diff --git a/centos_iso_image.inc b/centos_iso_image.inc index bd7c87c6..1bfc36e4 100644 --- a/centos_iso_image.inc +++ b/centos_iso_image.inc @@ -67,6 +67,6 @@ openstack-barbican-common openstack-barbican-keystone-listener openstack-barbican-worker puppet-barbican -python-barbican +python2-barbican python2-barbicanclient -python-ldap3 +python2-ldap3 diff --git a/centos_pkg_dirs b/centos_pkg_dirs index 914f3c76..eb1f7b0a 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -16,7 +16,6 @@ openstack/python-keystoneclient openstack/python-neutronclient openstack/python-novaclient openstack/python-openstackdocstheme -openstack/python-oslo-service openstack/python-oslo-messaging openstack/python-pankoclient openstack/rabbitmq-server diff --git a/openstack/python-keystone/centos/build_srpm.data b/openstack/python-keystone/centos/build_srpm.data index 31e3c077..bd49b893 100644 --- a/openstack/python-keystone/centos/build_srpm.data +++ b/openstack/python-keystone/centos/build_srpm.data @@ -1,5 +1,2 @@ -TAR_NAME="keystone" -SRC_DIR="$CGCS_BASE/git/keystone" +TIS_PATCH_VER=1 COPY_LIST="$FILES_BASE/*" -TIS_BASE_SRCREV=6a67918f9d5f39564af8eacc57b80cba98242683 -TIS_PATCH_VER=GITREVCOUNT+2 diff --git a/openstack/python-keystone/centos/files/openstack-keystone.defaultconf b/openstack/python-keystone/centos/files/openstack-keystone.defaultconf deleted file mode 100644 index ffc936c2..00000000 --- a/openstack/python-keystone/centos/files/openstack-keystone.defaultconf +++ /dev/null @@ -1,2 +0,0 @@ -[DEFAULT] -log_dir= /var/log/keystone \ No newline at end of file diff --git a/openstack/python-keystone/centos/files/openstack-keystone.logrotate b/openstack/python-keystone/centos/files/openstack-keystone.logrotate deleted file mode 100644 index b5224ef0..00000000 --- a/openstack/python-keystone/centos/files/openstack-keystone.logrotate +++ /dev/null @@ -1,11 +0,0 @@ -/var/log/keystone/*.log { - weekly - dateext - rotate 10 - size 1M - missingok - compress - notifempty - su keystone keystone - minsize 100k -} diff --git a/openstack/python-keystone/centos/files/openstack-keystone.sysctl b/openstack/python-keystone/centos/files/openstack-keystone.sysctl deleted file mode 100644 index ca985afa..00000000 --- a/openstack/python-keystone/centos/files/openstack-keystone.sysctl +++ /dev/null @@ -1,3 +0,0 @@ -# By default, keystone starts a service on port 5000 -# http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt -net.ipv4.ip_local_reserved_ports = 5000 diff --git a/openstack/python-keystone/centos/files/openstack-keystone.tmpfiles b/openstack/python-keystone/centos/files/openstack-keystone.tmpfiles deleted file mode 100644 index 241df8ab..00000000 --- a/openstack/python-keystone/centos/files/openstack-keystone.tmpfiles +++ /dev/null @@ -1 +0,0 @@ -d /run/keystone 0700 keystone keystone - diff --git a/openstack/python-keystone/centos/meta_patches/Add-keyring-patch.patch b/openstack/python-keystone/centos/meta_patches/Add-keyring-patch.patch new file mode 100644 index 00000000..d4959919 --- /dev/null +++ b/openstack/python-keystone/centos/meta_patches/Add-keyring-patch.patch @@ -0,0 +1,34 @@ +From 7feac57d571e49e042adb96738a3688c56adade0 Mon Sep 17 00:00:00 2001 +From: Tyler Smith +Date: Mon, 8 Apr 2019 15:33:16 -0400 +Subject: [PATCH 1/1] Add keyring patch + +--- + SPECS/openstack-keystone.spec | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/SPECS/openstack-keystone.spec b/SPECS/openstack-keystone.spec +index a20bda1..945de6d 100644 +--- a/SPECS/openstack-keystone.spec ++++ b/SPECS/openstack-keystone.spec +@@ -28,7 +28,7 @@ Name: openstack-keystone + # https://review.openstack.org/#/q/I6a35fa0dda798fad93b804d00a46af80f08d475c,n,z + Epoch: 1 + Version: 15.0.0 +-Release: 0.2%{?milestone}%{?dist} ++Release: 0.2.el7%{?_tis_dist}.%{tis_patch_ver} + Summary: OpenStack Identity Service + License: ASL 2.0 + URL: http://keystone.openstack.org/ +@@ -42,6 +42,9 @@ Source3: openstack-keystone.sysctl + Source5: openstack-keystone-sample-data + Source20: keystone-dist.conf + ++# STX: Include patches here ++Patch1: 0001-Rebasing-Keyring-integration.patch ++ + BuildArch: noarch + BuildRequires: openstack-macros + BuildRequires: python%{pyver}-devel +-- +1.8.3.1 diff --git a/openstack/python-keystone/centos/meta_patches/PATCH_ORDER b/openstack/python-keystone/centos/meta_patches/PATCH_ORDER new file mode 100644 index 00000000..b9ab4af0 --- /dev/null +++ b/openstack/python-keystone/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,2 @@ +Add-keyring-patch.patch +Update-spec-with-tis-additions.patch diff --git a/openstack/python-keystone/centos/meta_patches/Update-spec-with-tis-additions.patch b/openstack/python-keystone/centos/meta_patches/Update-spec-with-tis-additions.patch new file mode 100644 index 00000000..cd173f1e --- /dev/null +++ b/openstack/python-keystone/centos/meta_patches/Update-spec-with-tis-additions.patch @@ -0,0 +1,134 @@ +From 7afb60e6591d9d1e6d6374a85cf516182b660815 Mon Sep 17 00:00:00 2001 +From: Tyler Smith +Date: Mon, 8 Apr 2019 15:40:07 -0400 +Subject: [PATCH 1/1] Update-spec-with-tis-additions + +--- + SPECS/openstack-keystone.spec | 44 +++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 40 insertions(+), 4 deletions(-) + +diff --git a/SPECS/openstack-keystone.spec b/SPECS/openstack-keystone.spec +index 945de6d..74b6ba2 100644 +--- a/SPECS/openstack-keystone.spec ++++ b/SPECS/openstack-keystone.spec +@@ -12,7 +12,8 @@ + %global pyver_build %py%{pyver}_build + # End of macros for py2/py3 compatibility + +-%global with_doc 1 ++#STX: Turn off doc building ++%global with_doc 0 + %global service keystone + # guard for package OSP does not support + %global rhosp 0 +@@ -42,6 +43,13 @@ Source3: openstack-keystone.sysctl + Source5: openstack-keystone-sample-data + Source20: keystone-dist.conf + ++#STX ++Source99: openstack-keystone.service ++Source100: keystone-all ++Source101: keystone-fernet-keys-rotate-active ++Source102: password-rules.conf ++Source103: public.py ++ + # STX: Include patches here + Patch1: 0001-Rebasing-Keyring-integration.patch + +@@ -234,9 +242,9 @@ sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf + sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf + + %build +-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf +-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml +-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json ++PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf ++PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml ++PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json + # distribution defaults are located in keystone-dist.conf + + %{pyver_build} +@@ -251,6 +259,8 @@ PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keyst + # Instead, ship an empty file that operators can override. + echo "{}" > policy.json + ++# STX: default dir for fernet tokens ++install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/ + install -d -m 755 %{buildroot}%{_sysconfdir}/keystone + install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf + install -p -D -m 640 policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json +@@ -261,7 +271,8 @@ install -p -D -m 644 etc/policy.v3cloudsample.json %{buildroot}%{_datadir}/keyst + install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf + install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates + install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html +-install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone ++# STX: don't install a separate keystone logrotate file as this is managed by syslog-ng ++#install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone + install -d -m 755 %{buildroot}%{_prefix}/lib/sysctl.d + install -p -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sysctl.d/openstack-keystone.conf + # Install sample data script. +@@ -270,6 +281,21 @@ install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample + # Install sample HTTPD integration files + install -p -D -m 644 httpd/wsgi-keystone.conf %{buildroot}%{_datadir}/keystone/ + ++# STX install keystone cron script ++install -p -D -m 755 %{SOURCE101} %{buildroot}%{_bindir}/keystone-fernet-keys-rotate-active ++ ++# STX: install password rules(readable only) ++install -p -D -m 440 %{SOURCE102} %{buildroot}%{_sysconfdir}/keystone/password-rules.conf ++ ++# STX: install keystone public gunicorn app ++install -p -D -m 755 %{SOURCE103} %{buildroot}/%{_datarootdir}/keystone/public.py ++ ++# STX: install openstack-keystone service script ++install -p -D -m 644 %{SOURCE99} %{buildroot}%{_unitdir}/openstack-keystone.service ++ ++# STX: Install keystone-all bash script ++install -p -D -m 755 %{SOURCE100} %{buildroot}%{_bindir}/keystone-all ++ + install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone + install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone + +@@ -325,6 +351,10 @@ chmod 660 %{_localstatedir}/log/keystone/keystone.log + %{_bindir}/keystone-manage + %{_bindir}/keystone-status + %{_bindir}/openstack-keystone-sample-data ++# STX: add keystone-all ++%{_bindir}/keystone-all ++# STX: add Keystone fernet keys cron job ++%{_bindir}/keystone-fernet-keys-rotate-active + %dir %{_datadir}/keystone + %attr(0644, root, keystone) %{_datadir}/keystone/keystone-dist.conf + %attr(0644, root, keystone) %{_datadir}/keystone/policy.v3cloudsample.json +@@ -332,20 +362,26 @@ chmod 660 %{_localstatedir}/log/keystone/keystone.log + %attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.json + %attr(0755, root, root) %{_datadir}/keystone/sample_data.sh + %attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf ++# STX: add openstack-keystone sysinit script ++%{_unitdir}/openstack-keystone.service + %dir %attr(0750, root, keystone) %{_sysconfdir}/keystone + %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf + %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf + %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/policy.json + %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates + %config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html +-%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone ++# STX: log rotate not needed ++#%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone + %dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone + %dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone + %ghost %attr(0660, root, keystone) %{_localstatedir}/log/keystone/keystone.log + %{_prefix}/lib/sysctl.d/openstack-keystone.conf +- ++# STX: add password rules configuration ++%attr(0440, root, keystone) %{_sysconfdir}/keystone/password-rules.conf + + %files -n python%{pyver}-keystone -f %{service}.lang ++# STX: public.py addition ++%{_datarootdir}/keystone/public*.py* + %defattr(-,root,root,-) + %license LICENSE + %{pyver_sitelib}/keystone +-- +1.8.3.1 + diff --git a/openstack/python-keystone/centos/openstack-keystone.spec b/openstack/python-keystone/centos/openstack-keystone.spec deleted file mode 100644 index 1ccfa810..00000000 --- a/openstack/python-keystone/centos/openstack-keystone.spec +++ /dev/null @@ -1,320 +0,0 @@ -%global with_doc %{!?_without_doc:1}%{?_without_doc:0} -%global service keystone - -%{!?upstream_version: %global upstream_version %{version}%{?milestone}} - -Name: openstack-keystone -Epoch: 0 -Version: 12.0.0 -Release: 1%{?_tis_dist}.%{tis_patch_ver} -Summary: OpenStack Identity Service -License: Apache-2.0 -URL: https://launchpad.net/keystone/ -Source0: %{service}-%{version}.tar.gz - -Source1: openstack-keystone.logrotate -Source2: openstack-keystone.sysctl -Source3: openstack-keystone.tmpfiles -Source4: openstack-keystone.defaultconf - -#WRS -Source99: openstack-keystone.service -Source100: keystone-all -Source101: keystone-fernet-keys-rotate-active -Source102: password-rules.conf -Source103: public.py - -BuildArch: noarch -BuildRequires: openstack-macros -BuildRequires: openstack-tempest -BuildRequires: python-webtest -BuildRequires: python-bcrypt -BuildRequires: python2-devel -BuildRequires: python-fixtures -BuildRequires: python-freezegun -BuildRequires: python-lxml -BuildRequires: python-mock -# WRS: Required for debian based builds only -# use openstackdocstheme on RHEL instead -#BuildRequires: python-os-api-ref -BuildRequires: python2-openstackdocstheme -BuildRequires: python-os-testr -# Required to build keystone.conf -BuildRequires: python-oslo-cache >= 1.5.0 -BuildRequires: python-oslo-config >= 2:3.9.0 -BuildRequires: python-oslotest -BuildRequires: python-osprofiler >= 1.1.0 -BuildRequires: python-pbr >= 1.8 -BuildRequires: python-subunit -BuildRequires: python-reno -BuildRequires: python-requests -BuildRequires: python2-scrypt -BuildRequires: python-testrepository -BuildRequires: python-testresources -# Required to compile translation files -BuildRequires: python-babel - -#WRS: Need these for build_sphinx -BuildRequires: tsconfig -BuildRequires: python2-pycodestyle - -Requires: python-keystone = %{epoch}:%{version}-%{release} -Requires: python-keystoneclient >= 1:2.3.1 - -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd -BuildRequires: systemd -BuildRequires: systemd-devel -BuildRequires: xmlsec1-openssl -Requires(pre): shadow-utils - -%description -Keystone is a Python implementation of the OpenStack -(http://www.openstack.org) identity service API. -. -This package contains the keystone python libraries. - -%package -n python-keystone -Summary: Keystone Python libraries -Group: Application/System -Requires: python-babel -Requires: python-paste -Requires: python-paste-deploy -Requires: python-PyMySQL -Requires: python-routes -Requires: python-sqlalchemy -Requires: python-webob -Requires: python-bcrypt -Requires: python-cryptography -Requires: python-dogpile-cache -Requires: python-jsonschema -Requires: python-keystoneclient -Requires: python-keystonemiddleware -Requires: python-ldappool -Requires: python-msgpack -Requires: python-oauthlib -Requires: python-oslo-cache -Requires: python-oslo-concurrency -Requires: python-oslo-config -Requires: python-oslo-context -Requires: python-oslo-db -Requires: python-oslo-i18n -Requires: python-oslo-log -Requires: python-oslo-messaging -Requires: python-oslo-middleware -Requires: python-oslo-policy -Requires: python-oslo-serialization -Requires: python-oslo-utils -Requires: python-osprofiler -Requires: python-passlib -Requires: python-pbr -Requires: python-pycadf -Requires: python-pysaml2 -Requires: python-memcached -Requires: python-six -Requires: python-migrate -Requires: python-stevedore -Requires: python-ldap - -%description -n python-keystone -Keystone is a Python implementation of the OpenStack -(http://www.openstack.org) identity service API. -This package contains the Keystone Python library. - -%package doc -Summary: Documentation for OpenStack Identity Service -Group: Documentation -BuildRequires: python-paste-deploy -BuildRequires: python-routes -BuildRequires: python-sphinx -BuildRequires: python-cryptography -BuildRequires: python-dogpile-cache -BuildRequires: python-jsonschema -BuildRequires: python-keystonemiddleware -BuildRequires: python-ldappool -BuildRequires: python-msgpack -BuildRequires: python-oauthlib -BuildRequires: python-oslo-concurrency -BuildRequires: python-oslo-db -BuildRequires: python-oslo-i18n -BuildRequires: python-oslo-log -BuildRequires: python-oslo-messaging -BuildRequires: python-oslo-middleware -BuildRequires: python-oslo-policy -BuildRequires: python-oslo-sphinx -BuildRequires: python-passlib -BuildRequires: python-pysaml2 -BuildRequires: python-memcached -BuildRequires: python2-pip -BuildRequires: python2-wheel - -%description doc -OpenStack Keystone documentaion. -. -This package contains the documentation - -%prep -%setup -q -n keystone-%{upstream_version} - -find . \( -name .gitignore -o -name .placeholder \) -delete -find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \; -# Let RPM handle the dependencies -rm -f test-requirements.txt requirements.txt - -# adjust paths to WSGI scripts -sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf -sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf -sed -i 's/^warning-is-error.*/warning-is-error = 0/g' setup.cfg - -%build -#PYTHONPATH=. -# WRS: export PBR version -export PBR_VERSION=%{version} -%{__python2} setup.py build - -%{__python2} setup.py build_sphinx --builder=html,man -# remove the Sphinx-build leftovers -rm -rf doc/build/html/.{doctrees,buildinfo} -# config file generation -oslo-config-generator --config-file config-generator/keystone.conf \ ---output-file etc/keystone.conf.sample -# policy file generation -oslopolicy-sample-generator --config-file config-generator/keystone-policy-generator.conf --output-file etc/keystone.policy.yaml - -%py2_build_wheel - -%install -# WRS: export PBR version -export PBR_VERSION=%{version} -%{__python2} setup.py install --skip-build --root %{buildroot} -mkdir -p $RPM_BUILD_ROOT/wheels -install -m 644 dist/*.whl $RPM_BUILD_ROOT/wheels/ - -mkdir -p %{buildroot}%{_mandir}/man1 -install -d -m 755 %{buildroot}%{_sysconfdir}/keystone -install -d -m 755 %{buildroot}%{_sysconfdir}/sysctl.d -install -d -m 755 %{buildroot}%{_localstatedir}/{lib,log}/keystone -install -d -m 750 %{buildroot}%{_localstatedir}/cache/keystone -install -d -m 755 %{buildroot}%{_sysconfdir}/keystone/keystone.conf.d/ - -# default dir for fernet tokens -install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/ -install -D -m 644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/keystone.conf -install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf -install -D -m 640 %{SOURCE4} %{buildroot}/%{_sysconfdir}/keystone/keystone.conf.d/010-keystone.conf -#install -D -m 440 %{SOURCE5} %{buildroot}/%{_sysconfdir}/keystone/README.config -install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf -install -p -D -m 640 etc/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/keystone-paste.ini -install -p -D -m 640 etc/keystone.policy.yaml %{buildroot}%{_sysconfdir}/keystone/keystone.policy.yaml -install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates -install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html -# WRS: don't install a seperate keystone logrotate file as this is managed by syslog-ng -#install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone -install -p -D -m 644 etc/policy.v3cloudsample.json %{buildroot}%{_datadir}/keystone/policy.v3cloudsample.json -install -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysctl.d/openstack-keystone.conf -install -p -D -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1/ -# Install sample data script. -install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/keystone/sample_data.sh -# Install apache configuration files -install -p -D -m 644 httpd/wsgi-keystone.conf %{buildroot}%{_datadir}/keystone/ - -# WRS install keystone cron script -install -p -D -m 755 %{SOURCE101} %{buildroot}%{_bindir}/keystone-fernet-keys-rotate-active - -# WRS: install password rules(readable only) -install -p -D -m 440 %{SOURCE102} %{buildroot}%{_sysconfdir}/keystone/password-rules.conf - -# WRS: install keystone public gunicorn app -install -p -D -m 755 %{SOURCE103} %{buildroot}/%{_datarootdir}/keystone/public.py - -# WRS: install openstack-keystone service script -install -p -D -m 644 %{SOURCE99} %{buildroot}%{_unitdir}/openstack-keystone.service - -# WRS: Install keystone-all bash script -install -p -D -m 755 %{SOURCE100} %{buildroot}%{_bindir}/keystone-all - -%pre -# 163:163 for keystone (openstack-keystone) - rhbz#752842 -getent group keystone >/dev/null || groupadd -r --gid 163 keystone -getent passwd keystone >/dev/null || \ -useradd --uid 163 -r -g keystone -d %{_sharedstatedir}/keystone -s /sbin/nologin \ --c "OpenStack Keystone Daemons" keystone -exit 0 - -# WRS: disable testr -#%check -# don't want to depend on hacking for package building -#rm keystone/tests/unit/test_hacking_checks.py -#%{__python2} setup.py testr - -%post -%tmpfiles_create %{_tmpfilesdir}/keystone.conf -%systemd_post openstack-keystone.service -%sysctl_apply openstack-keystone.conf - -%preun -%systemd_preun openstack-keystone.service - -%postun -%systemd_postun_with_restart openstack-keystone.service - -%files -%license LICENSE -%doc README.rst -%{_mandir}/man1/keystone*.1.gz -%{_bindir}/keystone-wsgi-admin -%{_bindir}/keystone-wsgi-public -%{_bindir}/keystone-manage -# WRS: add keystone-all as part of newton rebase -%{_bindir}/keystone-all -# WRS: add Keystone fernet keys cron job -%{_bindir}/keystone-fernet-keys-rotate-active -%_tmpfilesdir/keystone.conf -%dir %{_datadir}/keystone -%attr(0644, root, keystone) %{_datadir}/keystone/policy.v3cloudsample.json -%attr(0755, root, root) %{_datadir}/keystone/sample_data.sh -%attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf -# WRS: add openstack-keystone sysVinit script -%{_unitdir}/openstack-keystone.service -%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone -%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone/keystone.conf.d/ -%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf -%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf.d/010-keystone.conf -%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone-paste.ini -%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf -%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates -%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/keystone.policy.yaml -%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html -# WRS: add password rules configuration -%attr(0440, root, keystone) %{_sysconfdir}/keystone/password-rules.conf - -# WRS: log rotate not needed -#%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone -%dir %attr(0755, %{keystone}, %{keystone}) %{_localstatedir}/lib/keystone -%dir %attr(0750, %{keystone}, %{keystone}) %{_localstatedir}/log/keystone -%dir %attr(0750, %{keystone}, %{keystone}) %{_localstatedir}/cache/keystone -%{_sysconfdir}/sysctl.d/openstack-keystone.conf - -%files -n python-keystone -%{_datarootdir}/keystone/public*.py* -%defattr(-,root,root,-) -%doc README.rst -%license LICENSE -%{python2_sitelib}/keystone -%{python2_sitelib}/keystone-*.egg-info - -%files doc -%license LICENSE -%doc doc/build/html - -%package wheels -Summary: %{name} wheels - -%description wheels -Contains python wheels for %{name} - -%files wheels -/wheels/* - -%changelog diff --git a/openstack/python-keystone/centos/patches/0001-Rebasing-Keyring-integration.patch b/openstack/python-keystone/centos/patches/0001-Rebasing-Keyring-integration.patch new file mode 100644 index 00000000..b9ad336e --- /dev/null +++ b/openstack/python-keystone/centos/patches/0001-Rebasing-Keyring-integration.patch @@ -0,0 +1,143 @@ +From dfe0978f6590818487bb9fc5e9b8156e77a25590 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 8 Apr 2019 15:25:28 -0400 +Subject: [PATCH 1/1] Rebasing Keyring integration + +--- + keystone/exception.py | 6 ++++++ + keystone/identity/core.py | 50 +++++++++++++++++++++++++++++++++++++++++++++++ + requirements.txt | 1 + + 3 files changed, 57 insertions(+) + +diff --git a/keystone/exception.py b/keystone/exception.py +index b85878b..56601ce 100644 +--- a/keystone/exception.py ++++ b/keystone/exception.py +@@ -224,6 +224,12 @@ class ApplicationCredentialLimitExceeded(ForbiddenNotSecurity): + "maximum of %(limit)d already exceeded for user.") + + ++class WRSForbiddenAction(Error): ++ message_format = _("That action is not permitted") ++ code = 403 ++ title = 'Forbidden' ++ ++ + class SecurityError(Error): + """Security error exception. + +diff --git a/keystone/identity/core.py b/keystone/identity/core.py +index ed43e76..da7e7ba 100644 +--- a/keystone/identity/core.py ++++ b/keystone/identity/core.py +@@ -17,6 +17,7 @@ + import copy + import functools + import itertools ++import keyring + import operator + import os + import threading +@@ -54,6 +55,7 @@ MEMOIZE_ID_MAPPING = cache.get_memoization_decorator(group='identity', + + DOMAIN_CONF_FHEAD = 'keystone.' + DOMAIN_CONF_FTAIL = '.conf' ++KEYRING_CGCS_SERVICE = "CGCS" + + # The number of times we will attempt to register a domain to use the SQL + # driver, if we find that another process is in the middle of registering or +@@ -1069,6 +1071,26 @@ class Manager(manager.Manager): + if new_ref['domain_id'] != orig_ref['domain_id']: + raise exception.ValidationError(_('Cannot change Domain ID')) + ++ def _update_keyring_password(self, user, new_password): ++ """Update user password in Keyring backend. ++ This method Looks up user entries in Keyring backend ++ and accordingly update the corresponding user password. ++ :param user : keyring user struct ++ :param new_password : new password to set ++ """ ++ if (new_password is not None) and ('name' in user): ++ try: ++ # only update if an entry exists ++ if (keyring.get_password(KEYRING_CGCS_SERVICE, user['name'])): ++ keyring.set_password(KEYRING_CGCS_SERVICE, ++ user['name'], new_password) ++ except (keyring.errors.PasswordSetError, RuntimeError): ++ msg = ('Failed to Update Keyring Password for the user %s') ++ LOG.warning(msg, user['name']) ++ # only raise an exception if this is the admin user ++ if (user['name'] == 'admin'): ++ raise exception.WRSForbiddenAction(msg % user['name']) ++ + @domains_configured + @exception_translated('user') + def update_user(self, user_id, user_ref, initiator=None): +@@ -1113,6 +1135,13 @@ class Manager(manager.Manager): + ) + notifications.invalidate_token_cache_notification(reason) + ++ # Certain local Keystone users are stored in Keystone as opposed ++ # to the default SQL Identity backend, such as the admin user. ++ # When its password is updated, we need to update Keyring as well ++ # as certain services retrieve this user context from Keyring and ++ # will get auth failures ++ if ('password' in user) and ('name' in ref): ++ self._update_keyring_password(ref, user['password']) + return self._set_domain_id_and_mapping( + ref, domain_id, driver, mapping.EntityType.USER) + +@@ -1128,6 +1157,7 @@ class Manager(manager.Manager): + hints.add_filter('user_id', user_id) + fed_users = PROVIDERS.shadow_users_api.list_federated_users_info(hints) + ++ username = user_old.get('name', "") + driver.delete_user(entity_id) + PROVIDERS.assignment_api.delete_user_assignments(user_id) + self.get_user.invalidate(self, user_id) +@@ -1141,6 +1171,18 @@ class Manager(manager.Manager): + + PROVIDERS.credential_api.delete_credentials_for_user(user_id) + PROVIDERS.id_mapping_api.delete_id_mapping(user_id) ++ ++ # Delete the keyring entry associated with this user (if present) ++ try: ++ keyring.delete_password(KEYRING_CGCS_SERVICE, username) ++ except keyring.errors.PasswordDeleteError: ++ LOG.warning(('delete_user: PasswordDeleteError for %s'), ++ username) ++ pass ++ except exception.UserNotFound: ++ LOG.warning(('delete_user: UserNotFound for %s'), ++ username) ++ pass + notifications.Audit.deleted(self._USER, user_id, initiator) + + # Invalidate user role assignments cache region, as it may be caching +@@ -1390,6 +1432,14 @@ class Manager(manager.Manager): + notifications.Audit.updated(self._USER, user_id, initiator) + self._persist_revocation_event_for_user(user_id) + ++ user = self.get_user(user_id) ++ # Update Keyring password for the 'user' if it ++ # has an entry in Keyring ++ if (original_password) and ('name' in user): ++ # Change the 'user' password in keyring, provided the user ++ # has an entry in Keyring backend ++ self._update_keyring_password(user, new_password) ++ + @MEMOIZE + def _shadow_nonlocal_user(self, user): + try: +diff --git a/requirements.txt b/requirements.txt +index e3de1c6..e6d3536 100644 +--- a/requirements.txt ++++ b/requirements.txt +@@ -42,3 +42,4 @@ pycadf!=2.0.0,>=1.1.0 # Apache-2.0 + msgpack>=0.5.0 # Apache-2.0 + osprofiler>=1.4.0 # Apache-2.0 + pytz>=2013.6 # MIT ++keyring>=5.3 +-- +1.8.3.1 + diff --git a/openstack/python-keystone/centos/srpm_path b/openstack/python-keystone/centos/srpm_path new file mode 100644 index 00000000..a3ba28c6 --- /dev/null +++ b/openstack/python-keystone/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/openstack-keystone-15.0.0-0.2.0rc2.el7.src.rpm diff --git a/openstack/python-keystone/centos/stx-keystone.dev_docker_image b/openstack/python-keystone/centos/stx-keystone.dev_docker_image deleted file mode 100644 index a418b012..00000000 --- a/openstack/python-keystone/centos/stx-keystone.dev_docker_image +++ /dev/null @@ -1,7 +0,0 @@ -BUILDER=loci -LABEL=stx-keystone -PROJECT=keystone -PROJECT_REPO=https://github.com/openstack/keystone.git -PIP_PACKAGES="python-openstackclient ldap ldappool python-ldap pylint" -PROFILES="fluent apache" - diff --git a/openstack/python-keystonemiddleware/centos/build_srpm.data b/openstack/python-keystonemiddleware/centos/build_srpm.data deleted file mode 100644 index 8aeb5536..00000000 --- a/openstack/python-keystonemiddleware/centos/build_srpm.data +++ /dev/null @@ -1 +0,0 @@ -TIS_PATCH_VER=1 diff --git a/openstack/python-keystonemiddleware/centos/meta_patches/0001-update-package-versioning-for-TIS-format.patch b/openstack/python-keystonemiddleware/centos/meta_patches/0001-update-package-versioning-for-TIS-format.patch deleted file mode 100644 index 687651e7..00000000 --- a/openstack/python-keystonemiddleware/centos/meta_patches/0001-update-package-versioning-for-TIS-format.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit fd40ac6be0cb4e0dcc8295e9f9673fa5970e0035 -Author: Shoaib Nasir -Date: Wed Feb 14 17:00:55 2018 -0500 - - 0001-update-package-versioning-for-TIS-format - -diff --git a/SPECS/python-keystonemiddleware.spec b/SPECS/python-keystonemiddleware.spec -index 8ccc7b4..63e83d2 100644 ---- a/SPECS/python-keystonemiddleware.spec -+++ b/SPECS/python-keystonemiddleware.spec -@@ -9,7 +9,7 @@ - - Name: python-%{sname} - Version: 4.17.0 --Release: 1%{?dist} -+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver} - Summary: Middleware for OpenStack Identity - - License: ASL 2.0 -@@ -133,6 +133,7 @@ rm -rf %{sname}.egg-info - sed -i 's/^warning-is-error.*/warning-is-error = 0/g' setup.cfg - - %build -+export PBR_VERSION=%{version} - %py2_build - %if 0%{?with_python3} - %py3_build -@@ -147,6 +148,7 @@ rm -rf doc/build/html/.{doctrees,buildinfo} - - - %install -+export PBR_VERSION=%{version} - %if 0%{?with_python3} - %py3_install - # Delete tests diff --git a/openstack/python-keystonemiddleware/centos/meta_patches/0002-Upstream-gnnochi-panko-fix.patch b/openstack/python-keystonemiddleware/centos/meta_patches/0002-Upstream-gnnochi-panko-fix.patch deleted file mode 100644 index 2fea611e..00000000 --- a/openstack/python-keystonemiddleware/centos/meta_patches/0002-Upstream-gnnochi-panko-fix.patch +++ /dev/null @@ -1,21 +0,0 @@ -commit 5ba75388d3394c3016570a4e68fb79aebd18bf31 -Author: Shoaib Nasir -Date: Wed Feb 14 19:01:00 2018 -0500 - - WRS: 0002-Upstream-gnnochi-panko-fix - -diff --git a/SPECS/python-keystonemiddleware.spec b/SPECS/python-keystonemiddleware.spec -index 63e83d2..cb3c9c9 100644 ---- a/SPECS/python-keystonemiddleware.spec -+++ b/SPECS/python-keystonemiddleware.spec -@@ -15,6 +15,10 @@ Summary: Middleware for OpenStack Identity - License: ASL 2.0 - URL: http://launchpad.net/keystonemiddleware - Source0: https://tarballs.openstack.org/%{sname}/%{sname}-%{version}.tar.gz -+ -+# WRS -+Patch0001: 0001-Upstream-gnnochi-panko-fix.patch -+ - BuildArch: noarch - - diff --git a/openstack/python-keystonemiddleware/centos/meta_patches/PATCH_ORDER b/openstack/python-keystonemiddleware/centos/meta_patches/PATCH_ORDER deleted file mode 100644 index 6d34b0da..00000000 --- a/openstack/python-keystonemiddleware/centos/meta_patches/PATCH_ORDER +++ /dev/null @@ -1,2 +0,0 @@ -0001-update-package-versioning-for-TIS-format.patch -0002-Upstream-gnnochi-panko-fix.patch diff --git a/openstack/python-keystonemiddleware/centos/patches/0001-Upstream-gnnochi-panko-fix.patch b/openstack/python-keystonemiddleware/centos/patches/0001-Upstream-gnnochi-panko-fix.patch deleted file mode 100644 index ffc4c938..00000000 --- a/openstack/python-keystonemiddleware/centos/patches/0001-Upstream-gnnochi-panko-fix.patch +++ /dev/null @@ -1,70 +0,0 @@ -commit c475ceb3658309e5c24bae2423e2ec1b125531d8 -Author: rpm-build -Date: Wed Feb 14 18:41:21 2018 -0500 - - 0002-Upstream-gnocchi-panko-bug - - - Expect paste.deploy and gnocchi/panko options - - The authtoken middleware has been printing warning log messages to - the API logs for all services, reporting unexpected conf keys. This - was traced back to paste.deploy adding 'here' and '__file__' and - both gnocchi and panko adding 'configkey' keys in wsgi apps though - these do not actually exist in the conf file. This change allows - for those keys without printing a warning that unnecessarily - confuses operators. - - But it's kind of a hack, especially the configkey bit. We shouldn't - have to know about gnocchi/panko specifics like this. And it doesn't - address the comment in the bug about what is seen for ironic. So I - think there will still be more to do here. - - Change-Id: I678482309c7dd35ce147bebf13ebefc84251fe91 - Partial-Bug: 1722444 - - Signed-of-by: Shoaib Nasir - - #enter the commit message for your changes. Lines starting - -diff --git a/keystonemiddleware/_common/config.py b/keystonemiddleware/_common/config.py -index 3e38eba..de701b0 100644 ---- a/keystonemiddleware/_common/config.py -+++ b/keystonemiddleware/_common/config.py -@@ -49,17 +49,18 @@ def _conf_values_type_convert(group_name, all_options, conf): - for k, v in conf.items(): - dest = k - try: -- if v is not None: -+ # 'here' and '__file__' come from paste.deploy -+ # 'configkey' is added by panko and gnocchi -+ if v is not None and k not in ['here', '__file__', 'configkey']: - type_, dest = opt_types[k] - v = type_(v) - except KeyError: # nosec -- # This option is not known to auth_token. v is not converted. - _LOG.warning( -- 'The option "%s" in conf is not known to auth_token', k) -+ 'The option "%s" is not known to keystonemiddleware', k) - except ValueError as e: - raise exceptions.ConfigurationError( -- _('Unable to convert the value of %(key)s option into correct ' -- 'type: %(ex)s') % {'key': k, 'ex': e}) -+ _('Unable to convert the value of option "%(key)s" into ' -+ 'correct type: %(ex)s') % {'key': k, 'ex': e}) - opts[dest] = v - - return opts -diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py -index 6c66aee..b3aa8ff 100644 ---- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py -+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py -@@ -495,7 +495,7 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest, - conf = { - 'wrong_key': '123' - } -- log = 'The option "wrong_key" in conf is not known to auth_token' -+ log = 'The option "wrong_key" is not known to keystonemiddleware' - auth_token.AuthProtocol(self.fake_app, conf) - self.assertThat(self.logger.output, matchers.Contains(log)) - diff --git a/openstack/python-keystonemiddleware/centos/srpm_path b/openstack/python-keystonemiddleware/centos/srpm_path deleted file mode 100644 index ddead07c..00000000 --- a/openstack/python-keystonemiddleware/centos/srpm_path +++ /dev/null @@ -1 +0,0 @@ -mirror:Source/python-keystonemiddleware-4.17.0-1.el7.src.rpm diff --git a/openstack/python-oslo-messaging/centos/meta_patches/0005-turning-off-doc-building.patch b/openstack/python-oslo-messaging/centos/meta_patches/0005-turning-off-doc-building.patch new file mode 100644 index 00000000..bb51a1ca --- /dev/null +++ b/openstack/python-oslo-messaging/centos/meta_patches/0005-turning-off-doc-building.patch @@ -0,0 +1,25 @@ +From 1ca217ce27dbb37c131476d0abf32b9deefa80a4 Mon Sep 17 00:00:00 2001 +From: Tyler Smith +Date: Wed, 17 Apr 2019 15:56:33 -0400 +Subject: [PATCH 1/1] turning off doc building + +--- + SPECS/python-oslo-messaging.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/python-oslo-messaging.spec b/SPECS/python-oslo-messaging.spec +index c1f7400..c2aff2c 100644 +--- a/SPECS/python-oslo-messaging.spec ++++ b/SPECS/python-oslo-messaging.spec +@@ -2,7 +2,7 @@ + %if 0%{?fedora} >= 24 + %global with_python3 1 + %endif +-%global with_doc 1 ++%global with_doc 0 + #guard for including python-pyngus (OSP 12 does not ship python-pyngus) + %global rhosp 0 + +-- +1.8.3.1 + diff --git a/openstack/python-oslo-messaging/centos/meta_patches/PATCH_ORDER b/openstack/python-oslo-messaging/centos/meta_patches/PATCH_ORDER index 96a79b65..d0d81c12 100644 --- a/openstack/python-oslo-messaging/centos/meta_patches/PATCH_ORDER +++ b/openstack/python-oslo-messaging/centos/meta_patches/PATCH_ORDER @@ -2,3 +2,4 @@ update-package-versioning-for-tis-format.patch spec-rabbit-increase-heartbeat-rate-to-decrease-polling-interval.patch fix-pifpaf-build-error.patch 0004-disable-check-on-build.patch +0005-turning-off-doc-building.patch diff --git a/openstack/python-oslo-service/centos/build_srpm.data b/openstack/python-oslo-service/centos/build_srpm.data deleted file mode 100644 index 70b4b5dc..00000000 --- a/openstack/python-oslo-service/centos/build_srpm.data +++ /dev/null @@ -1 +0,0 @@ -TIS_PATCH_VER=2 diff --git a/openstack/python-oslo-service/centos/meta_patches/PATCH_ORDER b/openstack/python-oslo-service/centos/meta_patches/PATCH_ORDER deleted file mode 100644 index 2e2ced69..00000000 --- a/openstack/python-oslo-service/centos/meta_patches/PATCH_ORDER +++ /dev/null @@ -1,2 +0,0 @@ -update-package-versioning-for-tis-format.patch -spec-loopingcall-permit-aborting-while-sleeping.patch diff --git a/openstack/python-oslo-service/centos/meta_patches/spec-loopingcall-permit-aborting-while-sleeping.patch b/openstack/python-oslo-service/centos/meta_patches/spec-loopingcall-permit-aborting-while-sleeping.patch deleted file mode 100644 index 51cf0381..00000000 --- a/openstack/python-oslo-service/centos/meta_patches/spec-loopingcall-permit-aborting-while-sleeping.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e6daf4d7dbe603e82a267d6d99a454453b902f68 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 14:42:44 -0400 -Subject: [PATCH] WRS: spec-loopingcall-permit-aborting-while-sleeping.patch - ---- - SPECS/python-oslo-service.spec | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/SPECS/python-oslo-service.spec b/SPECS/python-oslo-service.spec -index 658bb42..5ff8f34 100644 ---- a/SPECS/python-oslo-service.spec -+++ b/SPECS/python-oslo-service.spec -@@ -14,6 +14,10 @@ Summary: Oslo service library - License: ASL 2.0 - URL: http://launchpad.net/oslo - Source0: https://tarballs.openstack.org/%{pypi_name}/%{pypi_name}-%{upstream_version}.tar.gz -+ -+# WRS -+Patch0001: loopingcall-permit-aborting-while-sleeping.patch -+ - BuildArch: noarch - - %package -n python2-%{pname} --- -2.7.4 - diff --git a/openstack/python-oslo-service/centos/meta_patches/update-package-versioning-for-tis-format.patch b/openstack/python-oslo-service/centos/meta_patches/update-package-versioning-for-tis-format.patch deleted file mode 100644 index 80c4e8a3..00000000 --- a/openstack/python-oslo-service/centos/meta_patches/update-package-versioning-for-tis-format.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7081d0aaaf782a19251d9e43b543c99c93ab218d Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 14:42:44 -0400 -Subject: [PATCH 1/2] WRS: update-package-versioning-for-tis-format.patch - -Conflicts: - SPECS/python-oslo-service.spec ---- - SPECS/python-oslo-service.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/SPECS/python-oslo-service.spec b/SPECS/python-oslo-service.spec -index d95f88e..658bb42 100644 ---- a/SPECS/python-oslo-service.spec -+++ b/SPECS/python-oslo-service.spec -@@ -8,7 +8,7 @@ - - Name: python-%{pname} - Version: 1.25.1 --Release: 1%{?dist} -+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver} - Summary: Oslo service library - - License: ASL 2.0 --- -2.7.4 - diff --git a/openstack/python-oslo-service/centos/patches/loopingcall-permit-aborting-while-sleeping.patch b/openstack/python-oslo-service/centos/patches/loopingcall-permit-aborting-while-sleeping.patch deleted file mode 100644 index 2e4b2f8c..00000000 --- a/openstack/python-oslo-service/centos/patches/loopingcall-permit-aborting-while-sleeping.patch +++ /dev/null @@ -1,177 +0,0 @@ -From a4de48a129ff6526ae19533af76730c4707d8a53 Mon Sep 17 00:00:00 2001 -From: Allain Legacy -Date: Wed, 31 May 2017 16:18:19 -0400 -Subject: [PATCH] Permit aborting loopingcall while sleeping - -Some of the openstack services implement worker tasks that are based on -the oslo-service LoopingCallBase objects. They do this as a way to have -a task that runs periodically as a greenthread within a child worker -process. For example, the neutron-server runs AgentStatusCheckWorker() -objects as base service workers in its child worker processes. - -When the parent server process handles a SIGTERM signal it attempts to -stop all services launched on each of the child worker processes (i.e., -ProcessLauncher.stop()). That results in a stop() being called on each -of the underlying base services and then a wait() to ensure that they -complete before shutdown. - -If any service that is implemented on a LoopingCallBase related object -is suspended on a greenthread.sleep() the previous call to stop() will -have no effect and so the wait() will block until the sleep() finishes. -For tasks that either have a frequent FixedLoopingBase interface or a -short initial_delay this may not be a problem, but for those with a long -delay this could mean that the wait() blocks for minutes before the -process is allowed to shutdown. - -To solve this the LoopingCallBase calls to greenthread.sleep() are being -replaced with a threading.Event() object's wait() method. This allows a -caller of stop() to interrupt the sleep and expedite the shutdown. - -Closes-Bug: #1660210 - -Change-Id: I5835f9595826df5349e4cc8b1da8529bb960ee04 -Signed-off-by: Allain Legacy ---- - oslo_service/loopingcall.py | 19 +++++++++++++------ - oslo_service/tests/test_loopingcall.py | 14 +++++++------- - 2 files changed, 20 insertions(+), 13 deletions(-) - -diff --git a/oslo_service/loopingcall.py b/oslo_service/loopingcall.py -index 1747fda..ee2813d 100644 ---- a/oslo_service/loopingcall.py -+++ b/oslo_service/loopingcall.py -@@ -18,6 +18,7 @@ - import random - import sys - import time -+import threading - - from eventlet import event - from eventlet import greenthread -@@ -85,19 +86,25 @@ class LoopingCallBase(object): - self.args = args - self.kw = kw - self.f = f -- self._running = False - self._thread = None - self.done = None -+ self.abort = threading.Event() -+ -+ @property -+ def _running(self): -+ return not self.abort.is_set() - - def stop(self): -- self._running = False -+ self.abort.set() - - def wait(self): - return self.done.wait() - - def _on_done(self, gt, *args, **kwargs): - self._thread = None -- self._running = False -+ -+ def _sleep(self, timeout): -+ return self.abort.wait(timeout) - - def _start(self, idle_for, initial_delay=None, stop_on_exception=True): - """Start the looping -@@ -114,8 +121,8 @@ class LoopingCallBase(object): - """ - if self._thread is not None: - raise RuntimeError(self._RUN_ONLY_ONE_MESSAGE) -- self._running = True - self.done = event.Event() -+ self.abort.clear() - self._thread = greenthread.spawn( - self._run_loop, idle_for, - initial_delay=initial_delay, stop_on_exception=stop_on_exception) -@@ -129,7 +136,7 @@ class LoopingCallBase(object): - func = self.f if stop_on_exception else _safe_wrapper(self.f, kind, - func_name) - if initial_delay: -- greenthread.sleep(initial_delay) -+ self._sleep(initial_delay) - try: - watch = timeutils.StopWatch() - while self._running: -@@ -143,7 +150,7 @@ class LoopingCallBase(object): - 'for %(idle).02f seconds', - {'func_name': func_name, 'idle': idle, - 'kind': kind}) -- greenthread.sleep(idle) -+ self._sleep(idle) - except LoopingCallDone as e: - self.done.send(e.retvalue) - except Exception: -diff --git a/oslo_service/tests/test_loopingcall.py b/oslo_service/tests/test_loopingcall.py -index 7ac8025..218e9d1 100644 ---- a/oslo_service/tests/test_loopingcall.py -+++ b/oslo_service/tests/test_loopingcall.py -@@ -285,7 +285,7 @@ class DynamicLoopingCallTestCase(test_base.BaseTestCase): - else: - self.num_runs = self.num_runs - 1 - -- @mock.patch('eventlet.greenthread.sleep') -+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep') - def test_timeout_task_without_return(self, sleep_mock): - self.num_runs = 1 - timer = loopingcall.DynamicLoopingCall( -@@ -294,7 +294,7 @@ class DynamicLoopingCallTestCase(test_base.BaseTestCase): - timer.start(periodic_interval_max=5).wait() - sleep_mock.assert_has_calls([mock.call(5)]) - -- @mock.patch('eventlet.greenthread.sleep') -+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep') - def test_interval_adjustment(self, sleep_mock): - self.num_runs = 2 - -@@ -303,7 +303,7 @@ class DynamicLoopingCallTestCase(test_base.BaseTestCase): - - sleep_mock.assert_has_calls([mock.call(5), mock.call(1)]) - -- @mock.patch('eventlet.greenthread.sleep') -+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep') - def test_initial_delay(self, sleep_mock): - self.num_runs = 1 - -@@ -315,7 +315,7 @@ class DynamicLoopingCallTestCase(test_base.BaseTestCase): - - class TestBackOffLoopingCall(test_base.BaseTestCase): - @mock.patch('random.SystemRandom.gauss') -- @mock.patch('eventlet.greenthread.sleep') -+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep') - def test_exponential_backoff(self, sleep_mock, random_mock): - def false(): - return False -@@ -366,7 +366,7 @@ class TestBackOffLoopingCall(test_base.BaseTestCase): - self.assertEqual(expected_times, sleep_mock.call_args_list) - - @mock.patch('random.SystemRandom.gauss') -- @mock.patch('eventlet.greenthread.sleep') -+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep') - def test_no_backoff(self, sleep_mock, random_mock): - random_mock.return_value = 1 - func = mock.Mock() -@@ -381,7 +381,7 @@ class TestBackOffLoopingCall(test_base.BaseTestCase): - self.assertTrue(retvalue, 'return value') - - @mock.patch('random.SystemRandom.gauss') -- @mock.patch('eventlet.greenthread.sleep') -+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep') - def test_no_sleep(self, sleep_mock, random_mock): - # Any call that executes properly the first time shouldn't sleep - random_mock.return_value = 1 -@@ -394,7 +394,7 @@ class TestBackOffLoopingCall(test_base.BaseTestCase): - self.assertTrue(retvalue, 'return value') - - @mock.patch('random.SystemRandom.gauss') -- @mock.patch('eventlet.greenthread.sleep') -+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep') - def test_max_interval(self, sleep_mock, random_mock): - def false(): - return False --- -2.7.4 - diff --git a/openstack/python-oslo-service/centos/srpm_path b/openstack/python-oslo-service/centos/srpm_path deleted file mode 100644 index 4356e5c6..00000000 --- a/openstack/python-oslo-service/centos/srpm_path +++ /dev/null @@ -1 +0,0 @@ -mirror:Source/python-oslo-service-1.25.1-1.el7.src.rpm