| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
syncing the core components to the latest juno hashes. We also introduce
new packages and update others to meet the juno requirements.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
We have three changes in a single commit:
- A runtime substition fix controller IP values
- When the substitions were moved for chef integration, the chef
disabled path wasn't tested. This meant that %CONTROLLER_IP% remained
in the final config files, and broke keystone startup.
- The addition of oathlib to keystone depedencies
- oauthlib is a juno dependency
- A temporary patch to the apache httpd front end modules
- At times keystone would fail to load via apache due to the inability to
load localcontext from oslo. To work around these sporadic failures, an
explicit import was added to the http front end module. This will be
removed in the future.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Instead of having a central file or group of files to
describe what data resources should be monitored. The
content of these files will depend on what core system
monitoring is used ((e.g. Nagios or Monasca).
It's desirable to have each recipe describes what
it wants be monitored in generic way such that various system
monitors can understand and convert these into their format.
If a recipe wishes to register itself to system monitor, it
inherits monitor bbclass and use MONITOR_SERVICE_PACKAGES and
MONITOR_SERVICE_<package name> to indicate what processes
should should be monitored. Also MONITOR_CHECKS_<package name>
variale can be used to pass list of scripts which will be run
on target and if any of these scripts fail then will report.
Eventually monitor.bbclass will be expanded to allow recipe
to describe more complicated information passed down to
system monitor (e.g. Nagios or Monasca)
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
keystone: move initscript install to before fixups
There are sed operations being performed on the sysvinit script .. but the
script wasn't being installed until after that block of code. We relocate
the install of the script to above any fixups, and everything works again.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Openstackchef enables us to recreate configuration files
for services in an openstack installation. It does this by
creating template file(s) out of configuration file(s) exposed
to the class by services.
The following services are inheriting the openstack class
and then exposing a set of configuration files to the class.
These services expose their configuration files to openstackchef
by assigning them to the variable CHEF_SERVICES_CONF_FILES. The files
are assumend to have been installed in the image directory under the
service's WORKDIR.
At build-time, openstackchef makes chef-solo templates out of
the registered files. And at run-time, the deploychef package
makes a call to chef-solo, which in-turn use the template files
to recreate the registered configuration files.
For legacy reasons, the string OPENSTACKCHEF_ENABLED is defined in
openstackchef class, but it can be overwritten in a .bb, .class,
.bbappend or local.conf file to an empty string when openstackchef
support is not desired. This enables all of these services to be built
without openstackchef support. In addition, it prevents the recipes
from substituting the placeholders in their configuration files
when inheriting openstackchef.
Signed-off-by: Mustapha Lansana <Mustapha.Lansana@windriver.com>
|
|
This patch set configures an apache vhost server on port 8081 which will
serve as the main authentication method and documents the change in
README.keystone.
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
|
Conform as much as possible to the bitbake coding standard. (80 or less
chars/line, 4x space indent).
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
|
Along with this update, we also fix a bug with nova and neutron port types.
this patch will be removed once it is fixed in the upstream project.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
This patch removes the openrc file from the keystone package and
references to openrc in the python-kystone_git.bb file.
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
|
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
Instead of creating tenant/user/role and service/endpoint for all
openstack services in keystone postinstall, now each of the services
creates its own keystone identities by queueing them up in its postinstall
to a file /etc/keystone/service-user-setup. service-user-setup
script, when run as the last postinstall, calls identity.sh with keystone
identity parameters to create necessary identities for the services.
Signed-off-by: Andy Ning <andy.ning@windriver.com>
|
|
Adding /etc/keystone/hybrid-backend-setup and
convert_keystone_backend.py to set the backend
for keystone to hybrid and starts openldap and
restarts keystone.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
Modify python-keystone to use openldap. keystone's identity and
assignment backends are configured to utilitze the hybrid backend for
keystone. This backend uses the SQL backend by default and goes to the ldap
database if the user doesn't exist.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
Some of the openstack data is associated with external resources
(ie glance may have external files), we explicitly invoke the delete commands on those
in additional to dropping and recreating the databases.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
Updating keystone to the juno release candidate. Also adding new
dependencies.
Note: also ensure that the new keystoneclient and keystonemiddleware
are used.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
When running the keystone tests, the tests ensures that
keystone is being tested against the latest version of
keystone-client available by downloading keystone-client from
source using git. However, on the target system
keystone-client is installed as a separate package and it is
undesirable to download a newer version to test against. This
fix comments out the portion of the testing code that attempts
to retrieve keystone-client from source code using git.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Some Keystone tests create temporary files, usually
databases for testing. These files are stored in the
"tmp" directory under the "tests" directory in Keystone.
The fix creates this directory so these tests don't fail
on failing to create temporary files because the path
doesn't exist.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Keystone tests define the location of certificate files
as the location of the files in the source tree. However,
when installed on the system files are put in different
locations. This change patches the configuration file
for some tests to contain the full path to the tests
directories.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Some tests provided by Keystone tests signing with an
example certificate and signing key. If these certificates
are not found these particular tests will hang. Thus, in
order for these tests to pass we must install the example
certificates to the system. This fix updates the install
script for Keystone to include installing the example
certificates.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Keystone tests are designed to run on the source tree.
However, Keystone is installed on a system with files
in various directories. This fix patches the testing
source files to be able to find the files on the
distribution. This fix incorporates the changes of
a previous patch file into a new patch file that is
generated, since the previous patch are related and
close to eachother in the source and it is easier to
maintain less patch files.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Openstack components provide a run_tests.sh script for
running unit tests. Some of these tests expect the
openstack-nose plugin to be installed. This fix provides
a recipe for the building that plugin in order to allow
the various run_tests.sh scripts to run.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
The bitbake recipe file for building Keystone is inconsistent
with the use of tabs versus spaces. According to guidelines
for the Yocto project (style guide), the tabs should be
replaced with spaces in the case of indenting for lists. The
style guide can be found at:
https://wiki.yoctoproject.org/wiki/Recipe_&_Patch_Style_Guide
This fix changes the Keystone recipe file to use spaces instead
of tabs in list of files and package dependencies.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Since Grizzly release Keystone defaults to storing tokens in PKI
format. Some software works better with keystone if tokens
are in the older UUID format. This change allows a simple way
to set the storage format within the bitbake receipes. The default
is to use the newer PKI format.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon
Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable
permissions for /etc/keystone/ec2rc, which allows local users to obtain
access to EC2 services by reading administrative access and secret values
from this file.
Modify /etc/keystone to have permission 750
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Editing the files in ${WORKDIR} using sed or similar tools as part of
do_install means they can only be edited once. Supplying a modified
CONTROLLER_IP in local.conf and building the image again will not
result in the CONTROLLER_IP being properly updated since the
substitution placeholders will no longer exist. We therefore simply
swap the other of things, installing the configuration files first,
then editing them to swap the placeholders. This means we can run the
do_install again and again and get the results we expect.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Currently all the openstack components have default start level
of 20. There are other services such as glusterfs, rabbbitmq,
database... are also starting at the same start level. On some
platform, this can cause racing condition between services which
in turn causes some of openstack components not started.
By adjusting the openstack components start level to higher will
ensure that system services start in the determistic way.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Several python packages require 'python-pbr' both at build and
runtime, as listed in their respective setup.py files, yet this
dependency is not included in their recipe. Adding python-pbr
to the RDEPENDS to correct this.
In addition this situation is complicated by the fact that the
setuptools will actually fetch python-pip and python-pbr eggs,
regardless of the value of BB_NO_NETWORK, if any of these packages are
built before python-pip and python-pbr are in the sysroot. Most
dramitically if you were to attempt to build any of these packages
with no network connectivity the do_compile() task will fail with the
following:
| DEBUG: Executing shell function do_compile
| Download error: [Errno 110] Connection timed out -- Some packages may not be found!
| Couldn't find index page for 'pip' (maybe misspelled?)
| Download error: [Errno 110] Connection timed out -- Some packages may not be found!
| No local packages or download links found for pip>=1.0
| Traceback (most recent call last):
| File "setup.py", line 21, in <module>
| pbr=True)
Adding the missing DEPENDS will ensure these packages are available
without the need for setuptools to fetch them, and avoid possible
build issues due to network connectivity.
In order to test these modifications all of these packages have been
built with a populated sstate cache and the network crippled using:
iptables -A OUTPUT -p tcp --destination-port 80 -j DROP
to ensure no extra fetches are taking place.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Tests in keystone/tests are failed because they
looks for some config files at wrong location.
Currently all the keystone config files are at
/etc/keystone.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
By default expired keystone tokens are not removed
out of the keystone table in keystone database.
This will cause the keystone database to grow in
size due. So this patch adds new package named
keystone-cronjobs which will register a cronjob
to invoke command "keystone-manage token_flush"
for flushing out any expired token.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Installation from package feeds shows some missing REDPENDS for the
-setup packages.
Signed-off-by: Rob Wolley <Rob.Woolley@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
To add more complete tempest support, we require flakes8, so it is
added to the dependency list.
To get the individual component test scripts onto the target, create
a $PACKAGE-tests package and add the script. When the tests are
required on target, these packages should be added to the install
list.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
After moving all database creation initialization packages, we also
remove it from the RDEPENDS of the various control node recipes.
This allows images to select database initialization or skip it.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Many OpenStack modules require a first boot action to setup up users,
databases, bridges, etc. These same packages install initscripts to start
daemons and servers.
The 1st boot package post install actions immediately exit to indicate
that the action cannot be performed in the cross environment and instead
should be done on first boot. The update-rc.d post install actions are
intended to be run in the cross environment to symlink scripts into the
proper runlevels.
The early exit from the db setup routines, means that the rc files are
not linked in host cross. If the rootfs doesn't contain update-rc.d,
they also will not be set up on first boot. The end result is a system
that does not start all of its required services on boot.
To fix this, we split out db and other first boot setup tasks into
dedicated (but empty) -setup packages. These run on first boot, while
update-rc.d is left to create the proper symlinks.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Updating the keystone OpenStack component to the havana release version.
As part of this switch, we also start building out of git versus the
release tarballs.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
Bruce Ashfield
Vu Tran
Mustapha Lansana
Liam R. Howlett
Amy Fong
Andy Ning
Keith Holman
Mark Asselstine