python-keystone: Add apache vhost server.

This patch set configures an apache vhost server on port 8081 which will serve as the main authentication method and documents the change in README.keystone. Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
author: Liam R. Howlett <Liam.Howlett@WindRiver.com> 2014-09-19 15:51:17 -0400
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2014-09-22 11:46:42 -0400
commit: bf51fa4f053a6aecb816ed7b4dcca64e9bd5b9b3 (patch)
tree: 02bdfd5520ab5c73183b2428baa42d686bb71d77
parent: dcfac869bea8a501177c8419c8fd11c3ed03b21e (diff)
download: meta-cloud-services-bf51fa4f053a6aecb816ed7b4dcca64e9bd5b9b3.tar.gz
3 files changed, 161 insertions, 16 deletions
diff --git a/meta-openstack/Documentation/README.keystone b/meta-openstack/Documentation/README.keystone
new file mode 100644
index 0000000..f8da890
--- /dev/null
+++ b/meta-openstack/Documentation/README.keystone
@@ -0,0 +1,83 @@
+Summary
+=======
+This document is not intended to provide detail of how Keystone in general
+works, but rather it highlights how Keystone is integrated/configured into
+meta-cloud-services and also describes how Keystone is tested to ensure that
+Keystone Verification and Benchmarking components are working correctly.
+Keystone Overview
+==============
+Keystone provides authentication, authorization and service discovery 
+mechanisms via HTTP primarily for use by projects in the OpenStack family. It 
+is most commonly deployed as an HTTP interface to existing identity systems,
+such as LDAP.
+Keystone Deployment
+================
+Keystone is configured to use existing deployment (by using deployment
+configuration file /etc/keystone/keystone{.conf,paste.ini}).  In addition to the
+default configuration files, meta-cloud-services installs a custom httpd file
+apache configuration as /etc/apache2/conf.d/wsgi-keystone.conf along with
+adding the 8081 port to the default /etc/apache2/httpd.conf.  This file
+starts a vhost on port 8081 which will be the replacement for the default server
+running on port 35357 and 5000 in the future.
+Keystone Verification
+==================
+By default, Keystone verification performs the following steps:
+* git clone tempest source from upstream
+* setup virtualenv for this tempest
+* setup testr environment with virtualenv created above
+* create tempest.conf for this tempest
+* use testr and subunit.run module to run tempest
+However, meta-cloud-services already includes tempest which is also 
+configured/modified to have low failure/error testcases, therefore it's desired
+to use this tempest (without using virtualenv) instead of letting Rally to
+download tempest and running it on virtualenv.
+The option "existing_tempest_config" in /etc/keystone/keystone.conf can be used
+to configure Keystone to either use the existing tempest or to download from
+upstream.
+If the option "existing_tempest_config" is not set then Keystone follows the 
+default path.  If "existing_tempest_config" is set to absolute path of tempest
+config folder (which contains tempest "tools" and .testr.conf, e.g. 
+/etc/tempest) then Rally uses this existing tempest.  By default,
+"existing_tempest_config" is set to "/etc/tempest/".
+Build Configuration Options
+===========================
+To have Keystone and tempest included in final built image, include layer
+meta-openstack-controller-test-config into Controller build and
+layer meta-openstack-compute-test-config into Compute build.
+Keystone Built-In Unit Tests
+=========================
+This section describes how to run Keystone built-in unit
+tests which are located at:
+    /usr/lib64/python2.7/site-packages/keystone/tests
+To run Keystone built-in unit test with nosetests:
+    $ cd /usr/lib64/python2.7/site-packages/keystone/tests
+    $ nosetests -v
+References
+==========
+https://wiki.openstack.org/wiki/Keystone
diff --git a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
new file mode 100644
index 0000000..91b95f6
--- /dev/null
+++ b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
@@ -0,0 +1,25 @@
+Listen 8081
+<VirtualHost *:8081>
+    ServerAdmin webmaster@localhost
+    WSGIApplicationGroup %{RESOURCE}
+    WSGIDaemonProcess keystone threads=15 display-name=%{GROUP}
+    WSGIProcessGroup keystone
+    WSGIScriptAlias /keystone/main  /var/www/cgi-bin/keystone/main
+    WSGIScriptAlias /keystone/admin  /var/www/cgi-bin/keystone/admin
+    <Location "/keystone">
+        Authtype none
+    </Location>
+    <Directory /var/www/cgi-bin/keystone/>
+        <IfVersion < 2.3>
+            Order allow,deny
+            Allow from all
+        </IfVersion>
+        <IfVersion >= 2.3>
+            Require all granted
+        </IfVersion>
+    </Directory>
+</VirtualHost>
diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
index a3511db..49aa278 100644
--- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb
+++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=master \
           file://keystone-search-in-etc-directory-for-config-files.patch \
           file://keystone-remove-git-commands-in-tests.patch \
           file://convert_keystone_backend.py \
+           file://wsgi-keystone.conf \
           "
 SRCREV="73ad4036d62b3aa7cf50e11ddf7bee8278bbe4d0"
@@ -51,9 +52,9 @@ SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl a
 python () {
    flags = {'type':'identity',\
             'description':'OpenStack Identity',\
-             'publicurl':"'http://${KEYSTONE_HOST}:5000/v2.0'",\
+             'publicurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'",\
-             'adminurl':"'http://${KEYSTONE_HOST}:35357/v2.0'",\
+             'adminurl':"'http://${KEYSTONE_HOST}:8081/keystone/admin/v2.0'",\
-             'internalurl':"'http://${KEYSTONE_HOST}:5000/v2.0'"}
+             'internalurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'"}
    d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
 }
@@ -62,19 +63,38 @@ do_install_append() {
    KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
    KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
-    install -m 750 -d ${KEYSTONE_CONF_DIR}
+    APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/
+    KEYSTONE_PY_DIR=${D}${datadir}/openstack-dashboard/openstack_dashboard/api/
+    KEYSTONE_CGI_DIR=${D}${localstatedir}/www/cgi-bin/keystone/
+    # Apache needs to read the configs.
+    install -m 755 -d ${KEYSTONE_CONF_DIR}
+    install -m 755 -d ${APACHE_CONF_DIR}
    install -d ${D}${localstatedir}/log/${SRCNAME}
+    install -g users -m 755 -d ${KEYSTONE_CGI_DIR}
+    install -g users -m 755 -d ${KEYSTONE_PY_DIR}
-    install -m 600 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/
+    # Apache needs to read the keystone.conf
+    install -m 644 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/
+    # Apache needs to read the wsgi-keystone.conf
+    install -m 644 ${WORKDIR}/wsgi-keystone.conf ${APACHE_CONF_DIR}
    install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/
-    install -m 600 ${S}/etc/logging.conf.sample \
+    install -m 600 ${S}${sysconfdir}/logging.conf.sample \
        ${KEYSTONE_CONF_DIR}/logging.conf
-    install -m 600 ${S}/etc/policy.json ${KEYSTONE_CONF_DIR}/policy.json
+    install -m 600 ${S}${sysconfdir}/keystone.conf.sample \
-    install -m 600 ${S}/etc/keystone.conf.sample \
        ${KEYSTONE_CONF_DIR}/keystone.conf.sample
-    install -m 600 ${S}/etc/keystone-paste.ini \
+    # Apache user needs to read these files.
+    install -m 644 ${S}${sysconfdir}/policy.json \
+        ${KEYSTONE_CONF_DIR}/policy.json
+    install -m 644 ${S}${sysconfdir}/keystone-paste.ini \
        ${KEYSTONE_CONF_DIR}/keystone-paste.ini
+    install -g users -m 644 ${S}/httpd/keystone.py \
+        ${KEYSTONE_PY_DIR}/keystone-httpd.py
+    install -g users -m 644 ${S}/httpd/keystone.py \
+        ${KEYSTONE_CGI_DIR}/admin
+    install -g users -m 644 ${S}/httpd/keystone.py \
+        ${KEYSTONE_CGI_DIR}/main
    cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}
@@ -92,6 +112,14 @@ do_install_append() {
    sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" \
        -i ${KEYSTONE_CONF_DIR}/keystone.conf
+    sed "/# admin_endpoint = .*/a \
+        public_endpoint = http://${CONTROLLER_IP}:8081/keystone/main/ " \
+        -i ${KEYSTONE_CONF_DIR}/keystone.conf
+    sed "/# admin_endpoint = .*/a \
+        admin_endpoint = http://${CONTROLLER_IP}:8081/keystone/admin/ " \
+        -i ${KEYSTONE_CONF_DIR}/keystone.conf
    if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)};
    then
        install -d ${D}${sysconfdir}/init.d
@@ -121,7 +149,7 @@ driver = keystone.identity.backends.hybrid_identity.Identity \
 \
 [assignment]\
 driver = keystone.assignment.backends.hybrid_assignment.Assignment\
-' ${D}/etc/keystone/keystone.conf
+' ${D}${sysconfdir}/keystone/keystone.conf
        sed -i -e '/^\[ldap\]/a \
 url = ldap://localhost \
@@ -152,7 +180,7 @@ role_member_attribute = member \
 role_id_attribute = cn \
 role_name_attribute = ou \
 role_tree_dn = ou=Roles,${LDAP_DN} \
-' ${D}/etc/keystone/keystone.conf
+' ${D}${sysconfdir}/keystone/keystone.conf
        install -m 0755 ${WORKDIR}/convert_keystone_backend.py \
            ${D}${sysconfdir}/keystone/convert_keystone_backend.py
@@ -177,10 +205,9 @@ pkg_postinst_${SRCNAME}-setup () {
    if [ -z `cat $PIDFILE 2>/dev/null` ]; then
        sudo -u postgres createdb keystone
        keystone-manage db_sync
-        keystone-manage pki_setup --keystone-user=root --keystone-group=root
+        keystone-manage pki_setup --keystone-user=root --keystone-group=daemon
-        if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)};
+        if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
-        then
            /etc/init.d/openldap start
        fi
        /etc/init.d/keystone start
@@ -203,7 +230,8 @@ ALLOW_EMPTY_${SRCNAME}-setup = "1"
 ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"
-FILES_${PN} = "${libdir}/*"
+FILES_${PN} = "${libdir}/* \
+    "
 FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"
@@ -211,6 +239,8 @@ FILES_${SRCNAME} = "${bindir}/* \
    ${sysconfdir}/${SRCNAME}/* \
    ${sysconfdir}/init.d/* \
    ${localstatedir}/* \
+    ${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
+    ${sysconfdir}/apache2/conf.d/wsgi-keystone.conf \
    "
 DEPENDS += " \
@@ -248,7 +278,14 @@ PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
 # TODO:
 #    if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
-RDEPENDS_${SRCNAME} = "${PN} postgresql postgresql-client python-psycopg2"
+RDEPENDS_${SRCNAME} = " \
+    ${PN} \
+    postgresql \
+    postgresql-client \
+    python-psycopg2 \
+    apache2 \
+    "
 RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
 RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"
author	Liam R. Howlett <Liam.Howlett@WindRiver.com>	2014-09-19 15:51:17 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2014-09-22 11:46:42 -0400
commit	bf51fa4f053a6aecb816ed7b4dcca64e9bd5b9b3 (patch)
tree	02bdfd5520ab5c73183b2428baa42d686bb71d77
parent	dcfac869bea8a501177c8419c8fd11c3ed03b21e (diff)
download	meta-cloud-services-bf51fa4f053a6aecb816ed7b4dcca64e9bd5b9b3.tar.gz

diff --git a/meta-openstack/Documentation/README.keystone b/meta-openstack/Documentation/README.keystone new file mode 100644 index 0000000..f8da890 --- /dev/null +++ b/meta-openstack/Documentation/README.keystone
@@ -0,0 +1,83 @@
		1	Summary
		2	=======
		3
		4	This document is not intended to provide detail of how Keystone in general
		5	works, but rather it highlights how Keystone is integrated/configured into
		6	meta-cloud-services and also describes how Keystone is tested to ensure that
		7	Keystone Verification and Benchmarking components are working correctly.
		8
		9
		10	Keystone Overview
		11	==============
		12
		13	Keystone provides authentication, authorization and service discovery
		14	mechanisms via HTTP primarily for use by projects in the OpenStack family. It
		15	is most commonly deployed as an HTTP interface to existing identity systems,
		16	such as LDAP.
		17
		18	Keystone Deployment
		19	================
		20
		21	Keystone is configured to use existing deployment (by using deployment
		22	configuration file /etc/keystone/keystone{.conf,paste.ini}). In addition to the
		23	default configuration files, meta-cloud-services installs a custom httpd file
		24	apache configuration as /etc/apache2/conf.d/wsgi-keystone.conf along with
		25	adding the 8081 port to the default /etc/apache2/httpd.conf. This file
		26	starts a vhost on port 8081 which will be the replacement for the default server
		27	running on port 35357 and 5000 in the future.
		28
		29
		30	Keystone Verification
		31	==================
		32
		33	By default, Keystone verification performs the following steps:
		34
		35	* git clone tempest source from upstream
		36	* setup virtualenv for this tempest
		37	* setup testr environment with virtualenv created above
		38	* create tempest.conf for this tempest
		39	* use testr and subunit.run module to run tempest
		40
		41	However, meta-cloud-services already includes tempest which is also
		42	configured/modified to have low failure/error testcases, therefore it's desired
		43	to use this tempest (without using virtualenv) instead of letting Rally to
		44	download tempest and running it on virtualenv.
		45
		46
		47	The option "existing_tempest_config" in /etc/keystone/keystone.conf can be used
		48	to configure Keystone to either use the existing tempest or to download from
		49	upstream.
		50
		51	If the option "existing_tempest_config" is not set then Keystone follows the
		52	default path. If "existing_tempest_config" is set to absolute path of tempest
		53	config folder (which contains tempest "tools" and .testr.conf, e.g.
		54	/etc/tempest) then Rally uses this existing tempest. By default,
		55	"existing_tempest_config" is set to "/etc/tempest/".
		56
		57
		58	Build Configuration Options
		59	===========================
		60
		61	To have Keystone and tempest included in final built image, include layer
		62	meta-openstack-controller-test-config into Controller build and
		63	layer meta-openstack-compute-test-config into Compute build.
		64
		65
		66	Keystone Built-In Unit Tests
		67	=========================
		68
		69	This section describes how to run Keystone built-in unit
		70	tests which are located at:
		71
		72	/usr/lib64/python2.7/site-packages/keystone/tests
		73
		74	To run Keystone built-in unit test with nosetests:
		75
		76	$ cd /usr/lib64/python2.7/site-packages/keystone/tests
		77	$ nosetests -v
		78
		79
		80	References
		81	==========
		82
		83	https://wiki.openstack.org/wiki/Keystone


diff --git a/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf new file mode 100644 index 0000000..91b95f6 --- /dev/null +++ b/meta-openstack/recipes-devtools/python/python-keystone/wsgi-keystone.conf
@@ -0,0 +1,25 @@
		1	Listen 8081
		2	<VirtualHost *:8081>
		3	ServerAdmin webmaster@localhost
		4	WSGIApplicationGroup %{RESOURCE}
		5	WSGIDaemonProcess keystone threads=15 display-name=%{GROUP}
		6	WSGIProcessGroup keystone
		7	WSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/main
		8	WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin
		9
		10
		11	<Location "/keystone">
		12	Authtype none
		13	</Location>
		14
		15	<Directory /var/www/cgi-bin/keystone/>
		16	<IfVersion < 2.3>
		17	Order allow,deny
		18	Allow from all
		19	</IfVersion>
		20
		21	<IfVersion >= 2.3>
		22	Require all granted
		23	</IfVersion>
		24	</Directory>
		25	</VirtualHost>


diff --git a/meta-openstack/recipes-devtools/python/python-keystone_git.bb b/meta-openstack/recipes-devtools/python/python-keystone_git.bb index a3511db..49aa278 100644 --- a/meta-openstack/recipes-devtools/python/python-keystone_git.bb +++ b/meta-openstack/recipes-devtools/python/python-keystone_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/openstack/${SRCNAME}.git;branch=master \
14	file://keystone-search-in-etc-directory-for-config-files.patch \	14	file://keystone-search-in-etc-directory-for-config-files.patch \
15	file://keystone-remove-git-commands-in-tests.patch \	15	file://keystone-remove-git-commands-in-tests.patch \
16	file://convert_keystone_backend.py \	16	file://convert_keystone_backend.py \
		17	file://wsgi-keystone.conf \
17	"	18	"
18		19
19	SRCREV="73ad4036d62b3aa7cf50e11ddf7bee8278bbe4d0"	20	SRCREV="73ad4036d62b3aa7cf50e11ddf7bee8278bbe4d0"
@@ -51,9 +52,9 @@ SERVICECREATE_PARAM_${SRCNAME}-setup = "name type description region publicurl a
51	python () {	52	python () {
52	flags = {'type':'identity',\	53	flags = {'type':'identity',\
53	'description':'OpenStack Identity',\	54	'description':'OpenStack Identity',\
54	'publicurl':"'http://${KEYSTONE_HOST}:5000/v2.0'",\	55	'publicurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'",\
55	'adminurl':"'http://${KEYSTONE_HOST}:35357/v2.0'",\	56	'adminurl':"'http://${KEYSTONE_HOST}:8081/keystone/admin/v2.0'",\
56	'internalurl':"'http://${KEYSTONE_HOST}:5000/v2.0'"}	57	'internalurl':"'http://${KEYSTONE_HOST}:8081/keystone/main/v2.0'"}
57	d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)	58	d.setVarFlags("SERVICECREATE_PARAM_%s-setup" % d.getVar('SRCNAME',True), flags)
58	}	59	}
59		60
@@ -62,19 +63,38 @@ do_install_append() {
62	KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone	63	KEYSTONE_CONF_DIR=${D}${sysconfdir}/keystone
63	KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone	64	KEYSTONE_PACKAGE_DIR=${D}${PYTHON_SITEPACKAGES_DIR}/keystone
64		65
65	install -m 750 -d ${KEYSTONE_CONF_DIR}	66	APACHE_CONF_DIR=${D}${sysconfdir}/apache2/conf.d/
		67	KEYSTONE_PY_DIR=${D}${datadir}/openstack-dashboard/openstack_dashboard/api/
		68	KEYSTONE_CGI_DIR=${D}${localstatedir}/www/cgi-bin/keystone/
		69
		70	# Apache needs to read the configs.
		71	install -m 755 -d ${KEYSTONE_CONF_DIR}
		72	install -m 755 -d ${APACHE_CONF_DIR}
66		73
67	install -d ${D}${localstatedir}/log/${SRCNAME}	74	install -d ${D}${localstatedir}/log/${SRCNAME}
		75	install -g users -m 755 -d ${KEYSTONE_CGI_DIR}
		76	install -g users -m 755 -d ${KEYSTONE_PY_DIR}
68		77
69	install -m 600 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/	78	# Apache needs to read the keystone.conf
		79	install -m 644 ${WORKDIR}/keystone.conf ${KEYSTONE_CONF_DIR}/
		80	# Apache needs to read the wsgi-keystone.conf
		81	install -m 644 ${WORKDIR}/wsgi-keystone.conf ${APACHE_CONF_DIR}
70	install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/	82	install -m 755 ${WORKDIR}/identity.sh ${KEYSTONE_CONF_DIR}/
71	install -m 600 ${S}/etc/logging.conf.sample \	83	install -m 600 ${S}${sysconfdir}/logging.conf.sample \
72	${KEYSTONE_CONF_DIR}/logging.conf	84	${KEYSTONE_CONF_DIR}/logging.conf
73	install -m 600 ${S}/etc/policy.json ${KEYSTONE_CONF_DIR}/policy.json	85	install -m 600 ${S}${sysconfdir}/keystone.conf.sample \
74	install -m 600 ${S}/etc/keystone.conf.sample \
75	${KEYSTONE_CONF_DIR}/keystone.conf.sample	86	${KEYSTONE_CONF_DIR}/keystone.conf.sample
76	install -m 600 ${S}/etc/keystone-paste.ini \	87	# Apache user needs to read these files.
		88	install -m 644 ${S}${sysconfdir}/policy.json \
		89	${KEYSTONE_CONF_DIR}/policy.json
		90	install -m 644 ${S}${sysconfdir}/keystone-paste.ini \
77	${KEYSTONE_CONF_DIR}/keystone-paste.ini	91	${KEYSTONE_CONF_DIR}/keystone-paste.ini
		92	install -g users -m 644 ${S}/httpd/keystone.py \
		93	${KEYSTONE_PY_DIR}/keystone-httpd.py
		94	install -g users -m 644 ${S}/httpd/keystone.py \
		95	${KEYSTONE_CGI_DIR}/admin
		96	install -g users -m 644 ${S}/httpd/keystone.py \
		97	${KEYSTONE_CGI_DIR}/main
78		98
79	cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}	99	cp -r ${S}/examples ${KEYSTONE_PACKAGE_DIR}
80		100
@@ -92,6 +112,14 @@ do_install_append() {
92	sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" \	112	sed -e "s:%TOKEN_FORMAT%:${TOKEN_FORMAT}:g" \
93	-i ${KEYSTONE_CONF_DIR}/keystone.conf	113	-i ${KEYSTONE_CONF_DIR}/keystone.conf
94		114
		115	sed "/# admin_endpoint = .*/a \
		116	public_endpoint = http://${CONTROLLER_IP}:8081/keystone/main/ " \
		117	-i ${KEYSTONE_CONF_DIR}/keystone.conf
		118
		119	sed "/# admin_endpoint = .*/a \
		120	admin_endpoint = http://${CONTROLLER_IP}:8081/keystone/admin/ " \
		121	-i ${KEYSTONE_CONF_DIR}/keystone.conf
		122
95	if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)};	123	if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)};
96	then	124	then
97	install -d ${D}${sysconfdir}/init.d	125	install -d ${D}${sysconfdir}/init.d
@@ -121,7 +149,7 @@ driver = keystone.identity.backends.hybrid_identity.Identity \
121	\	149	\
122	[assignment]\	150	[assignment]\
123	driver = keystone.assignment.backends.hybrid_assignment.Assignment\	151	driver = keystone.assignment.backends.hybrid_assignment.Assignment\
124	' ${D}/etc/keystone/keystone.conf	152	' ${D}${sysconfdir}/keystone/keystone.conf
125		153
126	sed -i -e '/^\[ldap\]/a \	154	sed -i -e '/^\[ldap\]/a \
127	url = ldap://localhost \	155	url = ldap://localhost \
@@ -152,7 +180,7 @@ role_member_attribute = member \
152	role_id_attribute = cn \	180	role_id_attribute = cn \
153	role_name_attribute = ou \	181	role_name_attribute = ou \
154	role_tree_dn = ou=Roles,${LDAP_DN} \	182	role_tree_dn = ou=Roles,${LDAP_DN} \
155	' ${D}/etc/keystone/keystone.conf	183	' ${D}${sysconfdir}/keystone/keystone.conf
156		184
157	install -m 0755 ${WORKDIR}/convert_keystone_backend.py \	185	install -m 0755 ${WORKDIR}/convert_keystone_backend.py \
158	${D}${sysconfdir}/keystone/convert_keystone_backend.py	186	${D}${sysconfdir}/keystone/convert_keystone_backend.py
@@ -177,10 +205,9 @@ pkg_postinst_${SRCNAME}-setup () {
177	if [ -z `cat $PIDFILE 2>/dev/null` ]; then	205	if [ -z `cat $PIDFILE 2>/dev/null` ]; then
178	sudo -u postgres createdb keystone	206	sudo -u postgres createdb keystone
179	keystone-manage db_sync	207	keystone-manage db_sync
180	keystone-manage pki_setup --keystone-user=root --keystone-group=root	208	keystone-manage pki_setup --keystone-user=root --keystone-group=daemon
181		209
182	if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)};	210	if ${@base_contains('DISTRO_FEATURES', 'OpenLDAP', 'true', 'false', d)}; then
183	then
184	/etc/init.d/openldap start	211	/etc/init.d/openldap start
185	fi	212	fi
186	/etc/init.d/keystone start	213	/etc/init.d/keystone start
@@ -203,7 +230,8 @@ ALLOW_EMPTY_${SRCNAME}-setup = "1"
203		230
204	ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"	231	ALLOW_EMPTY_${SRCNAME}-cronjobs = "1"
205		232
206	FILES_${PN} = "${libdir}/*"	233	FILES_${PN} = "${libdir}/* \
		234	"
207		235
208	FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"	236	FILES_${SRCNAME}-tests = "${sysconfdir}/${SRCNAME}/run_tests.sh"
209		237
@@ -211,6 +239,8 @@ FILES_${SRCNAME} = "${bindir}/* \
211	${sysconfdir}/${SRCNAME}/* \	239	${sysconfdir}/${SRCNAME}/* \
212	${sysconfdir}/init.d/* \	240	${sysconfdir}/init.d/* \
213	${localstatedir}/* \	241	${localstatedir}/* \
		242	${datadir}/openstack-dashboard/openstack_dashboard/api/keystone-httpd.py \
		243	${sysconfdir}/apache2/conf.d/wsgi-keystone.conf \
214	"	244	"
215		245
216	DEPENDS += " \	246	DEPENDS += " \
@@ -248,7 +278,14 @@ PACKAGECONFIG[OpenLDAP] = ",,,python-ldap python-keystone-hybrid-backend"
248	# TODO:	278	# TODO:
249	# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS	279	# if DISTRO_FEATURE contains "tempest" then add *-tests to the main RDEPENDS
250		280
251	RDEPENDS_${SRCNAME} = "${PN} postgresql postgresql-client python-psycopg2"	281	RDEPENDS_${SRCNAME} = " \
		282	${PN} \
		283	postgresql \
		284	postgresql-client \
		285	python-psycopg2 \
		286	apache2 \
		287	"
		288
252	RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"	289	RDEPENDS_${SRCNAME}-setup = "postgresql sudo ${SRCNAME}"
253	RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"	290	RDEPENDS_${SRCNAME}-cronjobs = "cronie ${SRCNAME}"
254		291