Add initial meta-stx to support StarlingX build
meta-stx is a yocto compatible layer that includes
required recipes to build image for StarlingX on top
of yocto 2.7.3 (warrior).
And the following components are included:
- Fault management
- Configuration management
- Software management
- Host management
- Service management
- Ansible and puppet for provisioning
Issue-ID: INF-8
Issue-ID: INF-9
Issue-ID: INF-10
Issue-ID: INF-11
Issue-ID: INF-12
Issue-ID: INF-13
Issue-ID: INF-19
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Change-Id: I4e85c8232df3bf390aa247c75061a54b914bd28a
diff --git a/meta-stx/recipes-devtools/python/python-keystone_git.bb b/meta-stx/recipes-devtools/python/python-keystone_git.bb
new file mode 100644
index 0000000..e6f3b6c
--- /dev/null
+++ b/meta-stx/recipes-devtools/python/python-keystone_git.bb
@@ -0,0 +1,317 @@
+#
+## Copyright (C) 2019 Wind River Systems, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DESCRIPTION = "Authentication service for OpenStack"
+HOMEPAGE = "http://www.openstack.org"
+SECTION = "devel/python"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1dece7821bf3fd70fe1309eaa37d52a2"
+
+SRCREV = "c78581b4608f3dc10e945d358963000f284f188a"
+SRCNAME = "keystone"
+PROTOCOL = "git"
+BRANCH = "stable/stein"
+S = "${WORKDIR}/git"
+PV = "15.0.0+git${SRCPV}"
+
+
+SRC_URI = " \
+ git://opendev.org/openstack/${SRCNAME}.git;protocol=${PROTOCOL};branch=${BRANCH} \
+ file://${PN}/keystone.conf \
+ file://${PN}/identity.sh \
+ file://${PN}/convert_keystone_backend.py \
+ file://${PN}/wsgi-keystone.conf \
+ file://${PN}/admin-openrc \
+ file://${PN}/keystone-init.service \
+ file://${PN}/stx-files/openstack-keystone.service \
+ file://${PN}/stx-files/keystone-all \
+ file://${PN}/stx-files/keystone-fernet-keys-rotate-active \
+ file://${PN}/stx-files/public.py \
+ file://${PN}/stx-files/password-rules.conf \
+ "
+
+
+inherit setuptools identity hosts default_configs monitor useradd systemd
+
+SERVICE_TOKEN = "password"
+TOKEN_FORMAT ?= "PKI"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system -m -s /bin/false keystone"
+
+LDAP_DN ?= "dc=my-domain,dc=com"
+
+SERVICECREATE_PACKAGES = "${SRCNAME}-setup"
+KEYSTONE_HOST="${CONTROLLER_IP}"
+
+# USERCREATE_PARAM and SERVICECREATE_PARAM contain the list of parameters to be
+# set. If the flag for a parameter in the list is not set here, the default
+# value will be given to that parameter. Parameters not in the list will be set
+# to empty.
+
+USERCREATE_PARAM_${SRCNAME}-setup = "name pass tenant role email"
+python () {
+ flags = {'name':'${ADMIN_USER}',\
+ 'pass':'${ADMIN_PASSWORD}',\
+ 'tenant':'${ADMIN_TENANT}',\
+ 'role':'${ADMIN_ROLE}',\
+ 'email':'${ADMIN_USER_EMAIL}',\
+ }
+ d.setVarFlags("USERCREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
+}
+
+SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl adminurl internalurl"
+python () {
+ flags = {'type':'identity',\
+ 'description':'OpenStack Identity',\
+ 'publicurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'",\
+ 'adminurl':"'http://${KEYSTONE_HOST}:8081/keystone/admin/v2.0'",\
+ 'internalurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'"}
+ d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
+}
+
+do_install_append() {
+
+ KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
+ KEYSTONE_DATA_DIR=${D}${localstatedir}/lib/keystone
+ KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
+ APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/
+
+
+ # Create directories
+ install -m 755 -d ${KEYSTONE_CONF_DIR}
+ install -m 755 -d ${KEYSTONE_DATA_DIR}
+ install -m 755 -d ${APACHE_CONF_DIR}
+ install -d ${D}${localstatedir}/log/${SRCNAME}
+
+ # Setup the systemd service file
+ install -d ${D}${systemd_system_unitdir}/
+ install -m 644 ${WORKDIR}/${PN}/keystone-init.service ${D}${systemd_system_unitdir}/keystone-init.service
+
+ mv ${D}/${datadir}/etc/keystone/sso_callback_template.html ${KEYSTONE_CONF_DIR}/
+ rm -rf ${D}/${datadir}
+
+ # Setup the admin-openrc file
+ KS_OPENRC_FILE=${KEYSTONE_CONF_DIR}/admin-openrc
+ install -m 600 ${WORKDIR}/${PN}/admin-openrc ${KS_OPENRC_FILE}
+ sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KS_OPENRC_FILE}
+ sed -e "s:%ADMIN_USER%:${ADMIN_USER}:g" -i ${KS_OPENRC_FILE}
+ sed -e "s:%ADMIN_PASSWORD%:${ADMIN_PASSWORD}:g" -i ${KS_OPENRC_FILE}
+
+ # Install various configuration files. We have to select suitable
+ # permissions as packages such as Apache require read access.
+ #
+ # Apache needs to read the keystone.conf
+ install -m 644 ${WORKDIR}/${PN}/keystone.conf ${KEYSTONE_CONF_DIR}/
+ # Apache needs to read the wsgi-keystone.conf
+ install -m 644 ${WORKDIR}/${PN}/wsgi-keystone.conf ${APACHE_CONF_DIR}/keystone.conf
+ install -m 600 ${S}${sysconfdir}/logging.conf.sample ${KEYSTONE_CONF_DIR}/logging.conf
+
+ # Copy examples from upstream
+ cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}
+
+ # Edit the configuration to allow it to work out of the box
+ KEYSTONE_CONF_FILE=${KEYSTONE_CONF_DIR}/keystone.conf
+ sed "/# admin_endpoint = .*/a \
+ public_endpoint = http://%CONTROLLER_IP%:5000/ " \
+ -i ${KEYSTONE_CONF_FILE}
+
+ sed "/# admin_endpoint = .*/a \
+ admin_endpoint = http://%CONTROLLER_IP%:35357/ " \
+ -i ${KEYSTONE_CONF_FILE}
+
+ sed -e "s:%SERVICE_TOKEN%:${SERVICE_TOKEN}:g" -i ${KEYSTONE_CONF_FILE}
+ sed -e "s:%DB_USER%:${DB_USER}:g" -i ${KEYSTONE_CONF_FILE}
+ sed -e "s:%DB_PASSWORD%:${DB_PASSWORD}:g" -i ${KEYSTONE_CONF_FILE}
+ sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
+ sed -e "s:%CONTROLLER_IP%:${CONTROLLER_IP}:g" -i ${KEYSTONE_CONF_FILE}
+ sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" -i ${KEYSTONE_CONF_FILE}
+
+ install -d ${KEYSTONE_PACKAGE_DIR}/tests/tmp
+ if [ -e "${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf" ];then
+ sed -e "s:%KEYSTONE_PACKAGE_DIR%:${PYTHON_SITEPACKAGES_DIR}/keystone:g" \
+ -i ${KEYSTONE_PACKAGE_DIR}/tests/test_overrides.conf
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)};
+ then
+ sed -i -e '/^\[identity\]/a \
+driver = keystone.identity.backends.hybrid_identity.Identity \
+\
+[assignment]\
+driver = keystone.assignment.backends.hybrid_assignment.Assignment\
+' ${D}${sysconfdir}/keystone/keystone.conf
+
+ sed -i -e '/^\[ldap\]/a \
+url = ldap://localhost \
+user = cn=Manager,${LDAP_DN} \
+password = secret \
+suffix = ${LDAP_DN} \
+use_dumb_member = True \
+\
+user_tree_dn = ou=Users,${LDAP_DN} \
+user_attribute_ignore = enabled,email,tenants,default_project_id \
+user_id_attribute = uid \
+user_name_attribute = uid \
+user_mail_attribute = email \
+user_pass_attribute = keystonePassword \
+\
+tenant_tree_dn = ou=Groups,${LDAP_DN} \
+tenant_desc_attribute = description \
+tenant_domain_id_attribute = businessCategory \
+tenant_attribute_ignore = enabled \
+tenant_objectclass = groupOfNames \
+tenant_id_attribute = cn \
+tenant_member_attribute = member \
+tenant_name_attribute = ou \
+\
+role_attribute_ignore = enabled \
+role_objectclass = groupOfNames \
+role_member_attribute = member \
+role_id_attribute = cn \
+role_name_attribute = ou \
+role_tree_dn = ou=Roles,${LDAP_DN} \
+' ${KEYSTONE_CONF_FILE}
+
+ install -m 0755 ${WORKDIR}/${PN}/convert_keystone_backend.py \
+ ${D}${sysconfdir}/keystone/convert_keystone_backend.py
+ fi
+
+
+ install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-fernet-keys-rotate-active ${D}/${bindir}/keystone-fernet-keys-rotate-active
+ install -m 440 ${WORKDIR}/${PN}/stx-files/password-rules.conf ${KEYSTONE_CONF_DIR}/password-rules.conf
+ install -m 755 ${WORKDIR}/${PN}/stx-files/public.py ${KEYSTONE_DATA_DIR}/public.py
+ install -m 644 ${WORKDIR}/${PN}/stx-files/openstack-keystone.service ${D}${systemd_system_unitdir}/openstack-keystone.service
+ install -m 755 ${WORKDIR}/${PN}/stx-files/keystone-all ${D}${bindir}/keystone-all
+
+}
+
+# By default tokens are expired after 1 day so by default we can set
+# this token flush cronjob to run every 2 days
+KEYSTONE_TOKEN_FLUSH_TIME ??= "0 0 */2 * *"
+
+pkg_postinst_${SRCNAME}-cronjobs () {
+ if [ -z "$D" ]; then
+ # By default keystone expired tokens are not automatic removed out of the
+ # database. So we create a cronjob for cleaning these expired tokens.
+ echo "${KEYSTONE_TOKEN_FLUSH_TIME} root /usr/bin/keystone-manage token_flush" >> /etc/crontab
+ fi
+}
+
+pkg_postinst_${SRCNAME} () {
+ # openstak-keystone will be run in httpd/apache2 instead of standalone
+ ln -sf ${systemd_system_unitdir}/apache2.service $D${sysconfdir}/systemd/system/openstack-keystone.service
+}
+
+PACKAGES += " ${SRCNAME}-tests ${SRCNAME} ${SRCNAME}-setup ${SRCNAME}-cronjobs"
+
+SYSTEMD_PACKAGES += "${SRCNAME}-setup"
+SYSTEMD_SERVICE_${SRCNAME}-setup = "keystone-init.service"
+SYSTEMD_SERVICE_${SRCNAME} = "openstack-keystone.service"
+
+SYSTEMD_AUTO_ENABLE_${SRCNAME}-setup = "disable"
+SYSTEMD_AUTO_ENABLE_${SRCNAME} = "disable"
+
+FILES_${SRCNAME}-setup = " \
+ ${systemd_system_unitdir}/keystone-init.service \
+ "
+
+ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"
+
+FILES_${PN} = "${libdir}/* \
+ "
+
+FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"
+
+FILES_${SRCNAME} = "${bindir}/* \
+ ${sysconfdir}/${SRCNAME}/* \
+ ${localstatedir}/* \
+ ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
+ ${sysconfdir}/apache2/conf.d/keystone.conf \
+ ${systemd_system_unitdir}/openstack-keystone.service \
+ "
+
+DEPENDS += " \
+ python-pip \
+ python-pbr-native \
+ "
+
+# Satisfy setup.py 'setup_requires'
+DEPENDS += " \
+ python-pbr-native \
+ "
+
+RDEPENDS_${PN} += " \
+ python-babel \
+ python-pbr \
+ python-webob \
+ python-pastedeploy \
+ python-paste \
+ python-routes \
+ python-cryptography \
+ python-six \
+ python-sqlalchemy \
+ python-sqlalchemy-migrate \
+ python-stevedore \
+ python-passlib \
+ python-keystoneclient \
+ python-keystonemiddleware \
+ python-bcrypt \
+ python-scrypt \
+ python-oslo.cache \
+ python-oslo.concurrency \
+ python-oslo.config \
+ python-oslo.context \
+ python-oslo.messaging \
+ python-oslo.db \
+ python-oslo.i18n \
+ python-oslo.log \
+ python-oslo.middleware \
+ python-oslo.policy \
+ python-oslo.serialization \
+ python-oslo.utils \
+ python-oauthlib \
+ python-pysaml2 \
+ python-dogpile.cache \
+ python-jsonschema \
+ python-pycadf \
+ python-msgpack \
+ python-osprofiler \
+ python-flask \
+ python-flask-restful \
+ python-pytz \
+ "
+
+RDEPENDS_${SRCNAME}-tests += " bash"
+
+PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'OpenLDAP', 'OpenLDAP', '', d)}"
+PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
+
+# TODO:
+# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
+
+RDEPENDS_${SRCNAME} = " \
+ ${PN} \
+ postgresql \
+ postgresql-client \
+ python-psycopg2 \
+ apache2 \
+ "
+
+RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
+RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"
+
+MONITOR_SERVICE_PACKAGES = "${SRCNAME}"
+MONITOR_SERVICE_${SRCNAME} = "keystone"