diff options
author | Mark Asselstine <mark.asselstine@windriver.com> | 2017-11-22 11:08:46 -0500 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2017-11-27 10:39:51 -0500 |
commit | fc1d523aa0f734ec88907f5b4ecc510d8fa56f51 (patch) | |
tree | a0cc468741ea2449683fb93fc17b7756de9e61f3 /meta-openstack/recipes-devtools/python/python-keystone_git.bb | |
parent | 54c4cb239e3bfd8d9efe75f073aef8e4a671bc7b (diff) | |
download | meta-cloud-services-fc1d523aa0f734ec88907f5b4ecc510d8fa56f51.tar.gz |
python-keystone: get things working with stable/pike
Since we need to ensure the setup is run after postgresql is setup and
running we can't use a postinst as it runs too early in the boot
process. Instead we have a simple service which will run after
postgresql-init to complete the setup. On completion the service
disables itself, avoiding being run again on subsequent boots.
Update configuration data to match keystone setup as described on the
upstream project pages.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'meta-openstack/recipes-devtools/python/python-keystone_git.bb')
-rw-r--r-- | meta-openstack/recipes-devtools/python/python-keystone_git.bb | 129 |
1 files changed, 48 insertions, 81 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb index b5f92dd..d7f6400 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb +++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb | |||
@@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2" | |||
7 | SRCNAME = "keystone" | 7 | SRCNAME = "keystone" |
8 | 8 | ||
9 | SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/pike \ | 9 | SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/pike \ |
10 | file://keystone-init \ | ||
11 | file://keystone-init.service \ | ||
10 | file://keystone.conf \ | 12 | file://keystone.conf \ |
11 | file://identity.sh \ | 13 | file://identity.sh \ |
12 | file://keystone \ | ||
13 | file://convert_keystone_backend.py \ | 14 | file://convert_keystone_backend.py \ |
14 | file://wsgi-keystone.conf \ | 15 | file://wsgi-keystone.conf \ |
15 | " | 16 | " |
@@ -24,11 +25,14 @@ PV = "12.0.0+git${SRCPV}" | |||
24 | 25 | ||
25 | S = "${WORKDIR}/git" | 26 | S = "${WORKDIR}/git" |
26 | 27 | ||
27 | inherit setuptools update-rc.d identity hosts default_configs monitor | 28 | inherit setuptools identity hosts default_configs monitor useradd systemd |
28 | 29 | ||
29 | SERVICE_TOKEN = "password" | 30 | SERVICE_TOKEN = "password" |
30 | TOKEN_FORMAT ?= "PKI" | 31 | TOKEN_FORMAT ?= "PKI" |
31 | 32 | ||
33 | USERADD_PACKAGES = "${PN}" | ||
34 | USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone" | ||
35 | |||
32 | LDAP_DN ?= "dc=my-domain,dc=com" | 36 | LDAP_DN ?= "dc=my-domain,dc=com" |
33 | 37 | ||
34 | SERVICECREATE_PACKAGES = "${SRCNAME}-setup" | 38 | SERVICECREATE_PACKAGES = "${SRCNAME}-setup" |
@@ -64,79 +68,67 @@ do_install_append() { | |||
64 | 68 | ||
65 | KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone | 69 | KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone |
66 | KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone | 70 | KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone |
67 | |||
68 | APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/ | 71 | APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/ |
69 | KEYSTONE_PY_DIR=${D}${datadir}/openstack-dashboard/openstack_dashboard/api/ | ||
70 | KEYSTONE_CGI_DIR=${D}${localstatedir}/www/cgi-bin/keystone/ | ||
71 | 72 | ||
72 | # Apache needs to read the configs. | 73 | # Create directories |
73 | install -m 755 -d ${KEYSTONE_CONF_DIR} | 74 | install -m 755 -d ${KEYSTONE_CONF_DIR} |
74 | install -m 755 -d ${APACHE_CONF_DIR} | 75 | install -m 755 -d ${APACHE_CONF_DIR} |
75 | |||
76 | install -d ${D}${localstatedir}/log/${SRCNAME} | 76 | install -d ${D}${localstatedir}/log/${SRCNAME} |
77 | install -m 755 -d ${KEYSTONE_CGI_DIR} | ||
78 | #install -m 755 -d ${KEYSTONE_PY_DIR} | ||
79 | 77 | ||
78 | # Setup the systemd service file | ||
79 | install -d ${D}${systemd_unitdir}/system/ | ||
80 | KS_INIT_SERVICE_FILE=${D}${systemd_unitdir}/system/keystone-init.service | ||
81 | install -m 644 ${WORKDIR}/keystone-init.service ${KS_INIT_SERVICE_FILE} | ||
82 | sed -e "s:%SYSCONFIGDIR%:${sysconfdir}:g" -i ${KS_INIT_SERVICE_FILE} | ||
83 | |||
84 | # Setup the keystone initialization script | ||
85 | KS_INIT_FILE=${KEYSTONE_CONF_DIR}/keystone-init | ||
86 | install -m 755 ${WORKDIR}/keystone-init ${KS_INIT_FILE} | ||
87 | sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KS_INIT_FILE} | ||
88 | sed -e "s:%KEYSTONE_USER%:keystone:g" -i ${KS_INIT_FILE} | ||
89 | sed -e "s:%KEYSTONE_GROUP%:keystone:g" -i ${KS_INIT_FILE} | ||
90 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_INIT_FILE} | ||
91 | sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_INIT_FILE} | ||
92 | sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_INIT_FILE} | ||
93 | sed -e "s:%ADMIN_ROLE%:${ADMIN_ROLE}:g" -i ${KS_INIT_FILE} | ||
94 | |||
95 | # Install various configuration files. We have to select suitable | ||
96 | # permissions as packages such as Apache require read access. | ||
97 | # | ||
80 | # Apache needs to read the keystone.conf | 98 | # Apache needs to read the keystone.conf |
81 | install -m 644 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/ | 99 | install -m 644 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/ |
82 | # Apache needs to read the wsgi-keystone.conf | 100 | # Apache needs to read the wsgi-keystone.conf |
83 | install -m 644 ${WORKDIR}/wsgi-keystone.conf ${APACHE_CONF_DIR} | 101 | install -m 644 ${WORKDIR}/wsgi-keystone.conf \ |
102 | ${APACHE_CONF_DIR}/keystone.conf | ||
84 | install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/ | 103 | install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/ |
85 | install -m 600 ${S}${sysconfdir}/logging.conf.sample \ | 104 | install -m 600 ${S}${sysconfdir}/logging.conf.sample \ |
86 | ${KEYSTONE_CONF_DIR}/logging.conf | 105 | ${KEYSTONE_CONF_DIR}/logging.conf |
87 | install -m 600 ${S}${sysconfdir}/keystone.conf.sample \ | 106 | install -m 600 ${S}${sysconfdir}/keystone.conf.sample \ |
88 | ${KEYSTONE_CONF_DIR}/keystone.conf.sample | 107 | ${KEYSTONE_CONF_DIR}/keystone.conf.sample |
89 | # Apache user needs to read these files. | ||
90 | #install -m 644 ${S}${sysconfdir}/policy.json \ | ||
91 | # ${KEYSTONE_CONF_DIR}/policy.json | ||
92 | install -m 644 ${S}${sysconfdir}/keystone-paste.ini \ | 108 | install -m 644 ${S}${sysconfdir}/keystone-paste.ini \ |
93 | ${KEYSTONE_CONF_DIR}/keystone-paste.ini | 109 | ${KEYSTONE_CONF_DIR}/keystone-paste.ini |
94 | #install -m 644 ${S}/httpd/keystone.py \ | ||
95 | # ${KEYSTONE_PY_DIR}/keystone-httpd.py | ||
96 | #install -m 644 ${S}/httpd/keystone.py \ | ||
97 | # ${KEYSTONE_CGI_DIR}/admin | ||
98 | #install -m 644 ${S}/httpd/keystone.py \ | ||
99 | # ${KEYSTONE_CGI_DIR}/main | ||
100 | 110 | ||
111 | # Copy examples from upstream | ||
101 | cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR} | 112 | cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR} |
102 | 113 | ||
103 | if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; | 114 | # Edit the configuration to allow it to work out of the box |
104 | then | 115 | KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf |
105 | install -d ${D}${sysconfdir}/init.d | ||
106 | install -m 0755 ${WORKDIR}/keystone ${D}${sysconfdir}/init.d/keystone | ||
107 | fi | ||
108 | |||
109 | sed "/# admin_endpoint = .*/a \ | 116 | sed "/# admin_endpoint = .*/a \ |
110 | public_endpoint = http://%CONTROLLER_IP%:8081/keystone/main/ " \ | 117 | public_endpoint = http://%CONTROLLER_IP%:8081/keystone/main/ " \ |
111 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | 118 | -i ${KEYSTONE_CONF_FILE} |
112 | 119 | ||
113 | sed "/# admin_endpoint = .*/a \ | 120 | sed "/# admin_endpoint = .*/a \ |
114 | admin_endpoint = http://%CONTROLLER_IP%:8081/keystone/admin/ " \ | 121 | admin_endpoint = http://%CONTROLLER_IP%:8081/keystone/admin/ " \ |
115 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | 122 | -i ${KEYSTONE_CONF_FILE} |
116 | 123 | ||
117 | sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" \ | 124 | sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE} |
118 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | 125 | sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE} |
119 | sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_DIR}/keystone.conf | 126 | sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE} |
120 | sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" \ | 127 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE} |
121 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | 128 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE} |
122 | 129 | sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE} | |
123 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" \ | ||
124 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | ||
125 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" \ | ||
126 | -i ${KEYSTONE_CONF_DIR}/identity.sh | ||
127 | |||
128 | sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" \ | ||
129 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | ||
130 | |||
131 | # sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" \ | ||
132 | # -i ${D}${sysconfdir}/init.d/keystone | ||
133 | # sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" \ | ||
134 | # -i ${D}${sysconfdir}/init.d/keystone | ||
135 | # sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" \ | ||
136 | # -i ${D}${sysconfdir}/init.d/keystone | ||
137 | 130 | ||
138 | install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp | 131 | install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp |
139 | |||
140 | if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then | 132 | if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then |
141 | sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \ | 133 | sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \ |
142 | -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf | 134 | -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf |
@@ -180,38 +172,13 @@ role_member_attribute = member \ | |||
180 | role_id_attribute = cn \ | 172 | role_id_attribute = cn \ |
181 | role_name_attribute = ou \ | 173 | role_name_attribute = ou \ |
182 | role_tree_dn = ou=Roles,${LDAP_DN} \ | 174 | role_tree_dn = ou=Roles,${LDAP_DN} \ |
183 | ' ${D}${sysconfdir}/keystone/keystone.conf | 175 | ' ${KEYSTONE_CONF_FILE} |
184 | 176 | ||
185 | install -m 0755 ${WORKDIR}/convert_keystone_backend.py \ | 177 | install -m 0755 ${WORKDIR}/convert_keystone_backend.py \ |
186 | ${D}${sysconfdir}/keystone/convert_keystone_backend.py | 178 | ${D}${sysconfdir}/keystone/convert_keystone_backend.py |
187 | fi | 179 | fi |
188 | } | 180 | } |
189 | 181 | ||
190 | pkg_postinst_${SRCNAME}-setup () { | ||
191 | # python-keystone postinst start | ||
192 | if [ -z "$D" ]; then | ||
193 | # This is to make sure postgres is configured and running | ||
194 | if ! pidof postmaster > /dev/null; then | ||
195 | /etc/init.d/postgresql-init | ||
196 | /etc/init.d/postgresql start | ||
197 | sleep 2 | ||
198 | fi | ||
199 | |||
200 | # This is to make sure keystone is configured and running | ||
201 | PIDFILE="/var/run/keystone-all.pid" | ||
202 | if [ -z `cat $PIDFILE 2>/dev/null` ]; then | ||
203 | sudo -u postgres createdb keystone | ||
204 | keystone-manage db_sync | ||
205 | keystone-manage pki_setup --keystone-user=root --keystone-group=daemon | ||
206 | |||
207 | if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then | ||
208 | /etc/init.d/openldap start | ||
209 | fi | ||
210 | /etc/init.d/keystone start | ||
211 | fi | ||
212 | fi | ||
213 | } | ||
214 | |||
215 | # By default tokens are expired after 1 day so by default we can set | 182 | # By default tokens are expired after 1 day so by default we can set |
216 | # this token flush cronjob to run every 2 days | 183 | # this token flush cronjob to run every 2 days |
217 | KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *" | 184 | KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *" |
@@ -226,7 +193,12 @@ pkg_postinst_${SRCNAME}-cronjobs () { | |||
226 | 193 | ||
227 | PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs" | 194 | PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs" |
228 | 195 | ||
229 | ALLOW_EMPTY_${SRCNAME}-setup = "1" | 196 | SYSTEMD_PACKAGES += "${SRCNAME}-setup" |
197 | SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service" | ||
198 | |||
199 | FILES_${SRCNAME}-setup = " \ | ||
200 | ${systemd_unitdir}/system \ | ||
201 | " | ||
230 | 202 | ||
231 | ALLOW_EMPTY_${SRCNAME}-cronjobs = "1" | 203 | ALLOW_EMPTY_${SRCNAME}-cronjobs = "1" |
232 | 204 | ||
@@ -237,10 +209,9 @@ FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh" | |||
237 | 209 | ||
238 | FILES_${SRCNAME} = "${bindir}/* \ | 210 | FILES_${SRCNAME} = "${bindir}/* \ |
239 | ${sysconfdir}/${SRCNAME}/* \ | 211 | ${sysconfdir}/${SRCNAME}/* \ |
240 | ${sysconfdir}/init.d/* \ | ||
241 | ${localstatedir}/* \ | 212 | ${localstatedir}/* \ |
242 | ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \ | 213 | ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \ |
243 | ${sysconfdir}/apache2/conf.d/wsgi-keystone.conf \ | 214 | ${sysconfdir}/apache2/conf.d/keystone.conf \ |
244 | " | 215 | " |
245 | 216 | ||
246 | DEPENDS += " \ | 217 | DEPENDS += " \ |
@@ -306,9 +277,5 @@ RDEPENDS_${SRCNAME} = " \ | |||
306 | RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}" | 277 | RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}" |
307 | RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}" | 278 | RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}" |
308 | 279 | ||
309 | INITSCRIPT_PACKAGES = "${SRCNAME}" | ||
310 | INITSCRIPT_NAME_${SRCNAME} = "keystone" | ||
311 | INITSCRIPT_PARAMS_${SRCNAME} = "${OS_DEFAULT_INITSCRIPT_PARAMS}" | ||
312 | |||
313 | MONITOR_SERVICE_PACKAGES = "${SRCNAME}" | 280 | MONITOR_SERVICE_PACKAGES = "${SRCNAME}" |
314 | MONITOR_SERVICE_${SRCNAME} = "keystone" | 281 | MONITOR_SERVICE_${SRCNAME} = "keystone" |