diff options
| author | Andy Ning <andy.ning@windriver.com> | 2014-07-16 11:28:48 -0400 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2014-07-31 15:15:31 -0400 |
| commit | dfcdedf2fa46a3dcbfd7d1af300deeae6b496eb7 (patch) | |
| tree | 2f3e07bdb3b305e00e9fd99aa87cf447be9c7918 /meta-openstack | |
| parent | be2e56c0bbd019e450beca62f1cad13cf5fe37e4 (diff) | |
| download | meta-cloud-services-dfcdedf2fa46a3dcbfd7d1af300deeae6b496eb7.tar.gz | |
Keystone: build time incremental/programatic user additions
Instead of creating tenant/user/role and service/endpoint for all
openstack services in keystone postinstall, now each of the services
creates keystone identities by itself in its own postinstall.
The exiting identity.bbclass has been re-written so that each of
the individual postinstalls will queue up keystone identity creation
in /etc/keystone/service-user-setup at runtime. And
service-user-setup will be run as the last postinstall to create
keytstone identities for all the services.
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Diffstat (limited to 'meta-openstack')
| -rw-r--r-- | meta-openstack/classes/identity.bbclass | 182 |
1 files changed, 178 insertions, 4 deletions
diff --git a/meta-openstack/classes/identity.bbclass b/meta-openstack/classes/identity.bbclass index 70191a5..424d946 100644 --- a/meta-openstack/classes/identity.bbclass +++ b/meta-openstack/classes/identity.bbclass | |||
| @@ -1,7 +1,181 @@ | |||
| 1 | # | ||
| 2 | # Copyright (C) 2014 Wind River Systems, Inc. | ||
| 3 | # | ||
| 4 | # The identity class provides utilities for services to add tenant/role/users, | ||
| 5 | # and service/endpoints into keystone database | ||
| 6 | # | ||
| 7 | |||
| 1 | SERVICE_TOKEN = "password" | 8 | SERVICE_TOKEN = "password" |
| 2 | ADMIN_PASSWORD = "password" | 9 | METADATA_SHARED_SECRET = "password" |
| 3 | SERVICE_PASSWORD = "password" | 10 | |
| 4 | SERVICE_TENANT_NAME = "service" | ||
| 5 | DB_USER = "admin" | 11 | DB_USER = "admin" |
| 6 | DB_PASSWORD = "admin" | 12 | DB_PASSWORD = "admin" |
| 7 | METADATA_SHARED_SECRET = "password" | 13 | |
| 14 | SERVICE_TENANT_NAME = "service" | ||
| 15 | SERVICE_PASSWORD = "password" | ||
| 16 | |||
| 17 | ADMIN_TENANT = "admin" | ||
| 18 | ADMIN_USER = "admin" | ||
| 19 | ADMIN_PASSWORD = "password" | ||
| 20 | ADMIN_ROLE = "admin" | ||
| 21 | ADMIN_USER_EMAIL = "admin@domain.com" | ||
| 22 | |||
| 23 | MEMBER_ROLE = "Member" | ||
| 24 | |||
| 25 | RUN_POSTINSTS_FILE = "${@base_contains('DISTRO_FEATURES', 'sysvinit', '/etc/rcS.d/S98run-postinsts', '', d)}" | ||
| 26 | |||
| 27 | # Add service and user setup into S98run-postinst running list | ||
| 28 | ROOTFS_POSTPROCESS_COMMAND += "update_run_postinsts ; " | ||
| 29 | POST_SERVICE_SETUP_COMMAND = "/etc/keystone/service-user-setup" | ||
| 30 | |||
| 31 | update_run_postinsts() { | ||
| 32 | if [ -f "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" ]; then | ||
| 33 | cat >> "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" << EOF | ||
| 34 | |||
| 35 | # run service and user setup | ||
| 36 | if [ -f ${POST_SERVICE_SETUP_COMMAND} ]; then | ||
| 37 | chmod 755 ${POST_SERVICE_SETUP_COMMAND} | ||
| 38 | ${POST_SERVICE_SETUP_COMMAND} | ||
| 39 | fi | ||
| 40 | |||
| 41 | # run hybrid backend setup | ||
| 42 | if [ -f ${POST_KEYSTONE_SETUP_COMMAND} ]; then | ||
| 43 | chmod 755 ${POST_KEYSTONE_SETUP_COMMAND} | ||
| 44 | ${POST_KEYSTONE_SETUP_COMMAND} | ||
| 45 | fi | ||
| 46 | EOF | ||
| 47 | fi | ||
| 48 | } | ||
| 49 | |||
| 50 | # Create user and service in package postinst, common part | ||
| 51 | servicecreate_postinst_common () { | ||
| 52 | |||
| 53 | # create service and user setup postinstall file | ||
| 54 | if [ ! -e ${POST_SERVICE_SETUP_COMMAND} ]; then | ||
| 55 | cat > ${POST_SERVICE_SETUP_COMMAND} << EOF | ||
| 56 | #!/bin/sh | ||
| 57 | EOF | ||
| 58 | fi | ||
| 59 | } | ||
| 60 | |||
| 61 | # Create user in package postinst | ||
| 62 | servicecreate_postinst_user () { | ||
| 63 | |||
| 64 | # create tenant/user/role in keystone | ||
| 65 | cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF | ||
| 66 | |||
| 67 | /etc/keystone/identity.sh user-create USERCREATE_PARAM | ||
| 68 | EOF | ||
| 69 | } | ||
| 70 | |||
| 71 | # Create service in package postinst | ||
| 72 | servicecreate_postinst_service () { | ||
| 73 | |||
| 74 | # create service/endpoint in keystone | ||
| 75 | cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF | ||
| 76 | |||
| 77 | /etc/keystone/identity.sh service-create SERVICECREATE_PARAM | ||
| 78 | EOF | ||
| 79 | } | ||
| 80 | |||
| 81 | # Recipe parse-time sanity checks | ||
| 82 | def sanity_check(d): | ||
| 83 | servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or "" | ||
| 84 | |||
| 85 | for pkg in servicecreate_packages.split(): | ||
| 86 | # User parameters checking. | ||
| 87 | if not d.getVar('USERCREATE_PARAM_%s' % pkg, True) and not d.getVar('SERVICECREATE_PARAM_%s' % pkg, True): | ||
| 88 | raise bb.build.FuncFailed, "%s SERVICECREATE_PACKAGES includes %s, but neither USERCREATE_PARAM_%s nor SERVICECREATE_PARAM_%s is set" % (d.getVar('FILE'), pkg, pkg, pkg) | ||
| 89 | |||
| 90 | python __anonymous() { | ||
| 91 | sanity_check(d) | ||
| 92 | } | ||
| 93 | |||
| 94 | # Get user variables from recipe and return a string that will be passed to identity.sh | ||
| 95 | def usercreate_param(d, pkg): | ||
| 96 | # Default values | ||
| 97 | param_defaults = {'name':'${SRCNAME}',\ | ||
| 98 | 'pass':'${SERVICE_PASSWORD}',\ | ||
| 99 | 'tenant':'${SERVICE_TENANT_NAME}',\ | ||
| 100 | 'role':'${ADMIN_ROLE}',\ | ||
| 101 | 'email':'${SRCNAME}@domain.com'} | ||
| 102 | |||
| 103 | param = d.getVar('USERCREATE_PARAM_%s' % pkg, True) | ||
| 104 | param_flags = d.getVarFlags('USERCREATE_PARAM_%s' % pkg) or {} | ||
| 105 | |||
| 106 | for key, value in param_defaults.items(): | ||
| 107 | if key in param.split(): | ||
| 108 | if param_flags.has_key(key): | ||
| 109 | param_defaults[key] = param_flags[key] | ||
| 110 | else: | ||
| 111 | param_defaults[key] = '' | ||
| 112 | |||
| 113 | user_param = '--name=' + param_defaults['name'] + ' ' \ | ||
| 114 | + '--pass=' + param_defaults['pass'] + ' ' \ | ||
| 115 | + '--tenant=' + param_defaults['tenant'] + ' ' \ | ||
| 116 | + '--role=' + param_defaults['role'] + ' ' \ | ||
| 117 | + '--email=' + param_defaults['email'] | ||
| 118 | |||
| 119 | bb.debug(1, 'user_param = %s' % user_param) | ||
| 120 | return user_param | ||
| 121 | |||
| 122 | # Get service variables from recipe and return a string that will be passed to identity.sh | ||
| 123 | def servicecreate_param(d, pkg): | ||
| 124 | # Default values | ||
| 125 | param_defaults = {'name':'${SRCNAME}',\ | ||
| 126 | 'type':'',\ | ||
| 127 | 'description':'',\ | ||
| 128 | 'region':'RegionOne',\ | ||
| 129 | 'publicurl':'',\ | ||
| 130 | 'adminurl':'',\ | ||
| 131 | 'internalurl':''} | ||
| 132 | |||
| 133 | param = d.getVar('SERVICECREATE_PARAM_%s' % pkg, True) | ||
| 134 | param_flags = d.getVarFlags('SERVICECREATE_PARAM_%s' % pkg) or {} | ||
| 135 | |||
| 136 | for key, value in param_defaults.items(): | ||
| 137 | if key in param.split(): | ||
| 138 | if param_flags.has_key(key): | ||
| 139 | param_defaults[key] = param_flags[key] | ||
| 140 | else: | ||
| 141 | param_defaults[key] = '' | ||
| 142 | |||
| 143 | service_param = '--name=' + param_defaults['name'] + ' ' \ | ||
| 144 | + '--type=' + param_defaults['type'] + ' ' \ | ||
| 145 | + '--description=' + param_defaults['description'] + ' ' \ | ||
| 146 | + '--region=' + param_defaults['region'] + ' ' \ | ||
| 147 | + '--publicurl=' + param_defaults['publicurl'] + ' ' \ | ||
| 148 | + '--adminurl=' + param_defaults['adminurl'] + ' ' \ | ||
| 149 | + '--internalurl=' + param_defaults['internalurl'] | ||
| 150 | |||
| 151 | bb.debug(1, 'service_param = %s' % service_param) | ||
| 152 | return service_param | ||
| 153 | |||
| 154 | # Add the postinst script into the generated package | ||
| 155 | python populate_packages_append () { | ||
| 156 | servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or "" | ||
| 157 | |||
| 158 | servicecreate_postinst_common_copy = d.getVar('servicecreate_postinst_common', True) | ||
| 159 | servicecreate_postinst_user_copy = d.getVar('servicecreate_postinst_user', True) | ||
| 160 | servicecreate_postinst_service_copy = d.getVar('servicecreate_postinst_service', True) | ||
| 161 | for pkg in servicecreate_packages.split(): | ||
| 162 | bb.debug(1, 'Adding service/user creation calls to postinst for %s' % pkg) | ||
| 163 | |||
| 164 | postinst = d.getVar('pkg_postinst_%s' % pkg, True) or d.getVar('pkg_postinst', True) | ||
| 165 | if not postinst: | ||
| 166 | postinst = ' if [ "x$D" != "x" ]; then\n' + \ | ||
| 167 | ' exit 1\n' + \ | ||
| 168 | ' fi\n' | ||
| 169 | postinst += servicecreate_postinst_common_copy | ||
| 170 | |||
| 171 | if d.getVar('USERCREATE_PARAM_%s' % pkg, True): | ||
| 172 | servicecreate_postinst_user = servicecreate_postinst_user_copy.replace("USERCREATE_PARAM", usercreate_param(d, pkg)) | ||
| 173 | postinst += servicecreate_postinst_user | ||
| 174 | |||
| 175 | if d.getVar('SERVICECREATE_PARAM_%s' % pkg, True): | ||
| 176 | servicecreate_postinst_service = servicecreate_postinst_service_copy.replace("SERVICECREATE_PARAM", servicecreate_param(d, pkg)) | ||
| 177 | postinst += servicecreate_postinst_service | ||
| 178 | |||
| 179 | d.setVar('pkg_postinst_%s' % pkg, postinst) | ||
| 180 | bb.debug(1, 'pkg_postinst_%s = %s' % (pkg, d.getVar('pkg_postinst_%s' % pkg, True))) | ||
| 181 | } | ||