From 30e803aa56d3da7bcebb8a4c62ad532b760b6378 Mon Sep 17 00:00:00 2001
From: Clint Byrum <clint@fewbar.com>
Date: Tue, 5 Mar 2013 10:38:07 -0800
Subject: [PATCH] Allow elements to include skeleton config

Copies all templates found in the root of any element into the
default template location.

These templates will be filled in from heat metadata by
os-config-applier whenever it is run.

Update keystone to install templates in this way as an example.

Change-Id: I0be0a79a431e9ba5b80e84f130c48d5ce8b100ae
Co-Authored-By: Tim Miller <tim.miller.0@gmail.com>
---
 elements/keystone/element-deps                |  1 +
 elements/keystone/install.d/05-keystone       |  1 -
 .../etc/keystone/keystone.conf                | 95 +++++++++++++++++++
 .../etc/keystone/logging.conf                 | 39 ++++++++
 .../etc/keystone/policy.json                  | 57 +++++++++++
 elements/os-config-applier/README.md          |  3 +
 .../install.d/10-os-config-applier            | 14 +++
 .../install.d/50-os-config-applier            | 18 ----
 .../install.d/99-install-config-templates     |  8 ++
 9 files changed, 217 insertions(+), 19 deletions(-)
 create mode 100644 elements/keystone/os-config-applier/etc/keystone/keystone.conf
 create mode 100644 elements/keystone/os-config-applier/etc/keystone/logging.conf
 create mode 100644 elements/keystone/os-config-applier/etc/keystone/policy.json
 create mode 100644 elements/os-config-applier/README.md
 create mode 100755 elements/os-config-applier/install.d/10-os-config-applier
 delete mode 100755 elements/os-config-applier/install.d/50-os-config-applier
 create mode 100644 elements/os-config-applier/install.d/99-install-config-templates

diff --git a/elements/keystone/element-deps b/elements/keystone/element-deps
index 2167c86f..338bd781 100644
--- a/elements/keystone/element-deps
+++ b/elements/keystone/element-deps
@@ -1 +1,2 @@
 os-svc-install
+os-config-applier
diff --git a/elements/keystone/install.d/05-keystone b/elements/keystone/install.d/05-keystone
index 997323f1..43a04570 100755
--- a/elements/keystone/install.d/05-keystone
+++ b/elements/keystone/install.d/05-keystone
@@ -1,4 +1,3 @@
 #!/bin/bash
 set -eux
 os-svc-install -n keystone -u keystone -r https://github.com/openstack/keystone.git -c "/opt/stack/keystone/bin/keystone-all"
-
diff --git a/elements/keystone/os-config-applier/etc/keystone/keystone.conf b/elements/keystone/os-config-applier/etc/keystone/keystone.conf
new file mode 100644
index 00000000..3c9e67ad
--- /dev/null
+++ b/elements/keystone/os-config-applier/etc/keystone/keystone.conf
@@ -0,0 +1,95 @@
+[DEFAULT]
+admin_token = funkytonwn
+
+[sql]
+connection = mysql://{{OpenStack::Keystone::Database.User}}:{{OpenStack::Keystone::Database.Password}}@{{OpenStack::Keystone::Database.Host}}/{{OpenStack::Keystone::Database.Database}}
+
+[identity]
+[catalog]
+[token]
+[policy]
+[ec2]
+[ssl]
+[signing]
+[ldap]
+
+[filter:debug]
+paste.filter_factory = keystone.common.wsgi:Debug.factory
+
+[filter:token_auth]
+paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
+
+[filter:admin_token_auth]
+paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
+
+[filter:xml_body]
+paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
+
+[filter:json_body]
+paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
+
+[filter:user_crud_extension]
+paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
+
+[filter:crud_extension]
+paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
+
+[filter:ec2_extension]
+paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
+
+[filter:s3_extension]
+paste.filter_factory = keystone.contrib.s3:S3Extension.factory
+
+[filter:url_normalize]
+paste.filter_factory = keystone.middleware:NormalizingFilter.factory
+
+[filter:sizelimit]
+paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
+
+[filter:stats_monitoring]
+paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
+
+[filter:stats_reporting]
+paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
+
+[app:public_service]
+paste.app_factory = keystone.service:public_app_factory
+
+[app:service_v3]
+paste.app_factory = keystone.service:v3_app_factory
+
+[app:admin_service]
+paste.app_factory = keystone.service:admin_app_factory
+
+[pipeline:public_api]
+pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
+
+[pipeline:admin_api]
+pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service
+
+[pipeline:api_v3]
+pipeline = sizelimit stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension service_v3
+
+[app:public_version_service]
+paste.app_factory = keystone.service:public_version_app_factory
+
+[app:admin_version_service]
+paste.app_factory = keystone.service:admin_version_app_factory
+
+[pipeline:public_version_api]
+pipeline = sizelimit stats_monitoring url_normalize xml_body public_version_service
+
+[pipeline:admin_version_api]
+pipeline = sizelimit stats_monitoring url_normalize xml_body admin_version_service
+
+[composite:main]
+use = egg:Paste#urlmap
+/v2.0 = public_api
+/v3 = api_v3
+/ = public_version_api
+
+[composite:admin]
+use = egg:Paste#urlmap
+/v2.0 = admin_api
+/v3 = api_v3
+/ = admin_version_api
diff --git a/elements/keystone/os-config-applier/etc/keystone/logging.conf b/elements/keystone/os-config-applier/etc/keystone/logging.conf
new file mode 100644
index 00000000..d87d3a28
--- /dev/null
+++ b/elements/keystone/os-config-applier/etc/keystone/logging.conf
@@ -0,0 +1,39 @@
+[loggers]
+keys=root
+
+[formatters]
+keys=normal,normal_with_name,debug
+
+[handlers]
+keys=production,file,devel
+
+[logger_root]
+level=WARNING
+handlers=file
+
+[handler_production]
+class=handlers.SysLogHandler
+level=ERROR
+formatter=normal_with_name
+args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
+
+[handler_file]
+class=FileHandler
+level=DEBUG
+formatter=normal_with_name
+args=('keystone.log', 'a')
+
+[handler_devel]
+class=StreamHandler
+level=NOTSET
+formatter=debug
+args=(sys.stdout,)
+
+[formatter_normal]
+format=%(asctime)s %(levelname)s %(message)s
+
+[formatter_normal_with_name]
+format=(%(name)s): %(asctime)s %(levelname)s %(message)s
+
+[formatter_debug]
+format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s
diff --git a/elements/keystone/os-config-applier/etc/keystone/policy.json b/elements/keystone/os-config-applier/etc/keystone/policy.json
new file mode 100644
index 00000000..aaf20924
--- /dev/null
+++ b/elements/keystone/os-config-applier/etc/keystone/policy.json
@@ -0,0 +1,57 @@
+{
+    "admin_required": [["role:admin"], ["is_admin:1"]],
+
+    "identity:get_service": [["rule:admin_required"]],
+    "identity:list_services": [["rule:admin_required"]],
+    "identity:create_service": [["rule:admin_required"]],
+    "identity:update_service": [["rule:admin_required"]],
+    "identity:delete_service": [["rule:admin_required"]],
+
+    "identity:get_endpoint": [["rule:admin_required"]],
+    "identity:list_endpoints": [["rule:admin_required"]],
+    "identity:create_endpoint": [["rule:admin_required"]],
+    "identity:update_endpoint": [["rule:admin_required"]],
+    "identity:delete_endpoint": [["rule:admin_required"]],
+
+    "identity:get_domain": [["rule:admin_required"]],
+    "identity:list_domains": [["rule:admin_required"]],
+    "identity:create_domain": [["rule:admin_required"]],
+    "identity:update_domain": [["rule:admin_required"]],
+    "identity:delete_domain": [["rule:admin_required"]],
+
+    "identity:get_project": [["rule:admin_required"]],
+    "identity:list_projects": [["rule:admin_required"]],
+    "identity:list_user_projects": [["rule:admin_required"], ["user_id:%(user_id)s"]],
+    "identity:create_project": [["rule:admin_required"]],
+    "identity:update_project": [["rule:admin_required"]],
+    "identity:delete_project": [["rule:admin_required"]],
+
+    "identity:get_user": [["rule:admin_required"]],
+    "identity:list_users": [["rule:admin_required"]],
+    "identity:create_user": [["rule:admin_required"]],
+    "identity:update_user": [["rule:admin_required"]],
+    "identity:delete_user": [["rule:admin_required"]],
+
+    "identity:get_credential": [["rule:admin_required"]],
+    "identity:list_credentials": [["rule:admin_required"]],
+    "identity:create_credential": [["rule:admin_required"]],
+    "identity:update_credential": [["rule:admin_required"]],
+    "identity:delete_credential": [["rule:admin_required"]],
+
+    "identity:get_role": [["rule:admin_required"]],
+    "identity:list_roles": [["rule:admin_required"]],
+    "identity:create_role": [["rule:admin_required"]],
+    "identity:update_roles": [["rule:admin_required"]],
+    "identity:delete_roles": [["rule:admin_required"]],
+
+    "identity:check_grant": [["rule:admin_required"]],
+    "identity:list_grants": [["rule:admin_required"]],
+    "identity:create_grant": [["rule:admin_required"]],
+    "identity:revoke_grant": [["rule:admin_required"]],
+
+    "identity:get_policy": [["rule:admin_required"]],
+    "identity:list_policies": [["rule:admin_required"]],
+    "identity:create_policy": [["rule:admin_required"]],
+    "identity:update_policy": [["rule:admin_required"]],
+    "identity:delete_policy": [["rule:admin_required"]]
+}
diff --git a/elements/os-config-applier/README.md b/elements/os-config-applier/README.md
new file mode 100644
index 00000000..ff4df36a
--- /dev/null
+++ b/elements/os-config-applier/README.md
@@ -0,0 +1,3 @@
+Install os-config-applier. Also copy any templates placed in any element
+root under the sub-directory 'os-config-applier' into the appropriate
+template directory.
diff --git a/elements/os-config-applier/install.d/10-os-config-applier b/elements/os-config-applier/install.d/10-os-config-applier
new file mode 100755
index 00000000..ca4446eb
--- /dev/null
+++ b/elements/os-config-applier/install.d/10-os-config-applier
@@ -0,0 +1,14 @@
+#!/bin/bash
+set -eux
+
+install-packages git-core python-pip
+pip install -U git+https://github.com/tripleo/os-config-applier.git
+
+TEMPLATE_ROOT=$(os-config-applier --print-templates)
+mkdir -p $TEMPLATE_ROOT
+
+cat > /etc/init/os-config-applier.conf <<- eof
+start on runlevel [2345]
+task
+exec os-config-applier
+eof
diff --git a/elements/os-config-applier/install.d/50-os-config-applier b/elements/os-config-applier/install.d/50-os-config-applier
deleted file mode 100755
index 15e63d0f..00000000
--- a/elements/os-config-applier/install.d/50-os-config-applier
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-set -eux
-
-TEMPLATES=git://github.com/tripleo/openstack-config-templates.git
-
-sudo apt-get install --yes git python-pip
-pip install -U git+https://github.com/tripleo/os-config-applier.git
-
-mkdir -p /opt/stack
-git clone $TEMPLATES /opt/stack/openstack-config-templates
-
-runscript=$(os-refresh-config --print-base)/configuration.d/10-os-config-applier
-mkdir -p $(dirname $runscript)
-cat > $runscript <<- eof
-#!/bin/sh
-exec os-config-applier -t /opt/stack/openstack-config-templates/templates
-eof
-chmod 0755 $runscript
diff --git a/elements/os-config-applier/install.d/99-install-config-templates b/elements/os-config-applier/install.d/99-install-config-templates
new file mode 100644
index 00000000..eca064d0
--- /dev/null
+++ b/elements/os-config-applier/install.d/99-install-config-templates
@@ -0,0 +1,8 @@
+#!/bin/bash
+# Note that this relies on the detail that all elements share one dir
+# inside the chroot. This will copy all the files that elements have
+# added to element/os-config-applier into the appropriate location.
+set -eux
+TEMPLATE_ROOT=$(os-config-applier --print-templates)
+TEMPLATE_SOURCE=$(dirname $0)/../os-config-applier
+rsync -r $TEMPLATE_SOURCE/ $TEMPLATE_ROOT/