From edd22d669d2c0bb8d591d0da673ea536fa88a46a Mon Sep 17 00:00:00 2001 From: Alan Pevec Date: May 21 2012 23:22:22 +0000 Subject: Updated patches from master-patches and spec cleanup - drop dependencies no longer needed by Essex - drop db-setup and config-set scripts, generic versions are now provided by openstack-utils --- diff --git a/0001-Make-import_nova_auth-only-create-roles-which-don-t-.patch b/0001-Make-import_nova_auth-only-create-roles-which-don-t-.patch new file mode 100644 index 0000000..65c1c46 --- /dev/null +++ b/0001-Make-import_nova_auth-only-create-roles-which-don-t-.patch @@ -0,0 +1,62 @@ +From aff45d69a73033241531f5e3542a8d1782ddd859 Mon Sep 17 00:00:00 2001 +From: Mark McLoughlin +Date: Fri, 30 Mar 2012 12:17:48 +0100 +Subject: [PATCH] Make import_nova_auth only create roles which don't already + exist + +Fixes bug #969088 + +If a role already exists, there's no particular need for import_nova_auth +to barf. Instead, we should just use the existing role. + +Change-Id: I18ae38af62b4c2b2423e20e436611fc30f844ae1 +--- + keystone/common/sql/nova.py | 5 ++++- + tests/test_migrate_nova_auth.py | 9 +++++++++ + 2 files changed, 13 insertions(+), 1 deletions(-) + +diff --git a/keystone/common/sql/nova.py b/keystone/common/sql/nova.py +index 2f05fe8..01b14d9 100644 +--- a/keystone/common/sql/nova.py ++++ b/keystone/common/sql/nova.py +@@ -85,8 +85,11 @@ def _create_memberships(api, memberships, user_map, tenant_map): + + + def _create_roles(api, roles): +- role_map = {} ++ role_map = dict((r['name'], r['id']) for r in api.list_roles()) + for role in roles: ++ if role in role_map: ++ LOG.debug('Ignoring existing role %s' % role) ++ continue + role_dict = { + 'id': _generate_uuid(), + 'name': role, +diff --git a/tests/test_migrate_nova_auth.py b/tests/test_migrate_nova_auth.py +index 1be59b1..76b4a60 100644 +--- a/tests/test_migrate_nova_auth.py ++++ b/tests/test_migrate_nova_auth.py +@@ -14,6 +14,8 @@ + # License for the specific language governing permissions and limitations + # under the License. + ++import uuid ++ + from keystone.common.sql import nova + from keystone.common.sql import util as sql_util + from keystone import config +@@ -73,7 +75,14 @@ class MigrateNovaAuth(test.TestCase): + self.identity_api = identity_sql.Identity() + self.ec2_api = ec2_sql.Ec2() + ++ def _create_role(self, role_name): ++ role_id = uuid.uuid4().hex ++ role_dict = {'id': role_id, 'name': role_name} ++ self.identity_api.create_role(role_id, role_dict) ++ + def test_import(self): ++ self._create_role('role1') ++ + nova.import_auth(FIXTURE) + + users = {} diff --git a/openstack-config-set b/openstack-config-set deleted file mode 100755 index 0b00cad..0000000 --- a/openstack-config-set +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/python - -import iniparse -import sys - -try: - cfgfile=sys.argv[1] - section=sys.argv[2] - parameter=sys.argv[3] - value=sys.argv[4] -except: - print sys.argv[0]+" config_file section parameter value" - sys.exit(1) - -conf=iniparse.ConfigParser() -conf.read(cfgfile) -if not conf.has_section(section): - conf.add_section(section) - value += '\n' -conf.set(section, parameter, value) - -fp=open(cfgfile,"w") -conf.write(fp) -fp.close() - diff --git a/openstack-keystone-db-setup b/openstack-keystone-db-setup deleted file mode 100755 index 23ddea3..0000000 --- a/openstack-keystone-db-setup +++ /dev/null @@ -1,249 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2011, Red Hat, Inc. -# Russell Bryant -# Alan Pevec -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -# -# Print --help output and exit. -# - -# TODO put it in common place for all openstack service -# (nova, glance and keystone) to use -APP=keystone - -usage() { - -cat << EOF -Set up a local MySQL database for use with openstack-$APP. -This script will create a '$APP' database that is accessible -only on localhost by user '$APP' with password '$APP'. -The setup of MySQL with a multi-server OpenStack installation -is outside of the scope of this simple helper script. - -Usage: openstack-$APP-db-setup [options] -Options: - --help | -h - Print usage information. - --password | -p - Specify the password for the '$APP' MySQL user that $APP will - use to connect to the '$APP' MySQL database. By default, - the password '$APP' will be used. - --rootpw | -r - Specify the root MySQL password. If the script installs - the MySQL server, it will set the root password to this value - instead of prompting for a password. If the MySQL server is - already installed, this password will be used to connect to the - database instead of having to prompt for it. - --yes | -y - In cases where the script would normally ask for confirmation - before doing something, such as installing mysql-server, - just assume yes. This is useful if you want to run the script - non-interactively. -EOF - - exit 0 -} - -install_mysql_server() { - if [ -z "${ASSUME_YES}" ] ; then - yum install mysql-server - else - yum install -y mysql-server - fi -} - -start_mysql_server() { - systemctl start mysqld.service -} - -MYSQL_APP_PW_DEFAULT="$APP" -MYSQL_APP_PW=${MYSQL_APP_PW_DEFAULT} -APP_CONFIG="/etc/$APP/$APP.conf" -ASSUME_YES="" - -while [ $# -gt 0 ] -do - case "$1" in - -h|--help) - usage - ;; - -p|--password) - shift - MYSQL_APP_PW=${1} - ;; - -r|--rootpw) - shift - MYSQL_ROOT_PW=${1} - ;; - -y|--yes) - ASSUME_YES="yes" - ;; - *) - # ignore - shift - ;; - esac - shift -done - - -# Make sure MySQL is installed. - -NEW_MYSQL_INSTALL=0 -if ! rpm -q mysql-server > /dev/null -then - if [ -z "${ASSUME_YES}" ] ; then - printf "mysql-server is not installed. Would you like to install it now? (y/n): " - read response - case "$response" in - y|Y) - ;; - n|N) - echo "mysql-server must be installed. Please install it before proceeding." - exit 0 - ;; - *) - echo "Invalid response." - exit 1 - esac - fi - - NEW_MYSQL_INSTALL=1 - install_mysql_server -fi - - -# Make sure mysqld is running. - -if ! systemctl status mysqld.service > /dev/null -then - if [ -z "${ASSUME_YES}" ] ; then - printf "mysqld is not running. Would you like to start it now? (y/n): " - read response - case "$response" in - y|Y) - ;; - n|N) - echo "mysqld must be running. Please start it before proceeding." - exit 0 - ;; - *) - echo "Invalid response." - exit 1 - esac - fi - - start_mysql_server - - # If we both installed and started, ensure it starts at boot - [ $NEW_MYSQL_INSTALL -eq 1 ] && chkconfig mysqld on -fi - - -# Get MySQL root access. - -if [ $NEW_MYSQL_INSTALL -eq 1 ] -then - if [ ! "${MYSQL_ROOT_PW+defined}" ] ; then - echo "Since this is a fresh installation of MySQL, please set a password for the 'root' mysql user." - - PW_MATCH=0 - while [ $PW_MATCH -eq 0 ] - do - printf "Enter new password for 'root' mysql user: " - read -s MYSQL_ROOT_PW - echo - printf "Enter new password again: " - read -s PW2 - echo - if [ "${MYSQL_ROOT_PW}" = "${PW2}" ] ; then - PW_MATCH=1 - else - echo "Passwords did not match." - fi - done - fi - - echo "UPDATE mysql.user SET password = password('${MYSQL_ROOT_PW}') WHERE user = 'root'; DELETE FROM mysql.user WHERE user = ''; flush privileges;" | mysql -u root - if ! [ $? -eq 0 ] ; then - echo "Failed to set password for 'root' MySQL user." - exit 1 - fi -elif [ ! "${MYSQL_ROOT_PW+defined}" ] ; then - printf "Please enter the password for the 'root' MySQL user: " - read -s MYSQL_ROOT_PW - echo -fi - - -# Sanity check MySQL credentials. - -MYSQL_ROOT_PW_ARG="" -if [ "${MYSQL_ROOT_PW+defined}" ] -then - MYSQL_ROOT_PW_ARG="--password=${MYSQL_ROOT_PW}" -fi -echo "SELECT 1;" | mysql -u root ${MYSQL_ROOT_PW_ARG} > /dev/null -if ! [ $? -eq 0 ] -then - echo "Failed to connect to the MySQL server. Please check your root user credentials." - exit 1 -fi -echo "Verified connectivity to MySQL." - - -# Now create the db. - -echo "Creating '$APP' database." -cat << EOF | mysql -u root ${MYSQL_ROOT_PW_ARG} -CREATE DATABASE $APP; -CREATE USER '$APP'@'localhost' IDENTIFIED BY '${MYSQL_APP_PW}'; -CREATE USER '$APP'@'%' IDENTIFIED BY '${MYSQL_APP_PW}'; -GRANT ALL ON $APP.* TO '$APP'@'localhost'; -GRANT ALL ON $APP.* TO '$APP'@'%'; -flush privileges; -EOF - - -# Make sure $APP configuration has the right MySQL password. - -if [ "${MYSQL_APP_PW}" != "${MYSQL_APP_PW_DEFAULT}" ] ; then - echo "Updating '$APP' database password in ${APP_CONFIG}" - sed -i -e "s/mysql:\/\/$APP:\(.*\)@/mysql:\/\/$APP:${MYSQL_APP_PW}@/" ${APP_CONFIG} -fi - - -# Ask openstack-$APP to sync the db. - -echo "Asking openstack-$APP to sync the database." -if [ "${APP}" = "nova" ]; then - nova-manage db sync -else - # glance and keystone - $APP-manage db_sync -fi - -# Do a final sanity check on the database. - -echo "SELECT * FROM migrate_version;" | mysql -u $APP --password=${MYSQL_APP_PW} $APP > /dev/null -if ! [ $? -eq 0 ] -then - echo "Final sanity check failed. File a bug report on bugzilla.redhat.com against the openstack-$APP package." - exit 1 -fi - -echo "Complete!" diff --git a/openstack-keystone.spec b/openstack-keystone.spec index 275841e..b249e4f 100644 --- a/openstack-keystone.spec +++ b/openstack-keystone.spec @@ -11,7 +11,7 @@ Name: openstack-keystone Version: 2012.1 -Release: 1%{?dist} +Release: 2%{?dist} #Release: 0.1.%{release_letter}%{milestone}%{?dist} Summary: OpenStack Identity Service @@ -22,13 +22,17 @@ Source0: http://launchpad.net/keystone/%{release_name}/%{version}/+downlo #Source0: http://keystone.openstack.org/tarballs/keystone-%{version}%{snaptag}.tar.gz Source1: openstack-keystone.logrotate Source2: openstack-keystone.service -Source3: openstack-keystone-db-setup -Source4: openstack-config-set Source5: openstack-keystone-sample-data +# +# patches_base=2012.1 +# +Patch0001: 0001-Make-import_nova_auth-only-create-roles-which-don-t-.patch + BuildArch: noarch BuildRequires: python2-devel BuildRequires: python-sphinx >= 1.0 +BuildRequires: openstack-utils BuildRequires: python-iniparse BuildRequires: systemd-units @@ -52,18 +56,13 @@ Group: Applications/System # python-keystone added in 2012.1-0.2.e3 Conflicts: openstack-keystone < 2012.1-0.2.e3 -Requires: python-crypto -Requires: python-dateutil Requires: python-eventlet -Requires: python-httplib2 +Requires: python-iso8601 Requires: python-ldap Requires: python-lxml Requires: python-memcached Requires: python-migrate -Requires: python-paste Requires: python-paste-deploy -Requires: python-paste-script -Requires: python-prettytable Requires: python-routes Requires: python-sqlalchemy Requires: python-webob @@ -79,14 +78,15 @@ This package contains the Keystone Python library. %prep %setup -q -n keystone-%{version} +%patch0001 -p1 # change default configuration -%{SOURCE4} etc/keystone.conf DEFAULT log_file %{_localstatedir}/log/keystone/keystone.log -%{SOURCE4} etc/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone -%{SOURCE4} etc/keystone.conf catalog template_file %{_sysconfdir}/keystone/default_catalog.templates -%{SOURCE4} etc/keystone.conf catalog driver keystone.catalog.backends.sql.Catalog -%{SOURCE4} etc/keystone.conf identity driver keystone.identity.backends.sql.Identity -%{SOURCE4} etc/keystone.conf token driver keystone.token.backends.sql.Token -%{SOURCE4} etc/keystone.conf ec2 driver keystone.contrib.ec2.backends.sql.Ec2 +openstack-config --set etc/keystone.conf DEFAULT log_file %{_localstatedir}/log/keystone/keystone.log +openstack-config --set etc/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone +openstack-config --set etc/keystone.conf catalog template_file %{_sysconfdir}/keystone/default_catalog.templates +openstack-config --set etc/keystone.conf catalog driver keystone.catalog.backends.sql.Catalog +openstack-config --set etc/keystone.conf identity driver keystone.identity.backends.sql.Identity +openstack-config --set etc/keystone.conf token driver keystone.token.backends.sql.Token +openstack-config --set etc/keystone.conf ec2 driver keystone.contrib.ec2.backends.sql.Ec2 find . \( -name .gitignore -o -name .placeholder \) -delete find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \; @@ -108,15 +108,10 @@ install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/ke install -p -D -m 640 etc/policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone install -p -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/openstack-keystone.service -# Install database setup helper script. -install -p -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/openstack-keystone-db-setup # Install sample data script. install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/%{name}/sample_data.sh install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data -# Install configuration helper script. -install -p -D -m 755 %{SOURCE4} %{buildroot}%{_bindir}/openstack-config-set - install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone @@ -165,8 +160,6 @@ fi %doc doc/build/html %{_bindir}/keystone-all %{_bindir}/keystone-manage -%{_bindir}/openstack-config-set -%{_bindir}/openstack-keystone-db-setup %{_bindir}/openstack-keystone-sample-data %{_datadir}/%{name} %{_datadir}/%{name}/sample_data.sh @@ -186,6 +179,10 @@ fi %{python_sitelib}/keystone-%{version}-*.egg-info %changelog +* Mon May 21 2012 Alan Pevec 2012.1-2 +- Sync up with Essex stable branch +- Remove dependencies no loner needed by Essex + * Thu Apr 05 2012 Alan Pevec 2012.1-1 - Essex release