Allow elements to include skeleton config

Copies all templates found in the root of any element into the default template location. These templates will be filled in from heat metadata by os-config-applier whenever it is run. Update keystone to install templates in this way as an example. Change-Id: I0be0a79a431e9ba5b80e84f130c48d5ce8b100ae Co-Authored-By: Tim Miller <tim.miller.0@gmail.com>
2013-03-05 10:38:07 -08:00 · 2013-03-05 10:38:07 -08:00 · 30e803aa56
commit 30e803aa56
parent aa8a2174a6
9 changed files with 217 additions and 19 deletions
--- a/elements/keystone/element-deps
+++ b/elements/keystone/element-deps
@ -1 +1,2 @@
 os-svc-install
+os-config-applier
--- a/elements/keystone/install.d/05-keystone
+++ b/elements/keystone/install.d/05-keystone
@ -1,4 +1,3 @@
 #!/bin/bash
 set -eux
 os-svc-install -n keystone -u keystone -r https://github.com/openstack/keystone.git -c "/opt/stack/keystone/bin/keystone-all"
-
--- a/elements/keystone/os-config-applier/etc/keystone/keystone.conf
+++ b/elements/keystone/os-config-applier/etc/keystone/keystone.conf
@ -0,0 +1,95 @@
+[DEFAULT]
+admin_token = funkytonwn
+
+[sql]
+connection = mysql://{{OpenStack::Keystone::Database.User}}:{{OpenStack::Keystone::Database.Password}}@{{OpenStack::Keystone::Database.Host}}/{{OpenStack::Keystone::Database.Database}}
+
+[identity]
+[catalog]
+[token]
+[policy]
+[ec2]
+[ssl]
+[signing]
+[ldap]
+
+[filter:debug]
+paste.filter_factory = keystone.common.wsgi:Debug.factory
+
+[filter:token_auth]
+paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
+
+[filter:admin_token_auth]
+paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
+
+[filter:xml_body]
+paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
+
+[filter:json_body]
+paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
+
+[filter:user_crud_extension]
+paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
+
+[filter:crud_extension]
+paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
+
+[filter:ec2_extension]
+paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
+
+[filter:s3_extension]
+paste.filter_factory = keystone.contrib.s3:S3Extension.factory
+
+[filter:url_normalize]
+paste.filter_factory = keystone.middleware:NormalizingFilter.factory
+
+[filter:sizelimit]
+paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
+
+[filter:stats_monitoring]
+paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
+
+[filter:stats_reporting]
+paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
+
+[app:public_service]
+paste.app_factory = keystone.service:public_app_factory
+
+[app:service_v3]
+paste.app_factory = keystone.service:v3_app_factory
+
+[app:admin_service]
+paste.app_factory = keystone.service:admin_app_factory
+
+[pipeline:public_api]
+pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
+
+[pipeline:admin_api]
+pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
+
+[pipeline:api_v3]
+pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3
+
+[app:public_version_service]
+paste.app_factory = keystone.service:public_version_app_factory
+
+[app:admin_version_service]
+paste.app_factory = keystone.service:admin_version_app_factory
+
+[pipeline:public_version_api]
+pipeline = sizelimit stats_monitoring url_normalize xml_body public_version_service
+
+[pipeline:admin_version_api]
+pipeline = sizelimit stats_monitoring url_normalize xml_body admin_version_service
+
+[composite:main]
+use = egg:Paste#urlmap
+/v2.0 = public_api
+/v3 = api_v3
+/ = public_version_api
+
+[composite:admin]
+use = egg:Paste#urlmap
+/v2.0 = admin_api
+/v3 = api_v3
+/ = admin_version_api
--- a/elements/keystone/os-config-applier/etc/keystone/logging.conf
+++ b/elements/keystone/os-config-applier/etc/keystone/logging.conf
@ -0,0 +1,39 @@
+[loggers]
+keys=root
+
+[formatters]
+keys=normal,normal_with_name,debug
+
+[handlers]
+keys=production,file,devel
+
+[logger_root]
+level=WARNING
+handlers=file
+
+[handler_production]
+class=handlers.SysLogHandler
+level=ERROR
+formatter=normal_with_name
+args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
+
+[handler_file]
+class=FileHandler
+level=DEBUG
+formatter=normal_with_name
+args=('keystone.log', 'a')
+
+[handler_devel]
+class=StreamHandler
+level=NOTSET
+formatter=debug
+args=(sys.stdout,)
+
+[formatter_normal]
+format=%(asctime)s %(levelname)s %(message)s
+
+[formatter_normal_with_name]
+format=(%(name)s): %(asctime)s %(levelname)s %(message)s
+
+[formatter_debug]
+format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s
--- a/elements/keystone/os-config-applier/etc/keystone/policy.json
+++ b/elements/keystone/os-config-applier/etc/keystone/policy.json
@ -0,0 +1,57 @@
+{
+    "admin_required": [["role:admin"], ["is_admin:1"]],
+
+    "identity:get_service": [["rule:admin_required"]],
+    "identity:list_services": [["rule:admin_required"]],
+    "identity:create_service": [["rule:admin_required"]],
+    "identity:update_service": [["rule:admin_required"]],
+    "identity:delete_service": [["rule:admin_required"]],
+
+    "identity:get_endpoint": [["rule:admin_required"]],
+    "identity:list_endpoints": [["rule:admin_required"]],
+    "identity:create_endpoint": [["rule:admin_required"]],
+    "identity:update_endpoint": [["rule:admin_required"]],
+    "identity:delete_endpoint": [["rule:admin_required"]],
+
+    "identity:get_domain": [["rule:admin_required"]],
+    "identity:list_domains": [["rule:admin_required"]],
+    "identity:create_domain": [["rule:admin_required"]],
+    "identity:update_domain": [["rule:admin_required"]],
+    "identity:delete_domain": [["rule:admin_required"]],
+
+    "identity:get_project": [["rule:admin_required"]],
+    "identity:list_projects": [["rule:admin_required"]],
+    "identity:list_user_projects": [["rule:admin_required"], ["user_id:%(user_id)s"]],
+    "identity:create_project": [["rule:admin_required"]],
+    "identity:update_project": [["rule:admin_required"]],
+    "identity:delete_project": [["rule:admin_required"]],
+
+    "identity:get_user": [["rule:admin_required"]],
+    "identity:list_users": [["rule:admin_required"]],
+    "identity:create_user": [["rule:admin_required"]],
+    "identity:update_user": [["rule:admin_required"]],
+    "identity:delete_user": [["rule:admin_required"]],
+
+    "identity:get_credential": [["rule:admin_required"]],
+    "identity:list_credentials": [["rule:admin_required"]],
+    "identity:create_credential": [["rule:admin_required"]],
+    "identity:update_credential": [["rule:admin_required"]],
+    "identity:delete_credential": [["rule:admin_required"]],
+
+    "identity:get_role": [["rule:admin_required"]],
+    "identity:list_roles": [["rule:admin_required"]],
+    "identity:create_role": [["rule:admin_required"]],
+    "identity:update_roles": [["rule:admin_required"]],
+    "identity:delete_roles": [["rule:admin_required"]],
+
+    "identity:check_grant": [["rule:admin_required"]],
+    "identity:list_grants": [["rule:admin_required"]],
+    "identity:create_grant": [["rule:admin_required"]],
+    "identity:revoke_grant": [["rule:admin_required"]],
+
+    "identity:get_policy": [["rule:admin_required"]],
+    "identity:list_policies": [["rule:admin_required"]],
+    "identity:create_policy": [["rule:admin_required"]],
+    "identity:update_policy": [["rule:admin_required"]],
+    "identity:delete_policy": [["rule:admin_required"]]
+}
--- a/elements/os-config-applier/README.md
+++ b/elements/os-config-applier/README.md
@ -0,0 +1,3 @@
+Install os-config-applier. Also copy any templates placed in any element
+root under the sub-directory 'os-config-applier' into the appropriate
+template directory.
--- a/elements/os-config-applier/install.d/10-os-config-applier
+++ b/elements/os-config-applier/install.d/10-os-config-applier
@ -0,0 +1,14 @@
+#!/bin/bash
+set -eux
+
+install-packages git-core python-pip
+pip install -U git+https://github.com/tripleo/os-config-applier.git
+
+TEMPLATE_ROOT=$(os-config-applier --print-templates)
+mkdir -p $TEMPLATE_ROOT
+
+cat > /etc/init/os-config-applier.conf <<- eof
+start on runlevel [2345]
+task
+exec os-config-applier
+eof
--- a/elements/os-config-applier/install.d/50-os-config-applier
+++ b/elements/os-config-applier/install.d/50-os-config-applier
@ -1,18 +0,0 @@
-#!/bin/bash
-set -eux
-
-TEMPLATES=git://github.com/tripleo/openstack-config-templates.git
-
-sudo apt-get install --yes git python-pip
-pip install -U git+https://github.com/tripleo/os-config-applier.git
-
-mkdir -p /opt/stack
-git clone $TEMPLATES /opt/stack/openstack-config-templates
-
-runscript=$(os-refresh-config --print-base)/configuration.d/10-os-config-applier
-mkdir -p $(dirname $runscript)
-cat > $runscript <<- eof
-#!/bin/sh
-exec os-config-applier -t /opt/stack/openstack-config-templates/templates
-eof
-chmod 0755 $runscript
--- a/elements/os-config-applier/install.d/99-install-config-templates
+++ b/elements/os-config-applier/install.d/99-install-config-templates
@ -0,0 +1,8 @@
+#!/bin/bash
+# Note that this relies on the detail that all elements share one dir
+# inside the chroot. This will copy all the files that elements have
+# added to element/os-config-applier into the appropriate location.
+set -eux
+TEMPLATE_ROOT=$(os-config-applier --print-templates)
+TEMPLATE_SOURCE=$(dirname $0)/../os-config-applier
+rsync -r $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/