diff options
author | Andy Ning <andy.ning@windriver.com> | 2014-07-16 11:28:48 -0400 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2014-07-30 00:50:59 -0400 |
commit | a7395b4401d076aac72d59c0503648cb27d46002 (patch) | |
tree | 9dc83619925bd0c01b6f1e851183e31a55dbef20 /meta-openstack | |
parent | 0aec82d70fa032bfe616ea5058d504f860e241f8 (diff) | |
download | meta-cloud-services-a7395b4401d076aac72d59c0503648cb27d46002.tar.gz |
Keystone: build time incremental/programatic user additions
Instead of creating tenant/user/role and service/endpoint for all
openstack services in keystone postinstall, now each of the services
creates keystone identities by itself in its own postinstall.
The exiting identity.bbclass has been re-written so that each of
the individual postinstalls will queue up keystone identity creation
in /etc/keystone/service-user-setup at runtime. And
service-user-setup will be run as the last postinstall to create
keytstone identities for all the services.
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Diffstat (limited to 'meta-openstack')
-rw-r--r-- | meta-openstack/classes/identity.bbclass | 182 |
1 files changed, 178 insertions, 4 deletions
diff --git a/meta-openstack/classes/identity.bbclass b/meta-openstack/classes/identity.bbclass index 70191a5..424d946 100644 --- a/meta-openstack/classes/identity.bbclass +++ b/meta-openstack/classes/identity.bbclass | |||
@@ -1,7 +1,181 @@ | |||
1 | # | ||
2 | # Copyright (C) 2014 Wind River Systems, Inc. | ||
3 | # | ||
4 | # The identity class provides utilities for services to add tenant/role/users, | ||
5 | # and service/endpoints into keystone database | ||
6 | # | ||
7 | |||
1 | SERVICE_TOKEN = "password" | 8 | SERVICE_TOKEN = "password" |
2 | ADMIN_PASSWORD = "password" | 9 | METADATA_SHARED_SECRET = "password" |
3 | SERVICE_PASSWORD = "password" | 10 | |
4 | SERVICE_TENANT_NAME = "service" | ||
5 | DB_USER = "admin" | 11 | DB_USER = "admin" |
6 | DB_PASSWORD = "admin" | 12 | DB_PASSWORD = "admin" |
7 | METADATA_SHARED_SECRET = "password" | 13 | |
14 | SERVICE_TENANT_NAME = "service" | ||
15 | SERVICE_PASSWORD = "password" | ||
16 | |||
17 | ADMIN_TENANT = "admin" | ||
18 | ADMIN_USER = "admin" | ||
19 | ADMIN_PASSWORD = "password" | ||
20 | ADMIN_ROLE = "admin" | ||
21 | ADMIN_USER_EMAIL = "admin@domain.com" | ||
22 | |||
23 | MEMBER_ROLE = "Member" | ||
24 | |||
25 | RUN_POSTINSTS_FILE = "${@base_contains('DISTRO_FEATURES', 'sysvinit', '/etc/rcS.d/S98run-postinsts', '', d)}" | ||
26 | |||
27 | # Add service and user setup into S98run-postinst running list | ||
28 | ROOTFS_POSTPROCESS_COMMAND += "update_run_postinsts ; " | ||
29 | POST_SERVICE_SETUP_COMMAND = "/etc/keystone/service-user-setup" | ||
30 | |||
31 | update_run_postinsts() { | ||
32 | if [ -f "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" ]; then | ||
33 | cat >> "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" << EOF | ||
34 | |||
35 | # run service and user setup | ||
36 | if [ -f ${POST_SERVICE_SETUP_COMMAND} ]; then | ||
37 | chmod 755 ${POST_SERVICE_SETUP_COMMAND} | ||
38 | ${POST_SERVICE_SETUP_COMMAND} | ||
39 | fi | ||
40 | |||
41 | # run hybrid backend setup | ||
42 | if [ -f ${POST_KEYSTONE_SETUP_COMMAND} ]; then | ||
43 | chmod 755 ${POST_KEYSTONE_SETUP_COMMAND} | ||
44 | ${POST_KEYSTONE_SETUP_COMMAND} | ||
45 | fi | ||
46 | EOF | ||
47 | fi | ||
48 | } | ||
49 | |||
50 | # Create user and service in package postinst, common part | ||
51 | servicecreate_postinst_common () { | ||
52 | |||
53 | # create service and user setup postinstall file | ||
54 | if [ ! -e ${POST_SERVICE_SETUP_COMMAND} ]; then | ||
55 | cat > ${POST_SERVICE_SETUP_COMMAND} << EOF | ||
56 | #!/bin/sh | ||
57 | EOF | ||
58 | fi | ||
59 | } | ||
60 | |||
61 | # Create user in package postinst | ||
62 | servicecreate_postinst_user () { | ||
63 | |||
64 | # create tenant/user/role in keystone | ||
65 | cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF | ||
66 | |||
67 | /etc/keystone/identity.sh user-create USERCREATE_PARAM | ||
68 | EOF | ||
69 | } | ||
70 | |||
71 | # Create service in package postinst | ||
72 | servicecreate_postinst_service () { | ||
73 | |||
74 | # create service/endpoint in keystone | ||
75 | cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF | ||
76 | |||
77 | /etc/keystone/identity.sh service-create SERVICECREATE_PARAM | ||
78 | EOF | ||
79 | } | ||
80 | |||
81 | # Recipe parse-time sanity checks | ||
82 | def sanity_check(d): | ||
83 | servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or "" | ||
84 | |||
85 | for pkg in servicecreate_packages.split(): | ||
86 | # User parameters checking. | ||
87 | if not d.getVar('USERCREATE_PARAM_%s' % pkg, True) and not d.getVar('SERVICECREATE_PARAM_%s' % pkg, True): | ||
88 | raise bb.build.FuncFailed, "%s SERVICECREATE_PACKAGES includes %s, but neither USERCREATE_PARAM_%s nor SERVICECREATE_PARAM_%s is set" % (d.getVar('FILE'), pkg, pkg, pkg) | ||
89 | |||
90 | python __anonymous() { | ||
91 | sanity_check(d) | ||
92 | } | ||
93 | |||
94 | # Get user variables from recipe and return a string that will be passed to identity.sh | ||
95 | def usercreate_param(d, pkg): | ||
96 | # Default values | ||
97 | param_defaults = {'name':'${SRCNAME}',\ | ||
98 | 'pass':'${SERVICE_PASSWORD}',\ | ||
99 | 'tenant':'${SERVICE_TENANT_NAME}',\ | ||
100 | 'role':'${ADMIN_ROLE}',\ | ||
101 | 'email':'${SRCNAME}@domain.com'} | ||
102 | |||
103 | param = d.getVar('USERCREATE_PARAM_%s' % pkg, True) | ||
104 | param_flags = d.getVarFlags('USERCREATE_PARAM_%s' % pkg) or {} | ||
105 | |||
106 | for key, value in param_defaults.items(): | ||
107 | if key in param.split(): | ||
108 | if param_flags.has_key(key): | ||
109 | param_defaults[key] = param_flags[key] | ||
110 | else: | ||
111 | param_defaults[key] = '' | ||
112 | |||
113 | user_param = '--name=' + param_defaults['name'] + ' ' \ | ||
114 | + '--pass=' + param_defaults['pass'] + ' ' \ | ||
115 | + '--tenant=' + param_defaults['tenant'] + ' ' \ | ||
116 | + '--role=' + param_defaults['role'] + ' ' \ | ||
117 | + '--email=' + param_defaults['email'] | ||
118 | |||
119 | bb.debug(1, 'user_param = %s' % user_param) | ||
120 | return user_param | ||
121 | |||
122 | # Get service variables from recipe and return a string that will be passed to identity.sh | ||
123 | def servicecreate_param(d, pkg): | ||
124 | # Default values | ||
125 | param_defaults = {'name':'${SRCNAME}',\ | ||
126 | 'type':'',\ | ||
127 | 'description':'',\ | ||
128 | 'region':'RegionOne',\ | ||
129 | 'publicurl':'',\ | ||
130 | 'adminurl':'',\ | ||
131 | 'internalurl':''} | ||
132 | |||
133 | param = d.getVar('SERVICECREATE_PARAM_%s' % pkg, True) | ||
134 | param_flags = d.getVarFlags('SERVICECREATE_PARAM_%s' % pkg) or {} | ||
135 | |||
136 | for key, value in param_defaults.items(): | ||
137 | if key in param.split(): | ||
138 | if param_flags.has_key(key): | ||
139 | param_defaults[key] = param_flags[key] | ||
140 | else: | ||
141 | param_defaults[key] = '' | ||
142 | |||
143 | service_param = '--name=' + param_defaults['name'] + ' ' \ | ||
144 | + '--type=' + param_defaults['type'] + ' ' \ | ||
145 | + '--description=' + param_defaults['description'] + ' ' \ | ||
146 | + '--region=' + param_defaults['region'] + ' ' \ | ||
147 | + '--publicurl=' + param_defaults['publicurl'] + ' ' \ | ||
148 | + '--adminurl=' + param_defaults['adminurl'] + ' ' \ | ||
149 | + '--internalurl=' + param_defaults['internalurl'] | ||
150 | |||
151 | bb.debug(1, 'service_param = %s' % service_param) | ||
152 | return service_param | ||
153 | |||
154 | # Add the postinst script into the generated package | ||
155 | python populate_packages_append () { | ||
156 | servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or "" | ||
157 | |||
158 | servicecreate_postinst_common_copy = d.getVar('servicecreate_postinst_common', True) | ||
159 | servicecreate_postinst_user_copy = d.getVar('servicecreate_postinst_user', True) | ||
160 | servicecreate_postinst_service_copy = d.getVar('servicecreate_postinst_service', True) | ||
161 | for pkg in servicecreate_packages.split(): | ||
162 | bb.debug(1, 'Adding service/user creation calls to postinst for %s' % pkg) | ||
163 | |||
164 | postinst = d.getVar('pkg_postinst_%s' % pkg, True) or d.getVar('pkg_postinst', True) | ||
165 | if not postinst: | ||
166 | postinst = ' if [ "x$D" != "x" ]; then\n' + \ | ||
167 | ' exit 1\n' + \ | ||
168 | ' fi\n' | ||
169 | postinst += servicecreate_postinst_common_copy | ||
170 | |||
171 | if d.getVar('USERCREATE_PARAM_%s' % pkg, True): | ||
172 | servicecreate_postinst_user = servicecreate_postinst_user_copy.replace("USERCREATE_PARAM", usercreate_param(d, pkg)) | ||
173 | postinst += servicecreate_postinst_user | ||
174 | |||
175 | if d.getVar('SERVICECREATE_PARAM_%s' % pkg, True): | ||
176 | servicecreate_postinst_service = servicecreate_postinst_service_copy.replace("SERVICECREATE_PARAM", servicecreate_param(d, pkg)) | ||
177 | postinst += servicecreate_postinst_service | ||
178 | |||
179 | d.setVar('pkg_postinst_%s' % pkg, postinst) | ||
180 | bb.debug(1, 'pkg_postinst_%s = %s' % (pkg, d.getVar('pkg_postinst_%s' % pkg, True))) | ||
181 | } | ||