diff --git a/elements/keystone/element-deps b/elements/keystone/element-deps index 2167c86f..338bd781 100644 --- a/elements/keystone/element-deps +++ b/elements/keystone/element-deps @@ -1 +1,2 @@ os-svc-install +os-config-applier diff --git a/elements/keystone/install.d/05-keystone b/elements/keystone/install.d/05-keystone index 997323f1..43a04570 100755 --- a/elements/keystone/install.d/05-keystone +++ b/elements/keystone/install.d/05-keystone @@ -1,4 +1,3 @@ #!/bin/bash set -eux os-svc-install -n keystone -u keystone -r https://github.com/openstack/keystone.git -c "/opt/stack/keystone/bin/keystone-all" - diff --git a/elements/keystone/os-config-applier/etc/keystone/keystone.conf b/elements/keystone/os-config-applier/etc/keystone/keystone.conf new file mode 100644 index 00000000..3c9e67ad --- /dev/null +++ b/elements/keystone/os-config-applier/etc/keystone/keystone.conf @@ -0,0 +1,95 @@ +[DEFAULT] +admin_token = funkytonwn + +[sql] +connection = mysql://{{OpenStack::Keystone::Database.User}}:{{OpenStack::Keystone::Database.Password}}@{{OpenStack::Keystone::Database.Host}}/{{OpenStack::Keystone::Database.Database}} + +[identity] +[catalog] +[token] +[policy] +[ec2] +[ssl] +[signing] +[ldap] + +[filter:debug] +paste.filter_factory = keystone.common.wsgi:Debug.factory + +[filter:token_auth] +paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory + +[filter:admin_token_auth] +paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory + +[filter:xml_body] +paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory + +[filter:json_body] +paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory + +[filter:user_crud_extension] +paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory + +[filter:crud_extension] +paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory + +[filter:ec2_extension] +paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory + +[filter:s3_extension] +paste.filter_factory = keystone.contrib.s3:S3Extension.factory + +[filter:url_normalize] +paste.filter_factory = keystone.middleware:NormalizingFilter.factory + +[filter:sizelimit] +paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory + +[filter:stats_monitoring] +paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory + +[filter:stats_reporting] +paste.filter_factory = keystone.contrib.stats:StatsExtension.factory + +[app:public_service] +paste.app_factory = keystone.service:public_app_factory + +[app:service_v3] +paste.app_factory = keystone.service:v3_app_factory + +[app:admin_service] +paste.app_factory = keystone.service:admin_app_factory + +[pipeline:public_api] +pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service + +[pipeline:admin_api] +pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service + +[pipeline:api_v3] +pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3 + +[app:public_version_service] +paste.app_factory = keystone.service:public_version_app_factory + +[app:admin_version_service] +paste.app_factory = keystone.service:admin_version_app_factory + +[pipeline:public_version_api] +pipeline = sizelimit stats_monitoring url_normalize xml_body public_version_service + +[pipeline:admin_version_api] +pipeline = sizelimit stats_monitoring url_normalize xml_body admin_version_service + +[composite:main] +use = egg:Paste#urlmap +/v2.0 = public_api +/v3 = api_v3 +/ = public_version_api + +[composite:admin] +use = egg:Paste#urlmap +/v2.0 = admin_api +/v3 = api_v3 +/ = admin_version_api diff --git a/elements/keystone/os-config-applier/etc/keystone/logging.conf b/elements/keystone/os-config-applier/etc/keystone/logging.conf new file mode 100644 index 00000000..d87d3a28 --- /dev/null +++ b/elements/keystone/os-config-applier/etc/keystone/logging.conf @@ -0,0 +1,39 @@ +[loggers] +keys=root + +[formatters] +keys=normal,normal_with_name,debug + +[handlers] +keys=production,file,devel + +[logger_root] +level=WARNING +handlers=file + +[handler_production] +class=handlers.SysLogHandler +level=ERROR +formatter=normal_with_name +args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) + +[handler_file] +class=FileHandler +level=DEBUG +formatter=normal_with_name +args=('keystone.log', 'a') + +[handler_devel] +class=StreamHandler +level=NOTSET +formatter=debug +args=(sys.stdout,) + +[formatter_normal] +format=%(asctime)s %(levelname)s %(message)s + +[formatter_normal_with_name] +format=(%(name)s): %(asctime)s %(levelname)s %(message)s + +[formatter_debug] +format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/elements/keystone/os-config-applier/etc/keystone/policy.json b/elements/keystone/os-config-applier/etc/keystone/policy.json new file mode 100644 index 00000000..aaf20924 --- /dev/null +++ b/elements/keystone/os-config-applier/etc/keystone/policy.json @@ -0,0 +1,57 @@ +{ + "admin_required": [["role:admin"], ["is_admin:1"]], + + "identity:get_service": [["rule:admin_required"]], + "identity:list_services": [["rule:admin_required"]], + "identity:create_service": [["rule:admin_required"]], + "identity:update_service": [["rule:admin_required"]], + "identity:delete_service": [["rule:admin_required"]], + + "identity:get_endpoint": [["rule:admin_required"]], + "identity:list_endpoints": [["rule:admin_required"]], + "identity:create_endpoint": [["rule:admin_required"]], + "identity:update_endpoint": [["rule:admin_required"]], + "identity:delete_endpoint": [["rule:admin_required"]], + + "identity:get_domain": [["rule:admin_required"]], + "identity:list_domains": [["rule:admin_required"]], + "identity:create_domain": [["rule:admin_required"]], + "identity:update_domain": [["rule:admin_required"]], + "identity:delete_domain": [["rule:admin_required"]], + + "identity:get_project": [["rule:admin_required"]], + "identity:list_projects": [["rule:admin_required"]], + "identity:list_user_projects": [["rule:admin_required"], ["user_id:%(user_id)s"]], + "identity:create_project": [["rule:admin_required"]], + "identity:update_project": [["rule:admin_required"]], + "identity:delete_project": [["rule:admin_required"]], + + "identity:get_user": [["rule:admin_required"]], + "identity:list_users": [["rule:admin_required"]], + "identity:create_user": [["rule:admin_required"]], + "identity:update_user": [["rule:admin_required"]], + "identity:delete_user": [["rule:admin_required"]], + + "identity:get_credential": [["rule:admin_required"]], + "identity:list_credentials": [["rule:admin_required"]], + "identity:create_credential": [["rule:admin_required"]], + "identity:update_credential": [["rule:admin_required"]], + "identity:delete_credential": [["rule:admin_required"]], + + "identity:get_role": [["rule:admin_required"]], + "identity:list_roles": [["rule:admin_required"]], + "identity:create_role": [["rule:admin_required"]], + "identity:update_roles": [["rule:admin_required"]], + "identity:delete_roles": [["rule:admin_required"]], + + "identity:check_grant": [["rule:admin_required"]], + "identity:list_grants": [["rule:admin_required"]], + "identity:create_grant": [["rule:admin_required"]], + "identity:revoke_grant": [["rule:admin_required"]], + + "identity:get_policy": [["rule:admin_required"]], + "identity:list_policies": [["rule:admin_required"]], + "identity:create_policy": [["rule:admin_required"]], + "identity:update_policy": [["rule:admin_required"]], + "identity:delete_policy": [["rule:admin_required"]] +} diff --git a/elements/os-config-applier/README.md b/elements/os-config-applier/README.md new file mode 100644 index 00000000..ff4df36a --- /dev/null +++ b/elements/os-config-applier/README.md @@ -0,0 +1,3 @@ +Install os-config-applier. Also copy any templates placed in any element +root under the sub-directory 'os-config-applier' into the appropriate +template directory. diff --git a/elements/os-config-applier/install.d/10-os-config-applier b/elements/os-config-applier/install.d/10-os-config-applier new file mode 100755 index 00000000..ca4446eb --- /dev/null +++ b/elements/os-config-applier/install.d/10-os-config-applier @@ -0,0 +1,14 @@ +#!/bin/bash +set -eux + +install-packages git-core python-pip +pip install -U git+https://github.com/tripleo/os-config-applier.git + +TEMPLATE_ROOT=$(os-config-applier --print-templates) +mkdir -p $TEMPLATE_ROOT + +cat > /etc/init/os-config-applier.conf <<- eof +start on runlevel [2345] +task +exec os-config-applier +eof diff --git a/elements/os-config-applier/install.d/50-os-config-applier b/elements/os-config-applier/install.d/50-os-config-applier deleted file mode 100755 index 15e63d0f..00000000 --- a/elements/os-config-applier/install.d/50-os-config-applier +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -eux - -TEMPLATES=git://github.com/tripleo/openstack-config-templates.git - -sudo apt-get install --yes git python-pip -pip install -U git+https://github.com/tripleo/os-config-applier.git - -mkdir -p /opt/stack -git clone $TEMPLATES /opt/stack/openstack-config-templates - -runscript=$(os-refresh-config --print-base)/configuration.d/10-os-config-applier -mkdir -p $(dirname $runscript) -cat > $runscript <<- eof -#!/bin/sh -exec os-config-applier -t /opt/stack/openstack-config-templates/templates -eof -chmod 0755 $runscript diff --git a/elements/os-config-applier/install.d/99-install-config-templates b/elements/os-config-applier/install.d/99-install-config-templates new file mode 100644 index 00000000..eca064d0 --- /dev/null +++ b/elements/os-config-applier/install.d/99-install-config-templates @@ -0,0 +1,8 @@ +#!/bin/bash +# Note that this relies on the detail that all elements share one dir +# inside the chroot. This will copy all the files that elements have +# added to element/os-config-applier into the appropriate location. +set -eux +TEMPLATE_ROOT=$(os-config-applier --print-templates) +TEMPLATE_SOURCE=$(dirname $0)/../os-config-applier +rsync -r $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/