Initial template for keystone

Change-Id: Id5e9a05f92bd810de7e95c3f4451e913c08a384f
2016-11-10 17:57:11 +03:00 · 2016-11-10 17:57:11 +03:00 · 60d56e6f1b
commit 60d56e6f1b
parent fed201dcf5
6 changed files with 300 additions and 0 deletions
--- a/openstack/keystone/keystone.spec.j2
+++ b/openstack/keystone/keystone.spec.j2
@ -0,0 +1,253 @@
+%global with_doc 1
+%global sname keystone
+{% set upstream_version = '11.0.0.0b2' %}
+{% set rpm_release = '1' %}
+%if 0%{?rhel} || 0%{?fedora}
+%global rdo 1
+%endif
+Name:           {{ py2name('keystone') }}
+Epoch:          {{ epoch('keystone') }}
+Version:        {{ py2rpmversion() }}
+Release:        {{ py2rpmrelease() }}
+Summary:        OpenStack Identity Service
+License:        {{ license('Apache-2.0') }}
+Url:            https://launchpad.net/keystone
+Source0:        http://tarballs.openstack.org/%{sname}/%{sname}-{{upstream_version}}.tar.gz
+Source1:        openstack-keystone.logrotate
+Source2:        openstack-keystone.sysctl
+Source3:        openstack-keystone.tmpfiles
+Source4:        openstack-keystone.defaultconf
+Source5:        openstack-keystone.README.config
+BuildRequires:  openstack-macros
+BuildRequires:  {{ py2pkg('Tempest') }}
+BuildRequires:  {{ py2pkg('WebTest') }}
+BuildRequires:  {{ py2pkg('devel') }}
+BuildRequires:  {{ py2pkg('fixtures') }}
+BuildRequires:  {{ py2pkg('freezegun') }}
+BuildRequires:  {{ py2pkg('lxml') }}
+BuildRequires:  {{ py2pkg('mock') }}
+BuildRequires:  {{ py2pkg('os-api-ref') }}
+BuildRequires:  {{ py2pkg('os-testr') }}
+BuildRequires:  {{ py2pkg('oslo.cache') }}
+BuildRequires:  {{ py2pkg('oslo.config') }}
+BuildRequires:  {{ py2pkg('oslotest') }}
+BuildRequires:  {{ py2pkg('osprofiler') }}
+BuildRequires:  {{ py2pkg('pbr') }}
+BuildRequires:  {{ py2pkg('python-subunit') }}
+BuildRequires:  {{ py2pkg('reno') }}
+BuildRequires:  {{ py2pkg('requests') }}
+BuildRequires:  {{ py2pkg('testrepository') }}
+BuildRequires:  {{ py2pkg('testresources') }}
+BuildRequires:  {{ py2pkg('testtools') }}
+Requires:       python-%{sname} = %{epoch}:%{version}-%{release}
+BuildArch:      noarch
+%if 0%{?suse_version}
+BuildRequires:  libxmlsec1-openssl1
+Requires(pre):  pwdutils
+%endif
+%if 0%{?rdo}
+BuildRequires:  xmlsec1-openssl
+Requires(pre):  shadow-utils
+%endif
+
+%description
+Keystone is a Python implementation of the OpenStack
+(http://www.openstack.org) identity service API.
+.
+This package contains the keystone python libraries.
+
+%package -n     python-%{sname}
+Summary:        Keystone Python libraries
+Group:          Applications/System
+Requires:       {{ py2pkg('Babel') }}
+Requires:       {{ py2pkg('Paste') }}
+Requires:       {{ py2pkg('PasteDeploy') }}
+Requires:       {{ py2pkg('PyMySQL') }}
+Requires:       {{ py2pkg('Routes') }}
+Requires:       {{ py2pkg('SQLAlchemy') }}
+Requires:       {{ py2pkg('WebOb') }}
+Requires:       {{ py2pkg('cryptography') }}
+Requires:       {{ py2pkg('dogpile.cache') }}
+Requires:       {{ py2pkg('jsonschema') }}
+Requires:       {{ py2pkg('python-keystoneclient') }}
+Requires:       {{ py2pkg('keystonemiddleware') }}
+Requires:       {{ py2pkg('ldappool') }}
+Requires:       {{ py2pkg('msgpack-python') }}
+Requires:       {{ py2pkg('oauthlib') }}
+Requires:       {{ py2pkg('oslo.cache') }}
+Requires:       {{ py2pkg('oslo.concurrency') }}
+Requires:       {{ py2pkg('oslo.config') }}
+Requires:       {{ py2pkg('oslo.context') }}
+Requires:       {{ py2pkg('oslo.db') }}
+Requires:       {{ py2pkg('oslo.i18n') }}
+Requires:       {{ py2pkg('oslo.log') }}
+Requires:       {{ py2pkg('oslo.messaging') }}
+Requires:       {{ py2pkg('oslo.middleware') }}
+Requires:       {{ py2pkg('oslo.policy') }}
+Requires:       {{ py2pkg('oslo.serialization') }}
+Requires:       {{ py2pkg('oslo.utils') }}
+Requires:       {{ py2pkg('osprofiler') }}
+Requires:       {{ py2pkg('passlib') }}
+Requires:       {{ py2pkg('pbr') }}
+Requires:       {{ py2pkg('pycadf') }}
+Requires:       {{ py2pkg('pysaml2') }}
+Requires:       {{ py2pkg('python-memcached') }}
+Requires:       {{ py2pkg('six') }}
+Requires:       {{ py2pkg('sqlalchemy-migrate') }}
+Requires:       {{ py2pkg('stevedore') }}
+%if 0%{?suse_version}
+Requires:       {{ py2pkg('pyldap') }}
+%endif
+%if 0%{?rdo}
+Requires:       {{ py2pkg('python-ldap') }}
+%endif
+
+%description -n   python-%{sname}
+Keystone is a Python implementation of the OpenStack
+(http://docs.openstack.org/developer/keystone/) identity service API.
+This package contains the Keystone Python library.
+
+%if 0%{?with_doc}
+%package doc
+Summary:        Documentation for OpenStack Identity Service
+Group:          Documentation
+BuildRequires:  {{ py2pkg('PasteDeploy') }}
+BuildRequires:  {{ py2pkg('Routes') }}
+BuildRequires:  {{ py2pkg('Sphinx') }}
+BuildRequires:  {{ py2pkg('cryptography') }}
+BuildRequires:  {{ py2pkg('dogpile.cache') }}
+BuildRequires:  {{ py2pkg('jsonschema') }}
+BuildRequires:  {{ py2pkg('keystonemiddleware') }}
+BuildRequires:  {{ py2pkg('ldappool') }}
+BuildRequires:  {{ py2pkg('msgpack-python') }}
+BuildRequires:  {{ py2pkg('oauthlib') }}
+BuildRequires:  {{ py2pkg('oslo.concurrency') }}
+BuildRequires:  {{ py2pkg('oslo.db') }}
+BuildRequires:  {{ py2pkg('oslo.i18n') }}
+BuildRequires:  {{ py2pkg('oslo.log') }}
+BuildRequires:  {{ py2pkg('oslo.messaging') }}
+BuildRequires:  {{ py2pkg('oslo.middleware') }}
+BuildRequires:  {{ py2pkg('oslo.policy') }}
+BuildRequires:  {{ py2pkg('oslosphinx') }}
+BuildRequires:  {{ py2pkg('passlib') }}
+BuildRequires:  {{ py2pkg('pysaml2') }}
+BuildRequires:  {{ py2pkg('python-memcached') }}
+
+%description doc
+OpenStack Keystone documentaion.
+.
+This package contains the documentation
+%endif
+
+%prep
+%autosetup -n %{sname}-{{upstream_version}}
+%if 0%{?rdo}
+find . \( -name .gitignore -o -name .placeholder \) -delete
+find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \;
+# adjust paths to WSGI scripts
+sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf
+sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf
+%endif
+
+%build
+%{py2_build}
+export PYTHONPATH="."
+%if 0%{?with_doc}
+# docs generation requires everything to be installed first
+pushd doc
+make html
+make man
+popd
+# remove the sphinx-build leftovers
+rm -rf doc/build/html/.{doctrees,buildinfo}
+%endif
+# config file generation
+oslo-config-generator --config-file config-generator/keystone.conf \
+--output-file etc/keystone.conf.sample
+
+%install
+%{py2_install}
+mkdir -p %{buildroot}%{_mandir}/man1
+install -d -m 755 %{buildroot}%{_sysconfdir}/keystone
+install -d -m 755 %{buildroot}%{_sysconfdir}/sysctl.d
+install -d -m 755 %{buildroot}%{_localstatedir}/{lib,log}/keystone
+install -d -m 750 %{buildroot}%{_localstatedir}/cache/keystone
+install -d -m 755 %{buildroot}%{_sysconfdir}/keystone/keystone.conf.d/
+# default dir for fernet tokens
+install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/
+install -D -m 644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/keystone.conf
+install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
+install -D -m 640 %{SOURCE4} %{buildroot}/%{_sysconfdir}/keystone/keystone.conf.d/010-keystone.conf
+install -D -m 440 %{SOURCE5} %{buildroot}/%{_sysconfdir}/keystone/README.config
+install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf
+install -p -D -m 640 etc/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/keystone-paste.ini
+install -p -D -m 640 etc/policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json
+install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates
+install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html
+install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
+install -p -D -m 644 etc/policy.v3cloudsample.json %{buildroot}%{_datadir}/keystone/policy.v3cloudsample.json
+install -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysctl.d/openstack-keystone.conf
+install -p -D -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1/
+# Install sample data script.
+install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/keystone/sample_data.sh
+# Install apache configuration files
+install -p -D -m 644 httpd/wsgi-keystone.conf  %{buildroot}%{_datadir}/keystone/
+
+%pre
+%openstack_pre_user_group_create keystone keystone /sbin/nologin
+exit 0
+
+%check
+# TODO (IgorYozhikov) on a high amount of vCpu unit tests are not passing
+# Since that we are launching tests in 1 by 1 mode by pack of 4
+export TEST_RUN_CONCURRENCY=4
+# don't want to depend on hacking for package building
+rm keystone/tests/unit/test_hacking_checks.py
+%{__python2} setup.py testr
+
+%post
+%tmpfiles_create %{_tmpfilesdir}/keystone.conf
+%sysctl_apply openstack-keystone.conf
+
+%files
+%license LICENSE
+%doc README.rst
+%{_mandir}/man1/keystone*.1.gz
+%{_bindir}/keystone-wsgi-admin
+%{_bindir}/keystone-wsgi-public
+%{_bindir}/keystone-manage
+%_tmpfilesdir/keystone.conf
+%dir %{_datadir}/keystone
+%attr(0644, root, keystone) %{_datadir}/keystone/policy.v3cloudsample.json
+%attr(0755, root, root) %{_datadir}/keystone/sample_data.sh
+%attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf
+%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone/
+%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone/keystone.conf.d/
+%{_sysconfdir}/keystone/README.config
+%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf
+%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf.d/010-keystone.conf
+%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone-paste.ini
+%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf
+%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates
+%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/policy.json
+%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html
+%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
+%dir %attr(0755, %{keystone}, %{keystone}) %{_localstatedir}/lib/keystone
+%dir %attr(0750, %{keystone}, %{keystone}) %{_localstatedir}/log/keystone
+%dir %attr(0750, %{keystone}, %{keystone}) %{_localstatedir}/cache/keystone
+%{_sysconfdir}/sysctl.d/openstack-keystone.conf
+
+%files -n python-keystone
+%defattr(-,root,root,-)
+%doc README.rst
+%license LICENSE
+%{python2_sitelib}/keystone*
+%{python2_sitelib}/keystone-*.egg-info
+
+%if 0%{?with_doc}
+%files doc
+%license LICENSE
+%doc doc/build/html
+%endif
+
+%changelog
--- a/openstack/keystone/openstack-keystone.README.config
+++ b/openstack/keystone/openstack-keystone.README.config
@ -0,0 +1,30 @@
+The main service configuration (/etc/$project/$project.conf) can still be used
+for configuration but the preferred way is to add config file snippets into
+/etc/$project/$project.conf.d/ instead.
+
+As part of the packaging, the package itself installs a config snippet at
+/etc/$project/$project.conf.d/010-$project.conf with basic configuration. This
+file should not be modified. In case there is a need to overwrite or add
+settings, a XXX-$project.conf (XXX being a 3 digit number) should be created
+instead.
+
+Config directory file snippet naming should follow these conventions:
+- snippets should start with "XXX-" where "X" is a number
+- snippets must end with ".conf"
+- config management systems (Crowbar, Salt, ...) should use numbers
+  between 100 and 499
+- users should use numbers starting from 500
+
+Configuring just a single $program (eg for Nova, $project is "nova" and
+$program is "nova-api", "nova-compute", "nova-scheduler", ...) can be done
+in a similar way. The config snippets should be placed in
+/etc/$project/$program.conf.d/ . The same snippets rules apply here, too.
+
+$program reads the configuration files in the following order:
+- /etc/$project/$project.conf
+- /etc/$project/$project.conf.d/*.conf (lexically sorted)
+- /etc/$project/$program.conf.d/*.conf (lexically sorted)
+
+The last configured key overwrites all previous ones. In particular, settings
+in /etc/$project/$project.conf are overwritten by config values from any file
+in /etc/$project/$project.conf.d/XXX-$project.conf .
--- a/openstack/keystone/openstack-keystone.defaultconf
+++ b/openstack/keystone/openstack-keystone.defaultconf
@ -0,0 +1,2 @@
+[DEFAULT]
+log_dir= /var/log/keystone
--- a/openstack/keystone/openstack-keystone.logrotate
+++ b/openstack/keystone/openstack-keystone.logrotate
@ -0,0 +1,11 @@
+/var/log/keystone/*.log {
+    weekly
+    dateext
+    rotate 10
+    size 1M
+    missingok
+    compress
+    notifempty
+    su keystone keystone
+    minsize 100k
+}
--- a/openstack/keystone/openstack-keystone.sysctl
+++ b/openstack/keystone/openstack-keystone.sysctl
@ -0,0 +1,3 @@
+# By default, keystone starts a service on IANA-assigned port 35357
+# http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
+net.ipv4.ip_local_reserved_ports = 35357
--- a/openstack/keystone/openstack-keystone.tmpfiles
+++ b/openstack/keystone/openstack-keystone.tmpfiles
@ -0,0 +1 @@
+d /run/keystone 0700 keystone keystone -