4 files changed, 122 insertions, 151 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone b/meta-openstack/recipes-devtools/python/python-keystone/keystone
deleted file mode 100644
index 34cc3ad..0000000
--- a/meta-openstack/recipes-devtools/python/python-keystone/keystone
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides:          keystone
-# Required-Start: $remote_fs $network $syslog
-# Required-Stop: $remote_fs $syslog
-# Default-Start:     3 5
-# Default-Stop:      0 1 2 6
-# Short-Description: Keystone Server
-# Description: OpenStack identity Service (code-named keystone)
-### END INIT INFO
-DESC="keystone"
-DAEMON="uwsgi"
-DAEMON_OPTIONS="--http 127.0.0.1:35357 --wsgi-file $(which keystone-wsgi-admin)"
-PIDFILE="/var/run/keystone-all.pid"
-start ()
-{
-    if [ -e $PIDFILE ]; then
-        PIDDIR=/proc/$(cat $PIDFILE)
-        if [ -d ${PIDDIR} ]; then
-            echo "$DESC already running."
-            exit 1
-        else
-            echo "Removing stale PID file $PIDFILE"
-            rm -f $PIDFILE
-        fi
-    fi
-    if [ ! -d /var/log/keystone ]; then
-        mkdir /var/log/keystone                                                     
-    fi
-    echo -n "Starting $DESC..."
-    start-stop-daemon --start --quiet --background \
-        --pidfile ${PIDFILE} --make-pidfile --exec ${DAEMON} \
-        -- ${DAEMON_OPTIONS}
-    if [ $? -eq 0 ]; then
-        echo "done."
-    else
-        echo "failed."
-    fi
-}
-stop ()
-{
-    echo -n "Stopping $DESC..."
-    start-stop-daemon --stop --quiet --pidfile $PIDFILE
-    if [ $? -eq 0 ]; then
-        echo "done."
-    else
-        echo "failed."
-    fi
-    rm -f $PIDFILE
-}
-status()
-{
-    pid=`cat $PIDFILE 2>/dev/null`
-    if [ -n "$pid" ]; then
-        if ps -p $pid > /dev/null 2>&1 ; then
-            echo "$DESC is running"
-            return
-        fi
-    fi
-    echo "$DESC is not running"
-}
-reset()
-{
-    # Cleanup keystone tenant
-    . /etc/nova/openrc
-    simple_delete "keystone user-list" "keystone user-delete" 1 "keystone user"
-    simple_delete "keystone tenant-list" "keystone tenant-delete" 1 "keystone tenant"
-    simple_delete "keystone role-list" "keystone role-delete" 1 "keystone role"
-    simple_delete "keystone endpoint-list" "keystone endpoint-delete" 1 "keystone endpoint"
-    simple_delete "keystone service-list" "keystone service-delete" 1 "keystone service"
-    stop
-    # This is to make sure postgres is configured and running
-    if ! pidof postmaster > /dev/null; then
-        /etc/init.d/postgresql-init
-        /etc/init.d/postgresql start
-        sleep 2
-    fi
-    sudo -u postgres dropdb keystone
-    sudo -u postgres createdb keystone
-    keystone-manage db_sync
-    keystone-manage pki_setup --keystone-user=root --keystone-group=root
-    start
-    sleep 2
-    ADMIN_PASSWORD=%ADMIN_PASSWORD% \
-    SERVICE_PASSWORD=%SERVICE_PASSWORD% \
-    SERVICE_TENANT_NAME=%SERVICE_TENANT_NAME% \
-        bash /etc/keystone/service-user-setup
-}
-case "$1" in
-    start)
-        start
-        ;;
-    stop)
-        stop
-        ;;
-    restart|force-reload|reload)
-        stop
-        start
-        ;;
-    status)
-        status
-        ;;
-    reset)
-        reset
-        ;;
-    *)
-        echo "Usage: $0 {start|stop|force-reload|restart|reload|status|reset}"
-        exit 1
-        ;;
-esac
-exit 0
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init
new file mode 100644
index 0000000..db4b4fa
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init
@@ -0,0 +1,60 @@
+#!/bin/bash
+#
+# Basic keystone setup as described on:
+# https://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-install.html
+# https://docs.openstack.org/keystone/pike/install/keystone-install-ubuntu.html
+#
+# Prerequisites: /etc/postgresql/postgresql-init must be run first to create the DB
+#
+# After complete you should be able to query keystone with something like the 
+# following (https://docs.openstack.org/keystone/latest/api_curl_examples.html)
+#
+#curl -i \
+#  -H "Content-Type: application/json" \
+#  -d '
+#{ "auth": {
+#    "identity": {
+#      "methods": ["password"],
+#      "password": {
+#        "user": {
+#          "name": "%ADMIN_USER%",
+#          "domain": { "id": "default" },
+#          "password": "%ADMIN_PASSWORD%"
+#        }
+#      }
+#    }
+#  }
+#}' \
+#  "http://localhost:5000/v3/auth/tokens" ; echo
+# Substitutions setup at do_intall()
+DB_USER=%DB_USER%
+KEYSTONE_USER=%KEYSTONE_USER%
+KEYSTONE_GROUP=%KEYSTONE_GROUP%
+CONTROLLER_IP=%CONTROLLER_IP%
+ADMIN_USER=%ADMIN_USER%
+ADMIN_PASSWORD=%ADMIN_PASSWORD%
+ADMIN_ROLE=%ADMIN_ROLE%
+# Create the keystone DB and grant the necessary permissions
+sudo -u postgres psql -c "CREATE DATABASE keystone" 2> /dev/null
+sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE keystone TO ${DB_USER}" 2> /dev/null
+keystone-manage db_sync
+keystone-manage fernet_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
+keystone-manage credential_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
+keystone-manage bootstrap \
+  --bootstrap-password ${ADMIN_PASSWORD} \
+  --bootstrap-username ${ADMIN_USER} \
+  --bootstrap-project-name admin \
+  --bootstrap-role-name ${ADMIN_ROLE} \
+  --bootstrap-service-name keystone \
+  --bootstrap-region-id RegionOne \
+  --bootstrap-admin-url http://${CONTROLLER_IP}:35357 \
+  --bootstrap-internal-url http://${CONTROLLER_IP}:5000 \
+  --bootstrap-public-url http://${CONTROLLER_IP}:5000
+#keystone-manage pki_setup --keystone-user=root --keystone-group=daemon
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service
new file mode 100644
index 0000000..b114806
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Barebones OpenStack keystone initialization
+After=postgresql-init.service
+[Service]
+Type=oneshot
+ExecStart=%SYSCONFIGDIR%/keystone/keystone-init
+ExecStartPost=/bin/systemctl --no-reload disable keystone-init.service
+RemainAfterExit=No
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
index 91b95f6..febf1d7 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
+++ b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
@@ -1,25 +1,52 @@
-Listen 8081
+Listen 5000
-<VirtualHost *:8081>
+Listen 35357
-    ServerAdmin webmaster@localhost
-    WSGIApplicationGroup %{RESOURCE}
+<VirtualHost *:5000>
-    WSGIDaemonProcess keystone threads=15 display-name=%{GROUP}
+    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
-    WSGIProcessGroup keystone
+    WSGIProcessGroup keystone-public
-    WSGIScriptAlias /keystone/main  /var/www/cgi-bin/keystone/main
+    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
-    WSGIScriptAlias /keystone/admin  /var/www/cgi-bin/keystone/admin
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    ErrorLogFormat "%{cu}t %M"
-    <Location "/keystone">
+    ErrorLog /var/log/apache2/keystone.log
-        Authtype none
+    CustomLog /var/log/apache2/keystone_access.log combined
-    </Location>
+    <Directory /usr/bin>
-    <Directory /var/www/cgi-bin/keystone/>
+        Require all granted
-        <IfVersion < 2.3>
+    </Directory>
-            Order allow,deny
+</VirtualHost>
-            Allow from all
-        </IfVersion>
+<VirtualHost *:35357>
+    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
-        <IfVersion >= 2.3>
+    WSGIProcessGroup keystone-admin
-            Require all granted
+    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
-        </IfVersion>
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    ErrorLogFormat "%{cu}t %M"
+    ErrorLog /var/log/apache2/keystone.log
+    CustomLog /var/log/apache2/keystone_access.log combined
+    <Directory /usr/bin>
+        Require all granted
    </Directory>
 </VirtualHost>
+Alias /identity /usr/bin/keystone-wsgi-public
+<Location /identity>
+    SetHandler wsgi-script
+    Options +ExecCGI
+    WSGIProcessGroup keystone-public
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+</Location>
+Alias /identity_admin /usr/bin/keystone-wsgi-admin
+<Location /identity_admin>
+    SetHandler wsgi-script
+    Options +ExecCGI
+    WSGIProcessGroup keystone-admin
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+</Location>

diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone b/meta-openstack/recipes-devtools/python/python-keystone/keystone deleted file mode 100644 index 34cc3ad..0000000 --- a/meta-openstack/recipes-devtools/python/python-keystone/keystone +++ /dev/null
@@ -1,128 +0,0 @@
1	#!/bin/sh
2
3	### BEGIN INIT INFO
4	# Provides: keystone
5	# Required-Start: $remote_fs $network $syslog
6	# Required-Stop: $remote_fs $syslog
7	# Default-Start: 3 5
8	# Default-Stop: 0 1 2 6
9	# Short-Description: Keystone Server
10	# Description: OpenStack identity Service (code-named keystone)
11	### END INIT INFO
12
13	DESC="keystone"
14	DAEMON="uwsgi"
15	DAEMON_OPTIONS="--http 127.0.0.1:35357 --wsgi-file $(which keystone-wsgi-admin)"
16	PIDFILE="/var/run/keystone-all.pid"
17
18	start ()
19	{
20	if [ -e $PIDFILE ]; then
21	PIDDIR=/proc/$(cat $PIDFILE)
22	if [ -d ${PIDDIR} ]; then
23	echo "$DESC already running."
24	exit 1
25	else
26	echo "Removing stale PID file $PIDFILE"
27	rm -f $PIDFILE
28	fi
29	fi
30
31	if [ ! -d /var/log/keystone ]; then
32	mkdir /var/log/keystone
33	fi
34	echo -n "Starting $DESC..."
35
36	start-stop-daemon --start --quiet --background \
37	--pidfile ${PIDFILE} --make-pidfile --exec ${DAEMON} \
38	-- ${DAEMON_OPTIONS}
39
40	if [ $? -eq 0 ]; then
41	echo "done."
42	else
43	echo "failed."
44	fi
45	}
46
47	stop ()
48	{
49	echo -n "Stopping $DESC..."
50	start-stop-daemon --stop --quiet --pidfile $PIDFILE
51	if [ $? -eq 0 ]; then
52	echo "done."
53	else
54	echo "failed."
55	fi
56	rm -f $PIDFILE
57	}
58
59	status()
60	{
61	pid=`cat $PIDFILE 2>/dev/null`
62	if [ -n "$pid" ]; then
63	if ps -p $pid > /dev/null 2>&1 ; then
64	echo "$DESC is running"
65	return
66	fi
67	fi
68	echo "$DESC is not running"
69	}
70
71	reset()
72	{
73	# Cleanup keystone tenant
74	. /etc/nova/openrc
75	simple_delete "keystone user-list" "keystone user-delete" 1 "keystone user"
76	simple_delete "keystone tenant-list" "keystone tenant-delete" 1 "keystone tenant"
77	simple_delete "keystone role-list" "keystone role-delete" 1 "keystone role"
78	simple_delete "keystone endpoint-list" "keystone endpoint-delete" 1 "keystone endpoint"
79	simple_delete "keystone service-list" "keystone service-delete" 1 "keystone service"
80
81	stop
82
83	# This is to make sure postgres is configured and running
84	if ! pidof postmaster > /dev/null; then
85	/etc/init.d/postgresql-init
86	/etc/init.d/postgresql start
87	sleep 2
88	fi
89
90	sudo -u postgres dropdb keystone
91	sudo -u postgres createdb keystone
92	keystone-manage db_sync
93	keystone-manage pki_setup --keystone-user=root --keystone-group=root
94
95	start
96
97	sleep 2
98
99	ADMIN_PASSWORD=%ADMIN_PASSWORD% \
100	SERVICE_PASSWORD=%SERVICE_PASSWORD% \
101	SERVICE_TENANT_NAME=%SERVICE_TENANT_NAME% \
102	bash /etc/keystone/service-user-setup
103	}
104
105	case "$1" in
106	start)
107	start
108	;;
109	stop)
110	stop
111	;;
112	restart\|force-reload\|reload)
113	stop
114	start
115	;;
116	status)
117	status
118	;;
119	reset)
120	reset
121	;;
122	*)
123	echo "Usage: $0 {start\|stop\|force-reload\|restart\|reload\|status\|reset}"
124	exit 1
125	;;
126	esac
127
128	exit 0


diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init new file mode 100644 index 0000000..db4b4fa --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init
@@ -0,0 +1,60 @@
		1	#!/bin/bash
		2	#
		3	# Basic keystone setup as described on:
		4	# https://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-install.html
		5	# https://docs.openstack.org/keystone/pike/install/keystone-install-ubuntu.html
		6	#
		7	# Prerequisites: /etc/postgresql/postgresql-init must be run first to create the DB
		8	#
		9	# After complete you should be able to query keystone with something like the
		10	# following (https://docs.openstack.org/keystone/latest/api_curl_examples.html)
		11	#
		12	#curl -i \
		13	# -H "Content-Type: application/json" \
		14	# -d '
		15	#{ "auth": {
		16	# "identity": {
		17	# "methods": ["password"],
		18	# "password": {
		19	# "user": {
		20	# "name": "%ADMIN_USER%",
		21	# "domain": { "id": "default" },
		22	# "password": "%ADMIN_PASSWORD%"
		23	# }
		24	# }
		25	# }
		26	# }
		27	#}' \
		28	# "http://localhost:5000/v3/auth/tokens" ; echo
		29
		30
		31	# Substitutions setup at do_intall()
		32	DB_USER=%DB_USER%
		33	KEYSTONE_USER=%KEYSTONE_USER%
		34	KEYSTONE_GROUP=%KEYSTONE_GROUP%
		35	CONTROLLER_IP=%CONTROLLER_IP%
		36	ADMIN_USER=%ADMIN_USER%
		37	ADMIN_PASSWORD=%ADMIN_PASSWORD%
		38	ADMIN_ROLE=%ADMIN_ROLE%
		39
		40	# Create the keystone DB and grant the necessary permissions
		41	sudo -u postgres psql -c "CREATE DATABASE keystone" 2> /dev/null
		42	sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE keystone TO ${DB_USER}" 2> /dev/null
		43
		44	keystone-manage db_sync
		45
		46	keystone-manage fernet_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
		47	keystone-manage credential_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
		48
		49	keystone-manage bootstrap \
		50	--bootstrap-password ${ADMIN_PASSWORD} \
		51	--bootstrap-username ${ADMIN_USER} \
		52	--bootstrap-project-name admin \
		53	--bootstrap-role-name ${ADMIN_ROLE} \
		54	--bootstrap-service-name keystone \
		55	--bootstrap-region-id RegionOne \
		56	--bootstrap-admin-url http://${CONTROLLER_IP}:35357 \
		57	--bootstrap-internal-url http://${CONTROLLER_IP}:5000 \
		58	--bootstrap-public-url http://${CONTROLLER_IP}:5000
		59
		60	#keystone-manage pki_setup --keystone-user=root --keystone-group=daemon


diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service new file mode 100644 index 0000000..b114806 --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service
@@ -0,0 +1,12 @@
		1	[Unit]
		2	Description=Barebones OpenStack keystone initialization
		3	After=postgresql-init.service
		4
		5	[Service]
		6	Type=oneshot
		7	ExecStart=%SYSCONFIGDIR%/keystone/keystone-init
		8	ExecStartPost=/bin/systemctl --no-reload disable keystone-init.service
		9	RemainAfterExit=No
		10
		11	[Install]
		12	WantedBy=multi-user.target


diff --git a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf index 91b95f6..febf1d7 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf +++ b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
@@ -1,25 +1,52 @@
1	Listen 8081	1	Listen 5000
2	<VirtualHost *:8081>	2	Listen 35357
3	ServerAdmin webmaster@localhost	3
4	WSGIApplicationGroup %{RESOURCE}	4	<VirtualHost *:5000>
5	WSGIDaemonProcess keystone threads=15 display-name=%{GROUP}	5	WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
6	WSGIProcessGroup keystone	6	WSGIProcessGroup keystone-public
7	WSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/main	7	WSGIScriptAlias / /usr/bin/keystone-wsgi-public
8	WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin	8	WSGIApplicationGroup %{GLOBAL}
9		9	WSGIPassAuthorization On
10		10	ErrorLogFormat "%{cu}t %M"
11	<Location "/keystone">	11	ErrorLog /var/log/apache2/keystone.log
12	Authtype none	12	CustomLog /var/log/apache2/keystone_access.log combined
13	</Location>	13
14		14	<Directory /usr/bin>
15	<Directory /var/www/cgi-bin/keystone/>	15	Require all granted
16	<IfVersion < 2.3>	16	</Directory>
17	Order allow,deny	17	</VirtualHost>
18	Allow from all	18
19	</IfVersion>	19	<VirtualHost *:35357>
20		20	WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
21	<IfVersion >= 2.3>	21	WSGIProcessGroup keystone-admin
22	Require all granted	22	WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
23	</IfVersion>	23	WSGIApplicationGroup %{GLOBAL}
		24	WSGIPassAuthorization On
		25	ErrorLogFormat "%{cu}t %M"
		26	ErrorLog /var/log/apache2/keystone.log
		27	CustomLog /var/log/apache2/keystone_access.log combined
		28
		29	<Directory /usr/bin>
		30	Require all granted
24	</Directory>	31	</Directory>
25	</VirtualHost>	32	</VirtualHost>
		33
		34	Alias /identity /usr/bin/keystone-wsgi-public
		35	<Location /identity>
		36	SetHandler wsgi-script
		37	Options +ExecCGI
		38
		39	WSGIProcessGroup keystone-public
		40	WSGIApplicationGroup %{GLOBAL}
		41	WSGIPassAuthorization On
		42	</Location>
		43
		44	Alias /identity_admin /usr/bin/keystone-wsgi-admin
		45	<Location /identity_admin>
		46	SetHandler wsgi-script
		47	Options +ExecCGI
		48
		49	WSGIProcessGroup keystone-admin
		50	WSGIApplicationGroup %{GLOBAL}
		51	WSGIPassAuthorization On
		52	</Location>