b2e10bfc5f
This change adds LDAP-related actions in the application lifecycle to
automatically configure resources required for multi-user access to the
OpenStack clients container.
Two hooks are leveraged by this change:
1) Pre apply:
- Verify if LDAP group `openstack` exists:
* If it doesn't, then create it.
- Create volume mount directory (/var/opt/openstack) and assign it
to the group `openstack` (with the right modes/permissions).
3) Post remove:
- Check if the volume mount directory contains one or more user
files created in subdirectories:
* If it does, then keep the directory;
* If it doesn't, then:
- Delete the volume mount directory;
- Delete all members from group `openstack`.
- Delete group `openstack`.
In addition to leveraging lifecycle hooks, this change also updates the
setup scripts -- to include more information about their purpose and to
standardize them as a whole -- and, in special, adds a new script,
called `local_openstackrc`, to configure the access to the OpenStack
clients container.
This script behaves similarly to the `local_starlingxrc` script [2], the
only difference being the extra step of setting up aliases in the
resulting openrc file.
[1] https://review.opendev.org/c/starlingx/openstack-armada-app/+/887369
[2] https://review.opendev.org/c/starlingx/utilities/+/887117
Test Plan:
PASS - Build python3-k8sapp-openstack package
PASS - Build stx-openstack-helm-fluxcd package
PASS - Build stx-openstack helm charts
PASS - Upload/apply stx-openstack
PASS - Verify that the group `openstack` exists
PASS - Verify that the volume mount directory belongs to it
PASS - Verify that the volume mount directory contains all setup scripts
With a local user, e.g., `sysadmin`:
PASS - Source admin-openrc
PASS - Verify that the OpenStack commands are functional
With an LDAP user, e.g., `admin`:
PASS - Make sure it's a member of group `openstack`
If not, login to `sysadmin` and run:
$ sudo ldapaddusertogroup admin openstack
PASS - Source local_openstackrc
PASS - Verify that the OpenStack commands are functional
PASS - Remove/delete stx-openstack
PASS - Verify that the volume mount directory was deleted
PASS - Verify that the group `openstack` was deleted
Story: 2010774
Task: 48351
Change-Id: I0d7c3c951984c2380928850a6a041b1920cd633d
Signed-off-by: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>