117 Commits

Author SHA1 Message Date
Jenkins
db9003e39b Merge "Fix keystone fernet file exchange via ssh" 2016-10-13 13:50:46 +00:00
Christian Berendt
bedca5b35e Fix keystone fernet file exchange via ssh
* install openssh client in keystone-fernet container
* install rsync in keystone-ssh container
* fix syntax issue in ssh configuration
* copy ssh configuration into keystone-fernet container
* copy id_rsa.pub into keystone-ssh container
* copy id_rsa into keystone-fernet container
* use full path to ssh binary in used scripts
* add missing newlines at EOF
* when using type source set /var/lib/keystone as home
  directory for the user keystone

Co-Authored-By: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Change-Id: Id6b41030056a69f6516a054beb2fc0e08226e876
Closes-bug: #1623013
2016-10-12 16:29:34 +00:00
jackning
cebed25608 Change keystone.log's permit to keystone:keystone
At present, keystone.log's user:group permit is root:kolla,
when got token from keystone, it failed. The reason is that:
Permission denied. So it shoud be changed keystone:keystone.

Change-Id: Ibbbf1d88ba16e5040f9068ea9948373d10593514
Closes-Bug: #1631685
2016-10-09 03:26:36 -04:00
Paul Bourke
893f14812d Allow operators to customise keystone source install
TrivialFix

Change-Id: I5fb6e2b72e56e018ed640811a9f4d1d77a3efb11
2016-09-16 11:11:32 +01:00
Paul Bourke
b41247c656 Add header blocks to all Dockerfiles
Change needed to add header blocks to all Dockerfiles, similar to the
base.

Use case is to easily run something before packages are installed, e.g.
to COPY a local rpm in that can be added to the package list.

Change-Id: I1bbfdf0b762da0a392aa8bf47781315b45377bee
Closes-Bug: 1618969
2016-09-13 16:53:31 +01:00
Eduardo Gonzalez
8e98e5f15e Change source with dot at extend_start files
Is a best practice in Unix/Linux scripts to use dots
instead of source command.
Using dots will avoid issues with non BASH shells

TrivialFix
Change-Id: Ie6480a1954f853f79faffa093452715ebd9f7d90
Signed-off-by: Eduardo Gonzalez <dabarren@gmail.com>
2016-08-29 07:29:16 +02:00
Shaun Smekel
524868c632 Add dockerfiles for keystone fernet
This adds the docker aspects of fernet key bootstrapping as well as
distributed key rotation.

- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
  the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
  This will handle key rotations through keystone-manage and trigger
  an rsync to push new tokens to other nodes.

The Ansible component is implemented in:
  https://review.openstack.org/#/c/349366

Change-Id: Id610e00e8c63c7f1bc0974c0aa1b3f44c18e1019
Partially-Implements: blueprint keystone-fernet-token
Partially-Implements: blueprint third-party-plugin-support
2016-08-25 20:13:02 +10:00
Jeffrey Zhang
2a1c25d6e3
Fix Ubuntu binary build and deploy gate
Signed-off-by: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Closes-Bug: #1616349
Change-Id: I82a245474392d22017faf30fa89d6dc5e01ab2c2
2016-08-24 16:14:04 +08:00
Shaun Smekel
a9d08726f5 Handle empty package list for install_packages
Currently if the install_packages macro is run with an empty
package list, it will add a yum or apt-get command with no
packages listed.

This bug fix aims to omit this line when no packages have
been given, or, the operator wants to use the "_override" /
"_remove" functionality to disable all packages being
installed in a Dockerfile.

Co-Authored-By: Paul Bourke <paul.bourke@oracle.com>
Change-Id: Ifaaaebfccc3adb0f2f68a35ac08e59378bc87fdb
Closes-bug: 1612446
2016-08-19 10:49:03 +00:00
Naren Narendra
edcb218a19 Add customizations for keystone
Adds customizations for keystone.

Change-Id: I970e690539388e05f974f92b1e20710cc8de37ed
Partially-Implements: blueprint third-party-plugin-support
2016-08-04 19:56:12 -04:00
Dave Walker (Daviey)
37b95f2ade Add LDAP support to keystone Dockerfile
Currently, the keystone docker image doesn't support LDAP/AD
which is a common to manage users and group for identity
management and authentication.

This change adds ldappool to the builds.

Change-Id: Ida5a58f6c57cd173642f0a801dc9ecd84ded55e8
Closes-Bug: #1600586
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
2016-07-10 12:34:14 +01:00
Ryan Hallisey
e26e278ee0 Add kolla-kubernetes bootstap logic endpoint script
Kolla-kubernetes will setup the endpoints after the bootstrap is
complete.

Closes-bug: #1589282
Change-Id: Ife8d81930af8ef5ad8af166b2f87dae436dc7492
Partially-implements: blueprint kolla-kubernetes-extended-dockerfiles
2016-06-05 12:44:47 -04:00
Ryan Hallisey
2b87c88319 Add kolla-kubernetes bootstrap capability to Keystone
Kolla-kubernetes requires there be an alternative way to bootstrap
the container. Kolla-kubernetes needs to signal the Kubernetes API
endpoint to make the cluster aware a bootstrap is in progress.

Partially-implements: blueprint kolla-kubernetes-extended-dockerfiles
Change-Id: Ie078017496eec81188d4c7c7916a70d1722f8aee
2016-06-05 12:44:34 -04:00
Swapnil Kulkarni (coolsvap)
435b21b90d Update ubuntu dockerfiles for formatting
Change-Id: If4be00b937e14ec93443dcb7249cf17099d57cbe
Closes-Bug: #1569417
2016-05-26 04:09:22 +00:00
Jenkins
0977601ea5 Merge "Revert "Install master's version of an RDO keystone"" 2016-05-12 12:22:29 +00:00
Steven Dake
2a12fbf588 Revert "Install master's version of an RDO keystone"
This was a temporary workaround because RDO didn't update to
keystone bootstrap command operations.

This reverts commit c5f27aa8a69cffd4393ad56dbee1acd7ed5ba4bf.

Closes-Bug: #1573102

Change-Id: Ic6db97cf15d6f96c8e660aa15f089c1f10d6dfa7
2016-05-09 07:29:54 +00:00
Qiu Yu
0a53d16b17 Use updated wsgi file for Keystone 9.0.0 release
httpd/keystone.py is already deprecated in Keystone upstream[1] post
9.0.0 release. This change swiches to use keystone-wsgi-admin and
keystone-wsgi-public to match the upstream change.

[1] 70a42e7a82

Change-Id: Iac3bb7309fc88c3e62bb2e92a3272545cbf9a778
Closes-Bug: #1579275
2016-05-03 12:51:21 -07:00
Carlos Cesario
493650aa5e Change keystone log dir
Proposed patch to change keystone and heka log dir
from /var/log/kolla/apache2/ to /var/log/kolla/keystone/

Closes-Bug: #1560620
Change-Id: I70c65ceba5a301cc56880313ca86f01bd35676cb
2016-03-28 08:51:35 -03:00
SamYaple
28cc39e2fe Fix bad apache2 close
Change-Id: Id19450a566da1bf7b824f0050e7c3e3f73581a9b
Closes-Bug: #1557036
2016-03-21 18:59:50 +00:00
SamYaple
215cfc0345 Remove openstack client from keystone bootstrap
Keystone has merged the rest of thier bootstrap code. Lets take
advantage of that.

TrivialFix

Change-Id: Icfe8a2dca7ae49724fa3290fdfe9fb21b8ba01a2
2016-03-11 14:35:40 -05:00
Steven Dake
c5f27aa8a6 Install master's version of an RDO keystone
RDO isn't moving for approxximately 1 week new packages into
current-passed-ci.  This blocks Sam's keystone bootstrap patch.

To unblock this, we temporarily have provided copr built RPMs
based upon the srpm from RDO and keystone-master tarball.

TrivialFix

Change-Id: Ic0fe30c56e8dd229f2a25157125272324621bad9
2016-03-11 14:35:40 -05:00
SamYaple
d83cb3c473 Retry token retrival in keystone bootstrap script
TrivialFix

Change-Id: I83da0298067d5f37603c52fb312828ea1fbbb00c
2016-03-04 18:14:33 +00:00
Jenkins
ebc1bbb081 Merge "When ansible fails it still reads chaged key" 2016-03-03 23:34:50 +00:00
SamYaple
69c33ce2fe When ansible fails it still reads chaged key
Add changed key failure as well.
Closes-Bug: #1552405

Change-Id: Ic25a57ba20928bee136932cc422713e76dcbe2a1
2016-03-03 22:26:14 +00:00
SamYaple
57124620ab Fix Keystone v3 and Horizon
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that

This also includes removal of unused variables (transforms them into
endpoint url variables)

TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
2016-03-03 15:44:53 +00:00
SamYaple
4edd0baf8d Remove keystone admin token
Admin token has been deprecated upstream. It will be removed in O. We
switch over to the new `keystone-manage bootstrap` method for creating
the initial admin user, role, and project.

Co-Authored-By: Sam Yaple <sam@yaple.net>
Change-Id: I6ca90e8d4c3b71009e24b049b2efbc08c05ebfbf
2016-03-01 00:14:06 +00:00
Jeffrey Zhang
3a10f2d6e9 No need the keystone-dist-paste.ini file
This file is in the expected path when using CentOS binary install

TrivialFix

Change-Id: Ic64d2bed4791250065464b6bdb6cc0992c858aaf
2016-02-28 00:01:36 +08:00
Éric Lemoine
684873b89b Make Heka collect Keystone logs
Partially implements: blueprint heka
Change-Id: I940143876981a04464af67aff65c09a06926701d
2016-02-19 21:49:21 +00:00
SamYaple
8ef7434770 Fix keystone initial auth mechanism
A recent change in keystone [1] has deprecated the token auth
mechanism that we used. We reintroduce it temporarily while a more
permanant solution is worked on.

[1] 5286b4a297

Change-Id: I4d585733a9abd201c1b0680e6196dd2a36db3c7e
Closes-Bug: #1545292
2016-02-14 08:59:13 -07:00
Steven Dake
03568ce863 Install keystone-dist-paste.ini in /etc/keystone
The CentOS packages install a default version of the paste file
but don't install them in the /etc directory.  Kolla doesn't
configure the paste files, so this file never gets setup properly.

With the recent change in Keystone around the default admin_token
being changed, this triggered Keystone to return a 401 Auth error.

A follow-on patch from Sam edits this file, and that patch breaks
the build without this dependent patch.

TrivialFix

Change-Id: Ib1568e186bdd7d19b7e5af151388197755902488
2016-02-14 08:59:11 -07:00
Jenkins
44987794de Merge "Keystone ubuntu binary container" 2015-12-30 08:37:02 +00:00
Artur Zarzycki
b4d692fae2 Keystone ubuntu binary container
Change-Id: Ibacbc5e2d3988c646998f6e69e2ea34c69e039f8
Partially-Implements: blueprint binary-ubuntu
2015-12-30 01:46:26 +01:00
SamYaple
cda0459ad1 Fix pip install settings
There were some inconsistencies with pip install instructions
thoughout Kolla. We fix those here.

Additionally, we fix the virtualenv to properly use the site-packages
on the host if a library is not available in the venv.

Change-Id: Ib84d48e8826bb96060338b3fa0782620c98794a8
Related-Bug: #1524684
Closes-Bug: #1529434
2015-12-27 03:35:35 +00:00
Jeffrey Zhang
b766695f18 Move the admin account creation to register.yml
Create the admin project, user, role and keystone service info by
using ansible task rather than shell script

Closes-Bug: #1526251
Change-Id: Ieee215b9de1618b3d31f3d1a766a9d0ebafdee4d
2015-12-15 23:20:53 +08:00
Michal Rostecki
febcb600f1 Source installation in virtualenv
Use virtualenv for installation of OpenStack projects and
dependencies to avoid conflicts with Python libraries installed
by non-OpenStack binary packages.

Change-Id: I21ecd673b2e93335b1d3dd4e279e940c9d694c3c
Implements: blueprint virtualenv
2015-11-27 10:22:17 +01:00
Swapnil Kulkarni (coolsvap)
59a1c8b9fb Remove hardcoded MAINTAINER in Dockerfiles
Added new option in kolla-build.conf

Change-Id: I45fe51966bcb59ea19d112281ba3d5a1ba091a56
Closes-Bug:#1514304
2015-11-23 11:03:47 +00:00
Paul Bourke
7df3a0bea5 Clean up keystone httpd pid files for RPM distros
In some cases we're seeing httpd not cleaning up properly after itself,
which results in the keystone container failing to restart. This is
confirmed to happen on rpm based distros, but have not had any reports
on Ubuntu.

Change-Id: I58b006189e700f1c851601b4f64dd0fae931103c
Closes-Bug: #1489676
Co-Authored-By: Tim Potter <tpot@hpe.com>
2015-11-05 11:46:14 +00:00
Paul Bourke
be8a366184 Use openstack/requirements for keystone
See Iccb4e99f8e4b6659a19c1817d0f4c697824af25c for context.

Change-Id: Ic4f5732e70b0cda3b3755e8fe33ece3116fa8afc
Partial-Bug: #150530
2015-10-15 11:08:49 +00:00
Sam Yaple
5f200e0446 Fix issue with su and bad kernels
Long story short, some kernels before 3.15 had an issue with using su
in a container when the network namespace was --net=host. The gate
has a 3.10 and a 3.13 kernel and has a problem with this. This changes
everything to use sudo

backport: liberty
Partially-Implements: blueprint functional-testing-gate
Change-Id: I4d79ccaa1cddffcc8393f64e7e1be2538efe33e5
2015-10-13 15:13:55 +00:00
Sam Yaple
cb4e875ae1 Common start.sh
The majority of the start.sh code is identical. This removes that
duplicate code while still maintaining the ability to call code in a
specific container.

The start.sh is moved into /usr/local/bin/kolla_start in the container

The extend_start.sh script is called by the kolla_start script at the
location /usr/local/bin/kolla_extend_start . It always exists because
we create a noop kolla_extend_start in the base directory. We override
it with extend_start.sh in a specific image should we need to.

Of note, the neutron-agents container is exempt from this new
structure due to it being a fat container.

Additionally, we fix the inconsistent permissions throughout. 644 for
repo files and the scripts are set to 755 via a Docker RUN command to
ensure someones local perm change won't break upstream containers.

Change-Id: I7da8d19965463ad30ee522a71183e3f092e0d6ad
Closes-Bug: #1501295
2015-10-06 03:30:26 +00:00
Jenkins
6a622ec82c Merge "Implement a install_type and install_metatype" 2015-09-28 10:49:53 +00:00
Jenkins
aadbbcbee0 Merge "remove set_configs" 2015-09-28 10:34:58 +00:00
Steven Dake
0e99b69de4 Implement a install_type and install_metatype
This prepares for the RHEL OSP implementation by making the build
tool convert all binary-* into an install_type of binary and * into
an install_metatype variable substitution inside the Dockerfiles.
Further binary-* is substituted as install_name to enable proper
building only.

Change-Id: Ib681b29176eb79a3cab12ec824313fdecb6e7a5f
Partially-Implements: blueprint rhel-based-image-support
2015-09-28 03:16:48 -07:00
Sam Yaple
160f1cc011 remove set_configs
Change-Id: I9bb0a1fac63cc326234b0f06b1e56b43e0753279
Partially-Implements: blueprint replace-config-external
2015-09-27 13:44:50 +00:00
Sam Yaple
39aba34b2a Remove all fail sections for Ubuntu
Ubuntu binary is not supported and may never be. Installing from
cloud-archive packaging is only for the current stable distros, Ubuntu
does not have a Delorean type repo. We place a fail message in the
base image to catch this and remove the messages throughout the
project.

An additional fail message is placed to catch all other things.

Change-Id: Id2953f503ebd42226f6a08e75979ae56511c40f7
Implements: blueprint install-from-ubuntu
2015-09-27 08:10:59 +00:00
Sam Yaple
a1b0518b9a Fix removal of config-external
I removed the files but not the COPY commands thus breaking all of
Kolla

Change-Id: I37d3e0cb94a1ecc12971f485f953310ba8fee53c
Partially-Implements: blueprint replace-config-external
2015-09-25 20:08:40 +00:00
Sam Yaple
e2e0fd288f Remove config-external.sh
Removes config-external for all services that have been replaced in
Ansible

Change-Id: I839a14418638b977fbc1d02ba6839811b0f909ea
Partially-Implements: blueprint replace-config-external
2015-09-25 13:00:55 +00:00
rthallisey
180e8c3331 Replace config-external with a JSON file for Keystone
Change-Id: I4c403edb7cd16f587f30a313c1943f070512eda3
Partially-Implements: blueprint replace-config-external
2015-09-18 15:19:06 -04:00
Steven Dake
6992049323 Add 'rhel' for RPM distros
Add 'rhel' to list for RPM based distros.  Also sort the distro
list for rpm packages for affected lines.

Change-Id: Ied4cb3e9763d6c6359f314d16185383ac3e006ed
Partially-Implements: blueprint rhel-based-image-support
2015-09-04 03:12:15 -07:00
Jenkins
91bc4b094c Merge "Allow arbitrary source archive name to be imported into Dockerfile" 2015-09-04 06:24:28 +00:00