meta-starlingx/meta-stx-integ/recipes-devtools/python/python-keystone_git.bb

   1
   2 DESCRIPTION = "Authentication service for OpenStack"
   3 HOMEPAGE = "http://www.openstack.org"
   4 SECTION = "devel/python"
   5 LICENSE = "Apache-2.0"
   6 LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
   7
   8 SRCREV = "c78581b4608f3dc10e945d358963000f284f188a"
   9 SRCNAME = "keystone"
  10 PROTOCOL = "git"
  11 BRANCH = "stable/stein"
  12 S = "${WORKDIR}/git"
  13 PV = "15.0.0+git${SRCPV}"
  14
  15
  16 SRC_URI = " \
  17         git://opendev.org/openstack/${SRCNAME}.git;protocol=${PROTOCOL};branch=${BRANCH} \
  18         file://${PN}/keystone.conf \
  19         file://${PN}/identity.sh \
  20         file://${PN}/convert_keystone_backend.py \
  21         file://${PN}/wsgi-keystone.conf \
  22         file://${PN}/admin-openrc \
  23         file://${PN}/keystone-init.service \
  24         file://${PN}/stx-files/openstack-keystone.service \
  25         file://${PN}/stx-files/keystone-all \
  26         file://${PN}/stx-files/keystone-fernet-keys-rotate-active \
  27         file://${PN}/stx-files/public.py \
  28         file://${PN}/stx-files/password-rules.conf \
  29         "
  30
  31
  32 inherit setuptools identity hosts default_configs monitor useradd systemd
  33
  34 SERVICE_TOKEN = "password"
  35 TOKEN_FORMAT ?= "PKI"
  36
  37 USERADD_PACKAGES = "${PN}"
  38 USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone"
  39
  40 LDAP_DN ?= "dc=my-domain,dc=com"
  41
  42 SERVICECREATE_PACKAGES = "${SRCNAME}-setup"
  43 KEYSTONE_HOST="${CONTROLLER_IP}"
  44
  45 # USERCREATE_PARAM and SERVICECREATE_PARAM contain the list of parameters to be
  46 # set.  If the flag for a parameter in the list is not set here, the default
  47 # value will be given to that parameter. Parameters not in the list will be set
  48 # to empty.
  49
  50 USERCREATE_PARAM_${SRCNAME}-setup = "name pass tenant role email"
  51 python () {
  52     flags = {'name':'${ADMIN_USER}',\
  53              'pass':'${ADMIN_PASSWORD}',\
  54              'tenant':'${ADMIN_TENANT}',\
  55              'role':'${ADMIN_ROLE}',\
  56              'email':'${ADMIN_USER_EMAIL}',\
  57             }
  58     d.setVarFlags("USERCREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
  59 }
  60
  61 SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl adminurl internalurl"
  62 python () {
  63     flags = {'type':'identity',\
  64              'description':'OpenStack Identity',\
  65              'publicurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'",\
  66              'adminurl':"'http://${KEYSTONE_HOST}:8081/keystone/admin/v2.0'",\
  67              'internalurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'"}
  68     d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
  69 }
  70
  71 do_install_append() {
  72
  73     KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
  74     KEYSTONE_DATA_DIR=${D}${datadir}/keystone
  75     KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
  76     APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/
  77
  78
  79     # Create directories
  80     install -m 755 -d ${KEYSTONE_CONF_DIR}
  81     install -m 755 -d ${APACHE_CONF_DIR}
  82     install -d ${D}${localstatedir}/log/${SRCNAME}
  83
  84     # Setup the systemd service file
  85     install -d ${D}${systemd_system_unitdir}/
  86     install -m 644 ${WORKDIR}/${PN}/keystone-init.service ${D}${systemd_system_unitdir}/keystone-init.service
  87
  88     mv  ${D}/${datadir}/etc/keystone/sso_callback_template.html ${KEYSTONE_CONF_DIR}/
  89     rm -rf ${D}/${datadir}
  90
  91     # Setup the admin-openrc file
  92     KS_OPENRC_FILE=${KEYSTONE_CONF_DIR}/admin-openrc
  93     install -m 600 ${WORKDIR}/${PN}/admin-openrc ${KS_OPENRC_FILE}
  94     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_OPENRC_FILE}
  95     sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_OPENRC_FILE}
  96     sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_OPENRC_FILE}
  97
  98     # Install various configuration files. We have to select suitable
  99     # permissions as packages such as Apache require read access.
 100     #
 101     # Apache needs to read the keystone.conf
 102     install -m 644 ${WORKDIR}/${PN}/keystone.conf ${KEYSTONE_CONF_DIR}/
 103     # Apache needs to read the wsgi-keystone.conf
 104     install -m 644 ${WORKDIR}/${PN}/wsgi-keystone.conf ${APACHE_CONF_DIR}/keystone.conf
 105     install -m 600 ${S}${sysconfdir}/logging.conf.sample  ${KEYSTONE_CONF_DIR}/logging.conf
 106
 107     # Copy examples from upstream
 108     cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}
 109
 110     # Edit the configuration to allow it to work out of the box
 111     KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf
 112     sed "/# admin_endpoint = .*/a \
 113         public_endpoint = http://%CONTROLLER_IP%:5000/ " \
 114         -i ${KEYSTONE_CONF_FILE}
 115
 116     sed "/# admin_endpoint = .*/a \
 117         admin_endpoint = http://%CONTROLLER_IP%:35357/ " \
 118         -i ${KEYSTONE_CONF_FILE}
 119
 120     sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE}
 121     sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE}
 122     sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE}
 123     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
 124     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
 125     sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE}
 126
 127     install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp
 128     if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then
 129         sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \
 130             -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf
 131     fi
 132
 133     if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)};
 134     then
 135         sed -i -e '/^\[identity\]/a \
 136 driver = keystone.identity.backends.hybrid_identity.Identity \
 137 \
 138 [assignment]\
 139 driver = keystone.assignment.backends.hybrid_assignment.Assignment\
 140 ' ${D}${sysconfdir}/keystone/keystone.conf
 141
 142         sed -i -e '/^\[ldap\]/a \
 143 url = ldap://localhost \
 144 user = cn=Manager,${LDAP_DN} \
 145 password = secret \
 146 suffix = ${LDAP_DN} \
 147 use_dumb_member = True \
 148 \
 149 user_tree_dn = ou=Users,${LDAP_DN} \
 150 user_attribute_ignore = enabled,email,tenants,default_project_id \
 151 user_id_attribute = uid \
 152 user_name_attribute = uid \
 153 user_mail_attribute = email \
 154 user_pass_attribute = keystonePassword \
 155 \
 156 tenant_tree_dn = ou=Groups,${LDAP_DN} \
 157 tenant_desc_attribute = description \
 158 tenant_domain_id_attribute = businessCategory \
 159 tenant_attribute_ignore = enabled \
 160 tenant_objectclass = groupOfNames \
 161 tenant_id_attribute = cn \
 162 tenant_member_attribute = member \
 163 tenant_name_attribute = ou \
 164 \
 165 role_attribute_ignore = enabled \
 166 role_objectclass = groupOfNames \
 167 role_member_attribute = member \
 168 role_id_attribute = cn \
 169 role_name_attribute = ou \
 170 role_tree_dn = ou=Roles,${LDAP_DN} \
 171 ' ${KEYSTONE_CONF_FILE}
 172
 173         install -m 0755 ${WORKDIR}/${PN}/convert_keystone_backend.py \
 174             ${D}${sysconfdir}/keystone/convert_keystone_backend.py
 175     fi
 176
 177
 178     install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-fernet-keys-rotate-active ${D}/${bindir}/keystone-fernet-keys-rotate-active
 179     install -m 440 ${WORKDIR}/${PN}/stx-files/password-rules.conf ${KEYSTONE_CONF_DIR}/password-rules.conf
 180     install -m 755 -d ${KEYSTONE_DATA_DIR}
 181     install -m 755 ${WORKDIR}/${PN}/stx-files/public.py ${KEYSTONE_DATA_DIR}/public.py
 182     install -m 644 ${WORKDIR}/${PN}/stx-files/openstack-keystone.service ${D}${systemd_system_unitdir}/openstack-keystone.service
 183     install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-all ${D}${bindir}/keystone-all
 184
 185 }
 186
 187 # By default tokens are expired after 1 day so by default we can set
 188 # this token flush cronjob to run every 2 days
 189 KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *"
 190
 191 pkg_postinst_${SRCNAME}-cronjobs () {
 192     if [ -z "$D" ]; then
 193         # By default keystone expired tokens are not automatic removed out of the
 194         # database.  So we create a cronjob for cleaning these expired tokens.
 195         echo "${KEYSTONE_TOKEN_FLUSH_TIME} root /usr/bin/keystone-manage token_flush" >> /etc/crontab
 196     fi
 197 }
 198
 199 PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"
 200
 201 SYSTEMD_PACKAGES += "${SRCNAME}-setup"
 202 SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service"
 203 SYSTEMD_SERVICE_${SRCNAME} = "openstack-keystone.service"
 204
 205 SYSTEMD_AUTO_ENABLE_${SRCNAME}-setup = "disable"
 206 SYSTEMD_AUTO_ENABLE_${SRCNAME} = "disable"
 207
 208 FILES_${SRCNAME}-setup = " \
 209     ${systemd_system_unitdir}/keystone-init.service \
 210     "
 211
 212 ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"
 213
 214 FILES_${PN} = "${libdir}/* \
 215     "
 216
 217 FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"
 218
 219 FILES_${SRCNAME} = "${bindir}/* \
 220     ${sysconfdir}/${SRCNAME}/* \
 221     ${localstatedir}/* \
 222     ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
 223     ${sysconfdir}/apache2/conf.d/keystone.conf \
 224     ${systemd_system_unitdir}/openstack-keystone.service \
 225     ${datadir} \
 226     "
 227
 228 DEPENDS += " \
 229         python-pip \
 230         python-pbr-native \
 231         "
 232
 233 # Satisfy setup.py 'setup_requires'
 234 DEPENDS += " \
 235         python-pbr-native \
 236         "
 237
 238 RDEPENDS_${PN} += " \
 239         python-babel \
 240         python-pbr \
 241         python-webob \
 242         python-pastedeploy \
 243         python-paste \
 244         python-routes \
 245         python-cryptography \
 246         python-six \
 247         python-sqlalchemy \
 248         python-sqlalchemy-migrate \
 249         python-stevedore \
 250         python-passlib \
 251         python-keystoneclient \
 252         python-keystonemiddleware \
 253         python-bcrypt \
 254         python-scrypt \
 255         python-oslo.cache \
 256         python-oslo.concurrency \
 257         python-oslo.config \
 258         python-oslo.context \
 259         python-oslo.messaging \
 260         python-oslo.db \
 261         python-oslo.i18n \
 262         python-oslo.log \
 263         python-oslo.middleware \
 264         python-oslo.policy \
 265         python-oslo.serialization \
 266         python-oslo.utils \
 267         python-oauthlib \
 268         python-pysaml2 \
 269         python-dogpile.cache \
 270         python-jsonschema \
 271         python-pycadf \
 272         python-msgpack \
 273         python-osprofiler \
 274         python-flask \
 275         python-flask-restful \
 276         python-pytz \
 277         "
 278
 279 RDEPENDS_${SRCNAME}-tests += " bash"
 280
 281 PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
 282 PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
 283
 284 # TODO:
 285 #    if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
 286
 287 RDEPENDS_${SRCNAME} = " \
 288     ${PN} \
 289     postgresql \
 290     postgresql-client \
 291     python-psycopg2 \
 292     apache2 \
 293     "
 294
 295 RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
 296 RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"
 297
 298 MONITOR_SERVICE_PACKAGES = "${SRCNAME}"
 299 MONITOR_SERVICE_${SRCNAME} = "keystone"