diff options
| author | Mark Asselstine <mark.asselstine@windriver.com> | 2017-11-22 11:08:46 -0500 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2017-11-27 10:39:51 -0500 |
| commit | fc1d523aa0f734ec88907f5b4ecc510d8fa56f51 (patch) | |
| tree | a0cc468741ea2449683fb93fc17b7756de9e61f3 /meta-openstack | |
| parent | 54c4cb239e3bfd8d9efe75f073aef8e4a671bc7b (diff) | |
| download | meta-cloud-services-fc1d523aa0f734ec88907f5b4ecc510d8fa56f51.tar.gz | |
python-keystone: get things working with stable/pike
Since we need to ensure the setup is run after postgresql is setup and
running we can't use a postinst as it runs too early in the boot
process. Instead we have a simple service which will run after
postgresql-init to complete the setup. On completion the service
disables itself, avoiding being run again on subsequent boots.
Update configuration data to match keystone setup as described on the
upstream project pages.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'meta-openstack')
5 files changed, 170 insertions, 232 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone b/meta-openstack/recipes-devtools/python/python-keystone/keystone deleted file mode 100644 index 34cc3ad..0000000 --- a/meta-openstack/recipes-devtools/python/python-keystone/keystone +++ /dev/null | |||
| @@ -1,128 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | ### BEGIN INIT INFO | ||
| 4 | # Provides: keystone | ||
| 5 | # Required-Start: $remote_fs $network $syslog | ||
| 6 | # Required-Stop: $remote_fs $syslog | ||
| 7 | # Default-Start: 3 5 | ||
| 8 | # Default-Stop: 0 1 2 6 | ||
| 9 | # Short-Description: Keystone Server | ||
| 10 | # Description: OpenStack identity Service (code-named keystone) | ||
| 11 | ### END INIT INFO | ||
| 12 | |||
| 13 | DESC="keystone" | ||
| 14 | DAEMON="uwsgi" | ||
| 15 | DAEMON_OPTIONS="--http 127.0.0.1:35357 --wsgi-file $(which keystone-wsgi-admin)" | ||
| 16 | PIDFILE="/var/run/keystone-all.pid" | ||
| 17 | |||
| 18 | start () | ||
| 19 | { | ||
| 20 | if [ -e $PIDFILE ]; then | ||
| 21 | PIDDIR=/proc/$(cat $PIDFILE) | ||
| 22 | if [ -d ${PIDDIR} ]; then | ||
| 23 | echo "$DESC already running." | ||
| 24 | exit 1 | ||
| 25 | else | ||
| 26 | echo "Removing stale PID file $PIDFILE" | ||
| 27 | rm -f $PIDFILE | ||
| 28 | fi | ||
| 29 | fi | ||
| 30 | |||
| 31 | if [ ! -d /var/log/keystone ]; then | ||
| 32 | mkdir /var/log/keystone | ||
| 33 | fi | ||
| 34 | echo -n "Starting $DESC..." | ||
| 35 | |||
| 36 | start-stop-daemon --start --quiet --background \ | ||
| 37 | --pidfile ${PIDFILE} --make-pidfile --exec ${DAEMON} \ | ||
| 38 | -- ${DAEMON_OPTIONS} | ||
| 39 | |||
| 40 | if [ $? -eq 0 ]; then | ||
| 41 | echo "done." | ||
| 42 | else | ||
| 43 | echo "failed." | ||
| 44 | fi | ||
| 45 | } | ||
| 46 | |||
| 47 | stop () | ||
| 48 | { | ||
| 49 | echo -n "Stopping $DESC..." | ||
| 50 | start-stop-daemon --stop --quiet --pidfile $PIDFILE | ||
| 51 | if [ $? -eq 0 ]; then | ||
| 52 | echo "done." | ||
| 53 | else | ||
| 54 | echo "failed." | ||
| 55 | fi | ||
| 56 | rm -f $PIDFILE | ||
| 57 | } | ||
| 58 | |||
| 59 | status() | ||
| 60 | { | ||
| 61 | pid=`cat $PIDFILE 2>/dev/null` | ||
| 62 | if [ -n "$pid" ]; then | ||
| 63 | if ps -p $pid > /dev/null 2>&1 ; then | ||
| 64 | echo "$DESC is running" | ||
| 65 | return | ||
| 66 | fi | ||
| 67 | fi | ||
| 68 | echo "$DESC is not running" | ||
| 69 | } | ||
| 70 | |||
| 71 | reset() | ||
| 72 | { | ||
| 73 | # Cleanup keystone tenant | ||
| 74 | . /etc/nova/openrc | ||
| 75 | simple_delete "keystone user-list" "keystone user-delete" 1 "keystone user" | ||
| 76 | simple_delete "keystone tenant-list" "keystone tenant-delete" 1 "keystone tenant" | ||
| 77 | simple_delete "keystone role-list" "keystone role-delete" 1 "keystone role" | ||
| 78 | simple_delete "keystone endpoint-list" "keystone endpoint-delete" 1 "keystone endpoint" | ||
| 79 | simple_delete "keystone service-list" "keystone service-delete" 1 "keystone service" | ||
| 80 | |||
| 81 | stop | ||
| 82 | |||
| 83 | # This is to make sure postgres is configured and running | ||
| 84 | if ! pidof postmaster > /dev/null; then | ||
| 85 | /etc/init.d/postgresql-init | ||
| 86 | /etc/init.d/postgresql start | ||
| 87 | sleep 2 | ||
| 88 | fi | ||
| 89 | |||
| 90 | sudo -u postgres dropdb keystone | ||
| 91 | sudo -u postgres createdb keystone | ||
| 92 | keystone-manage db_sync | ||
| 93 | keystone-manage pki_setup --keystone-user=root --keystone-group=root | ||
| 94 | |||
| 95 | start | ||
| 96 | |||
| 97 | sleep 2 | ||
| 98 | |||
| 99 | ADMIN_PASSWORD=%ADMIN_PASSWORD% \ | ||
| 100 | SERVICE_PASSWORD=%SERVICE_PASSWORD% \ | ||
| 101 | SERVICE_TENANT_NAME=%SERVICE_TENANT_NAME% \ | ||
| 102 | bash /etc/keystone/service-user-setup | ||
| 103 | } | ||
| 104 | |||
| 105 | case "$1" in | ||
| 106 | start) | ||
| 107 | start | ||
| 108 | ;; | ||
| 109 | stop) | ||
| 110 | stop | ||
| 111 | ;; | ||
| 112 | restart|force-reload|reload) | ||
| 113 | stop | ||
| 114 | start | ||
| 115 | ;; | ||
| 116 | status) | ||
| 117 | status | ||
| 118 | ;; | ||
| 119 | reset) | ||
| 120 | reset | ||
| 121 | ;; | ||
| 122 | *) | ||
| 123 | echo "Usage: $0 {start|stop|force-reload|restart|reload|status|reset}" | ||
| 124 | exit 1 | ||
| 125 | ;; | ||
| 126 | esac | ||
| 127 | |||
| 128 | exit 0 | ||
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init new file mode 100644 index 0000000..db4b4fa --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init | |||
| @@ -0,0 +1,60 @@ | |||
| 1 | #!/bin/bash | ||
| 2 | # | ||
| 3 | # Basic keystone setup as described on: | ||
| 4 | # https://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-install.html | ||
| 5 | # https://docs.openstack.org/keystone/pike/install/keystone-install-ubuntu.html | ||
| 6 | # | ||
| 7 | # Prerequisites: /etc/postgresql/postgresql-init must be run first to create the DB | ||
| 8 | # | ||
| 9 | # After complete you should be able to query keystone with something like the | ||
| 10 | # following (https://docs.openstack.org/keystone/latest/api_curl_examples.html) | ||
| 11 | # | ||
| 12 | #curl -i \ | ||
| 13 | # -H "Content-Type: application/json" \ | ||
| 14 | # -d ' | ||
| 15 | #{ "auth": { | ||
| 16 | # "identity": { | ||
| 17 | # "methods": ["password"], | ||
| 18 | # "password": { | ||
| 19 | # "user": { | ||
| 20 | # "name": "%ADMIN_USER%", | ||
| 21 | # "domain": { "id": "default" }, | ||
| 22 | # "password": "%ADMIN_PASSWORD%" | ||
| 23 | # } | ||
| 24 | # } | ||
| 25 | # } | ||
| 26 | # } | ||
| 27 | #}' \ | ||
| 28 | # "http://localhost:5000/v3/auth/tokens" ; echo | ||
| 29 | |||
| 30 | |||
| 31 | # Substitutions setup at do_intall() | ||
| 32 | DB_USER=%DB_USER% | ||
| 33 | KEYSTONE_USER=%KEYSTONE_USER% | ||
| 34 | KEYSTONE_GROUP=%KEYSTONE_GROUP% | ||
| 35 | CONTROLLER_IP=%CONTROLLER_IP% | ||
| 36 | ADMIN_USER=%ADMIN_USER% | ||
| 37 | ADMIN_PASSWORD=%ADMIN_PASSWORD% | ||
| 38 | ADMIN_ROLE=%ADMIN_ROLE% | ||
| 39 | |||
| 40 | # Create the keystone DB and grant the necessary permissions | ||
| 41 | sudo -u postgres psql -c "CREATE DATABASE keystone" 2> /dev/null | ||
| 42 | sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE keystone TO ${DB_USER}" 2> /dev/null | ||
| 43 | |||
| 44 | keystone-manage db_sync | ||
| 45 | |||
| 46 | keystone-manage fernet_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP} | ||
| 47 | keystone-manage credential_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP} | ||
| 48 | |||
| 49 | keystone-manage bootstrap \ | ||
| 50 | --bootstrap-password ${ADMIN_PASSWORD} \ | ||
| 51 | --bootstrap-username ${ADMIN_USER} \ | ||
| 52 | --bootstrap-project-name admin \ | ||
| 53 | --bootstrap-role-name ${ADMIN_ROLE} \ | ||
| 54 | --bootstrap-service-name keystone \ | ||
| 55 | --bootstrap-region-id RegionOne \ | ||
| 56 | --bootstrap-admin-url http://${CONTROLLER_IP}:35357 \ | ||
| 57 | --bootstrap-internal-url http://${CONTROLLER_IP}:5000 \ | ||
| 58 | --bootstrap-public-url http://${CONTROLLER_IP}:5000 | ||
| 59 | |||
| 60 | #keystone-manage pki_setup --keystone-user=root --keystone-group=daemon | ||
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service new file mode 100644 index 0000000..b114806 --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service | |||
| @@ -0,0 +1,12 @@ | |||
| 1 | [Unit] | ||
| 2 | Description=Barebones OpenStack keystone initialization | ||
| 3 | After=postgresql-init.service | ||
| 4 | |||
| 5 | [Service] | ||
| 6 | Type=oneshot | ||
| 7 | ExecStart=%SYSCONFIGDIR%/keystone/keystone-init | ||
| 8 | ExecStartPost=/bin/systemctl --no-reload disable keystone-init.service | ||
| 9 | RemainAfterExit=No | ||
| 10 | |||
| 11 | [Install] | ||
| 12 | WantedBy=multi-user.target | ||
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf index 91b95f6..febf1d7 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf +++ b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf | |||
| @@ -1,25 +1,52 @@ | |||
| 1 | Listen 8081 | 1 | Listen 5000 |
| 2 | <VirtualHost *:8081> | 2 | Listen 35357 |
| 3 | ServerAdmin webmaster@localhost | 3 | |
| 4 | WSGIApplicationGroup %{RESOURCE} | 4 | <VirtualHost *:5000> |
| 5 | WSGIDaemonProcess keystone threads=15 display-name=%{GROUP} | 5 | WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} |
| 6 | WSGIProcessGroup keystone | 6 | WSGIProcessGroup keystone-public |
| 7 | WSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/main | 7 | WSGIScriptAlias / /usr/bin/keystone-wsgi-public |
| 8 | WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin | 8 | WSGIApplicationGroup %{GLOBAL} |
| 9 | 9 | WSGIPassAuthorization On | |
| 10 | 10 | ErrorLogFormat "%{cu}t %M" | |
| 11 | <Location "/keystone"> | 11 | ErrorLog /var/log/apache2/keystone.log |
| 12 | Authtype none | 12 | CustomLog /var/log/apache2/keystone_access.log combined |
| 13 | </Location> | 13 | |
| 14 | 14 | <Directory /usr/bin> | |
| 15 | <Directory /var/www/cgi-bin/keystone/> | 15 | Require all granted |
| 16 | <IfVersion < 2.3> | 16 | </Directory> |
| 17 | Order allow,deny | 17 | </VirtualHost> |
| 18 | Allow from all | 18 | |
| 19 | </IfVersion> | 19 | <VirtualHost *:35357> |
| 20 | 20 | WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} | |
| 21 | <IfVersion >= 2.3> | 21 | WSGIProcessGroup keystone-admin |
| 22 | Require all granted | 22 | WSGIScriptAlias / /usr/bin/keystone-wsgi-admin |
| 23 | </IfVersion> | 23 | WSGIApplicationGroup %{GLOBAL} |
| 24 | WSGIPassAuthorization On | ||
| 25 | ErrorLogFormat "%{cu}t %M" | ||
| 26 | ErrorLog /var/log/apache2/keystone.log | ||
| 27 | CustomLog /var/log/apache2/keystone_access.log combined | ||
| 28 | |||
| 29 | <Directory /usr/bin> | ||
| 30 | Require all granted | ||
| 24 | </Directory> | 31 | </Directory> |
| 25 | </VirtualHost> | 32 | </VirtualHost> |
| 33 | |||
| 34 | Alias /identity /usr/bin/keystone-wsgi-public | ||
| 35 | <Location /identity> | ||
| 36 | SetHandler wsgi-script | ||
| 37 | Options +ExecCGI | ||
| 38 | |||
| 39 | WSGIProcessGroup keystone-public | ||
| 40 | WSGIApplicationGroup %{GLOBAL} | ||
| 41 | WSGIPassAuthorization On | ||
| 42 | </Location> | ||
| 43 | |||
| 44 | Alias /identity_admin /usr/bin/keystone-wsgi-admin | ||
| 45 | <Location /identity_admin> | ||
| 46 | SetHandler wsgi-script | ||
| 47 | Options +ExecCGI | ||
| 48 | |||
| 49 | WSGIProcessGroup keystone-admin | ||
| 50 | WSGIApplicationGroup %{GLOBAL} | ||
| 51 | WSGIPassAuthorization On | ||
| 52 | </Location> | ||
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb index b5f92dd..d7f6400 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb +++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb | |||
| @@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2" | |||
| 7 | SRCNAME = "keystone" | 7 | SRCNAME = "keystone" |
| 8 | 8 | ||
| 9 | SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/pike \ | 9 | SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/pike \ |
| 10 | file://keystone-init \ | ||
| 11 | file://keystone-init.service \ | ||
| 10 | file://keystone.conf \ | 12 | file://keystone.conf \ |
| 11 | file://identity.sh \ | 13 | file://identity.sh \ |
| 12 | file://keystone \ | ||
| 13 | file://convert_keystone_backend.py \ | 14 | file://convert_keystone_backend.py \ |
| 14 | file://wsgi-keystone.conf \ | 15 | file://wsgi-keystone.conf \ |
| 15 | " | 16 | " |
| @@ -24,11 +25,14 @@ PV = "12.0.0+git${SRCPV}" | |||
| 24 | 25 | ||
| 25 | S = "${WORKDIR}/git" | 26 | S = "${WORKDIR}/git" |
| 26 | 27 | ||
| 27 | inherit setuptools update-rc.d identity hosts default_configs monitor | 28 | inherit setuptools identity hosts default_configs monitor useradd systemd |
| 28 | 29 | ||
| 29 | SERVICE_TOKEN = "password" | 30 | SERVICE_TOKEN = "password" |
| 30 | TOKEN_FORMAT ?= "PKI" | 31 | TOKEN_FORMAT ?= "PKI" |
| 31 | 32 | ||
| 33 | USERADD_PACKAGES = "${PN}" | ||
| 34 | USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone" | ||
| 35 | |||
| 32 | LDAP_DN ?= "dc=my-domain,dc=com" | 36 | LDAP_DN ?= "dc=my-domain,dc=com" |
| 33 | 37 | ||
| 34 | SERVICECREATE_PACKAGES = "${SRCNAME}-setup" | 38 | SERVICECREATE_PACKAGES = "${SRCNAME}-setup" |
| @@ -64,79 +68,67 @@ do_install_append() { | |||
| 64 | 68 | ||
| 65 | KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone | 69 | KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone |
| 66 | KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone | 70 | KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone |
| 67 | |||
| 68 | APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/ | 71 | APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/ |
| 69 | KEYSTONE_PY_DIR=${D}${datadir}/openstack-dashboard/openstack_dashboard/api/ | ||
| 70 | KEYSTONE_CGI_DIR=${D}${localstatedir}/www/cgi-bin/keystone/ | ||
| 71 | 72 | ||
| 72 | # Apache needs to read the configs. | 73 | # Create directories |
| 73 | install -m 755 -d ${KEYSTONE_CONF_DIR} | 74 | install -m 755 -d ${KEYSTONE_CONF_DIR} |
| 74 | install -m 755 -d ${APACHE_CONF_DIR} | 75 | install -m 755 -d ${APACHE_CONF_DIR} |
| 75 | |||
| 76 | install -d ${D}${localstatedir}/log/${SRCNAME} | 76 | install -d ${D}${localstatedir}/log/${SRCNAME} |
| 77 | install -m 755 -d ${KEYSTONE_CGI_DIR} | ||
| 78 | #install -m 755 -d ${KEYSTONE_PY_DIR} | ||
| 79 | 77 | ||
| 78 | # Setup the systemd service file | ||
| 79 | install -d ${D}${systemd_unitdir}/system/ | ||
| 80 | KS_INIT_SERVICE_FILE=${D}${systemd_unitdir}/system/keystone-init.service | ||
| 81 | install -m 644 ${WORKDIR}/keystone-init.service ${KS_INIT_SERVICE_FILE} | ||
| 82 | sed -e "s:%SYSCONFIGDIR%:${sysconfdir}:g" -i ${KS_INIT_SERVICE_FILE} | ||
| 83 | |||
| 84 | # Setup the keystone initialization script | ||
| 85 | KS_INIT_FILE=${KEYSTONE_CONF_DIR}/keystone-init | ||
| 86 | install -m 755 ${WORKDIR}/keystone-init ${KS_INIT_FILE} | ||
| 87 | sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KS_INIT_FILE} | ||
| 88 | sed -e "s:%KEYSTONE_USER%:keystone:g" -i ${KS_INIT_FILE} | ||
| 89 | sed -e "s:%KEYSTONE_GROUP%:keystone:g" -i ${KS_INIT_FILE} | ||
| 90 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_INIT_FILE} | ||
| 91 | sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_INIT_FILE} | ||
| 92 | sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_INIT_FILE} | ||
| 93 | sed -e "s:%ADMIN_ROLE%:${ADMIN_ROLE}:g" -i ${KS_INIT_FILE} | ||
| 94 | |||
| 95 | # Install various configuration files. We have to select suitable | ||
| 96 | # permissions as packages such as Apache require read access. | ||
| 97 | # | ||
| 80 | # Apache needs to read the keystone.conf | 98 | # Apache needs to read the keystone.conf |
| 81 | install -m 644 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/ | 99 | install -m 644 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/ |
| 82 | # Apache needs to read the wsgi-keystone.conf | 100 | # Apache needs to read the wsgi-keystone.conf |
| 83 | install -m 644 ${WORKDIR}/wsgi-keystone.conf ${APACHE_CONF_DIR} | 101 | install -m 644 ${WORKDIR}/wsgi-keystone.conf \ |
| 102 | ${APACHE_CONF_DIR}/keystone.conf | ||
| 84 | install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/ | 103 | install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/ |
| 85 | install -m 600 ${S}${sysconfdir}/logging.conf.sample \ | 104 | install -m 600 ${S}${sysconfdir}/logging.conf.sample \ |
| 86 | ${KEYSTONE_CONF_DIR}/logging.conf | 105 | ${KEYSTONE_CONF_DIR}/logging.conf |
| 87 | install -m 600 ${S}${sysconfdir}/keystone.conf.sample \ | 106 | install -m 600 ${S}${sysconfdir}/keystone.conf.sample \ |
| 88 | ${KEYSTONE_CONF_DIR}/keystone.conf.sample | 107 | ${KEYSTONE_CONF_DIR}/keystone.conf.sample |
| 89 | # Apache user needs to read these files. | ||
| 90 | #install -m 644 ${S}${sysconfdir}/policy.json \ | ||
| 91 | # ${KEYSTONE_CONF_DIR}/policy.json | ||
| 92 | install -m 644 ${S}${sysconfdir}/keystone-paste.ini \ | 108 | install -m 644 ${S}${sysconfdir}/keystone-paste.ini \ |
| 93 | ${KEYSTONE_CONF_DIR}/keystone-paste.ini | 109 | ${KEYSTONE_CONF_DIR}/keystone-paste.ini |
| 94 | #install -m 644 ${S}/httpd/keystone.py \ | ||
| 95 | # ${KEYSTONE_PY_DIR}/keystone-httpd.py | ||
| 96 | #install -m 644 ${S}/httpd/keystone.py \ | ||
| 97 | # ${KEYSTONE_CGI_DIR}/admin | ||
| 98 | #install -m 644 ${S}/httpd/keystone.py \ | ||
| 99 | # ${KEYSTONE_CGI_DIR}/main | ||
| 100 | 110 | ||
| 111 | # Copy examples from upstream | ||
| 101 | cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR} | 112 | cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR} |
| 102 | 113 | ||
| 103 | if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; | 114 | # Edit the configuration to allow it to work out of the box |
| 104 | then | 115 | KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf |
| 105 | install -d ${D}${sysconfdir}/init.d | ||
| 106 | install -m 0755 ${WORKDIR}/keystone ${D}${sysconfdir}/init.d/keystone | ||
| 107 | fi | ||
| 108 | |||
| 109 | sed "/# admin_endpoint = .*/a \ | 116 | sed "/# admin_endpoint = .*/a \ |
| 110 | public_endpoint = http://%CONTROLLER_IP%:8081/keystone/main/ " \ | 117 | public_endpoint = http://%CONTROLLER_IP%:8081/keystone/main/ " \ |
| 111 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | 118 | -i ${KEYSTONE_CONF_FILE} |
| 112 | 119 | ||
| 113 | sed "/# admin_endpoint = .*/a \ | 120 | sed "/# admin_endpoint = .*/a \ |
| 114 | admin_endpoint = http://%CONTROLLER_IP%:8081/keystone/admin/ " \ | 121 | admin_endpoint = http://%CONTROLLER_IP%:8081/keystone/admin/ " \ |
| 115 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | 122 | -i ${KEYSTONE_CONF_FILE} |
| 116 | 123 | ||
| 117 | sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" \ | 124 | sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE} |
| 118 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | 125 | sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE} |
| 119 | sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_DIR}/keystone.conf | 126 | sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE} |
| 120 | sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" \ | 127 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE} |
| 121 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | 128 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE} |
| 122 | 129 | sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE} | |
| 123 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" \ | ||
| 124 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | ||
| 125 | sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" \ | ||
| 126 | -i ${KEYSTONE_CONF_DIR}/identity.sh | ||
| 127 | |||
| 128 | sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" \ | ||
| 129 | -i ${KEYSTONE_CONF_DIR}/keystone.conf | ||
| 130 | |||
| 131 | # sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" \ | ||
| 132 | # -i ${D}${sysconfdir}/init.d/keystone | ||
| 133 | # sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" \ | ||
| 134 | # -i ${D}${sysconfdir}/init.d/keystone | ||
| 135 | # sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" \ | ||
| 136 | # -i ${D}${sysconfdir}/init.d/keystone | ||
| 137 | 130 | ||
| 138 | install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp | 131 | install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp |
| 139 | |||
| 140 | if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then | 132 | if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then |
| 141 | sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \ | 133 | sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \ |
| 142 | -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf | 134 | -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf |
| @@ -180,38 +172,13 @@ role_member_attribute = member \ | |||
| 180 | role_id_attribute = cn \ | 172 | role_id_attribute = cn \ |
| 181 | role_name_attribute = ou \ | 173 | role_name_attribute = ou \ |
| 182 | role_tree_dn = ou=Roles,${LDAP_DN} \ | 174 | role_tree_dn = ou=Roles,${LDAP_DN} \ |
| 183 | ' ${D}${sysconfdir}/keystone/keystone.conf | 175 | ' ${KEYSTONE_CONF_FILE} |
| 184 | 176 | ||
| 185 | install -m 0755 ${WORKDIR}/convert_keystone_backend.py \ | 177 | install -m 0755 ${WORKDIR}/convert_keystone_backend.py \ |
| 186 | ${D}${sysconfdir}/keystone/convert_keystone_backend.py | 178 | ${D}${sysconfdir}/keystone/convert_keystone_backend.py |
| 187 | fi | 179 | fi |
| 188 | } | 180 | } |
| 189 | 181 | ||
| 190 | pkg_postinst_${SRCNAME}-setup () { | ||
| 191 | # python-keystone postinst start | ||
| 192 | if [ -z "$D" ]; then | ||
| 193 | # This is to make sure postgres is configured and running | ||
| 194 | if ! pidof postmaster > /dev/null; then | ||
| 195 | /etc/init.d/postgresql-init | ||
| 196 | /etc/init.d/postgresql start | ||
| 197 | sleep 2 | ||
| 198 | fi | ||
| 199 | |||
| 200 | # This is to make sure keystone is configured and running | ||
| 201 | PIDFILE="/var/run/keystone-all.pid" | ||
| 202 | if [ -z `cat $PIDFILE 2>/dev/null` ]; then | ||
| 203 | sudo -u postgres createdb keystone | ||
| 204 | keystone-manage db_sync | ||
| 205 | keystone-manage pki_setup --keystone-user=root --keystone-group=daemon | ||
| 206 | |||
| 207 | if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then | ||
| 208 | /etc/init.d/openldap start | ||
| 209 | fi | ||
| 210 | /etc/init.d/keystone start | ||
| 211 | fi | ||
| 212 | fi | ||
| 213 | } | ||
| 214 | |||
| 215 | # By default tokens are expired after 1 day so by default we can set | 182 | # By default tokens are expired after 1 day so by default we can set |
| 216 | # this token flush cronjob to run every 2 days | 183 | # this token flush cronjob to run every 2 days |
| 217 | KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *" | 184 | KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *" |
| @@ -226,7 +193,12 @@ pkg_postinst_${SRCNAME}-cronjobs () { | |||
| 226 | 193 | ||
| 227 | PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs" | 194 | PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs" |
| 228 | 195 | ||
| 229 | ALLOW_EMPTY_${SRCNAME}-setup = "1" | 196 | SYSTEMD_PACKAGES += "${SRCNAME}-setup" |
| 197 | SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service" | ||
| 198 | |||
| 199 | FILES_${SRCNAME}-setup = " \ | ||
| 200 | ${systemd_unitdir}/system \ | ||
| 201 | " | ||
| 230 | 202 | ||
| 231 | ALLOW_EMPTY_${SRCNAME}-cronjobs = "1" | 203 | ALLOW_EMPTY_${SRCNAME}-cronjobs = "1" |
| 232 | 204 | ||
| @@ -237,10 +209,9 @@ FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh" | |||
| 237 | 209 | ||
| 238 | FILES_${SRCNAME} = "${bindir}/* \ | 210 | FILES_${SRCNAME} = "${bindir}/* \ |
| 239 | ${sysconfdir}/${SRCNAME}/* \ | 211 | ${sysconfdir}/${SRCNAME}/* \ |
| 240 | ${sysconfdir}/init.d/* \ | ||
| 241 | ${localstatedir}/* \ | 212 | ${localstatedir}/* \ |
| 242 | ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \ | 213 | ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \ |
| 243 | ${sysconfdir}/apache2/conf.d/wsgi-keystone.conf \ | 214 | ${sysconfdir}/apache2/conf.d/keystone.conf \ |
| 244 | " | 215 | " |
| 245 | 216 | ||
| 246 | DEPENDS += " \ | 217 | DEPENDS += " \ |
| @@ -306,9 +277,5 @@ RDEPENDS_${SRCNAME} = " \ | |||
| 306 | RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}" | 277 | RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}" |
| 307 | RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}" | 278 | RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}" |
| 308 | 279 | ||
| 309 | INITSCRIPT_PACKAGES = "${SRCNAME}" | ||
| 310 | INITSCRIPT_NAME_${SRCNAME} = "keystone" | ||
| 311 | INITSCRIPT_PARAMS_${SRCNAME} = "${OS_DEFAULT_INITSCRIPT_PARAMS}" | ||
| 312 | |||
| 313 | MONITOR_SERVICE_PACKAGES = "${SRCNAME}" | 280 | MONITOR_SERVICE_PACKAGES = "${SRCNAME}" |
| 314 | MONITOR_SERVICE_${SRCNAME} = "keystone" | 281 | MONITOR_SERVICE_${SRCNAME} = "keystone" |