meta-stx/recipes-devtools/python/python-keystone_git.bb - oransc/pti/rtp - Gitiles

 #
 ## Copyright (C) 2019 Wind River Systems, Inc.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
 #  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.

 DESCRIPTION = "Authentication service for OpenStack"
 HOMEPAGE = "http://www.openstack.org"
 SECTION = "devel/python"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"

 SRCREV = "c78581b4608f3dc10e945d358963000f284f188a"
 SRCNAME = "keystone"
 PROTOCOL = "git"
 BRANCH = "stable/stein"
 S = "${WORKDIR}/git"
 PV = "15.0.0+git${SRCPV}"


 SRC_URI = " \
 	git://opendev.org/openstack/${SRCNAME}.git;protocol=${PROTOCOL};branch=${BRANCH} \
 	file://${PN}/keystone.conf \
 	file://${PN}/identity.sh \
 	file://${PN}/convert_keystone_backend.py \
 	file://${PN}/wsgi-keystone.conf \
 	file://${PN}/admin-openrc \
 	file://${PN}/keystone-init.service \
 	file://${PN}/stx-files/openstack-keystone.service \
 	file://${PN}/stx-files/keystone-all \
 	file://${PN}/stx-files/keystone-fernet-keys-rotate-active \
 	file://${PN}/stx-files/public.py \
 	file://${PN}/stx-files/password-rules.conf \
 	"


 inherit setuptools identity hosts default_configs monitor useradd systemd

 SERVICE_TOKEN = "password"
 TOKEN_FORMAT ?= "PKI"

 USERADD_PACKAGES = "${PN}"
 USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone"

 LDAP_DN ?= "dc=my-domain,dc=com"

 SERVICECREATE_PACKAGES = "${SRCNAME}-setup"
 KEYSTONE_HOST="${CONTROLLER_IP}"

 # USERCREATE_PARAM and SERVICECREATE_PARAM contain the list of parameters to be
 # set.  If the flag for a parameter in the list is not set here, the default
 # value will be given to that parameter. Parameters not in the list will be set
 # to empty.

 USERCREATE_PARAM_${SRCNAME}-setup = "name pass tenant role email"
 python () {
     flags = {'name':'${ADMIN_USER}',\
              'pass':'${ADMIN_PASSWORD}',\
              'tenant':'${ADMIN_TENANT}',\
              'role':'${ADMIN_ROLE}',\
              'email':'${ADMIN_USER_EMAIL}',\
             }
     d.setVarFlags("USERCREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
 }

 SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl adminurl internalurl"
 python () {
     flags = {'type':'identity',\
              'description':'OpenStack Identity',\
              'publicurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'",\
              'adminurl':"'http://${KEYSTONE_HOST}:8081/keystone/admin/v2.0'",\
              'internalurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'"}
     d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
 }

 do_install_append() {

     KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
     KEYSTONE_DATA_DIR=${D}${localstatedir}/lib/keystone
     KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
     APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/


     # Create directories
     install -m 755 -d ${KEYSTONE_CONF_DIR}
     install -m 755 -d ${KEYSTONE_DATA_DIR}
     install -m 755 -d ${APACHE_CONF_DIR}
     install -d ${D}${localstatedir}/log/${SRCNAME}

     # Setup the systemd service file
     install -d ${D}${systemd_system_unitdir}/
     install -m 644 ${WORKDIR}/${PN}/keystone-init.service ${D}${systemd_system_unitdir}/keystone-init.service

     mv  ${D}/${datadir}/etc/keystone/sso_callback_template.html ${KEYSTONE_CONF_DIR}/
     rm -rf ${D}/${datadir}

     # Setup the admin-openrc file
     KS_OPENRC_FILE=${KEYSTONE_CONF_DIR}/admin-openrc
     install -m 600 ${WORKDIR}/${PN}/admin-openrc ${KS_OPENRC_FILE}
     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_OPENRC_FILE}
     sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_OPENRC_FILE}
     sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_OPENRC_FILE}

     # Install various configuration files. We have to select suitable
     # permissions as packages such as Apache require read access.
     #
     # Apache needs to read the keystone.conf
     install -m 644 ${WORKDIR}/${PN}/keystone.conf ${KEYSTONE_CONF_DIR}/
     # Apache needs to read the wsgi-keystone.conf
     install -m 644 ${WORKDIR}/${PN}/wsgi-keystone.conf ${APACHE_CONF_DIR}/keystone.conf
     install -m 600 ${S}${sysconfdir}/logging.conf.sample  ${KEYSTONE_CONF_DIR}/logging.conf

     # Copy examples from upstream
     cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}

     # Edit the configuration to allow it to work out of the box
     KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf
     sed "/# admin_endpoint = .*/a \
         public_endpoint = http://%CONTROLLER_IP%:5000/ " \
         -i ${KEYSTONE_CONF_FILE}

     sed "/# admin_endpoint = .*/a \
         admin_endpoint = http://%CONTROLLER_IP%:35357/ " \
         -i ${KEYSTONE_CONF_FILE}

     sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE}
     sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE}
     sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE}
     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
     sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
     sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE}

     install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp
     if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then
         sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \
             -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf
     fi

     if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)};
     then
         sed -i -e '/^\[identity\]/a \
 driver = keystone.identity.backends.hybrid_identity.Identity \
 \
 [assignment]\
 driver = keystone.assignment.backends.hybrid_assignment.Assignment\
 ' ${D}${sysconfdir}/keystone/keystone.conf

         sed -i -e '/^\[ldap\]/a \
 url = ldap://localhost \
 user = cn=Manager,${LDAP_DN} \
 password = secret \
 suffix = ${LDAP_DN} \
 use_dumb_member = True \
 \
 user_tree_dn = ou=Users,${LDAP_DN} \
 user_attribute_ignore = enabled,email,tenants,default_project_id \
 user_id_attribute = uid \
 user_name_attribute = uid \
 user_mail_attribute = email \
 user_pass_attribute = keystonePassword \
 \
 tenant_tree_dn = ou=Groups,${LDAP_DN} \
 tenant_desc_attribute = description \
 tenant_domain_id_attribute = businessCategory \
 tenant_attribute_ignore = enabled \
 tenant_objectclass = groupOfNames \
 tenant_id_attribute = cn \
 tenant_member_attribute = member \
 tenant_name_attribute = ou \
 \
 role_attribute_ignore = enabled \
 role_objectclass = groupOfNames \
 role_member_attribute = member \
 role_id_attribute = cn \
 role_name_attribute = ou \
 role_tree_dn = ou=Roles,${LDAP_DN} \
 ' ${KEYSTONE_CONF_FILE}

         install -m 0755 ${WORKDIR}/${PN}/convert_keystone_backend.py \
             ${D}${sysconfdir}/keystone/convert_keystone_backend.py
     fi


     install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-fernet-keys-rotate-active ${D}/${bindir}/keystone-fernet-keys-rotate-active
     install -m 440 ${WORKDIR}/${PN}/stx-files/password-rules.conf ${KEYSTONE_CONF_DIR}/password-rules.conf
     install -m 755 ${WORKDIR}/${PN}/stx-files/public.py ${KEYSTONE_DATA_DIR}/public.py
     install -m 644 ${WORKDIR}/${PN}/stx-files/openstack-keystone.service ${D}${systemd_system_unitdir}/openstack-keystone.service
     install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-all ${D}${bindir}/keystone-all

 }

 # By default tokens are expired after 1 day so by default we can set
 # this token flush cronjob to run every 2 days
 KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *"

 pkg_postinst_${SRCNAME}-cronjobs () {
     if [ -z "$D" ]; then
 	# By default keystone expired tokens are not automatic removed out of the
 	# database.  So we create a cronjob for cleaning these expired tokens.
 	echo "${KEYSTONE_TOKEN_FLUSH_TIME} root /usr/bin/keystone-manage token_flush" >> /etc/crontab
     fi
 }

 pkg_postinst_${SRCNAME} () {
     # openstak-keystone will be run in httpd/apache2 instead of standalone
     ln -sf ${systemd_system_unitdir}/apache2.service $D${sysconfdir}/systemd/system/openstack-keystone.service
 }

 PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"

 SYSTEMD_PACKAGES += "${SRCNAME}-setup"
 SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service"
 SYSTEMD_SERVICE_${SRCNAME} = "openstack-keystone.service"

 SYSTEMD_AUTO_ENABLE_${SRCNAME}-setup = "disable"
 SYSTEMD_AUTO_ENABLE_${SRCNAME} = "disable"

 FILES_${SRCNAME}-setup = " \
     ${systemd_system_unitdir}/keystone-init.service \
     "

 ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"

 FILES_${PN} = "${libdir}/* \
     "

 FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"

 FILES_${SRCNAME} = "${bindir}/* \
     ${sysconfdir}/${SRCNAME}/* \
     ${localstatedir}/* \
     ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
     ${sysconfdir}/apache2/conf.d/keystone.conf \
     ${systemd_system_unitdir}/openstack-keystone.service \
     "

 DEPENDS += " \
         python-pip \
         python-pbr-native \
         "

 # Satisfy setup.py 'setup_requires'
 DEPENDS += " \
         python-pbr-native \
         "

 RDEPENDS_${PN} += " \
         python-babel \
         python-pbr \
         python-webob \
         python-pastedeploy \
         python-paste \
         python-routes \
         python-cryptography \
         python-six \
         python-sqlalchemy \
         python-sqlalchemy-migrate \
         python-stevedore \
         python-passlib \
         python-keystoneclient \
         python-keystonemiddleware \
         python-bcrypt \
         python-scrypt \
         python-oslo.cache \
         python-oslo.concurrency \
         python-oslo.config \
         python-oslo.context \
         python-oslo.messaging \
         python-oslo.db \
         python-oslo.i18n \
         python-oslo.log \
         python-oslo.middleware \
         python-oslo.policy \
         python-oslo.serialization \
         python-oslo.utils \
         python-oauthlib \
         python-pysaml2 \
         python-dogpile.cache \
         python-jsonschema \
         python-pycadf \
         python-msgpack \
         python-osprofiler \
 	python-flask \
 	python-flask-restful \
         python-pytz \
         "

 RDEPENDS_${SRCNAME}-tests += " bash"

 PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
 PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"

 # TODO:
 #    if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS

 RDEPENDS_${SRCNAME} = " \
     ${PN} \
     postgresql \
     postgresql-client \
     python-psycopg2 \
     apache2 \
     "

 RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
 RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"

 MONITOR_SERVICE_PACKAGES = "${SRCNAME}"
 MONITOR_SERVICE_${SRCNAME} = "keystone"
	#
	## Copyright (C) 2019 Wind River Systems, Inc.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	DESCRIPTION = "Authentication service for OpenStack"
	HOMEPAGE = "http://www.openstack.org"
	SECTION = "devel/python"
	LICENSE = "Apache-2.0"
	LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"

	SRCREV = "c78581b4608f3dc10e945d358963000f284f188a"
	SRCNAME = "keystone"
	PROTOCOL = "git"
	BRANCH = "stable/stein"
	S = "${WORKDIR}/git"
	PV = "15.0.0+git${SRCPV}"


	SRC_URI = " \
	git://opendev.org/openstack/${SRCNAME}.git;protocol=${PROTOCOL};branch=${BRANCH} \
	file://${PN}/keystone.conf \
	file://${PN}/identity.sh \
	file://${PN}/convert_keystone_backend.py \
	file://${PN}/wsgi-keystone.conf \
	file://${PN}/admin-openrc \
	file://${PN}/keystone-init.service \
	file://${PN}/stx-files/openstack-keystone.service \
	file://${PN}/stx-files/keystone-all \
	file://${PN}/stx-files/keystone-fernet-keys-rotate-active \
	file://${PN}/stx-files/public.py \
	file://${PN}/stx-files/password-rules.conf \
	"


	inherit setuptools identity hosts default_configs monitor useradd systemd

	SERVICE_TOKEN = "password"
	TOKEN_FORMAT ?= "PKI"

	USERADD_PACKAGES = "${PN}"
	USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone"

	LDAP_DN ?= "dc=my-domain,dc=com"

	SERVICECREATE_PACKAGES = "${SRCNAME}-setup"
	KEYSTONE_HOST="${CONTROLLER_IP}"

	# USERCREATE_PARAM and SERVICECREATE_PARAM contain the list of parameters to be
	# set. If the flag for a parameter in the list is not set here, the default
	# value will be given to that parameter. Parameters not in the list will be set
	# to empty.

	USERCREATE_PARAM_${SRCNAME}-setup = "name pass tenant role email"
	python () {
	flags = {'name':'${ADMIN_USER}',\
	'pass':'${ADMIN_PASSWORD}',\
	'tenant':'${ADMIN_TENANT}',\
	'role':'${ADMIN_ROLE}',\
	'email':'${ADMIN_USER_EMAIL}',\
	}
	d.setVarFlags("USERCREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
	}

	SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl adminurl internalurl"
	python () {
	flags = {'type':'identity',\
	'description':'OpenStack Identity',\
	'publicurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'",\
	'adminurl':"'http://${KEYSTONE_HOST}:8081/keystone/admin/v2.0'",\
	'internalurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'"}
	d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
	}

	do_install_append() {

	KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
	KEYSTONE_DATA_DIR=${D}${localstatedir}/lib/keystone
	KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
	APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/


	# Create directories
	install -m 755 -d ${KEYSTONE_CONF_DIR}
	install -m 755 -d ${KEYSTONE_DATA_DIR}
	install -m 755 -d ${APACHE_CONF_DIR}
	install -d ${D}${localstatedir}/log/${SRCNAME}

	# Setup the systemd service file
	install -d ${D}${systemd_system_unitdir}/
	install -m 644 ${WORKDIR}/${PN}/keystone-init.service ${D}${systemd_system_unitdir}/keystone-init.service

	mv ${D}/${datadir}/etc/keystone/sso_callback_template.html ${KEYSTONE_CONF_DIR}/
	rm -rf ${D}/${datadir}

	# Setup the admin-openrc file
	KS_OPENRC_FILE=${KEYSTONE_CONF_DIR}/admin-openrc
	install -m 600 ${WORKDIR}/${PN}/admin-openrc ${KS_OPENRC_FILE}
	sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_OPENRC_FILE}
	sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_OPENRC_FILE}
	sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_OPENRC_FILE}

	# Install various configuration files. We have to select suitable
	# permissions as packages such as Apache require read access.
	#
	# Apache needs to read the keystone.conf
	install -m 644 ${WORKDIR}/${PN}/keystone.conf ${KEYSTONE_CONF_DIR}/
	# Apache needs to read the wsgi-keystone.conf
	install -m 644 ${WORKDIR}/${PN}/wsgi-keystone.conf ${APACHE_CONF_DIR}/keystone.conf
	install -m 600 ${S}${sysconfdir}/logging.conf.sample ${KEYSTONE_CONF_DIR}/logging.conf

	# Copy examples from upstream
	cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}

	# Edit the configuration to allow it to work out of the box
	KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf
	sed "/# admin_endpoint = .*/a \
	public_endpoint = http://%CONTROLLER_IP%:5000/ " \
	-i ${KEYSTONE_CONF_FILE}

	sed "/# admin_endpoint = .*/a \
	admin_endpoint = http://%CONTROLLER_IP%:35357/ " \
	-i ${KEYSTONE_CONF_FILE}

	sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE}
	sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE}
	sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE}
	sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
	sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
	sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE}

	install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp
	if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then
	sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \
	-i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf
	fi

	if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)};
	then
	sed -i -e '/^\[identity\]/a \
	driver = keystone.identity.backends.hybrid_identity.Identity \
	\
	[assignment]\
	driver = keystone.assignment.backends.hybrid_assignment.Assignment\
	' ${D}${sysconfdir}/keystone/keystone.conf

	sed -i -e '/^\[ldap\]/a \
	url = ldap://localhost \
	user = cn=Manager,${LDAP_DN} \
	password = secret \
	suffix = ${LDAP_DN} \
	use_dumb_member = True \
	\
	user_tree_dn = ou=Users,${LDAP_DN} \
	user_attribute_ignore = enabled,email,tenants,default_project_id \
	user_id_attribute = uid \
	user_name_attribute = uid \
	user_mail_attribute = email \
	user_pass_attribute = keystonePassword \
	\
	tenant_tree_dn = ou=Groups,${LDAP_DN} \
	tenant_desc_attribute = description \
	tenant_domain_id_attribute = businessCategory \
	tenant_attribute_ignore = enabled \
	tenant_objectclass = groupOfNames \
	tenant_id_attribute = cn \
	tenant_member_attribute = member \
	tenant_name_attribute = ou \
	\
	role_attribute_ignore = enabled \
	role_objectclass = groupOfNames \
	role_member_attribute = member \
	role_id_attribute = cn \
	role_name_attribute = ou \
	role_tree_dn = ou=Roles,${LDAP_DN} \
	' ${KEYSTONE_CONF_FILE}

	install -m 0755 ${WORKDIR}/${PN}/convert_keystone_backend.py \
	${D}${sysconfdir}/keystone/convert_keystone_backend.py
	fi


	install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-fernet-keys-rotate-active ${D}/${bindir}/keystone-fernet-keys-rotate-active
	install -m 440 ${WORKDIR}/${PN}/stx-files/password-rules.conf ${KEYSTONE_CONF_DIR}/password-rules.conf
	install -m 755 ${WORKDIR}/${PN}/stx-files/public.py ${KEYSTONE_DATA_DIR}/public.py
	install -m 644 ${WORKDIR}/${PN}/stx-files/openstack-keystone.service ${D}${systemd_system_unitdir}/openstack-keystone.service
	install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-all ${D}${bindir}/keystone-all

	}

	# By default tokens are expired after 1 day so by default we can set
	# this token flush cronjob to run every 2 days
	KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 /2 *"

	pkg_postinst_${SRCNAME}-cronjobs () {
	if [ -z "$D" ]; then
	# By default keystone expired tokens are not automatic removed out of the
	# database. So we create a cronjob for cleaning these expired tokens.
	echo "${KEYSTONE_TOKEN_FLUSH_TIME} root /usr/bin/keystone-manage token_flush" >> /etc/crontab
	fi
	}

	pkg_postinst_${SRCNAME} () {
	# openstak-keystone will be run in httpd/apache2 instead of standalone
	ln -sf ${systemd_system_unitdir}/apache2.service $D${sysconfdir}/systemd/system/openstack-keystone.service
	}

	PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"

	SYSTEMD_PACKAGES += "${SRCNAME}-setup"
	SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service"
	SYSTEMD_SERVICE_${SRCNAME} = "openstack-keystone.service"

	SYSTEMD_AUTO_ENABLE_${SRCNAME}-setup = "disable"
	SYSTEMD_AUTO_ENABLE_${SRCNAME} = "disable"

	FILES_${SRCNAME}-setup = " \
	${systemd_system_unitdir}/keystone-init.service \
	"

	ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"

	FILES_${PN} = "${libdir}/* \
	"

	FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"

	FILES_${SRCNAME} = "${bindir}/* \
	${sysconfdir}/${SRCNAME}/* \
	${localstatedir}/* \
	${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
	${sysconfdir}/apache2/conf.d/keystone.conf \
	${systemd_system_unitdir}/openstack-keystone.service \
	"

	DEPENDS += " \
	python-pip \
	python-pbr-native \
	"

	# Satisfy setup.py 'setup_requires'
	DEPENDS += " \
	python-pbr-native \
	"

	RDEPENDS_${PN} += " \
	python-babel \
	python-pbr \
	python-webob \
	python-pastedeploy \
	python-paste \
	python-routes \
	python-cryptography \
	python-six \
	python-sqlalchemy \
	python-sqlalchemy-migrate \
	python-stevedore \
	python-passlib \
	python-keystoneclient \
	python-keystonemiddleware \
	python-bcrypt \
	python-scrypt \
	python-oslo.cache \
	python-oslo.concurrency \
	python-oslo.config \
	python-oslo.context \
	python-oslo.messaging \
	python-oslo.db \
	python-oslo.i18n \
	python-oslo.log \
	python-oslo.middleware \
	python-oslo.policy \
	python-oslo.serialization \
	python-oslo.utils \
	python-oauthlib \
	python-pysaml2 \
	python-dogpile.cache \
	python-jsonschema \
	python-pycadf \
	python-msgpack \
	python-osprofiler \
	python-flask \
	python-flask-restful \
	python-pytz \
	"

	RDEPENDS_${SRCNAME}-tests += " bash"

	PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
	PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"

	# TODO:
	# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS

	RDEPENDS_${SRCNAME} = " \
	${PN} \
	postgresql \
	postgresql-client \
	python-psycopg2 \
	apache2 \
	"

	RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
	RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"

	MONITOR_SERVICE_PACKAGES = "${SRCNAME}"
	MONITOR_SERVICE_${SRCNAME} = "keystone"