keystone: enable openLDAP authentication

Modify python-keystone to use openldap. keystone's identity and assignment backends are configured to utilitze the hybrid backend for keystone. This backend uses the SQL backend by default and goes to the ldap database if the user doesn't exist. Signed-off-by: Amy Fong <amy.fong@windriver.com>
author: Amy Fong <amy.fong@windriver.com> 2014-07-29 14:30:18 -0400
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2014-07-30 00:50:21 -0400
commit: 2075b299cfd9b8d7860eef1d4d20cc46c73d49bc (patch)
tree: 3ad3a171f85f4b7710ed706e6de20bf5c0a0b8d8 /meta-openstack/recipes-devtools/python/python-keystone_git.bb
parent: 91f39a6e38e6e6fd1e9b6582fb85cd273f3249bb (diff)
download: meta-cloud-services-2075b299cfd9b8d7860eef1d4d20cc46c73d49bc.tar.gz
1 files changed, 46 insertions, 0 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
index 80118d4..5eef096 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -26,6 +26,8 @@ inherit setuptools update-rc.d identity hosts default_configs
 SERVICE_TOKEN = "password"
 TOKEN_FORMAT ?= "PKI"
+LDAP_DN ?= "dc=my-domain,dc=com"
 do_install_append() {
    KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
@@ -70,6 +72,47 @@ do_install_append() {
    sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
    sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
    sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone
+    if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
+        sed -i -e '/^\[identity\]/a \
+# Uncomment the following lines to enable the hybrid backend \
+# driver = keystone.identity.backends.hybrid_identity.Identity \
+#\
+# [assignment] \
+# driver = keystone.assignment.backends.hybrid_assignment.Assignment \
+' ${D}/etc/keystone/keystone.conf
+        sed -i -e '/^\[ldap\]/a \
+url = ldap://localhost \
+user = cn=Manager,${LDAP_DN} \
+password = secret \
+suffix = ${LDAP_DN} \
+use_dumb_member = True \
+\
+user_tree_dn = ou=Users,${LDAP_DN} \
+user_attribute_ignore = enabled,email,tenants,default_project_id \
+user_id_attribute = uid \
+user_name_attribute = uid \
+user_mail_attribute = email \
+user_pass_attribute = keystonePassword \
+\
+tenant_tree_dn = ou=Groups,${LDAP_DN} \
+tenant_desc_attribute = description \
+tenant_domain_id_attribute = businessCategory \
+tenant_attribute_ignore = enabled \
+tenant_objectclass = groupOfNames \
+tenant_id_attribute = cn \
+tenant_member_attribute = member \
+tenant_name_attribute = ou \
+\
+role_attribute_ignore = enabled \
+role_objectclass = groupOfNames \
+role_member_attribute = member \
+role_id_attribute = cn \
+role_name_attribute = ou \
+role_tree_dn = ou=Roles,${LDAP_DN} \
+' ${D}/etc/keystone/keystone.conf
+    fi
 }
 pkg_postinst_${SRCNAME}-setup () {
@@ -155,6 +198,9 @@ RDEPENDS_${PN} += " \
        python-pbr \
        "
+PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
+PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
 # TODO:
 #    if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
author	Amy Fong <amy.fong@windriver.com>	2014-07-29 14:30:18 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2014-07-30 00:50:21 -0400
commit	2075b299cfd9b8d7860eef1d4d20cc46c73d49bc (patch)
tree	3ad3a171f85f4b7710ed706e6de20bf5c0a0b8d8 /meta-openstack/recipes-devtools/python/python-keystone_git.bb
parent	91f39a6e38e6e6fd1e9b6582fb85cd273f3249bb (diff)
download	meta-cloud-services-2075b299cfd9b8d7860eef1d4d20cc46c73d49bc.tar.gz

diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb index 80118d4..5eef096 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb +++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -26,6 +26,8 @@ inherit setuptools update-rc.d identity hosts default_configs
26	SERVICE_TOKEN = "password"	26	SERVICE_TOKEN = "password"
27	TOKEN_FORMAT ?= "PKI"	27	TOKEN_FORMAT ?= "PKI"
28		28
		29	LDAP_DN ?= "dc=my-domain,dc=com"
		30
29	do_install_append() {	31	do_install_append() {
30		32
31	KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone	33	KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
@@ -70,6 +72,47 @@ do_install_append() {
70	sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone	72	sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
71	sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone	73	sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" -i ${D}${sysconfdir}/init.d/keystone
72	sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone	74	sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" -i ${D}${sysconfdir}/init.d/keystone
		75
		76	if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
		77	sed -i -e '/^\[identity\]/a \
		78	# Uncomment the following lines to enable the hybrid backend \
		79	# driver = keystone.identity.backends.hybrid_identity.Identity \
		80	#\
		81	# [assignment] \
		82	# driver = keystone.assignment.backends.hybrid_assignment.Assignment \
		83	' ${D}/etc/keystone/keystone.conf
		84
		85	sed -i -e '/^\[ldap\]/a \
		86	url = ldap://localhost \
		87	user = cn=Manager,${LDAP_DN} \
		88	password = secret \
		89	suffix = ${LDAP_DN} \
		90	use_dumb_member = True \
		91	\
		92	user_tree_dn = ou=Users,${LDAP_DN} \
		93	user_attribute_ignore = enabled,email,tenants,default_project_id \
		94	user_id_attribute = uid \
		95	user_name_attribute = uid \
		96	user_mail_attribute = email \
		97	user_pass_attribute = keystonePassword \
		98	\
		99	tenant_tree_dn = ou=Groups,${LDAP_DN} \
		100	tenant_desc_attribute = description \
		101	tenant_domain_id_attribute = businessCategory \
		102	tenant_attribute_ignore = enabled \
		103	tenant_objectclass = groupOfNames \
		104	tenant_id_attribute = cn \
		105	tenant_member_attribute = member \
		106	tenant_name_attribute = ou \
		107	\
		108	role_attribute_ignore = enabled \
		109	role_objectclass = groupOfNames \
		110	role_member_attribute = member \
		111	role_id_attribute = cn \
		112	role_name_attribute = ou \
		113	role_tree_dn = ou=Roles,${LDAP_DN} \
		114	' ${D}/etc/keystone/keystone.conf
		115	fi
73	}	116	}
74		117
75	pkg_postinst_${SRCNAME}-setup () {	118	pkg_postinst_${SRCNAME}-setup () {
@@ -155,6 +198,9 @@ RDEPENDS_${PN} += " \
155	python-pbr \	198	python-pbr \
156	"	199	"
157		200
		201	PACKAGECONFIG ?= "${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
		202	PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
		203
158	# TODO:	204	# TODO:
159	# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS	205	# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
160		206