aboutsummaryrefslogtreecommitdiffstats
path: root/meta-openstack/classes/identity.bbclass
blob: ad68108605e657d449c5f80dad00a9a53695ae0a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
#
# Copyright (C) 2014 Wind River Systems, Inc.
#
# The identity class provides utilities for services to add tenant/role/users,
# and service/endpoints into keystone database
#

SERVICE_TOKEN = "password"
METADATA_SHARED_SECRET = "password"

DB_USER = "admin"
DB_PASSWORD = "admin"

SERVICE_TENANT_NAME = "service"
SERVICE_PASSWORD = "password"

ADMIN_TENANT = "admin"
ADMIN_USER = "admin"
ADMIN_PASSWORD = "password"
ADMIN_ROLE = "admin"
ADMIN_USER_EMAIL = "admin@domain.com"

MEMBER_ROLE = "Member"

RUN_POSTINSTS_FILE = "${@base_contains('DISTRO_FEATURES', 'sysvinit', '/etc/rcS.d/S98run-postinsts', '', d)}"

# Add service and user setup into S98run-postinst running list
ROOTFS_POSTPROCESS_COMMAND += "update_run_postinsts ; "
POST_SERVICE_SETUP_COMMAND = "/etc/keystone/service-user-setup"

update_run_postinsts() {
    if [ -f "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" ]; then
        cat >> "${IMAGE_ROOTFS}${RUN_POSTINSTS_FILE}" << EOF

# run service and user setup
if [ -f ${POST_SERVICE_SETUP_COMMAND} ]; then
    chmod 755 ${POST_SERVICE_SETUP_COMMAND}
    ${POST_SERVICE_SETUP_COMMAND}
fi

# run hybrid backend setup
if [ -f "${POST_KEYSTONE_SETUP_COMMAND}" ]; then
    chmod 755 ${POST_KEYSTONE_SETUP_COMMAND}
    ${POST_KEYSTONE_SETUP_COMMAND}
fi
EOF
    fi
}

# Create user and service in package postinst, common part
servicecreate_postinst_common () {

    # create service and user setup postinstall file
    if [ ! -e ${POST_SERVICE_SETUP_COMMAND} ]; then
        cat > ${POST_SERVICE_SETUP_COMMAND} << EOF
#!/bin/sh
EOF
    fi
}

# Create user in package postinst
servicecreate_postinst_user () {

    # create tenant/user/role in keystone
    cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF

    /etc/keystone/identity.sh user-create USERCREATE_PARAM
EOF
}

# Create service in package postinst
servicecreate_postinst_service () {

    # create service/endpoint in keystone
    cat >> ${POST_SERVICE_SETUP_COMMAND} << EOF

    /etc/keystone/identity.sh service-create SERVICECREATE_PARAM
EOF
}

# Recipe parse-time sanity checks
def sanity_check(d):
    servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or ""

    for pkg in servicecreate_packages.split():
        # User parameters checking.
        if not d.getVar('USERCREATE_PARAM_%s' % pkg, True) and not d.getVar('SERVICECREATE_PARAM_%s' % pkg, True):
            raise bb.build.FuncFailed, "%s SERVICECREATE_PACKAGES includes %s, but neither USERCREATE_PARAM_%s nor SERVICECREATE_PARAM_%s is set" % (d.getVar('FILE'), pkg, pkg, pkg)

python __anonymous() {
    sanity_check(d)
}

# Get user variables from recipe and return a string that will be passed to identity.sh
def usercreate_param(d, pkg):
    # Default values
    param_defaults = {'name':'${SRCNAME}',\
                      'pass':'${SERVICE_PASSWORD}',\
                      'tenant':'${SERVICE_TENANT_NAME}',\
                      'role':'${ADMIN_ROLE}',\
                      'email':'${SRCNAME}@domain.com'}

    param = d.getVar('USERCREATE_PARAM_%s' % pkg, True)
    param_flags = d.getVarFlags('USERCREATE_PARAM_%s' % pkg) or {}

    for key, value in param_defaults.items():
        if key in param.split():
            if param_flags.has_key(key):
                param_defaults[key] = param_flags[key]
        else:
            param_defaults[key] = ''

    user_param = '--name=' + param_defaults['name'] + ' ' \
               + '--pass=' + param_defaults['pass'] + ' ' \
               + '--tenant=' + param_defaults['tenant'] + ' ' \
               + '--role=' + param_defaults['role'] + ' ' \
               + '--email=' + param_defaults['email']

    bb.debug(1, 'user_param = %s' % user_param)
    return user_param

# Get service variables from recipe and return a string that will be passed to identity.sh
def servicecreate_param(d, pkg):
    # Default values
    param_defaults = {'name':'${SRCNAME}',\
                      'type':'',\
                      'description':'',\
                      'region':'RegionOne',\
                      'publicurl':'',\
                      'adminurl':'',\
                      'internalurl':''}

    param = d.getVar('SERVICECREATE_PARAM_%s' % pkg, True)
    param_flags = d.getVarFlags('SERVICECREATE_PARAM_%s' % pkg) or {}

    for key, value in param_defaults.items():
        if key in param.split():
            if param_flags.has_key(key):
                param_defaults[key] = param_flags[key]
        else:
            param_defaults[key] = ''

    service_param = '--name=' + param_defaults['name'] + ' ' \
                  + '--type=' + param_defaults['type'] + ' ' \
                  + '--description=' + param_defaults['description'] + ' ' \
                  + '--region=' + param_defaults['region'] + ' ' \
                  + '--publicurl=' + param_defaults['publicurl'] + ' ' \
                  + '--adminurl=' + param_defaults['adminurl'] + ' ' \
                  + '--internalurl=' + param_defaults['internalurl']

    bb.debug(1, 'service_param = %s' % service_param)
    return service_param

# Add the postinst script into the generated package
python populate_packages_append () {
    servicecreate_packages = d.getVar('SERVICECREATE_PACKAGES', True) or ""

    servicecreate_postinst_common_copy = d.getVar('servicecreate_postinst_common', True)
    servicecreate_postinst_user_copy = d.getVar('servicecreate_postinst_user', True)
    servicecreate_postinst_service_copy = d.getVar('servicecreate_postinst_service', True)
    for pkg in servicecreate_packages.split():
        bb.debug(1, 'Adding service/user creation calls to postinst for %s' % pkg)

        postinst = d.getVar('pkg_postinst_%s' % pkg, True) or d.getVar('pkg_postinst', True)
        if not postinst:
            postinst = '    if [ "x$D" != "x" ]; then\n' + \
                       '        exit 1\n' + \
                       '    fi\n'
        postinst += servicecreate_postinst_common_copy

        if d.getVar('USERCREATE_PARAM_%s' % pkg, True):
            servicecreate_postinst_user = servicecreate_postinst_user_copy.replace("USERCREATE_PARAM", usercreate_param(d, pkg))
            postinst += servicecreate_postinst_user

        if d.getVar('SERVICECREATE_PARAM_%s' % pkg, True):
            servicecreate_postinst_service = servicecreate_postinst_service_copy.replace("SERVICECREATE_PARAM", servicecreate_param(d, pkg))
            postinst += servicecreate_postinst_service

        d.setVar('pkg_postinst_%s' % pkg, postinst)
        bb.debug(1, 'pkg_postinst_%s = %s' % (pkg, d.getVar('pkg_postinst_%s' % pkg, True)))
}