Allow elements to include skeleton config
Copies all templates found in the root of any element into the default template location. These templates will be filled in from heat metadata by os-config-applier whenever it is run. Update keystone to install templates in this way as an example. Change-Id: I0be0a79a431e9ba5b80e84f130c48d5ce8b100ae Co-Authored-By: Tim Miller <tim.miller.0@gmail.com>
This commit is contained in:
parent
aa8a2174a6
commit
30e803aa56
9 changed files with 217 additions and 19 deletions
|
@ -1 +1,2 @@
|
|||
os-svc-install
|
||||
os-config-applier
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
#!/bin/bash
|
||||
set -eux
|
||||
os-svc-install -n keystone -u keystone -r https://github.com/openstack/keystone.git -c "/opt/stack/keystone/bin/keystone-all"
|
||||
|
||||
|
|
|
@ -0,0 +1,95 @@
|
|||
[DEFAULT]
|
||||
admin_token = funkytonwn
|
||||
|
||||
[sql]
|
||||
connection = mysql://{{OpenStack::Keystone::Database.User}}:{{OpenStack::Keystone::Database.Password}}@{{OpenStack::Keystone::Database.Host}}/{{OpenStack::Keystone::Database.Database}}
|
||||
|
||||
[identity]
|
||||
[catalog]
|
||||
[token]
|
||||
[policy]
|
||||
[ec2]
|
||||
[ssl]
|
||||
[signing]
|
||||
[ldap]
|
||||
|
||||
[filter:debug]
|
||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
||||
|
||||
[filter:token_auth]
|
||||
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
|
||||
|
||||
[filter:admin_token_auth]
|
||||
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
|
||||
|
||||
[filter:xml_body]
|
||||
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
|
||||
|
||||
[filter:json_body]
|
||||
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
|
||||
|
||||
[filter:user_crud_extension]
|
||||
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
||||
|
||||
[filter:crud_extension]
|
||||
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
|
||||
|
||||
[filter:ec2_extension]
|
||||
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
|
||||
|
||||
[filter:s3_extension]
|
||||
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
|
||||
|
||||
[filter:url_normalize]
|
||||
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
|
||||
|
||||
[filter:sizelimit]
|
||||
paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
|
||||
|
||||
[filter:stats_monitoring]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
|
||||
|
||||
[filter:stats_reporting]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
|
||||
|
||||
[app:public_service]
|
||||
paste.app_factory = keystone.service:public_app_factory
|
||||
|
||||
[app:service_v3]
|
||||
paste.app_factory = keystone.service:v3_app_factory
|
||||
|
||||
[app:admin_service]
|
||||
paste.app_factory = keystone.service:admin_app_factory
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
|
||||
|
||||
[pipeline:admin_api]
|
||||
pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
|
||||
|
||||
[pipeline:api_v3]
|
||||
pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3
|
||||
|
||||
[app:public_version_service]
|
||||
paste.app_factory = keystone.service:public_version_app_factory
|
||||
|
||||
[app:admin_version_service]
|
||||
paste.app_factory = keystone.service:admin_version_app_factory
|
||||
|
||||
[pipeline:public_version_api]
|
||||
pipeline = sizelimit stats_monitoring url_normalize xml_body public_version_service
|
||||
|
||||
[pipeline:admin_version_api]
|
||||
pipeline = sizelimit stats_monitoring url_normalize xml_body admin_version_service
|
||||
|
||||
[composite:main]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = public_api
|
||||
/v3 = api_v3
|
||||
/ = public_version_api
|
||||
|
||||
[composite:admin]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = admin_api
|
||||
/v3 = api_v3
|
||||
/ = admin_version_api
|
|
@ -0,0 +1,39 @@
|
|||
[loggers]
|
||||
keys=root
|
||||
|
||||
[formatters]
|
||||
keys=normal,normal_with_name,debug
|
||||
|
||||
[handlers]
|
||||
keys=production,file,devel
|
||||
|
||||
[logger_root]
|
||||
level=WARNING
|
||||
handlers=file
|
||||
|
||||
[handler_production]
|
||||
class=handlers.SysLogHandler
|
||||
level=ERROR
|
||||
formatter=normal_with_name
|
||||
args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
|
||||
|
||||
[handler_file]
|
||||
class=FileHandler
|
||||
level=DEBUG
|
||||
formatter=normal_with_name
|
||||
args=('keystone.log', 'a')
|
||||
|
||||
[handler_devel]
|
||||
class=StreamHandler
|
||||
level=NOTSET
|
||||
formatter=debug
|
||||
args=(sys.stdout,)
|
||||
|
||||
[formatter_normal]
|
||||
format=%(asctime)s %(levelname)s %(message)s
|
||||
|
||||
[formatter_normal_with_name]
|
||||
format=(%(name)s): %(asctime)s %(levelname)s %(message)s
|
||||
|
||||
[formatter_debug]
|
||||
format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s
|
57
elements/keystone/os-config-applier/etc/keystone/policy.json
Normal file
57
elements/keystone/os-config-applier/etc/keystone/policy.json
Normal file
|
@ -0,0 +1,57 @@
|
|||
{
|
||||
"admin_required": [["role:admin"], ["is_admin:1"]],
|
||||
|
||||
"identity:get_service": [["rule:admin_required"]],
|
||||
"identity:list_services": [["rule:admin_required"]],
|
||||
"identity:create_service": [["rule:admin_required"]],
|
||||
"identity:update_service": [["rule:admin_required"]],
|
||||
"identity:delete_service": [["rule:admin_required"]],
|
||||
|
||||
"identity:get_endpoint": [["rule:admin_required"]],
|
||||
"identity:list_endpoints": [["rule:admin_required"]],
|
||||
"identity:create_endpoint": [["rule:admin_required"]],
|
||||
"identity:update_endpoint": [["rule:admin_required"]],
|
||||
"identity:delete_endpoint": [["rule:admin_required"]],
|
||||
|
||||
"identity:get_domain": [["rule:admin_required"]],
|
||||
"identity:list_domains": [["rule:admin_required"]],
|
||||
"identity:create_domain": [["rule:admin_required"]],
|
||||
"identity:update_domain": [["rule:admin_required"]],
|
||||
"identity:delete_domain": [["rule:admin_required"]],
|
||||
|
||||
"identity:get_project": [["rule:admin_required"]],
|
||||
"identity:list_projects": [["rule:admin_required"]],
|
||||
"identity:list_user_projects": [["rule:admin_required"], ["user_id:%(user_id)s"]],
|
||||
"identity:create_project": [["rule:admin_required"]],
|
||||
"identity:update_project": [["rule:admin_required"]],
|
||||
"identity:delete_project": [["rule:admin_required"]],
|
||||
|
||||
"identity:get_user": [["rule:admin_required"]],
|
||||
"identity:list_users": [["rule:admin_required"]],
|
||||
"identity:create_user": [["rule:admin_required"]],
|
||||
"identity:update_user": [["rule:admin_required"]],
|
||||
"identity:delete_user": [["rule:admin_required"]],
|
||||
|
||||
"identity:get_credential": [["rule:admin_required"]],
|
||||
"identity:list_credentials": [["rule:admin_required"]],
|
||||
"identity:create_credential": [["rule:admin_required"]],
|
||||
"identity:update_credential": [["rule:admin_required"]],
|
||||
"identity:delete_credential": [["rule:admin_required"]],
|
||||
|
||||
"identity:get_role": [["rule:admin_required"]],
|
||||
"identity:list_roles": [["rule:admin_required"]],
|
||||
"identity:create_role": [["rule:admin_required"]],
|
||||
"identity:update_roles": [["rule:admin_required"]],
|
||||
"identity:delete_roles": [["rule:admin_required"]],
|
||||
|
||||
"identity:check_grant": [["rule:admin_required"]],
|
||||
"identity:list_grants": [["rule:admin_required"]],
|
||||
"identity:create_grant": [["rule:admin_required"]],
|
||||
"identity:revoke_grant": [["rule:admin_required"]],
|
||||
|
||||
"identity:get_policy": [["rule:admin_required"]],
|
||||
"identity:list_policies": [["rule:admin_required"]],
|
||||
"identity:create_policy": [["rule:admin_required"]],
|
||||
"identity:update_policy": [["rule:admin_required"]],
|
||||
"identity:delete_policy": [["rule:admin_required"]]
|
||||
}
|
3
elements/os-config-applier/README.md
Normal file
3
elements/os-config-applier/README.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
Install os-config-applier. Also copy any templates placed in any element
|
||||
root under the sub-directory 'os-config-applier' into the appropriate
|
||||
template directory.
|
14
elements/os-config-applier/install.d/10-os-config-applier
Executable file
14
elements/os-config-applier/install.d/10-os-config-applier
Executable file
|
@ -0,0 +1,14 @@
|
|||
#!/bin/bash
|
||||
set -eux
|
||||
|
||||
install-packages git-core python-pip
|
||||
pip install -U git+https://github.com/tripleo/os-config-applier.git
|
||||
|
||||
TEMPLATE_ROOT=$(os-config-applier --print-templates)
|
||||
mkdir -p $TEMPLATE_ROOT
|
||||
|
||||
cat > /etc/init/os-config-applier.conf <<- eof
|
||||
start on runlevel [2345]
|
||||
task
|
||||
exec os-config-applier
|
||||
eof
|
|
@ -1,18 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -eux
|
||||
|
||||
TEMPLATES=git://github.com/tripleo/openstack-config-templates.git
|
||||
|
||||
sudo apt-get install --yes git python-pip
|
||||
pip install -U git+https://github.com/tripleo/os-config-applier.git
|
||||
|
||||
mkdir -p /opt/stack
|
||||
git clone $TEMPLATES /opt/stack/openstack-config-templates
|
||||
|
||||
runscript=$(os-refresh-config --print-base)/configuration.d/10-os-config-applier
|
||||
mkdir -p $(dirname $runscript)
|
||||
cat > $runscript <<- eof
|
||||
#!/bin/sh
|
||||
exec os-config-applier -t /opt/stack/openstack-config-templates/templates
|
||||
eof
|
||||
chmod 0755 $runscript
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
# Note that this relies on the detail that all elements share one dir
|
||||
# inside the chroot. This will copy all the files that elements have
|
||||
# added to element/os-config-applier into the appropriate location.
|
||||
set -eux
|
||||
TEMPLATE_ROOT=$(os-config-applier --print-templates)
|
||||
TEMPLATE_SOURCE=$(dirname $0)/../os-config-applier
|
||||
rsync -r $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/
|
Loading…
Reference in a new issue