summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlan Pevec <apevec@redhat.com>2012-05-21 17:26:06 (GMT)
committerAlan Pevec <apevec@redhat.com>2012-05-21 23:22:22 (GMT)
commitedd22d669d2c0bb8d591d0da673ea536fa88a46a (patch)
tree570713f885e5b22a36336bded8a0e71527380f45
parentf60fa20e3abfa7ad5a3f91647c364097c41d66c9 (diff)
downloadopenstack-keystone-edd22d66.zip
openstack-keystone-edd22d66.tar.gz
openstack-keystone-edd22d66.tar.xz
Updated patches from master-patches and spec cleanup
- drop dependencies no longer needed by Essex - drop db-setup and config-set scripts, generic versions are now provided by openstack-utils
-rw-r--r--0001-Make-import_nova_auth-only-create-roles-which-don-t-.patch62
-rwxr-xr-xopenstack-config-set25
-rwxr-xr-xopenstack-keystone-db-setup249
-rw-r--r--openstack-keystone.spec43
4 files changed, 82 insertions, 297 deletions
diff --git a/0001-Make-import_nova_auth-only-create-roles-which-don-t-.patch b/0001-Make-import_nova_auth-only-create-roles-which-don-t-.patch
new file mode 100644
index 0000000..65c1c46
--- /dev/null
+++ b/0001-Make-import_nova_auth-only-create-roles-which-don-t-.patch
@@ -0,0 +1,62 @@
+From aff45d69a73033241531f5e3542a8d1782ddd859 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 30 Mar 2012 12:17:48 +0100
+Subject: [PATCH] Make import_nova_auth only create roles which don't already
+ exist
+
+Fixes bug #969088
+
+If a role already exists, there's no particular need for import_nova_auth
+to barf. Instead, we should just use the existing role.
+
+Change-Id: I18ae38af62b4c2b2423e20e436611fc30f844ae1
+---
+ keystone/common/sql/nova.py | 5 ++++-
+ tests/test_migrate_nova_auth.py | 9 +++++++++
+ 2 files changed, 13 insertions(+), 1 deletions(-)
+
+diff --git a/keystone/common/sql/nova.py b/keystone/common/sql/nova.py
+index 2f05fe8..01b14d9 100644
+--- a/keystone/common/sql/nova.py
++++ b/keystone/common/sql/nova.py
+@@ -85,8 +85,11 @@ def _create_memberships(api, memberships, user_map, tenant_map):
+
+
+ def _create_roles(api, roles):
+- role_map = {}
++ role_map = dict((r['name'], r['id']) for r in api.list_roles())
+ for role in roles:
++ if role in role_map:
++ LOG.debug('Ignoring existing role %s' % role)
++ continue
+ role_dict = {
+ 'id': _generate_uuid(),
+ 'name': role,
+diff --git a/tests/test_migrate_nova_auth.py b/tests/test_migrate_nova_auth.py
+index 1be59b1..76b4a60 100644
+--- a/tests/test_migrate_nova_auth.py
++++ b/tests/test_migrate_nova_auth.py
+@@ -14,6 +14,8 @@
+ # License for the specific language governing permissions and limitations
+ # under the License.
+
++import uuid
++
+ from keystone.common.sql import nova
+ from keystone.common.sql import util as sql_util
+ from keystone import config
+@@ -73,7 +75,14 @@ class MigrateNovaAuth(test.TestCase):
+ self.identity_api = identity_sql.Identity()
+ self.ec2_api = ec2_sql.Ec2()
+
++ def _create_role(self, role_name):
++ role_id = uuid.uuid4().hex
++ role_dict = {'id': role_id, 'name': role_name}
++ self.identity_api.create_role(role_id, role_dict)
++
+ def test_import(self):
++ self._create_role('role1')
++
+ nova.import_auth(FIXTURE)
+
+ users = {}
diff --git a/openstack-config-set b/openstack-config-set
deleted file mode 100755
index 0b00cad..0000000
--- a/openstack-config-set
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/usr/bin/python
-
-import iniparse
-import sys
-
-try:
- cfgfile=sys.argv[1]
- section=sys.argv[2]
- parameter=sys.argv[3]
- value=sys.argv[4]
-except:
- print sys.argv[0]+" config_file section parameter value"
- sys.exit(1)
-
-conf=iniparse.ConfigParser()
-conf.read(cfgfile)
-if not conf.has_section(section):
- conf.add_section(section)
- value += '\n'
-conf.set(section, parameter, value)
-
-fp=open(cfgfile,"w")
-conf.write(fp)
-fp.close()
-
diff --git a/openstack-keystone-db-setup b/openstack-keystone-db-setup
deleted file mode 100755
index 23ddea3..0000000
--- a/openstack-keystone-db-setup
+++ /dev/null
@@ -1,249 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2011, Red Hat, Inc.
-# Russell Bryant <rbryant@redhat.com>
-# Alan Pevec <apevec@redhat.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-
-#
-# Print --help output and exit.
-#
-
-# TODO put it in common place for all openstack service
-# (nova, glance and keystone) to use
-APP=keystone
-
-usage() {
-
-cat << EOF
-Set up a local MySQL database for use with openstack-$APP.
-This script will create a '$APP' database that is accessible
-only on localhost by user '$APP' with password '$APP'.
-The setup of MySQL with a multi-server OpenStack installation
-is outside of the scope of this simple helper script.
-
-Usage: openstack-$APP-db-setup [options]
-Options:
- --help | -h
- Print usage information.
- --password <pw> | -p <pw>
- Specify the password for the '$APP' MySQL user that $APP will
- use to connect to the '$APP' MySQL database. By default,
- the password '$APP' will be used.
- --rootpw <pw> | -r <pw>
- Specify the root MySQL password. If the script installs
- the MySQL server, it will set the root password to this value
- instead of prompting for a password. If the MySQL server is
- already installed, this password will be used to connect to the
- database instead of having to prompt for it.
- --yes | -y
- In cases where the script would normally ask for confirmation
- before doing something, such as installing mysql-server,
- just assume yes. This is useful if you want to run the script
- non-interactively.
-EOF
-
- exit 0
-}
-
-install_mysql_server() {
- if [ -z "${ASSUME_YES}" ] ; then
- yum install mysql-server
- else
- yum install -y mysql-server
- fi
-}
-
-start_mysql_server() {
- systemctl start mysqld.service
-}
-
-MYSQL_APP_PW_DEFAULT="$APP"
-MYSQL_APP_PW=${MYSQL_APP_PW_DEFAULT}
-APP_CONFIG="/etc/$APP/$APP.conf"
-ASSUME_YES=""
-
-while [ $# -gt 0 ]
-do
- case "$1" in
- -h|--help)
- usage
- ;;
- -p|--password)
- shift
- MYSQL_APP_PW=${1}
- ;;
- -r|--rootpw)
- shift
- MYSQL_ROOT_PW=${1}
- ;;
- -y|--yes)
- ASSUME_YES="yes"
- ;;
- *)
- # ignore
- shift
- ;;
- esac
- shift
-done
-
-
-# Make sure MySQL is installed.
-
-NEW_MYSQL_INSTALL=0
-if ! rpm -q mysql-server > /dev/null
-then
- if [ -z "${ASSUME_YES}" ] ; then
- printf "mysql-server is not installed. Would you like to install it now? (y/n): "
- read response
- case "$response" in
- y|Y)
- ;;
- n|N)
- echo "mysql-server must be installed. Please install it before proceeding."
- exit 0
- ;;
- *)
- echo "Invalid response."
- exit 1
- esac
- fi
-
- NEW_MYSQL_INSTALL=1
- install_mysql_server
-fi
-
-
-# Make sure mysqld is running.
-
-if ! systemctl status mysqld.service > /dev/null
-then
- if [ -z "${ASSUME_YES}" ] ; then
- printf "mysqld is not running. Would you like to start it now? (y/n): "
- read response
- case "$response" in
- y|Y)
- ;;
- n|N)
- echo "mysqld must be running. Please start it before proceeding."
- exit 0
- ;;
- *)
- echo "Invalid response."
- exit 1
- esac
- fi
-
- start_mysql_server
-
- # If we both installed and started, ensure it starts at boot
- [ $NEW_MYSQL_INSTALL -eq 1 ] && chkconfig mysqld on
-fi
-
-
-# Get MySQL root access.
-
-if [ $NEW_MYSQL_INSTALL -eq 1 ]
-then
- if [ ! "${MYSQL_ROOT_PW+defined}" ] ; then
- echo "Since this is a fresh installation of MySQL, please set a password for the 'root' mysql user."
-
- PW_MATCH=0
- while [ $PW_MATCH -eq 0 ]
- do
- printf "Enter new password for 'root' mysql user: "
- read -s MYSQL_ROOT_PW
- echo
- printf "Enter new password again: "
- read -s PW2
- echo
- if [ "${MYSQL_ROOT_PW}" = "${PW2}" ] ; then
- PW_MATCH=1
- else
- echo "Passwords did not match."
- fi
- done
- fi
-
- echo "UPDATE mysql.user SET password = password('${MYSQL_ROOT_PW}') WHERE user = 'root'; DELETE FROM mysql.user WHERE user = ''; flush privileges;" | mysql -u root
- if ! [ $? -eq 0 ] ; then
- echo "Failed to set password for 'root' MySQL user."
- exit 1
- fi
-elif [ ! "${MYSQL_ROOT_PW+defined}" ] ; then
- printf "Please enter the password for the 'root' MySQL user: "
- read -s MYSQL_ROOT_PW
- echo
-fi
-
-
-# Sanity check MySQL credentials.
-
-MYSQL_ROOT_PW_ARG=""
-if [ "${MYSQL_ROOT_PW+defined}" ]
-then
- MYSQL_ROOT_PW_ARG="--password=${MYSQL_ROOT_PW}"
-fi
-echo "SELECT 1;" | mysql -u root ${MYSQL_ROOT_PW_ARG} > /dev/null
-if ! [ $? -eq 0 ]
-then
- echo "Failed to connect to the MySQL server. Please check your root user credentials."
- exit 1
-fi
-echo "Verified connectivity to MySQL."
-
-
-# Now create the db.
-
-echo "Creating '$APP' database."
-cat << EOF | mysql -u root ${MYSQL_ROOT_PW_ARG}
-CREATE DATABASE $APP;
-CREATE USER '$APP'@'localhost' IDENTIFIED BY '${MYSQL_APP_PW}';
-CREATE USER '$APP'@'%' IDENTIFIED BY '${MYSQL_APP_PW}';
-GRANT ALL ON $APP.* TO '$APP'@'localhost';
-GRANT ALL ON $APP.* TO '$APP'@'%';
-flush privileges;
-EOF
-
-
-# Make sure $APP configuration has the right MySQL password.
-
-if [ "${MYSQL_APP_PW}" != "${MYSQL_APP_PW_DEFAULT}" ] ; then
- echo "Updating '$APP' database password in ${APP_CONFIG}"
- sed -i -e "s/mysql:\/\/$APP:\(.*\)@/mysql:\/\/$APP:${MYSQL_APP_PW}@/" ${APP_CONFIG}
-fi
-
-
-# Ask openstack-$APP to sync the db.
-
-echo "Asking openstack-$APP to sync the database."
-if [ "${APP}" = "nova" ]; then
- nova-manage db sync
-else
- # glance and keystone
- $APP-manage db_sync
-fi
-
-# Do a final sanity check on the database.
-
-echo "SELECT * FROM migrate_version;" | mysql -u $APP --password=${MYSQL_APP_PW} $APP > /dev/null
-if ! [ $? -eq 0 ]
-then
- echo "Final sanity check failed. File a bug report on bugzilla.redhat.com against the openstack-$APP package."
- exit 1
-fi
-
-echo "Complete!"
diff --git a/openstack-keystone.spec b/openstack-keystone.spec
index 275841e..b249e4f 100644
--- a/openstack-keystone.spec
+++ b/openstack-keystone.spec
@@ -11,7 +11,7 @@
Name: openstack-keystone
Version: 2012.1
-Release: 1%{?dist}
+Release: 2%{?dist}
#Release: 0.1.%{release_letter}%{milestone}%{?dist}
Summary: OpenStack Identity Service
@@ -22,13 +22,17 @@ Source0: http://launchpad.net/keystone/%{release_name}/%{version}/+downlo
#Source0: http://keystone.openstack.org/tarballs/keystone-%{version}%{snaptag}.tar.gz
Source1: openstack-keystone.logrotate
Source2: openstack-keystone.service
-Source3: openstack-keystone-db-setup
-Source4: openstack-config-set
Source5: openstack-keystone-sample-data
+#
+# patches_base=2012.1
+#
+Patch0001: 0001-Make-import_nova_auth-only-create-roles-which-don-t-.patch
+
BuildArch: noarch
BuildRequires: python2-devel
BuildRequires: python-sphinx >= 1.0
+BuildRequires: openstack-utils
BuildRequires: python-iniparse
BuildRequires: systemd-units
@@ -52,18 +56,13 @@ Group: Applications/System
# python-keystone added in 2012.1-0.2.e3
Conflicts: openstack-keystone < 2012.1-0.2.e3
-Requires: python-crypto
-Requires: python-dateutil
Requires: python-eventlet
-Requires: python-httplib2
+Requires: python-iso8601
Requires: python-ldap
Requires: python-lxml
Requires: python-memcached
Requires: python-migrate
-Requires: python-paste
Requires: python-paste-deploy
-Requires: python-paste-script
-Requires: python-prettytable
Requires: python-routes
Requires: python-sqlalchemy
Requires: python-webob
@@ -79,14 +78,15 @@ This package contains the Keystone Python library.
%prep
%setup -q -n keystone-%{version}
+%patch0001 -p1
# change default configuration
-%{SOURCE4} etc/keystone.conf DEFAULT log_file %{_localstatedir}/log/keystone/keystone.log
-%{SOURCE4} etc/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone
-%{SOURCE4} etc/keystone.conf catalog template_file %{_sysconfdir}/keystone/default_catalog.templates
-%{SOURCE4} etc/keystone.conf catalog driver keystone.catalog.backends.sql.Catalog
-%{SOURCE4} etc/keystone.conf identity driver keystone.identity.backends.sql.Identity
-%{SOURCE4} etc/keystone.conf token driver keystone.token.backends.sql.Token
-%{SOURCE4} etc/keystone.conf ec2 driver keystone.contrib.ec2.backends.sql.Ec2
+openstack-config --set etc/keystone.conf DEFAULT log_file %{_localstatedir}/log/keystone/keystone.log
+openstack-config --set etc/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone
+openstack-config --set etc/keystone.conf catalog template_file %{_sysconfdir}/keystone/default_catalog.templates
+openstack-config --set etc/keystone.conf catalog driver keystone.catalog.backends.sql.Catalog
+openstack-config --set etc/keystone.conf identity driver keystone.identity.backends.sql.Identity
+openstack-config --set etc/keystone.conf token driver keystone.token.backends.sql.Token
+openstack-config --set etc/keystone.conf ec2 driver keystone.contrib.ec2.backends.sql.Ec2
find . \( -name .gitignore -o -name .placeholder \) -delete
find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \;
@@ -108,15 +108,10 @@ install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/ke
install -p -D -m 640 etc/policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
install -p -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/openstack-keystone.service
-# Install database setup helper script.
-install -p -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/openstack-keystone-db-setup
# Install sample data script.
install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/%{name}/sample_data.sh
install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data
-# Install configuration helper script.
-install -p -D -m 755 %{SOURCE4} %{buildroot}%{_bindir}/openstack-config-set
-
install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone
install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone
@@ -165,8 +160,6 @@ fi
%doc doc/build/html
%{_bindir}/keystone-all
%{_bindir}/keystone-manage
-%{_bindir}/openstack-config-set
-%{_bindir}/openstack-keystone-db-setup
%{_bindir}/openstack-keystone-sample-data
%{_datadir}/%{name}
%{_datadir}/%{name}/sample_data.sh
@@ -186,6 +179,10 @@ fi
%{python_sitelib}/keystone-%{version}-*.egg-info
%changelog
+* Mon May 21 2012 Alan Pevec <apevec@redhat.com> 2012.1-2
+- Sync up with Essex stable branch
+- Remove dependencies no loner needed by Essex
+
* Thu Apr 05 2012 Alan Pevec <apevec@redhat.com> 2012.1-1
- Essex release