ||
132 | # Create users, services and endpoints | 162 | /etc/init.d/keystone start |
133 | /etc/init.d/keystone start | 163 | fi |
134 | sleep 2 | ||
135 | |||
136 | ADMIN_PASSWORD=${ADMIN_PASSWORD} \ | ||
137 | SERVICE_PASSWORD=${SERVICE_PASSWORD} \ | ||
138 | SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME} \ | ||
139 | bash /etc/keystone/identity.sh | ||
140 | |||
141 | # end python-keystone postinst | ||
142 | } | 164 | } |
143 | 165 | ||
144 | # By default tokens are expired after 1 day so by default we can set | 166 | # By default tokens are expired after 1 day so by default we can set |