b38e8f2ba0
python-keystone version: 16.0.0 Story: 2007502 Task: 39251 Depends-on: https://review.opendev.org/#/c/716818 Change-Id: I547db8fe8a97ab07d198ed8ec7fdf325d7eeb805 Signed-off-by: Chen, Yan <yan.chen@intel.com>
134 lines
6.4 KiB
Diff
134 lines
6.4 KiB
Diff
From 7afb60e6591d9d1e6d6374a85cf516182b660815 Mon Sep 17 00:00:00 2001
|
|
From: Tyler Smith <tyler.smith@windriver.com>
|
|
Date: Mon, 8 Apr 2019 15:40:07 -0400
|
|
Subject: [PATCH 1/1] Update-spec-with-tis-additions
|
|
|
|
---
|
|
SPECS/openstack-keystone.spec | 50 +++++++++++++++++++++++++++++++++++++------
|
|
1 file changed, 43 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/SPECS/openstack-keystone.spec b/SPECS/openstack-keystone.spec
|
|
index 3d5fcee..97c0586 100644
|
|
--- a/SPECS/openstack-keystone.spec
|
|
+++ b/SPECS/openstack-keystone.spec
|
|
@@ -11,7 +11,8 @@
|
|
%global pyver_build %py%{pyver}_build
|
|
# End of macros for py2/py3 compatibility
|
|
|
|
-%global with_doc 1
|
|
+#STX: Turn off doc building
|
|
+%global with_doc 0
|
|
%global service keystone
|
|
# guard for package OSP does not support
|
|
%global rhosp 0
|
|
@@ -39,6 +40,13 @@ Source3: openstack-keystone.sysctl
|
|
Source5: openstack-keystone-sample-data
|
|
Source20: keystone-dist.conf
|
|
|
|
+#STX
|
|
+Source99: openstack-keystone.service
|
|
+Source100: keystone-all
|
|
+Source101: keystone-fernet-keys-rotate-active
|
|
+Source102: password-rules.conf
|
|
+Source103: public.py
|
|
+
|
|
# STX: Include patches here
|
|
Patch1: 0001-Rebasing-Keyring-integration.patch
|
|
|
|
@@ -233,9 +241,9 @@ sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf
|
|
sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf
|
|
|
|
%build
|
|
-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf
|
|
-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml
|
|
-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json
|
|
+PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf
|
|
+PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml
|
|
+PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json
|
|
# distribution defaults are located in keystone-dist.conf
|
|
|
|
%{pyver_build}
|
|
@@ -250,6 +258,8 @@ PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keyst
|
|
# Instead, ship an empty file that operators can override.
|
|
echo "{}" > policy.json
|
|
|
|
+# STX: default dir for fernet tokens
|
|
+install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/keystone
|
|
install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
|
|
install -p -D -m 640 policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json
|
|
@@ -259,7 +269,8 @@ install -p -D -m 644 %{SOURCE20} %{buildroot}%{_datadir}/keystone/keystone-dist.
|
|
install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf
|
|
install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates
|
|
install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html
|
|
-install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
|
|
+# STX: don't install a separate keystone logrotate file as this is managed by syslog-ng
|
|
+#install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
|
|
install -d -m 755 %{buildroot}%{_prefix}/lib/sysctl.d
|
|
install -p -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sysctl.d/openstack-keystone.conf
|
|
# Install sample data script.
|
|
@@ -268,6 +279,21 @@ install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample
|
|
# Install sample HTTPD integration files
|
|
install -p -D -m 644 httpd/wsgi-keystone.conf %{buildroot}%{_datadir}/keystone/
|
|
|
|
+# STX install keystone cron script
|
|
+install -p -D -m 755 %{SOURCE101} %{buildroot}%{_bindir}/keystone-fernet-keys-rotate-active
|
|
+
|
|
+# STX: install password rules(readable only)
|
|
+install -p -D -m 440 %{SOURCE102} %{buildroot}%{_sysconfdir}/keystone/password-rules.conf
|
|
+
|
|
+# STX: install keystone public gunicorn app
|
|
+install -p -D -m 755 %{SOURCE103} %{buildroot}/%{_datarootdir}/keystone/public.py
|
|
+
|
|
+# STX: install openstack-keystone service script
|
|
+install -p -D -m 644 %{SOURCE99} %{buildroot}%{_unitdir}/openstack-keystone.service
|
|
+
|
|
+# STX: Install keystone-all bash script
|
|
+install -p -D -m 755 %{SOURCE100} %{buildroot}%{_bindir}/keystone-all
|
|
+
|
|
install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone
|
|
install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone
|
|
|
|
@@ -325,26 +351,36 @@ chmod 660 %{_localstatedir}/log/keystone/keystone.log
|
|
%{_bindir}/keystone-manage
|
|
%{_bindir}/keystone-status
|
|
%{_bindir}/openstack-keystone-sample-data
|
|
+# STX: add keystone-all
|
|
+%{_bindir}/keystone-all
|
|
+# STX: add Keystone fernet keys cron job
|
|
+%{_bindir}/keystone-fernet-keys-rotate-active
|
|
%dir %{_datadir}/keystone
|
|
%attr(0644, root, keystone) %{_datadir}/keystone/keystone-dist.conf
|
|
%attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.yaml
|
|
%attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.json
|
|
%attr(0755, root, root) %{_datadir}/keystone/sample_data.sh
|
|
%attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf
|
|
+# STX: add openstack-keystone sysinit script
|
|
+%{_unitdir}/openstack-keystone.service
|
|
%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone
|
|
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf
|
|
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf
|
|
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/policy.json
|
|
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates
|
|
%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html
|
|
-%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
|
|
+# STX: log rotate not needed
|
|
+#%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
|
|
%dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone
|
|
%dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone
|
|
%ghost %attr(0660, root, keystone) %{_localstatedir}/log/keystone/keystone.log
|
|
%{_prefix}/lib/sysctl.d/openstack-keystone.conf
|
|
-
|
|
+# STX: add password rules configuration
|
|
+%attr(0440, root, keystone) %{_sysconfdir}/keystone/password-rules.conf
|
|
|
|
%files -n python%{pyver}-keystone -f %{service}.lang
|
|
+# STX: public.py addition
|
|
+%{_datarootdir}/keystone/public*.py*
|
|
%defattr(-,root,root,-)
|
|
%license LICENSE
|
|
%{pyver_sitelib}/keystone
|
|
--
|
|
1.8.3.1
|
|
|