meta-stx/recipes-devtools/python/python-keystone_git.bb

   1 #
   2 ## Copyright (C) 2019 Wind River Systems, Inc.
   3 #
   4 #  Licensed under the Apache License, Version 2.0 (the "License");
   5 #  you may not use this file except in compliance with the License.
   6 #  You may obtain a copy of the License at
   7 #
   8 #      http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 #  Unless required by applicable law or agreed to in writing, software
  11 #  distributed under the License is distributed on an "AS IS" BASIS,
  12 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 #  See the License for the specific language governing permissions and
  14 #  limitations under the License.
  15
  16 DESCRIPTION = "Authentication service for OpenStack"
  17 HOMEPAGE = "http://www.openstack.org"
  18 SECTION = "devel/python"
  19 LICENSE = "Apache-2.0"
  20 LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
  21
  22 SRCREV = "c78581b4608f3dc10e945d358963000f284f188a"
  23 SRCNAME = "keystone"
  24 PROTOCOL = "git"
  25 BRANCH = "stable/stein"
  26 S = "${WORKDIR}/git"
  27 PV = "15.0.0+git${SRCPV}"
  28
  29
  30 SRC_URI = " \
  31         git://opendev.org/openstack/${SRCNAME}.git;protocol=${PROTOCOL};branch=${BRANCH} \
  32         file://${PN}/keystone.conf \
  33         file://${PN}/identity.sh \
  34         file://${PN}/convert_keystone_backend.py \
  35         file://${PN}/wsgi-keystone.conf \
  36         file://${PN}/admin-openrc \
  37         file://${PN}/keystone-init.service \
  38         file://${PN}/stx-files/openstack-keystone.service \
  39         file://${PN}/stx-files/keystone-all \
  40         file://${PN}/stx-files/keystone-fernet-keys-rotate-active \
  41         file://${PN}/stx-files/public.py \
  42         file://${PN}/stx-files/password-rules.conf \
  43         "
  44
  45
  46 inherit setuptools identity hosts default_configs monitor useradd systemd
  47
  48 SERVICE_TOKEN = "password"
  49 TOKEN_FORMAT ?= "PKI"
  50
  51 USERADD_PACKAGES = "${PN}"
  52 USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone"
  53
  54 LDAP_DN ?= "dc=my-domain,dc=com"
  55
  56 SERVICECREATE_PACKAGES = "${SRCNAME}-setup"
  57 KEYSTONE_HOST="${CONTROLLER_IP}"
  58
  59 # USERCREATE_PARAM and SERVICECREATE_PARAM contain the list of parameters to be
  60 # set.  If the flag for a parameter in the list is not set here, the default
  61 # value will be given to that parameter. Parameters not in the list will be set
  62 # to empty.
  63
  64 USERCREATE_PARAM_${SRCNAME}-setup = "name pass tenant role email"
  65 python () {
  66     flags = {'name':'${ADMIN_USER}',\
  67              'pass':'${ADMIN_PASSWORD}',\
  68              'tenant':'${ADMIN_TENANT}',\
  69              'role':'${ADMIN_ROLE}',\
  70              'email':'${ADMIN_USER_EMAIL}',\
  71             }
  72     d.setVarFlags("USERCREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
  73 }
  74
  75 SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl adminurl internalurl"
  76 python () {
  77     flags = {'type':'identity',\
  78              'description':'OpenStack Identity',\
  79              'publicurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'",\
  80              'adminurl':"'http://${KEYSTONE_HOST}:8081/keystone/admin/v2.0'",\
  81              'internalurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'"}
  82     d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
  83 }
  84
  85 do_install_append() {
  86
  87     KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
  88     KEYSTONE_DATA_DIR=${D}${datadir}/keystone
  89     KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
  90     APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/
  91
  92
  93     # Create directories
  94     install -m 755 -d ${KEYSTONE_CONF_DIR}
  95     install -m 755 -d ${APACHE_CONF_DIR}
  96     install -d ${D}${localstatedir}/log/${SRCNAME}
  97
  98     # Setup the systemd service file
  99     install -d ${D}${systemd_system_unitdir}/
 100     install -m 644 ${WORKDIR}/${PN}/keystone-init.service ${D}${systemd_system_unitdir}/keystone-init.service
 101
 102     mv  ${D}/${datadir}/etc/keystone/sso_callback_template.html ${KEYSTONE_CONF_DIR}/
 103     rm -rf ${D}/${datadir}
 104
 105     # Setup the admin-openrc file
 106     KS_OPENRC_FILE=${KEYSTONE_CONF_DIR}/admin-openrc
 107     install -m 600 ${WORKDIR}/${PN}/admin-openrc ${KS_OPENRC_FILE}
 108     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_OPENRC_FILE}
 109     sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_OPENRC_FILE}
 110     sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_OPENRC_FILE}
 111
 112     # Install various configuration files. We have to select suitable
 113     # permissions as packages such as Apache require read access.
 114     #
 115     # Apache needs to read the keystone.conf
 116     install -m 644 ${WORKDIR}/${PN}/keystone.conf ${KEYSTONE_CONF_DIR}/
 117     # Apache needs to read the wsgi-keystone.conf
 118     install -m 644 ${WORKDIR}/${PN}/wsgi-keystone.conf ${APACHE_CONF_DIR}/keystone.conf
 119     install -m 600 ${S}${sysconfdir}/logging.conf.sample  ${KEYSTONE_CONF_DIR}/logging.conf
 120
 121     # Copy examples from upstream
 122     cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}
 123
 124     # Edit the configuration to allow it to work out of the box
 125     KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf
 126     sed "/# admin_endpoint = .*/a \
 127         public_endpoint = http://%CONTROLLER_IP%:5000/ " \
 128         -i ${KEYSTONE_CONF_FILE}
 129
 130     sed "/# admin_endpoint = .*/a \
 131         admin_endpoint = http://%CONTROLLER_IP%:35357/ " \
 132         -i ${KEYSTONE_CONF_FILE}
 133
 134     sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE}
 135     sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE}
 136     sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE}
 137     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
 138     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
 139     sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE}
 140
 141     install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp
 142     if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then
 143         sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \
 144             -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf
 145     fi
 146
 147     if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)};
 148     then
 149         sed -i -e '/^\[identity\]/a \
 150 driver = keystone.identity.backends.hybrid_identity.Identity \
 151 \
 152 [assignment]\
 153 driver = keystone.assignment.backends.hybrid_assignment.Assignment\
 154 ' ${D}${sysconfdir}/keystone/keystone.conf
 155
 156         sed -i -e '/^\[ldap\]/a \
 157 url = ldap://localhost \
 158 user = cn=Manager,${LDAP_DN} \
 159 password = secret \
 160 suffix = ${LDAP_DN} \
 161 use_dumb_member = True \
 162 \
 163 user_tree_dn = ou=Users,${LDAP_DN} \
 164 user_attribute_ignore = enabled,email,tenants,default_project_id \
 165 user_id_attribute = uid \
 166 user_name_attribute = uid \
 167 user_mail_attribute = email \
 168 user_pass_attribute = keystonePassword \
 169 \
 170 tenant_tree_dn = ou=Groups,${LDAP_DN} \
 171 tenant_desc_attribute = description \
 172 tenant_domain_id_attribute = businessCategory \
 173 tenant_attribute_ignore = enabled \
 174 tenant_objectclass = groupOfNames \
 175 tenant_id_attribute = cn \
 176 tenant_member_attribute = member \
 177 tenant_name_attribute = ou \
 178 \
 179 role_attribute_ignore = enabled \
 180 role_objectclass = groupOfNames \
 181 role_member_attribute = member \
 182 role_id_attribute = cn \
 183 role_name_attribute = ou \
 184 role_tree_dn = ou=Roles,${LDAP_DN} \
 185 ' ${KEYSTONE_CONF_FILE}
 186
 187         install -m 0755 ${WORKDIR}/${PN}/convert_keystone_backend.py \
 188             ${D}${sysconfdir}/keystone/convert_keystone_backend.py
 189     fi
 190
 191
 192     install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-fernet-keys-rotate-active ${D}/${bindir}/keystone-fernet-keys-rotate-active
 193     install -m 440 ${WORKDIR}/${PN}/stx-files/password-rules.conf ${KEYSTONE_CONF_DIR}/password-rules.conf
 194     install -m 755 -d ${KEYSTONE_DATA_DIR}
 195     install -m 755 ${WORKDIR}/${PN}/stx-files/public.py ${KEYSTONE_DATA_DIR}/public.py
 196     install -m 644 ${WORKDIR}/${PN}/stx-files/openstack-keystone.service ${D}${systemd_system_unitdir}/openstack-keystone.service
 197     install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-all ${D}${bindir}/keystone-all
 198
 199 }
 200
 201 # By default tokens are expired after 1 day so by default we can set
 202 # this token flush cronjob to run every 2 days
 203 KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *"
 204
 205 pkg_postinst_${SRCNAME}-cronjobs () {
 206     if [ -z "$D" ]; then
 207         # By default keystone expired tokens are not automatic removed out of the
 208         # database.  So we create a cronjob for cleaning these expired tokens.
 209         echo "${KEYSTONE_TOKEN_FLUSH_TIME} root /usr/bin/keystone-manage token_flush" >> /etc/crontab
 210     fi
 211 }
 212
 213 PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"
 214
 215 SYSTEMD_PACKAGES += "${SRCNAME}-setup"
 216 SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service"
 217 SYSTEMD_SERVICE_${SRCNAME} = "openstack-keystone.service"
 218
 219 SYSTEMD_AUTO_ENABLE_${SRCNAME}-setup = "disable"
 220 SYSTEMD_AUTO_ENABLE_${SRCNAME} = "disable"
 221
 222 FILES_${SRCNAME}-setup = " \
 223     ${systemd_system_unitdir}/keystone-init.service \
 224     "
 225
 226 ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"
 227
 228 FILES_${PN} = "${libdir}/* \
 229     "
 230
 231 FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"
 232
 233 FILES_${SRCNAME} = "${bindir}/* \
 234     ${sysconfdir}/${SRCNAME}/* \
 235     ${localstatedir}/* \
 236     ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
 237     ${sysconfdir}/apache2/conf.d/keystone.conf \
 238     ${systemd_system_unitdir}/openstack-keystone.service \
 239     ${datadir} \
 240     "
 241
 242 DEPENDS += " \
 243         python-pip \
 244         python-pbr-native \
 245         "
 246
 247 # Satisfy setup.py 'setup_requires'
 248 DEPENDS += " \
 249         python-pbr-native \
 250         "
 251
 252 RDEPENDS_${PN} += " \
 253         python-babel \
 254         python-pbr \
 255         python-webob \
 256         python-pastedeploy \
 257         python-paste \
 258         python-routes \
 259         python-cryptography \
 260         python-six \
 261         python-sqlalchemy \
 262         python-sqlalchemy-migrate \
 263         python-stevedore \
 264         python-passlib \
 265         python-keystoneclient \
 266         python-keystonemiddleware \
 267         python-bcrypt \
 268         python-scrypt \
 269         python-oslo.cache \
 270         python-oslo.concurrency \
 271         python-oslo.config \
 272         python-oslo.context \
 273         python-oslo.messaging \
 274         python-oslo.db \
 275         python-oslo.i18n \
 276         python-oslo.log \
 277         python-oslo.middleware \
 278         python-oslo.policy \
 279         python-oslo.serialization \
 280         python-oslo.utils \
 281         python-oauthlib \
 282         python-pysaml2 \
 283         python-dogpile.cache \
 284         python-jsonschema \
 285         python-pycadf \
 286         python-msgpack \
 287         python-osprofiler \
 288         python-flask \
 289         python-flask-restful \
 290         python-pytz \
 291         "
 292
 293 RDEPENDS_${SRCNAME}-tests += " bash"
 294
 295 PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
 296 PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
 297
 298 # TODO:
 299 #    if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
 300
 301 RDEPENDS_${SRCNAME} = " \
 302     ${PN} \
 303     postgresql \
 304     postgresql-client \
 305     python-psycopg2 \
 306     apache2 \
 307     "
 308
 309 RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
 310 RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"
 311
 312 MONITOR_SERVICE_PACKAGES = "${SRCNAME}"
 313 MONITOR_SERVICE_${SRCNAME} = "keystone"