2 DESCRIPTION = "Authentication service for OpenStack"
3 HOMEPAGE = "http://www.openstack.org"
4 SECTION = "devel/python"
6 LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
8 SRCREV = "c78581b4608f3dc10e945d358963000f284f188a"
11 BRANCH = "stable/stein"
13 PV = "15.0.0+git${SRCPV}"
17 git://opendev.org/openstack/${SRCNAME}.git;protocol=${PROTOCOL};branch=${BRANCH} \
18 file://${PN}/keystone.conf \
19 file://${PN}/identity.sh \
20 file://${PN}/convert_keystone_backend.py \
21 file://${PN}/wsgi-keystone.conf \
22 file://${PN}/admin-openrc \
23 file://${PN}/keystone-init.service \
24 file://${PN}/stx-files/openstack-keystone.service \
25 file://${PN}/stx-files/keystone-all \
26 file://${PN}/stx-files/keystone-fernet-keys-rotate-active \
27 file://${PN}/stx-files/public.py \
28 file://${PN}/stx-files/password-rules.conf \
32 inherit setuptools identity hosts default_configs monitor useradd systemd
34 SERVICE_TOKEN = "password"
37 USERADD_PACKAGES = "${PN}"
38 USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone"
40 LDAP_DN ?= "dc=my-domain,dc=com"
42 SERVICECREATE_PACKAGES = "${SRCNAME}-setup"
43 KEYSTONE_HOST="${CONTROLLER_IP}"
45 # USERCREATE_PARAM and SERVICECREATE_PARAM contain the list of parameters to be
46 # set. If the flag for a parameter in the list is not set here, the default
47 # value will be given to that parameter. Parameters not in the list will be set
50 USERCREATE_PARAM_${SRCNAME}-setup = "name pass tenant role email"
52 flags = {'name':'${ADMIN_USER}',\
53 'pass':'${ADMIN_PASSWORD}',\
54 'tenant':'${ADMIN_TENANT}',\
55 'role':'${ADMIN_ROLE}',\
56 'email':'${ADMIN_USER_EMAIL}',\
58 d.setVarFlags("USERCREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
61 SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl adminurl internalurl"
63 flags = {'type':'identity',\
64 'description':'OpenStack Identity',\
65 'publicurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'",\
66 'adminurl':"'http://${KEYSTONE_HOST}:8081/keystone/admin/v2.0'",\
67 'internalurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'"}
68 d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
73 KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
74 KEYSTONE_DATA_DIR=${D}${datadir}/keystone
75 KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
76 APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/
80 install -m 755 -d ${KEYSTONE_CONF_DIR}
81 install -m 755 -d ${APACHE_CONF_DIR}
82 install -d ${D}${localstatedir}/log/${SRCNAME}
84 # Setup the systemd service file
85 install -d ${D}${systemd_system_unitdir}/
86 install -m 644 ${WORKDIR}/${PN}/keystone-init.service ${D}${systemd_system_unitdir}/keystone-init.service
88 mv ${D}/${datadir}/etc/keystone/sso_callback_template.html ${KEYSTONE_CONF_DIR}/
89 rm -rf ${D}/${datadir}
91 # Setup the admin-openrc file
92 KS_OPENRC_FILE=${KEYSTONE_CONF_DIR}/admin-openrc
93 install -m 600 ${WORKDIR}/${PN}/admin-openrc ${KS_OPENRC_FILE}
94 sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_OPENRC_FILE}
95 sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_OPENRC_FILE}
96 sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_OPENRC_FILE}
98 # Install various configuration files. We have to select suitable
99 # permissions as packages such as Apache require read access.
101 # Apache needs to read the keystone.conf
102 install -m 644 ${WORKDIR}/${PN}/keystone.conf ${KEYSTONE_CONF_DIR}/
103 # Apache needs to read the wsgi-keystone.conf
104 install -m 644 ${WORKDIR}/${PN}/wsgi-keystone.conf ${APACHE_CONF_DIR}/keystone.conf
105 install -m 600 ${S}${sysconfdir}/logging.conf.sample ${KEYSTONE_CONF_DIR}/logging.conf
107 # Copy examples from upstream
108 cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}
110 # Edit the configuration to allow it to work out of the box
111 KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf
112 sed "/# admin_endpoint = .*/a \
113 public_endpoint = http://%CONTROLLER_IP%:5000/ " \
114 -i ${KEYSTONE_CONF_FILE}
116 sed "/# admin_endpoint = .*/a \
117 admin_endpoint = http://%CONTROLLER_IP%:35357/ " \
118 -i ${KEYSTONE_CONF_FILE}
120 sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE}
121 sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE}
122 sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE}
123 sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
124 sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
125 sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE}
127 install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp
128 if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then
129 sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \
130 -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf
133 if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)};
135 sed -i -e '/^\[identity\]/a \
136 driver = keystone.identity.backends.hybrid_identity.Identity \
139 driver = keystone.assignment.backends.hybrid_assignment.Assignment\
140 ' ${D}${sysconfdir}/keystone/keystone.conf
142 sed -i -e '/^\[ldap\]/a \
143 url = ldap://localhost \
144 user = cn=Manager,${LDAP_DN} \
146 suffix = ${LDAP_DN} \
147 use_dumb_member = True \
149 user_tree_dn = ou=Users,${LDAP_DN} \
150 user_attribute_ignore = enabled,email,tenants,default_project_id \
151 user_id_attribute = uid \
152 user_name_attribute = uid \
153 user_mail_attribute = email \
154 user_pass_attribute = keystonePassword \
156 tenant_tree_dn = ou=Groups,${LDAP_DN} \
157 tenant_desc_attribute = description \
158 tenant_domain_id_attribute = businessCategory \
159 tenant_attribute_ignore = enabled \
160 tenant_objectclass = groupOfNames \
161 tenant_id_attribute = cn \
162 tenant_member_attribute = member \
163 tenant_name_attribute = ou \
165 role_attribute_ignore = enabled \
166 role_objectclass = groupOfNames \
167 role_member_attribute = member \
168 role_id_attribute = cn \
169 role_name_attribute = ou \
170 role_tree_dn = ou=Roles,${LDAP_DN} \
171 ' ${KEYSTONE_CONF_FILE}
173 install -m 0755 ${WORKDIR}/${PN}/convert_keystone_backend.py \
174 ${D}${sysconfdir}/keystone/convert_keystone_backend.py
178 install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-fernet-keys-rotate-active ${D}/${bindir}/keystone-fernet-keys-rotate-active
179 install -m 440 ${WORKDIR}/${PN}/stx-files/password-rules.conf ${KEYSTONE_CONF_DIR}/password-rules.conf
180 install -m 755 -d ${KEYSTONE_DATA_DIR}
181 install -m 755 ${WORKDIR}/${PN}/stx-files/public.py ${KEYSTONE_DATA_DIR}/public.py
182 install -m 644 ${WORKDIR}/${PN}/stx-files/openstack-keystone.service ${D}${systemd_system_unitdir}/openstack-keystone.service
183 install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-all ${D}${bindir}/keystone-all
187 # By default tokens are expired after 1 day so by default we can set
188 # this token flush cronjob to run every 2 days
189 KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *"
191 pkg_postinst_${SRCNAME}-cronjobs () {
193 # By default keystone expired tokens are not automatic removed out of the
194 # database. So we create a cronjob for cleaning these expired tokens.
195 echo "${KEYSTONE_TOKEN_FLUSH_TIME} root /usr/bin/keystone-manage token_flush" >> /etc/crontab
199 PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"
201 SYSTEMD_PACKAGES += "${SRCNAME}-setup"
202 SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service"
203 SYSTEMD_SERVICE_${SRCNAME} = "openstack-keystone.service"
205 SYSTEMD_AUTO_ENABLE_${SRCNAME}-setup = "disable"
206 SYSTEMD_AUTO_ENABLE_${SRCNAME} = "disable"
208 FILES_${SRCNAME}-setup = " \
209 ${systemd_system_unitdir}/keystone-init.service \
212 ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"
214 FILES_${PN} = "${libdir}/* \
217 FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"
219 FILES_${SRCNAME} = "${bindir}/* \
220 ${sysconfdir}/${SRCNAME}/* \
222 ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
223 ${sysconfdir}/apache2/conf.d/keystone.conf \
224 ${systemd_system_unitdir}/openstack-keystone.service \
233 # Satisfy setup.py 'setup_requires'
238 RDEPENDS_${PN} += " \
245 python-cryptography \
248 python-sqlalchemy-migrate \
251 python-keystoneclient \
252 python-keystonemiddleware \
256 python-oslo.concurrency \
258 python-oslo.context \
259 python-oslo.messaging \
263 python-oslo.middleware \
265 python-oslo.serialization \
269 python-dogpile.cache \
275 python-flask-restful \
279 RDEPENDS_${SRCNAME}-tests += " bash"
281 PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
282 PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
285 # if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
287 RDEPENDS_${SRCNAME} = " \
295 RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
296 RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"
298 MONITOR_SERVICE_PACKAGES = "${SRCNAME}"
299 MONITOR_SERVICE_${SRCNAME} = "keystone"