meta-starlingx/meta-stx-integ/recipes-devtools/python/python-keystone_git.bb

   1
   2 DESCRIPTION = "Authentication service for OpenStack"
   3 HOMEPAGE = "http://www.openstack.org"
   4 SECTION = "devel/python"
   5 LICENSE = "Apache-2.0"
   6 LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
   7
   8 SRCREV = "dc9e9e32dfbf9fd9c58f9f8e2b35f0bcfd62328e"
   9 SRCNAME = "keystone"
  10 PROTOCOL = "https"
  11 BRANCH = "stable/train"
  12 S = "${WORKDIR}/git"
  13 PV = "16.0.0+git${SRCPV}"
  14
  15 SRC_URI = " \
  16         git://github.com/openstack/${SRCNAME}.git;protocol=${PROTOCOL};branch=${BRANCH} \
  17         file://${BPN}/keystone.conf \
  18         file://${BPN}/identity.sh \
  19         file://${BPN}/convert_keystone_backend.py \
  20         file://${BPN}/wsgi-keystone.conf \
  21         file://${BPN}/admin-openrc \
  22         file://${BPN}/keystone-init.service \
  23         "
  24 inherit setuptools identity hosts default_configs monitor useradd systemd
  25
  26 inherit stx-metadata
  27
  28 STX_REPO = "upstream"
  29 STX_SUBPATH = "openstack/python-keystone/centos"
  30
  31 SRC_URI_STX = " \
  32         file://patches/0001-Rebasing-Keyring-integration.patch \
  33         "
  34
  35 SERVICE_TOKEN = "password"
  36 TOKEN_FORMAT ?= "PKI"
  37
  38 USERADD_PACKAGES = "${PN}"
  39 USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone"
  40
  41 LDAP_DN ?= "dc=my-domain,dc=com"
  42
  43 SERVICECREATE_PACKAGES = "${SRCNAME}-setup"
  44 KEYSTONE_HOST="${CONTROLLER_IP}"
  45
  46 # USERCREATE_PARAM and SERVICECREATE_PARAM contain the list of parameters to be
  47 # set.  If the flag for a parameter in the list is not set here, the default
  48 # value will be given to that parameter. Parameters not in the list will be set
  49 # to empty.
  50
  51 USERCREATE_PARAM_${SRCNAME}-setup = "name pass tenant role email"
  52 python () {
  53     flags = {'name':'${ADMIN_USER}',\
  54              'pass':'${ADMIN_PASSWORD}',\
  55              'tenant':'${ADMIN_TENANT}',\
  56              'role':'${ADMIN_ROLE}',\
  57              'email':'${ADMIN_USER_EMAIL}',\
  58             }
  59     d.setVarFlags("USERCREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
  60 }
  61
  62 SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl adminurl internalurl"
  63 python () {
  64     flags = {'type':'identity',\
  65              'description':'OpenStack Identity',\
  66              'publicurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'",\
  67              'adminurl':"'http://${KEYSTONE_HOST}:8081/keystone/admin/v2.0'",\
  68              'internalurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'"}
  69     d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
  70 }
  71
  72 do_install_append() {
  73
  74     KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
  75     KEYSTONE_DATA_DIR=${D}${datadir}/keystone
  76     KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
  77     APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/
  78
  79
  80     # Create directories
  81     install -m 755 -d ${KEYSTONE_CONF_DIR}
  82     install -m 755 -d ${APACHE_CONF_DIR}
  83     install -d ${D}${localstatedir}/log/${SRCNAME}
  84
  85     # Setup the systemd service file
  86     install -d ${D}${systemd_system_unitdir}/
  87     install -m 644 ${WORKDIR}/${BPN}/keystone-init.service ${D}${systemd_system_unitdir}/keystone-init.service
  88
  89     mv  ${D}/${datadir}/etc/keystone/sso_callback_template.html ${KEYSTONE_CONF_DIR}/
  90     rm -rf ${D}/${datadir}
  91
  92     # Setup the admin-openrc file
  93     KS_OPENRC_FILE=${KEYSTONE_CONF_DIR}/admin-openrc
  94     install -m 600 ${WORKDIR}/${BPN}/admin-openrc ${KS_OPENRC_FILE}
  95     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_OPENRC_FILE}
  96     sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_OPENRC_FILE}
  97     sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_OPENRC_FILE}
  98
  99     # Install various configuration files. We have to select suitable
 100     # permissions as packages such as Apache require read access.
 101     #
 102     # Apache needs to read the keystone.conf
 103     install -m 644 ${WORKDIR}/${BPN}/keystone.conf ${KEYSTONE_CONF_DIR}/
 104     # Apache needs to read the wsgi-keystone.conf
 105     install -m 644 ${WORKDIR}/${BPN}/wsgi-keystone.conf ${APACHE_CONF_DIR}/keystone.conf
 106     install -m 600 ${S}${sysconfdir}/logging.conf.sample  ${KEYSTONE_CONF_DIR}/logging.conf
 107
 108     # Copy examples from upstream
 109     cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}
 110
 111     # Edit the configuration to allow it to work out of the box
 112     KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf
 113     sed "/# admin_endpoint = .*/a \
 114         public_endpoint = http://%CONTROLLER_IP%:5000/ " \
 115         -i ${KEYSTONE_CONF_FILE}
 116
 117     sed "/# admin_endpoint = .*/a \
 118         admin_endpoint = http://%CONTROLLER_IP%:35357/ " \
 119         -i ${KEYSTONE_CONF_FILE}
 120
 121     sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE}
 122     sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE}
 123     sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE}
 124     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
 125     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
 126     sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE}
 127
 128     install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp
 129     if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then
 130         sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \
 131             -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf
 132     fi
 133
 134     if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)};
 135     then
 136         sed -i -e '/^\[identity\]/a \
 137 driver = keystone.identity.backends.hybrid_identity.Identity \
 138 \
 139 [assignment]\
 140 driver = keystone.assignment.backends.hybrid_assignment.Assignment\
 141 ' ${D}${sysconfdir}/keystone/keystone.conf
 142
 143         sed -i -e '/^\[ldap\]/a \
 144 url = ldap://localhost \
 145 user = cn=Manager,${LDAP_DN} \
 146 password = secret \
 147 suffix = ${LDAP_DN} \
 148 use_dumb_member = True \
 149 \
 150 user_tree_dn = ou=Users,${LDAP_DN} \
 151 user_attribute_ignore = enabled,email,tenants,default_project_id \
 152 user_id_attribute = uid \
 153 user_name_attribute = uid \
 154 user_mail_attribute = email \
 155 user_pass_attribute = keystonePassword \
 156 \
 157 tenant_tree_dn = ou=Groups,${LDAP_DN} \
 158 tenant_desc_attribute = description \
 159 tenant_domain_id_attribute = businessCategory \
 160 tenant_attribute_ignore = enabled \
 161 tenant_objectclass = groupOfNames \
 162 tenant_id_attribute = cn \
 163 tenant_member_attribute = member \
 164 tenant_name_attribute = ou \
 165 \
 166 role_attribute_ignore = enabled \
 167 role_objectclass = groupOfNames \
 168 role_member_attribute = member \
 169 role_id_attribute = cn \
 170 role_name_attribute = ou \
 171 role_tree_dn = ou=Roles,${LDAP_DN} \
 172 ' ${KEYSTONE_CONF_FILE}
 173
 174         install -m 0755 ${WORKDIR}/${BPN}/convert_keystone_backend.py \
 175             ${D}${sysconfdir}/keystone/convert_keystone_backend.py
 176     fi
 177
 178
 179     install -m 755 ${STX_METADATA_PATH}/files/keystone-fernet-keys-rotate-active ${D}/${bindir}/keystone-fernet-keys-rotate-active
 180     install -m 440 ${STX_METADATA_PATH}/files/password-rules.conf ${KEYSTONE_CONF_DIR}/password-rules.conf
 181     install -m 755 -d ${KEYSTONE_DATA_DIR}
 182     install -m 755 ${STX_METADATA_PATH}/files/public.py ${KEYSTONE_DATA_DIR}/public.py
 183     install -m 644 ${STX_METADATA_PATH}/files/openstack-keystone.service ${D}${systemd_system_unitdir}/openstack-keystone.service
 184     install -m 755 ${STX_METADATA_PATH}/files/keystone-all ${D}${bindir}/keystone-all
 185
 186 }
 187
 188 # By default tokens are expired after 1 day so by default we can set
 189 # this token flush cronjob to run every 2 days
 190 KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *"
 191
 192 pkg_postinst_${SRCNAME}-cronjobs () {
 193     if [ -z "$D" ]; then
 194         # By default keystone expired tokens are not automatic removed out of the
 195         # database.  So we create a cronjob for cleaning these expired tokens.
 196         echo "${KEYSTONE_TOKEN_FLUSH_TIME} root /usr/bin/keystone-manage token_flush" >> /etc/crontab
 197     fi
 198 }
 199
 200 PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"
 201
 202 SYSTEMD_PACKAGES += "${SRCNAME}-setup"
 203 SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service"
 204 SYSTEMD_SERVICE_${SRCNAME} = "openstack-keystone.service"
 205
 206 SYSTEMD_AUTO_ENABLE_${SRCNAME}-setup = "disable"
 207 SYSTEMD_AUTO_ENABLE_${SRCNAME} = "disable"
 208
 209 FILES_${SRCNAME}-setup = " \
 210     ${systemd_system_unitdir}/keystone-init.service \
 211     "
 212
 213 ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"
 214
 215 FILES_${PN} = "${libdir}/* \
 216     "
 217
 218 FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"
 219
 220 FILES_${SRCNAME} = "${bindir}/* \
 221     ${sysconfdir}/${SRCNAME}/* \
 222     ${localstatedir}/* \
 223     ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
 224     ${sysconfdir}/apache2/conf.d/keystone.conf \
 225     ${systemd_system_unitdir}/openstack-keystone.service \
 226     ${datadir} \
 227     "
 228
 229 DEPENDS += " \
 230         python-pip \
 231         python-pbr-native \
 232         "
 233
 234 # Satisfy setup.py 'setup_requires'
 235 DEPENDS += " \
 236         python-pbr-native \
 237         "
 238
 239 RDEPENDS_${PN} += " \
 240         python-babel \
 241         python-pbr \
 242         python-webob \
 243         python-pastedeploy \
 244         python-paste \
 245         python-routes \
 246         python-cryptography \
 247         python-six \
 248         python-sqlalchemy \
 249         python-sqlalchemy-migrate \
 250         python-stevedore \
 251         python-passlib \
 252         python-keystoneclient \
 253         python-keystonemiddleware \
 254         python-bcrypt \
 255         python-scrypt \
 256         python-oslo.cache \
 257         python-oslo.concurrency \
 258         python-oslo.config \
 259         python-oslo.context \
 260         python-oslo.messaging \
 261         python-oslo.db \
 262         python-oslo.i18n \
 263         python-oslo.log \
 264         python-oslo.middleware \
 265         python-oslo.policy \
 266         python-oslo.serialization \
 267         python-oslo.utils \
 268         python-oauthlib \
 269         python-pysaml2 \
 270         python-dogpile.cache \
 271         python-jsonschema \
 272         python-pycadf \
 273         python-msgpack \
 274         python-osprofiler \
 275         python-flask \
 276         python-flask-restful \
 277         python-pytz \
 278         "
 279
 280 RDEPENDS_${SRCNAME}-tests += " bash"
 281
 282 PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
 283 PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
 284
 285 # TODO:
 286 #    if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
 287
 288 RDEPENDS_${SRCNAME} = " \
 289     ${PN} \
 290     postgresql \
 291     postgresql-client \
 292     python-psycopg2 \
 293     apache2 \
 294     "
 295
 296 RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
 297 RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"
 298
 299 MONITOR_SERVICE_PACKAGES = "${SRCNAME}"
 300 MONITOR_SERVICE_${SRCNAME} = "keystone"