5 files changed, 170 insertions, 232 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone b/meta-openstack/recipes-devtools/python/python-keystone/keystone
deleted file mode 100644
index 34cc3ad..0000000
--- a/meta-openstack/recipes-devtools/python/python-keystone/keystone
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides:          keystone
-# Required-Start: $remote_fs $network $syslog
-# Required-Stop: $remote_fs $syslog
-# Default-Start:     3 5
-# Default-Stop:      0 1 2 6
-# Short-Description: Keystone Server
-# Description: OpenStack identity Service (code-named keystone)
-### END INIT INFO
-DESC="keystone"
-DAEMON="uwsgi"
-DAEMON_OPTIONS="--http 127.0.0.1:35357 --wsgi-file $(which keystone-wsgi-admin)"
-PIDFILE="/var/run/keystone-all.pid"
-start ()
-{
-    if [ -e $PIDFILE ]; then
-        PIDDIR=/proc/$(cat $PIDFILE)
-        if [ -d ${PIDDIR} ]; then
-            echo "$DESC already running."
-            exit 1
-        else
-            echo "Removing stale PID file $PIDFILE"
-            rm -f $PIDFILE
-        fi
-    fi
-    if [ ! -d /var/log/keystone ]; then
-        mkdir /var/log/keystone                                                     
-    fi
-    echo -n "Starting $DESC..."
-    start-stop-daemon --start --quiet --background \
-        --pidfile ${PIDFILE} --make-pidfile --exec ${DAEMON} \
-        -- ${DAEMON_OPTIONS}
-    if [ $? -eq 0 ]; then
-        echo "done."
-    else
-        echo "failed."
-    fi
-}
-stop ()
-{
-    echo -n "Stopping $DESC..."
-    start-stop-daemon --stop --quiet --pidfile $PIDFILE
-    if [ $? -eq 0 ]; then
-        echo "done."
-    else
-        echo "failed."
-    fi
-    rm -f $PIDFILE
-}
-status()
-{
-    pid=`cat $PIDFILE 2>/dev/null`
-    if [ -n "$pid" ]; then
-        if ps -p $pid > /dev/null 2>&1 ; then
-            echo "$DESC is running"
-            return
-        fi
-    fi
-    echo "$DESC is not running"
-}
-reset()
-{
-    # Cleanup keystone tenant
-    . /etc/nova/openrc
-    simple_delete "keystone user-list" "keystone user-delete" 1 "keystone user"
-    simple_delete "keystone tenant-list" "keystone tenant-delete" 1 "keystone tenant"
-    simple_delete "keystone role-list" "keystone role-delete" 1 "keystone role"
-    simple_delete "keystone endpoint-list" "keystone endpoint-delete" 1 "keystone endpoint"
-    simple_delete "keystone service-list" "keystone service-delete" 1 "keystone service"
-    stop
-    # This is to make sure postgres is configured and running
-    if ! pidof postmaster > /dev/null; then
-        /etc/init.d/postgresql-init
-        /etc/init.d/postgresql start
-        sleep 2
-    fi
-    sudo -u postgres dropdb keystone
-    sudo -u postgres createdb keystone
-    keystone-manage db_sync
-    keystone-manage pki_setup --keystone-user=root --keystone-group=root
-    start
-    sleep 2
-    ADMIN_PASSWORD=%ADMIN_PASSWORD% \
-    SERVICE_PASSWORD=%SERVICE_PASSWORD% \
-    SERVICE_TENANT_NAME=%SERVICE_TENANT_NAME% \
-        bash /etc/keystone/service-user-setup
-}
-case "$1" in
-    start)
-        start
-        ;;
-    stop)
-        stop
-        ;;
-    restart|force-reload|reload)
-        stop
-        start
-        ;;
-    status)
-        status
-        ;;
-    reset)
-        reset
-        ;;
-    *)
-        echo "Usage: $0 {start|stop|force-reload|restart|reload|status|reset}"
-        exit 1
-        ;;
-esac
-exit 0
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init
new file mode 100644
index 0000000..db4b4fa
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init
@@ -0,0 +1,60 @@
+#!/bin/bash
+#
+# Basic keystone setup as described on:
+# https://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-install.html
+# https://docs.openstack.org/keystone/pike/install/keystone-install-ubuntu.html
+#
+# Prerequisites: /etc/postgresql/postgresql-init must be run first to create the DB
+#
+# After complete you should be able to query keystone with something like the 
+# following (https://docs.openstack.org/keystone/latest/api_curl_examples.html)
+#
+#curl -i \
+#  -H "Content-Type: application/json" \
+#  -d '
+#{ "auth": {
+#    "identity": {
+#      "methods": ["password"],
+#      "password": {
+#        "user": {
+#          "name": "%ADMIN_USER%",
+#          "domain": { "id": "default" },
+#          "password": "%ADMIN_PASSWORD%"
+#        }
+#      }
+#    }
+#  }
+#}' \
+#  "http://localhost:5000/v3/auth/tokens" ; echo
+# Substitutions setup at do_intall()
+DB_USER=%DB_USER%
+KEYSTONE_USER=%KEYSTONE_USER%
+KEYSTONE_GROUP=%KEYSTONE_GROUP%
+CONTROLLER_IP=%CONTROLLER_IP%
+ADMIN_USER=%ADMIN_USER%
+ADMIN_PASSWORD=%ADMIN_PASSWORD%
+ADMIN_ROLE=%ADMIN_ROLE%
+# Create the keystone DB and grant the necessary permissions
+sudo -u postgres psql -c "CREATE DATABASE keystone" 2> /dev/null
+sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE keystone TO ${DB_USER}" 2> /dev/null
+keystone-manage db_sync
+keystone-manage fernet_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
+keystone-manage credential_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
+keystone-manage bootstrap \
+  --bootstrap-password ${ADMIN_PASSWORD} \
+  --bootstrap-username ${ADMIN_USER} \
+  --bootstrap-project-name admin \
+  --bootstrap-role-name ${ADMIN_ROLE} \
+  --bootstrap-service-name keystone \
+  --bootstrap-region-id RegionOne \
+  --bootstrap-admin-url http://${CONTROLLER_IP}:35357 \
+  --bootstrap-internal-url http://${CONTROLLER_IP}:5000 \
+  --bootstrap-public-url http://${CONTROLLER_IP}:5000
+#keystone-manage pki_setup --keystone-user=root --keystone-group=daemon
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service
new file mode 100644
index 0000000..b114806
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Barebones OpenStack keystone initialization
+After=postgresql-init.service
+[Service]
+Type=oneshot
+ExecStart=%SYSCONFIGDIR%/keystone/keystone-init
+ExecStartPost=/bin/systemctl --no-reload disable keystone-init.service
+RemainAfterExit=No
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
index 91b95f6..febf1d7 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
+++ b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
@@ -1,25 +1,52 @@
-Listen 8081
+Listen 5000
-<VirtualHost *:8081>
+Listen 35357
-    ServerAdmin webmaster@localhost
-    WSGIApplicationGroup %{RESOURCE}
+<VirtualHost *:5000>
-    WSGIDaemonProcess keystone threads=15 display-name=%{GROUP}
+    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
-    WSGIProcessGroup keystone
+    WSGIProcessGroup keystone-public
-    WSGIScriptAlias /keystone/main  /var/www/cgi-bin/keystone/main
+    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
-    WSGIScriptAlias /keystone/admin  /var/www/cgi-bin/keystone/admin
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    ErrorLogFormat "%{cu}t %M"
-    <Location "/keystone">
+    ErrorLog /var/log/apache2/keystone.log
-        Authtype none
+    CustomLog /var/log/apache2/keystone_access.log combined
-    </Location>
+    <Directory /usr/bin>
-    <Directory /var/www/cgi-bin/keystone/>
+        Require all granted
-        <IfVersion < 2.3>
+    </Directory>
-            Order allow,deny
+</VirtualHost>
-            Allow from all
-        </IfVersion>
+<VirtualHost *:35357>
+    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
-        <IfVersion >= 2.3>
+    WSGIProcessGroup keystone-admin
-            Require all granted
+    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
-        </IfVersion>
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    ErrorLogFormat "%{cu}t %M"
+    ErrorLog /var/log/apache2/keystone.log
+    CustomLog /var/log/apache2/keystone_access.log combined
+    <Directory /usr/bin>
+        Require all granted
    </Directory>
 </VirtualHost>
+Alias /identity /usr/bin/keystone-wsgi-public
+<Location /identity>
+    SetHandler wsgi-script
+    Options +ExecCGI
+    WSGIProcessGroup keystone-public
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+</Location>
+Alias /identity_admin /usr/bin/keystone-wsgi-admin
+<Location /identity_admin>
+    SetHandler wsgi-script
+    Options +ExecCGI
+    WSGIProcessGroup keystone-admin
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+</Location>
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
index b5f92dd..d7f6400 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
 SRCNAME = "keystone"
 SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/pike \
+           file://keystone-init \
+           file://keystone-init.service \
           file://keystone.conf \
           file://identity.sh \
-           file://keystone \
           file://convert_keystone_backend.py \
           file://wsgi-keystone.conf \
           "
@@ -24,11 +25,14 @@ PV = "12.0.0+git${SRCPV}"
 S = "${WORKDIR}/git"
-inherit setuptools update-rc.d identity hosts default_configs monitor
+inherit setuptools identity hosts default_configs monitor useradd systemd
 SERVICE_TOKEN = "password"
 TOKEN_FORMAT ?= "PKI"
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone"
 LDAP_DN ?= "dc=my-domain,dc=com"
 SERVICECREATE_PACKAGES = "${SRCNAME}-setup"
@@ -64,79 +68,67 @@ do_install_append() {
    KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
    KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
    APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/
-    KEYSTONE_PY_DIR=${D}${datadir}/openstack-dashboard/openstack_dashboard/api/
-    KEYSTONE_CGI_DIR=${D}${localstatedir}/www/cgi-bin/keystone/
-    # Apache needs to read the configs.
+    # Create directories
    install -m 755 -d ${KEYSTONE_CONF_DIR}
    install -m 755 -d ${APACHE_CONF_DIR}
    install -d ${D}${localstatedir}/log/${SRCNAME}
-    install -m 755 -d ${KEYSTONE_CGI_DIR}
-    #install -m 755 -d ${KEYSTONE_PY_DIR}
+    # Setup the systemd service file
+    install -d ${D}${systemd_unitdir}/system/
+    KS_INIT_SERVICE_FILE=${D}${systemd_unitdir}/system/keystone-init.service
+    install -m 644 ${WORKDIR}/keystone-init.service ${KS_INIT_SERVICE_FILE}
+    sed -e "s:%SYSCONFIGDIR%:${sysconfdir}:g" -i ${KS_INIT_SERVICE_FILE}
+    # Setup the keystone initialization script
+    KS_INIT_FILE=${KEYSTONE_CONF_DIR}/keystone-init
+    install -m 755 ${WORKDIR}/keystone-init ${KS_INIT_FILE}
+    sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KS_INIT_FILE}
+    sed -e "s:%KEYSTONE_USER%:keystone:g" -i ${KS_INIT_FILE}
+    sed -e "s:%KEYSTONE_GROUP%:keystone:g" -i ${KS_INIT_FILE}
+    sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_INIT_FILE}
+    sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_INIT_FILE}
+    sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_INIT_FILE}
+    sed -e "s:%ADMIN_ROLE%:${ADMIN_ROLE}:g" -i ${KS_INIT_FILE}
+    # Install various configuration files. We have to select suitable
+    # permissions as packages such as Apache require read access.
+    #
    # Apache needs to read the keystone.conf
    install -m 644 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/
    # Apache needs to read the wsgi-keystone.conf
-    install -m 644 ${WORKDIR}/wsgi-keystone.conf ${APACHE_CONF_DIR}
+    install -m 644 ${WORKDIR}/wsgi-keystone.conf \
+        ${APACHE_CONF_DIR}/keystone.conf
    install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/
    install -m 600 ${S}${sysconfdir}/logging.conf.sample \
        ${KEYSTONE_CONF_DIR}/logging.conf
    install -m 600 ${S}${sysconfdir}/keystone.conf.sample \
        ${KEYSTONE_CONF_DIR}/keystone.conf.sample
-    # Apache user needs to read these files.
-    #install -m 644 ${S}${sysconfdir}/policy.json \
-    #    ${KEYSTONE_CONF_DIR}/policy.json
    install -m 644 ${S}${sysconfdir}/keystone-paste.ini \
        ${KEYSTONE_CONF_DIR}/keystone-paste.ini
-    #install -m 644 ${S}/httpd/keystone.py \
-    #    ${KEYSTONE_PY_DIR}/keystone-httpd.py
-    #install -m 644 ${S}/httpd/keystone.py \
-    #    ${KEYSTONE_CGI_DIR}/admin
-    #install -m 644 ${S}/httpd/keystone.py \
-    #    ${KEYSTONE_CGI_DIR}/main
+    # Copy examples from upstream
    cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}
-    if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)};
+    # Edit the configuration to allow it to work out of the box
-    then
+    KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf
-        install -d ${D}${sysconfdir}/init.d
-        install -m 0755 ${WORKDIR}/keystone ${D}${sysconfdir}/init.d/keystone
-    fi
    sed "/# admin_endpoint = .*/a \
        public_endpoint = http://%CONTROLLER_IP%:8081/keystone/main/ " \
-        -i ${KEYSTONE_CONF_DIR}/keystone.conf
+        -i ${KEYSTONE_CONF_FILE}
    sed "/# admin_endpoint = .*/a \
        admin_endpoint = http://%CONTROLLER_IP%:8081/keystone/admin/ " \
-        -i ${KEYSTONE_CONF_DIR}/keystone.conf
+        -i ${KEYSTONE_CONF_FILE}
    
-    sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" \
+    sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE}
-        -i ${KEYSTONE_CONF_DIR}/keystone.conf
+    sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE}
-    sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_DIR}/keystone.conf
+    sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE}
-    sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" \
+    sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
-        -i ${KEYSTONE_CONF_DIR}/keystone.conf
+    sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
+    sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE}
-    sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" \
-        -i ${KEYSTONE_CONF_DIR}/keystone.conf
-    sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" \
-        -i ${KEYSTONE_CONF_DIR}/identity.sh
-    sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" \
-        -i ${KEYSTONE_CONF_DIR}/keystone.conf
-#    sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" \
-#       -i ${D}${sysconfdir}/init.d/keystone
-#    sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" \
-#       -i ${D}${sysconfdir}/init.d/keystone
-#    sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" \
-#       -i ${D}${sysconfdir}/init.d/keystone
    
    install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp
    if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then
        sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \
            -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf
@@ -180,38 +172,13 @@ role_member_attribute = member \
 role_id_attribute = cn \
 role_name_attribute = ou \
 role_tree_dn = ou=Roles,${LDAP_DN} \
-' ${D}${sysconfdir}/keystone/keystone.conf
+' ${KEYSTONE_CONF_FILE}
        install -m 0755 ${WORKDIR}/convert_keystone_backend.py \
            ${D}${sysconfdir}/keystone/convert_keystone_backend.py
    fi
 }
-pkg_postinst_${SRCNAME}-setup () {
-    # python-keystone postinst start
-    if [ -z "$D" ]; then
-        # This is to make sure postgres is configured and running
-        if ! pidof postmaster > /dev/null; then
-            /etc/init.d/postgresql-init
-            /etc/init.d/postgresql start
-            sleep 2
-        fi
-        # This is to make sure keystone is configured and running
-        PIDFILE="/var/run/keystone-all.pid"
-        if [ -z `cat $PIDFILE 2>/dev/null` ]; then
-            sudo -u postgres createdb keystone
-            keystone-manage db_sync
-            keystone-manage pki_setup --keystone-user=root --keystone-group=daemon
-            if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
-                /etc/init.d/openldap start
-            fi
-            /etc/init.d/keystone start
-        fi
-    fi
-}
 # By default tokens are expired after 1 day so by default we can set
 # this token flush cronjob to run every 2 days
 KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *"
@@ -226,7 +193,12 @@ pkg_postinst_${SRCNAME}-cronjobs () {
 PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"
-ALLOW_EMPTY_${SRCNAME}-setup = "1"
+SYSTEMD_PACKAGES += "${SRCNAME}-setup"
+SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service"
+FILES_${SRCNAME}-setup = " \
+    ${systemd_unitdir}/system \
+    "
 ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"
@@ -237,10 +209,9 @@ FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"
 FILES_${SRCNAME} = "${bindir}/* \
    ${sysconfdir}/${SRCNAME}/* \
-    ${sysconfdir}/init.d/* \
    ${localstatedir}/* \
    ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
-    ${sysconfdir}/apache2/conf.d/wsgi-keystone.conf \
+    ${sysconfdir}/apache2/conf.d/keystone.conf \
    "
 DEPENDS += " \
@@ -306,9 +277,5 @@ RDEPENDS_${SRCNAME} = " \
 RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
 RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"
-INITSCRIPT_PACKAGES = "${SRCNAME}"
-INITSCRIPT_NAME_${SRCNAME} = "keystone"
-INITSCRIPT_PARAMS_${SRCNAME} = "${OS_DEFAULT_INITSCRIPT_PARAMS}"
 MONITOR_SERVICE_PACKAGES = "${SRCNAME}"
 MONITOR_SERVICE_${SRCNAME} = "keystone"

diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone b/meta-openstack/recipes-devtools/python/python-keystone/keystone deleted file mode 100644 index 34cc3ad..0000000 --- a/meta-openstack/recipes-devtools/python/python-keystone/keystone +++ /dev/null
@@ -1,128 +0,0 @@
1	#!/bin/sh
2
3	### BEGIN INIT INFO
4	# Provides: keystone
5	# Required-Start: $remote_fs $network $syslog
6	# Required-Stop: $remote_fs $syslog
7	# Default-Start: 3 5
8	# Default-Stop: 0 1 2 6
9	# Short-Description: Keystone Server
10	# Description: OpenStack identity Service (code-named keystone)
11	### END INIT INFO
12
13	DESC="keystone"
14	DAEMON="uwsgi"
15	DAEMON_OPTIONS="--http 127.0.0.1:35357 --wsgi-file $(which keystone-wsgi-admin)"
16	PIDFILE="/var/run/keystone-all.pid"
17
18	start ()
19	{
20	if [ -e $PIDFILE ]; then
21	PIDDIR=/proc/$(cat $PIDFILE)
22	if [ -d ${PIDDIR} ]; then
23	echo "$DESC already running."
24	exit 1
25	else
26	echo "Removing stale PID file $PIDFILE"
27	rm -f $PIDFILE
28	fi
29	fi
30
31	if [ ! -d /var/log/keystone ]; then
32	mkdir /var/log/keystone
33	fi
34	echo -n "Starting $DESC..."
35
36	start-stop-daemon --start --quiet --background \
37	--pidfile ${PIDFILE} --make-pidfile --exec ${DAEMON} \
38	-- ${DAEMON_OPTIONS}
39
40	if [ $? -eq 0 ]; then
41	echo "done."
42	else
43	echo "failed."
44	fi
45	}
46
47	stop ()
48	{
49	echo -n "Stopping $DESC..."
50	start-stop-daemon --stop --quiet --pidfile $PIDFILE
51	if [ $? -eq 0 ]; then
52	echo "done."
53	else
54	echo "failed."
55	fi
56	rm -f $PIDFILE
57	}
58
59	status()
60	{
61	pid=`cat $PIDFILE 2>/dev/null`
62	if [ -n "$pid" ]; then
63	if ps -p $pid > /dev/null 2>&1 ; then
64	echo "$DESC is running"
65	return
66	fi
67	fi
68	echo "$DESC is not running"
69	}
70
71	reset()
72	{
73	# Cleanup keystone tenant
74	. /etc/nova/openrc
75	simple_delete "keystone user-list" "keystone user-delete" 1 "keystone user"
76	simple_delete "keystone tenant-list" "keystone tenant-delete" 1 "keystone tenant"
77	simple_delete "keystone role-list" "keystone role-delete" 1 "keystone role"
78	simple_delete "keystone endpoint-list" "keystone endpoint-delete" 1 "keystone endpoint"
79	simple_delete "keystone service-list" "keystone service-delete" 1 "keystone service"
80
81	stop
82
83	# This is to make sure postgres is configured and running
84	if ! pidof postmaster > /dev/null; then
85	/etc/init.d/postgresql-init
86	/etc/init.d/postgresql start
87	sleep 2
88	fi
89
90	sudo -u postgres dropdb keystone
91	sudo -u postgres createdb keystone
92	keystone-manage db_sync
93	keystone-manage pki_setup --keystone-user=root --keystone-group=root
94
95	start
96
97	sleep 2
98
99	ADMIN_PASSWORD=%ADMIN_PASSWORD% \
100	SERVICE_PASSWORD=%SERVICE_PASSWORD% \
101	SERVICE_TENANT_NAME=%SERVICE_TENANT_NAME% \
102	bash /etc/keystone/service-user-setup
103	}
104
105	case "$1" in
106	start)
107	start
108	;;
109	stop)
110	stop
111	;;
112	restart\|force-reload\|reload)
113	stop
114	start
115	;;
116	status)
117	status
118	;;
119	reset)
120	reset
121	;;
122	*)
123	echo "Usage: $0 {start\|stop\|force-reload\|restart\|reload\|status\|reset}"
124	exit 1
125	;;
126	esac
127
128	exit 0


diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init new file mode 100644 index 0000000..db4b4fa --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init
@@ -0,0 +1,60 @@
		1	#!/bin/bash
		2	#
		3	# Basic keystone setup as described on:
		4	# https://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-install.html
		5	# https://docs.openstack.org/keystone/pike/install/keystone-install-ubuntu.html
		6	#
		7	# Prerequisites: /etc/postgresql/postgresql-init must be run first to create the DB
		8	#
		9	# After complete you should be able to query keystone with something like the
		10	# following (https://docs.openstack.org/keystone/latest/api_curl_examples.html)
		11	#
		12	#curl -i \
		13	# -H "Content-Type: application/json" \
		14	# -d '
		15	#{ "auth": {
		16	# "identity": {
		17	# "methods": ["password"],
		18	# "password": {
		19	# "user": {
		20	# "name": "%ADMIN_USER%",
		21	# "domain": { "id": "default" },
		22	# "password": "%ADMIN_PASSWORD%"
		23	# }
		24	# }
		25	# }
		26	# }
		27	#}' \
		28	# "http://localhost:5000/v3/auth/tokens" ; echo
		29
		30
		31	# Substitutions setup at do_intall()
		32	DB_USER=%DB_USER%
		33	KEYSTONE_USER=%KEYSTONE_USER%
		34	KEYSTONE_GROUP=%KEYSTONE_GROUP%
		35	CONTROLLER_IP=%CONTROLLER_IP%
		36	ADMIN_USER=%ADMIN_USER%
		37	ADMIN_PASSWORD=%ADMIN_PASSWORD%
		38	ADMIN_ROLE=%ADMIN_ROLE%
		39
		40	# Create the keystone DB and grant the necessary permissions
		41	sudo -u postgres psql -c "CREATE DATABASE keystone" 2> /dev/null
		42	sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE keystone TO ${DB_USER}" 2> /dev/null
		43
		44	keystone-manage db_sync
		45
		46	keystone-manage fernet_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
		47	keystone-manage credential_setup --keystone-user ${KEYSTONE_USER} --keystone-group ${KEYSTONE_GROUP}
		48
		49	keystone-manage bootstrap \
		50	--bootstrap-password ${ADMIN_PASSWORD} \
		51	--bootstrap-username ${ADMIN_USER} \
		52	--bootstrap-project-name admin \
		53	--bootstrap-role-name ${ADMIN_ROLE} \
		54	--bootstrap-service-name keystone \
		55	--bootstrap-region-id RegionOne \
		56	--bootstrap-admin-url http://${CONTROLLER_IP}:35357 \
		57	--bootstrap-internal-url http://${CONTROLLER_IP}:5000 \
		58	--bootstrap-public-url http://${CONTROLLER_IP}:5000
		59
		60	#keystone-manage pki_setup --keystone-user=root --keystone-group=daemon


diff --git a/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service new file mode 100644 index 0000000..b114806 --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/keystone-init.service
@@ -0,0 +1,12 @@
		1	[Unit]
		2	Description=Barebones OpenStack keystone initialization
		3	After=postgresql-init.service
		4
		5	[Service]
		6	Type=oneshot
		7	ExecStart=%SYSCONFIGDIR%/keystone/keystone-init
		8	ExecStartPost=/bin/systemctl --no-reload disable keystone-init.service
		9	RemainAfterExit=No
		10
		11	[Install]
		12	WantedBy=multi-user.target


diff --git a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf index 91b95f6..febf1d7 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf +++ b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
@@ -1,25 +1,52 @@
1	Listen 8081	1	Listen 5000
2	<VirtualHost *:8081>	2	Listen 35357
3	ServerAdmin webmaster@localhost	3
4	WSGIApplicationGroup %{RESOURCE}	4	<VirtualHost *:5000>
5	WSGIDaemonProcess keystone threads=15 display-name=%{GROUP}	5	WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
6	WSGIProcessGroup keystone	6	WSGIProcessGroup keystone-public
7	WSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/main	7	WSGIScriptAlias / /usr/bin/keystone-wsgi-public
8	WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin	8	WSGIApplicationGroup %{GLOBAL}
9		9	WSGIPassAuthorization On
10		10	ErrorLogFormat "%{cu}t %M"
11	<Location "/keystone">	11	ErrorLog /var/log/apache2/keystone.log
12	Authtype none	12	CustomLog /var/log/apache2/keystone_access.log combined
13	</Location>	13
14		14	<Directory /usr/bin>
15	<Directory /var/www/cgi-bin/keystone/>	15	Require all granted
16	<IfVersion < 2.3>	16	</Directory>
17	Order allow,deny	17	</VirtualHost>
18	Allow from all	18
19	</IfVersion>	19	<VirtualHost *:35357>
20		20	WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
21	<IfVersion >= 2.3>	21	WSGIProcessGroup keystone-admin
22	Require all granted	22	WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
23	</IfVersion>	23	WSGIApplicationGroup %{GLOBAL}
		24	WSGIPassAuthorization On
		25	ErrorLogFormat "%{cu}t %M"
		26	ErrorLog /var/log/apache2/keystone.log
		27	CustomLog /var/log/apache2/keystone_access.log combined
		28
		29	<Directory /usr/bin>
		30	Require all granted
24	</Directory>	31	</Directory>
25	</VirtualHost>	32	</VirtualHost>
		33
		34	Alias /identity /usr/bin/keystone-wsgi-public
		35	<Location /identity>
		36	SetHandler wsgi-script
		37	Options +ExecCGI
		38
		39	WSGIProcessGroup keystone-public
		40	WSGIApplicationGroup %{GLOBAL}
		41	WSGIPassAuthorization On
		42	</Location>
		43
		44	Alias /identity_admin /usr/bin/keystone-wsgi-admin
		45	<Location /identity_admin>
		46	SetHandler wsgi-script
		47	Options +ExecCGI
		48
		49	WSGIProcessGroup keystone-admin
		50	WSGIApplicationGroup %{GLOBAL}
		51	WSGIPassAuthorization On
		52	</Location>


diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb index b5f92dd..d7f6400 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb +++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
7	SRCNAME = "keystone"	7	SRCNAME = "keystone"
8		8
9	SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/pike \	9	SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=stable/pike \
		10	file://keystone-init \
		11	file://keystone-init.service \
10	file://keystone.conf \	12	file://keystone.conf \
11	file://identity.sh \	13	file://identity.sh \
12	file://keystone \
13	file://convert_keystone_backend.py \	14	file://convert_keystone_backend.py \
14	file://wsgi-keystone.conf \	15	file://wsgi-keystone.conf \
15	"	16	"
@@ -24,11 +25,14 @@ PV = "12.0.0+git${SRCPV}"
24		25
25	S = "${WORKDIR}/git"	26	S = "${WORKDIR}/git"
26		27
27	inherit setuptools update-rc.d identity hosts default_configs monitor	28	inherit setuptools identity hosts default_configs monitor useradd systemd
28		29
29	SERVICE_TOKEN = "password"	30	SERVICE_TOKEN = "password"
30	TOKEN_FORMAT ?= "PKI"	31	TOKEN_FORMAT ?= "PKI"
31		32
		33	USERADD_PACKAGES = "${PN}"
		34	USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone"
		35
32	LDAP_DN ?= "dc=my-domain,dc=com"	36	LDAP_DN ?= "dc=my-domain,dc=com"
33		37
34	SERVICECREATE_PACKAGES = "${SRCNAME}-setup"	38	SERVICECREATE_PACKAGES = "${SRCNAME}-setup"
@@ -64,79 +68,67 @@ do_install_append() {
64		68
65	KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone	69	KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
66	KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone	70	KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
67
68	APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/	71	APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/
69	KEYSTONE_PY_DIR=${D}${datadir}/openstack-dashboard/openstack_dashboard/api/
70	KEYSTONE_CGI_DIR=${D}${localstatedir}/www/cgi-bin/keystone/
71		72
72	# Apache needs to read the configs.	73	# Create directories
73	install -m 755 -d ${KEYSTONE_CONF_DIR}	74	install -m 755 -d ${KEYSTONE_CONF_DIR}
74	install -m 755 -d ${APACHE_CONF_DIR}	75	install -m 755 -d ${APACHE_CONF_DIR}
75
76	install -d ${D}${localstatedir}/log/${SRCNAME}	76	install -d ${D}${localstatedir}/log/${SRCNAME}
77	install -m 755 -d ${KEYSTONE_CGI_DIR}
78	#install -m 755 -d ${KEYSTONE_PY_DIR}
79		77
		78	# Setup the systemd service file
		79	install -d ${D}${systemd_unitdir}/system/
		80	KS_INIT_SERVICE_FILE=${D}${systemd_unitdir}/system/keystone-init.service
		81	install -m 644 ${WORKDIR}/keystone-init.service ${KS_INIT_SERVICE_FILE}
		82	sed -e "s:%SYSCONFIGDIR%:${sysconfdir}:g" -i ${KS_INIT_SERVICE_FILE}
		83
		84	# Setup the keystone initialization script
		85	KS_INIT_FILE=${KEYSTONE_CONF_DIR}/keystone-init
		86	install -m 755 ${WORKDIR}/keystone-init ${KS_INIT_FILE}
		87	sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KS_INIT_FILE}
		88	sed -e "s:%KEYSTONE_USER%:keystone:g" -i ${KS_INIT_FILE}
		89	sed -e "s:%KEYSTONE_GROUP%:keystone:g" -i ${KS_INIT_FILE}
		90	sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_INIT_FILE}
		91	sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_INIT_FILE}
		92	sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_INIT_FILE}
		93	sed -e "s:%ADMIN_ROLE%:${ADMIN_ROLE}:g" -i ${KS_INIT_FILE}
		94
		95	# Install various configuration files. We have to select suitable
		96	# permissions as packages such as Apache require read access.
		97	#
80	# Apache needs to read the keystone.conf	98	# Apache needs to read the keystone.conf
81	install -m 644 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/	99	install -m 644 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/
82	# Apache needs to read the wsgi-keystone.conf	100	# Apache needs to read the wsgi-keystone.conf
83	install -m 644 ${WORKDIR}/wsgi-keystone.conf ${APACHE_CONF_DIR}	101	install -m 644 ${WORKDIR}/wsgi-keystone.conf \
		102	${APACHE_CONF_DIR}/keystone.conf
84	install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/	103	install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/
85	install -m 600 ${S}${sysconfdir}/logging.conf.sample \	104	install -m 600 ${S}${sysconfdir}/logging.conf.sample \
86	${KEYSTONE_CONF_DIR}/logging.conf	105	${KEYSTONE_CONF_DIR}/logging.conf
87	install -m 600 ${S}${sysconfdir}/keystone.conf.sample \	106	install -m 600 ${S}${sysconfdir}/keystone.conf.sample \
88	${KEYSTONE_CONF_DIR}/keystone.conf.sample	107	${KEYSTONE_CONF_DIR}/keystone.conf.sample
89	# Apache user needs to read these files.
90	#install -m 644 ${S}${sysconfdir}/policy.json \
91	# ${KEYSTONE_CONF_DIR}/policy.json
92	install -m 644 ${S}${sysconfdir}/keystone-paste.ini \	108	install -m 644 ${S}${sysconfdir}/keystone-paste.ini \
93	${KEYSTONE_CONF_DIR}/keystone-paste.ini	109	${KEYSTONE_CONF_DIR}/keystone-paste.ini
94	#install -m 644 ${S}/httpd/keystone.py \
95	# ${KEYSTONE_PY_DIR}/keystone-httpd.py
96	#install -m 644 ${S}/httpd/keystone.py \
97	# ${KEYSTONE_CGI_DIR}/admin
98	#install -m 644 ${S}/httpd/keystone.py \
99	# ${KEYSTONE_CGI_DIR}/main
100		110
		111	# Copy examples from upstream
101	cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}	112	cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}
102		113
103	if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)};	114	# Edit the configuration to allow it to work out of the box
104	then	115	KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf
105	install -d ${D}${sysconfdir}/init.d
106	install -m 0755 ${WORKDIR}/keystone ${D}${sysconfdir}/init.d/keystone
107	fi
108
109	sed "/# admin_endpoint = .*/a \	116	sed "/# admin_endpoint = .*/a \
110	public_endpoint = http://%CONTROLLER_IP%:8081/keystone/main/ " \	117	public_endpoint = http://%CONTROLLER_IP%:8081/keystone/main/ " \
111	-i ${KEYSTONE_CONF_DIR}/keystone.conf	118	-i ${KEYSTONE_CONF_FILE}
112		119
113	sed "/# admin_endpoint = .*/a \	120	sed "/# admin_endpoint = .*/a \
114	admin_endpoint = http://%CONTROLLER_IP%:8081/keystone/admin/ " \	121	admin_endpoint = http://%CONTROLLER_IP%:8081/keystone/admin/ " \
115	-i ${KEYSTONE_CONF_DIR}/keystone.conf	122	-i ${KEYSTONE_CONF_FILE}
116		123
117	sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" \	124	sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE}
118	-i ${KEYSTONE_CONF_DIR}/keystone.conf	125	sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE}
119	sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_DIR}/keystone.conf	126	sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE}
120	sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" \	127	sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
121	-i ${KEYSTONE_CONF_DIR}/keystone.conf	128	sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
122		129	sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE}
123	sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" \
124	-i ${KEYSTONE_CONF_DIR}/keystone.conf
125	sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" \
126	-i ${KEYSTONE_CONF_DIR}/identity.sh
127
128	sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" \
129	-i ${KEYSTONE_CONF_DIR}/keystone.conf
130
131	# sed -e "s/%ADMIN_PASSWORD%/${ADMIN_PASSWORD}/g" \
132	# -i ${D}${sysconfdir}/init.d/keystone
133	# sed -e "s/%SERVICE_PASSWORD%/${SERVICE_PASSWORD}/g" \
134	# -i ${D}${sysconfdir}/init.d/keystone
135	# sed -e "s/%SERVICE_TENANT_NAME%/${SERVICE_TENANT_NAME}/g" \
136	# -i ${D}${sysconfdir}/init.d/keystone
137		130
138	install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp	131	install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp
139
140	if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then	132	if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then
141	sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \	133	sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \
142	-i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf	134	-i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf
@@ -180,38 +172,13 @@ role_member_attribute = member \
180	role_id_attribute = cn \	172	role_id_attribute = cn \
181	role_name_attribute = ou \	173	role_name_attribute = ou \
182	role_tree_dn = ou=Roles,${LDAP_DN} \	174	role_tree_dn = ou=Roles,${LDAP_DN} \
183	' ${D}${sysconfdir}/keystone/keystone.conf	175	' ${KEYSTONE_CONF_FILE}
184		176
185	install -m 0755 ${WORKDIR}/convert_keystone_backend.py \	177	install -m 0755 ${WORKDIR}/convert_keystone_backend.py \
186	${D}${sysconfdir}/keystone/convert_keystone_backend.py	178	${D}${sysconfdir}/keystone/convert_keystone_backend.py
187	fi	179	fi
188	}	180	}
189		181
190	pkg_postinst_${SRCNAME}-setup () {
191	# python-keystone postinst start
192	if [ -z "$D" ]; then
193	# This is to make sure postgres is configured and running
194	if ! pidof postmaster > /dev/null; then
195	/etc/init.d/postgresql-init
196	/etc/init.d/postgresql start
197	sleep 2
198	fi
199
200	# This is to make sure keystone is configured and running
201	PIDFILE="/var/run/keystone-all.pid"
202	if [ -z `cat $PIDFILE 2>/dev/null` ]; then
203	sudo -u postgres createdb keystone
204	keystone-manage db_sync
205	keystone-manage pki_setup --keystone-user=root --keystone-group=daemon
206
207	if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
208	/etc/init.d/openldap start
209	fi
210	/etc/init.d/keystone start
211	fi
212	fi
213	}
214
215	# By default tokens are expired after 1 day so by default we can set	182	# By default tokens are expired after 1 day so by default we can set
216	# this token flush cronjob to run every 2 days	183	# this token flush cronjob to run every 2 days
217	KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 /2 *"	184	KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 /2 *"
@@ -226,7 +193,12 @@ pkg_postinst_${SRCNAME}-cronjobs () {
226		193
227	PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"	194	PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"
228		195
229	ALLOW_EMPTY_${SRCNAME}-setup = "1"	196	SYSTEMD_PACKAGES += "${SRCNAME}-setup"
		197	SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service"
		198
		199	FILES_${SRCNAME}-setup = " \
		200	${systemd_unitdir}/system \
		201	"
230		202
231	ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"	203	ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"
232		204
@@ -237,10 +209,9 @@ FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"
237		209
238	FILES_${SRCNAME} = "${bindir}/* \	210	FILES_${SRCNAME} = "${bindir}/* \
239	${sysconfdir}/${SRCNAME}/* \	211	${sysconfdir}/${SRCNAME}/* \
240	${sysconfdir}/init.d/* \
241	${localstatedir}/* \	212	${localstatedir}/* \
242	${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \	213	${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
243	${sysconfdir}/apache2/conf.d/wsgi-keystone.conf \	214	${sysconfdir}/apache2/conf.d/keystone.conf \
244	"	215	"
245		216
246	DEPENDS += " \	217	DEPENDS += " \
@@ -306,9 +277,5 @@ RDEPENDS_${SRCNAME} = " \
306	RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"	277	RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
307	RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"	278	RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"
308		279
309	INITSCRIPT_PACKAGES = "${SRCNAME}"
310	INITSCRIPT_NAME_${SRCNAME} = "keystone"
311	INITSCRIPT_PARAMS_${SRCNAME} = "${OS_DEFAULT_INITSCRIPT_PARAMS}"
312
313	MONITOR_SERVICE_PACKAGES = "${SRCNAME}"	280	MONITOR_SERVICE_PACKAGES = "${SRCNAME}"
314	MONITOR_SERVICE_${SRCNAME} = "keystone"	281	MONITOR_SERVICE_${SRCNAME} = "keystone"