summaryrefslogtreecommitdiffstats
path: root/meta-openstack
Commit message (Collapse)AuthorAgeFilesLines
...
* mod-wsgi: allow builds with separated src/build dirsMark Asselstine2014-05-212-0/+71
| | | | | | | | | | Unfortunately the use of apxs, which isn't that friendly with separated src/build dirs, makes things tricky to acheive src/build separation. With the use of a symlink and a few other minor tweaks we are able to get this working. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* pycrypto: void src/build separationMark Asselstine2014-05-211-1/+1
| | | | | | | | distutils.bbclass does not work when there is a build/src separation so inherit autotools-brokensep so continue building in the src dir. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* keystone: allow ability to store tokens in UUID or PKI formatKeith Holman2014-05-122-1/+4
| | | | | | | | | | Since Grizzly release Keystone defaults to storing tokens in PKI format. Some software works better with keystone if tokens are in the older UUID format. This change allows a simple way to set the storage format within the bitbake receipes. The default is to use the newer PKI format. Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
* barbican: package /usr/bin, even when emptyBruce Ashfield2014-05-091-0/+1
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* core: update core components to latest havana/stable releasesBruce Ashfield2014-05-098-75/+14
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* barbican: remove unneeded files from being packagedKeith Holman2014-05-091-0/+2
| | | | | | | | | | | | Issue: US-34303 Barbican source code comes with scripts that are intended to control the service. Added previously was a script for this same purpose that is placed into init.d that integrates more consistently with the system. This makes the need for these scripts redundant. This patch removes the scripts being put into the final system package. Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
* CVE-2014-2828 openstack-keystone: denial of service via V3 API ↵Amy Fong2014-05-082-1/+62
| | | | | | | | | | | authentication chaining The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." Signed-off-by: Amy Fong <amy.fong@windriver.com>
* CVE-2014-0006 Openstack Swift: TempURL timing attackAmy Fong2014-05-082-1/+61
| | | | | | | | | The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack. Signed-off-by: Amy Fong <amy.fong@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* keystone: CVE-2012-5483Amy Fong2014-05-081-1/+1
| | | | | | | | | | | | | tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file. Modify /etc/keystone to have permission 750 Signed-off-by: Amy Fong <amy.fong@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* pysqlite: fix license specification to Zlib (versus zlib)Bruce Ashfield2014-04-241-1/+1
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* python-neutron: the openvswitch agent requires iproute2Mark Asselstine2014-04-231-1/+1
| | | | | | | | We need iproute2 or the agent will fail to start as 'ip' from busybox is not capable enough. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* cleanup: leave source config files pristineMark Asselstine2014-04-236-89/+89
| | | | | | | | | | | | | | Editing the files in ${WORKDIR} using sed or similar tools as part of do_install means they can only be edited once. Supplying a modified CONTROLLER_IP in local.conf and building the image again will not result in the CONTROLLER_IP being properly updated since the substitution placeholders will no longer exist. We therefore simply swap the other of things, installing the configuration files first, then editing them to swap the placeholders. This means we can run the do_install again and again and get the results we expect. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* controller: add barbican to default package listBruce Ashfield2014-04-231-0/+1
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* barbican: ReST API designed for the secure storage, provisioning and ↵Bruce Ashfield2014-04-232-0/+201
| | | | | | | | | | | | management of secrets Introduce the barbican package: https://wiki.openstack.org/wiki/Barbican, to support the management of keys and secrets on an OpenStack system. The barbican api service can be started with the packaged initscript, and has been validated against the barbican quick start guide. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* keystone: add barbican users, roles and endpointsBruce Ashfield2014-04-231-4/+11
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* wsgi: WSGI (PEP 333) Reference LibraryBruce Ashfield2014-04-231-0/+27
| | | | | | barbican uses the standalone wsgi reference library. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* pysqlite: Python interface to SQLite 3Bruce Ashfield2014-04-231-0/+29
| | | | | | barbican uses sqlite for its database, and uses pysqlite to access data. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* oslo.messaging: Oslo Messaging APIBruce Ashfield2014-04-231-0/+27
| | | | | | | Barbican uses the standalone oslo.messaging API, so we introduce the pypi version. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* falcon: An unladen web framework for building APIs and app backendsBruce Ashfield2014-04-231-0/+31
| | | | | | To support Barbican, we introduce the recipe for falcon. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* uwsgi: introduce application serverBruce Ashfield2014-04-231-0/+26
| | | | | | | | While other wsgi integrations are possible (apache, nginx), barbican is developed and supported via uwsgi. So we integrate uwsgi, with the default configuration capable of acting as a gateway for python applications. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* OpenStack: all-in-one nodeAmy Fong2014-04-152-0/+50
| | | | | | Introduce image openstack-image-aio, integrating both compute and controller functionality Signed-off-by: Amy Fong <amy.fong@windriver.com>
* Documentation: add networking READMEsMark Asselstine2014-04-154-0/+1289
| | | | | | | These documents initially cover the 3 main networking building blocks with using Open vSwitch. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
* python-neutron: openvswitch plugin read config filesMark Asselstine2014-04-152-2/+3
| | | | | | | | | | | | | Currently the openvswitch plugin doesn't read any config files so we are unable to configure it properly. Have the init script pass in the config files we are already installing. The config needs local_ip set otherwise it will fail to run. We can't just tack rabbit_host on the end of the conf file as it is in the wrong section, so change this to a substitution. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
* python-neutron: cleanup dhcp agent packagingMark Asselstine2014-04-153-2/+92
| | | | | | | | Cleanup packaging to get the necessary .ini and related files into the dhcp-agent package. Add a cron job to keep things clean. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
* python-neutron: get the l3-agent properly packagedMark Asselstine2014-04-153-4/+82
| | | | | | | | | The recipe had the initial groundwork established to create the l3-agent package but some aspects were incomplete. Add the necessary .ini file and create the initscript necessary to launch the l3-agent at boot time. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
* python-neutron: don't install the empty log directoryMark Asselstine2014-04-151-2/+0
| | | | | | | | | | | Commit 984c2d69f51824a4c1e7b3a448fe24759e594026 [OpenStack: sysvinit scripts - enable logging] added the necessary code to create the log directories in the init scripts start() functions. In addition this directory exists in the 'volatiles' so this code was doing nothing. Removing this to avoid possible confusion around the creating of this directory. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
* python-neutron: remove greedy FILES_Mark Asselstine2014-04-151-1/+3
| | | | | | | | | | We need to use specific filenames instead of a glob to prevent the linuxbridge and openvswitch ini files from being bundled as part of the main package as opposed to their respective packages. Without this change the FILES_ rules for the sub-packages are not effective and the resulting packages are not being populated as expected. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
* python-ipaddr: setup.py for this pkg uses distutilsMark Asselstine2014-04-151-1/+1
| | | | | | | | | | | | Examining the setup.py we find "from distutils.core import setup" we therefor need to inherit distutils, not setuptools. Having the wrong inherit was under certain circumstances causing the do_install to fail with: | error: option --single-version-externally-managed not recognized | ERROR: python setup.py install execution failed. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
* glanceclient: use BPN instead of PNMark Asselstine2014-04-151-1/+1
| | | | | | | | BPN should be used in this case and this also prevents confusing the fetcher code and getting a "The SRCREV_FORMAT variable must be set wh en multiple SCMs are used." error. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
* tgt: Fix the path of header files checkZhenhua Luo2014-04-152-2/+52
| | | | | | | | | | | | Current Makefile will check headers on host instead of Yocto sysroot, following error appears. Change the path of header check. | bs_aio.c:34:20: fatal error: libaio.h: No such file or directory | #include <libaio.h> | ^ | compilation terminated. Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* docs: add README.swiftBruce Ashfield2014-04-111-0/+447
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* glance: enable swift backendVu Tran2014-04-111-2/+6
| | | | | | | | Modify glance config file to allow it to be able to use Swift as backend driver. Signed-off-by: Vu Tran <vu.tran@windriver.com>
* cinder-backup: enable swift backendVu Tran2014-04-112-1/+23
| | | | | | | | | | | | | Modify cinder config file allows cinder-backup to be able to use swift as backend for storing cinder backup volume on Swift cluster. Also add variable CINDER_BACKUP_BACKEND_DRIVER which allows setting default cinder backup backend driver. Right now set it to Swift. Signed-off-by: Vu Tran <vu.tran@windriver.com>
* add swift into final imageVu Tran2014-04-111-0/+2
| | | | | | | | Include Swift into final image so that it can be built and included into final rootfs Signed-off-by: Vu Tran <vu.tran@windriver.com>
* keystone: to support swiftVu Tran2014-04-111-0/+11
| | | | | | | | Modify Keystone identity.sh to add Swift user, service, and service endpoints into Keystone. Signed-off-by: Vu Tran <vu.tran@windriver.com>
* swiftclient: add testsVu Tran2014-04-111-1/+6
| | | | | | | | | | | | Introduce swiftclient test package which contains all Swiftclient unit tests. Swiftclient unit tests can be run as: $ cd /usr/lib64/python2.7/site-packages/swiftclient $ nosetests -v tests Signed-off-by: Vu Tran <vu.tran@windriver.com>
* swift: add setup packageVu Tran2014-04-114-2/+429
| | | | | | | | | | | | | | | | | | | | | | | | | Introduce swift setup package. At boot time, this package setups a simple swift cluster including: * 3 zones * each zone has 1 storage device which are based on loopback devices which the backing files size is controlled by variable SWIFT_BACKING_FILE_SIZE The script /etc/swift/swift_setup.sh is also provided to ease the task of setting up a complicated Swift cluster. It reads a cluster config file, which describes what storage devices are included in what rings, and constructs the cluster. For details of how to use swift_setup.sh and the format of Swift cluster config file please refer to the script's help: $ swift_setup.sh Signed-off-by: Vu Tran <vu.tran@windriver.com>
* swift: add testsVu Tran2014-04-112-2/+63
| | | | | | | | | | | | Introduce swift test package which contains all Swift unit tests. Swift unit tests can be run as: $ cd /usr/lib64/python2.7/site-packages/swift $ nosetests -v test Signed-off-by: Vu Tran <vu.tran@windriver.com>
* swift: separate dispersion configVu Tran2014-04-112-0/+23
| | | | | | | | | | There are many changes required for proxy-dispersion config file. So instead of having sed to replace all little details, it's cleaner to add new config file that contains the changes Signed-off-by: Vu Tran <vu.tran@windriver.com>
* swift: separate proxy server configVu Tran2014-04-112-2/+499
| | | | | | | | | | There are many changes required for proxy-server config file. So instead of having sed to replace all little details, it's cleaner to add new config file that contains the changes Signed-off-by: Vu Tran <vu.tran@windriver.com>
* swift: change services config filesVu Tran2014-04-111-1/+19
| | | | | | | | | Modify config files of the following Swift services: contains-server, account-server, and object-server in order for these services are able to start correctly. Signed-off-by: Vu Tran <vu.tran@windriver.com>
* swift: include dnspythonVu Tran2014-04-111-1/+2
| | | | | | | Swift depends on dnspython Signed-off-by: Vu Tran <vu.tran@windriver.com>
* introduce python-dnspython packageVu Tran2014-04-111-0/+22
| | | | | | | | | python-dnspython is DNS toolkit for Python (http://www.dnspython.org/) which is required by python-swift, so introduce it here. Signed-off-by: Vu Tran <vu.tran@windriver.com>
* README: add meta-webserver to layer dependenciesBruce Ashfield2014-04-111-0/+1
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* apache2: move 2.4.2 to danglingBruce Ashfield2014-04-111-0/+0
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* Apache2 changesAmy Fong2014-04-111-0/+15
| | | | | | | | | | | Configure apache's ServerName - modify apache2's configuration file for ServerName to 127.0.0.1:80 In 2.4.7, add symlinks for htdocs and log directory to maintain backward compat with older versions. Signed-off-by: Amy Fong <amy.fong@windriver.com>
* python-horizon: apache mod_wsgi path errorAmy Fong2014-04-112-1/+2
| | | | | | | openstack-dashboard-apache hardcoded libdir, modify this to %LIBDIR% and substitude in the install phase... Signed-off-by: Amy Fong <amy.fong@windriver.com>
* lighttpd change apply to 1.4.33Amy Fong2014-04-111-0/+5
| | | | | | Yocto has verion 1.4.33, add a bbappend for that verison (wrlinux uses 1.4.30) Signed-off-by: Amy Fong <amy.fong@windriver.com>
* memcached:mod-wsgi: use RDPENDS_${PN}Bruce Ashfield2014-04-112-2/+2
| | | | Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* Uprev memcachedAmy Fong2014-04-101-0/+50
| | | | | | | | | memcached from meta-networking had a configuration error (cannot run tests while crosscompiling). Upreving to 1.4.17 and fixing config error. Signed-off-by: Amy Fong <amy.fong@windriver.com>