| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
|
|
|
|
| |
"distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('pbr>=2.0.0')"
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to interact with the openstack CLI commands it is common
practice to source *openrc files which populate the environment with a
base set of values. See
https://docs.openstack.org/keystone/pike/install/keystone-openrc-obs.html
We used to do this as part of nova but it makes more sense to create
these as part of keystone. This makes them available early in the
setup process and also maps with the keystone bootstrapping.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
When attempting to validate python-openstackclient it was found that
the old endpoints from previous releases of keystone where still being
used. Update the endpoints to reflect how the current version of
keyston is configured.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we need to ensure the setup is run after postgresql is setup and
running we can't use a postinst as it runs too early in the boot
process. Instead we have a simple service which will run after
postgresql-init to complete the setup. On completion the service
disables itself, avoiding being run again on subsequent boots.
Update configuration data to match keystone setup as described on the
upstream project pages.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add instructions to the README.setup on how to configure the build to
use systemd. The remaining changes are a bit of hack and slash to get
the builds to succeed. The 'hacking' only touches core openstack
component recipes which are all in various states of broken anyways,
so these changes will not affect any current meta-cloud-services
users. All of these will be corrected shortly.
Most users of OpenStack have long ago made the move to systemd, by
following suit we can take advantage of the better support for service
files along with matching most OpenStack documentation. The remaining
sysvinit parts will be removed as we get the openstack components
updated and back to a working state.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Checking for "$D" and doing an "exit 1" now results in errors such as:
[log_check] warning: %post(keystone-cronjobs-...) scriptlet failed, exit status 2
during image creation. Instead of escaping the script for "level-1"
(image creation postinst) we wrap the "level-2" (first boot) postinst
in an if statement. This also ensure the scriptlet in
indentity.bbclass is less prone to behaving differently based on the
postinsts defined in the classes which inherit 'identity'.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
| |
Required updates to python-olso*, keystoneclient, keystonemiddleware
and more. These updates have all been completed in commit prior to
this uprev.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The use of the 'users' group was associated with the addition of
apache vhost support. See commit bf51fa4f053a [python-keystone: Add
apache vhost server.]. The directories and files needed to be readable
by the same user running apache. Since the use of RSS, definiing a
common group used by multiple recipes (apache and keystone in this
case) becomes more involved and we need to use FILESYSTEM_PERMS_TABLES
to accomplish this. Remove the use of the 'users' group until we can
evaluate if this is still required and if so we have a proper
FILESYSTEM_PERMS_TABLES solution in place. This will solve build
failures for 'unknown group "users"' in the interim.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The use of chef was never complete, had isses with updating binary
database files and had a cumbersome implementation. Since we are using
Ansible in meta-overc we are dropping the use of chef here and will
look to being at par with meta-overc by using Ansible if/when we get
time to look at runtime configuration in meta-cloud-services.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
| |
Fixes:
base_contains is deprecated, please use bb.utils.contains instead.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
QA Issue: python-keystone:
/keystone/usr/share/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py
is owned by gid 100, which is the same as the user running bitbake. This may be
due to host contamination [host-user-contaminated]
Signed-off-by: Xulin Sun <xulin.sun@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
| |
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
| |
Keystone fails to install due to functools32 missing. Add a new recipe
for functools32 and include the dependency in keystone.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
Add the missing rdepends or it will fail with:
File "/usr/lib64/python2.7/site-packages/keystone/policy/backends/rules.py", line 20, in <module>
from oslo_policy import policy as common_policy
ImportError: No module named oslo_policy
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
| |
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
|
|
|
|
| |
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These missing dependencies are found when running keystone tests:
File "/usr/lib/python2.7/site-packages/keystone/tests/unit/core.py", line 28, in <module>
import fixtures
ImportError: No module named fixtures
File "/usr/lib/python2.7/site-packages/keystone/tests/unit/core.py", line 32, in <module>
import oslotest.base as oslotest
ImportError: No module named oslotest.base
File "/usr/lib/python2.7/site-packages/fixtures/fixture.py", line 26, in <module>
from testtools.compat import (
ImportError: No module named testtools.compat
File "/usr/lib/python2.7/site-packages/testtools/compat.py", line 31, in <module>
from extras import try_imports
ImportError: No module named extras
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the initial update to the kilo branches and SRCREVs for some
of the core projects.
These are known to NOT work, due to SSLv3 issues with oe-core, and
missing config/dependencies.
Incremental updates will fix issues with the components, but they are
best done in-tree, rather than sitting on a huge pile of changes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
| |
oe-core now warns on detected missing runtime and build time warnings.
So we update our recipes to have these missingn deps (largely bash).
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
| |
syncing the core components to the latest juno hashes. We also introduce
new packages and update others to meet the juno requirements.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have three changes in a single commit:
- A runtime substition fix controller IP values
- When the substitions were moved for chef integration, the chef
disabled path wasn't tested. This meant that %CONTROLLER_IP% remained
in the final config files, and broke keystone startup.
- The addition of oathlib to keystone depedencies
- oauthlib is a juno dependency
- A temporary patch to the apache httpd front end modules
- At times keystone would fail to load via apache due to the inability to
load localcontext from oslo. To work around these sporadic failures, an
explicit import was added to the http front end module. This will be
removed in the future.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of having a central file or group of files to
describe what data resources should be monitored. The
content of these files will depend on what core system
monitoring is used ((e.g. Nagios or Monasca).
It's desirable to have each recipe describes what
it wants be monitored in generic way such that various system
monitors can understand and convert these into their format.
If a recipe wishes to register itself to system monitor, it
inherits monitor bbclass and use MONITOR_SERVICE_PACKAGES and
MONITOR_SERVICE_<package name> to indicate what processes
should should be monitored. Also MONITOR_CHECKS_<package name>
variale can be used to pass list of scripts which will be run
on target and if any of these scripts fail then will report.
Eventually monitor.bbclass will be expanded to allow recipe
to describe more complicated information passed down to
system monitor (e.g. Nagios or Monasca)
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
keystone: move initscript install to before fixups
There are sed operations being performed on the sysvinit script .. but the
script wasn't being installed until after that block of code. We relocate
the install of the script to above any fixups, and everything works again.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Openstackchef enables us to recreate configuration files
for services in an openstack installation. It does this by
creating template file(s) out of configuration file(s) exposed
to the class by services.
The following services are inheriting the openstack class
and then exposing a set of configuration files to the class.
These services expose their configuration files to openstackchef
by assigning them to the variable CHEF_SERVICES_CONF_FILES. The files
are assumend to have been installed in the image directory under the
service's WORKDIR.
At build-time, openstackchef makes chef-solo templates out of
the registered files. And at run-time, the deploychef package
makes a call to chef-solo, which in-turn use the template files
to recreate the registered configuration files.
For legacy reasons, the string OPENSTACKCHEF_ENABLED is defined in
openstackchef class, but it can be overwritten in a .bb, .class,
.bbappend or local.conf file to an empty string when openstackchef
support is not desired. This enables all of these services to be built
without openstackchef support. In addition, it prevents the recipes
from substituting the placeholders in their configuration files
when inheriting openstackchef.
Signed-off-by: Mustapha Lansana <Mustapha.Lansana@windriver.com>
|
|
|
|
|
|
|
|
| |
This patch set configures an apache vhost server on port 8081 which will
serve as the main authentication method and documents the change in
README.keystone.
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
|
|
|
|
|
|
| |
Conform as much as possible to the bitbake coding standard. (80 or less
chars/line, 4x space indent).
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
|
|
|
|
|
|
| |
Along with this update, we also fix a bug with nova and neutron port types.
this patch will be removed once it is fixed in the upstream project.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
| |
This patch removes the openrc file from the keystone package and
references to openrc in the python-kystone_git.bb file.
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
|
|
|
| |
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of creating tenant/user/role and service/endpoint for all
openstack services in keystone postinstall, now each of the services
creates its own keystone identities by queueing them up in its postinstall
to a file /etc/keystone/service-user-setup. service-user-setup
script, when run as the last postinstall, calls identity.sh with keystone
identity parameters to create necessary identities for the services.
Signed-off-by: Andy Ning <andy.ning@windriver.com>
|
|
|
|
|
|
|
|
|
| |
Adding /etc/keystone/hybrid-backend-setup and
convert_keystone_backend.py to set the backend
for keystone to hybrid and starts openldap and
restarts keystone.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
|
|
|
|
|
|
|
| |
Modify python-keystone to use openldap. keystone's identity and
assignment backends are configured to utilitze the hybrid backend for
keystone. This backend uses the SQL backend by default and goes to the ldap
database if the user doesn't exist.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
|
|
|
|
|
|
| |
Some of the openstack data is associated with external resources
(ie glance may have external files), we explicitly invoke the delete commands on those
in additional to dropping and recreating the databases.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
Updating keystone to the juno release candidate. Also adding new
dependencies.
Note: also ensure that the new keystoneclient and keystonemiddleware
are used.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running the keystone tests, the tests ensures that
keystone is being tested against the latest version of
keystone-client available by downloading keystone-client from
source using git. However, on the target system
keystone-client is installed as a separate package and it is
undesirable to download a newer version to test against. This
fix comments out the portion of the testing code that attempts
to retrieve keystone-client from source code using git.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Some Keystone tests create temporary files, usually
databases for testing. These files are stored in the
"tmp" directory under the "tests" directory in Keystone.
The fix creates this directory so these tests don't fail
on failing to create temporary files because the path
doesn't exist.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Keystone tests define the location of certificate files
as the location of the files in the source tree. However,
when installed on the system files are put in different
locations. This change patches the configuration file
for some tests to contain the full path to the tests
directories.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some tests provided by Keystone tests signing with an
example certificate and signing key. If these certificates
are not found these particular tests will hang. Thus, in
order for these tests to pass we must install the example
certificates to the system. This fix updates the install
script for Keystone to include installing the example
certificates.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keystone tests are designed to run on the source tree.
However, Keystone is installed on a system with files
in various directories. This fix patches the testing
source files to be able to find the files on the
distribution. This fix incorporates the changes of
a previous patch file into a new patch file that is
generated, since the previous patch are related and
close to eachother in the source and it is easier to
maintain less patch files.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
Openstack components provide a run_tests.sh script for
running unit tests. Some of these tests expect the
openstack-nose plugin to be installed. This fix provides
a recipe for the building that plugin in order to allow
the various run_tests.sh scripts to run.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bitbake recipe file for building Keystone is inconsistent
with the use of tabs versus spaces. According to guidelines
for the Yocto project (style guide), the tabs should be
replaced with spaces in the case of indenting for lists. The
style guide can be found at:
https://wiki.yoctoproject.org/wiki/Recipe_&_Patch_Style_Guide
This fix changes the Keystone recipe file to use spaces instead
of tabs in list of files and package dependencies.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
|
|
|
|
|
|
|
|
| |
Since Grizzly release Keystone defaults to storing tokens in PKI
format. Some software works better with keystone if tokens
are in the older UUID format. This change allows a simple way
to set the storage format within the bitbake receipes. The default
is to use the newer PKI format.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon
Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable
permissions for /etc/keystone/ec2rc, which allows local users to obtain
access to EC2 services by reading administrative access and secret values
from this file.
Modify /etc/keystone to have permission 750
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Editing the files in ${WORKDIR} using sed or similar tools as part of
do_install means they can only be edited once. Supplying a modified
CONTROLLER_IP in local.conf and building the image again will not
result in the CONTROLLER_IP being properly updated since the
substitution placeholders will no longer exist. We therefore simply
swap the other of things, installing the configuration files first,
then editing them to swap the placeholders. This means we can run the
do_install again and again and get the results we expect.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently all the openstack components have default start level
of 20. There are other services such as glusterfs, rabbbitmq,
database... are also starting at the same start level. On some
platform, this can cause racing condition between services which
in turn causes some of openstack components not started.
By adjusting the openstack components start level to higher will
ensure that system services start in the determistic way.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|