Upversioning Keystone and Barbican
- Keystone is now a patched source rpm. The only patch we are maintaining is to support keyring, this will be removed once we completely replace keyring with barbican - No longer patching keystonemiddleware or python-oslo-service as our only patches were to backport upstream fixes, which are now included in the rpms - Turned off the doc building from python-oslo-messaging as it was causing issues during build with the latest dependencies - Tested a standard system install with stx-openstack app deploy as well as a basic distributed cloud install Change-Id: I95333e2410d49e836eb6964542837d750d1ab4f0 Story: 2004765 Task: 28883 Depends-On: https://review.openstack.org/#/c/653086 Signed-off-by: Tyler Smith <tyler.smith@windriver.com>
This commit is contained in:
parent
775ea37b32
commit
1b445a9415
@ -67,6 +67,6 @@ openstack-barbican-common
|
||||
openstack-barbican-keystone-listener
|
||||
openstack-barbican-worker
|
||||
puppet-barbican
|
||||
python-barbican
|
||||
python2-barbican
|
||||
python2-barbicanclient
|
||||
python-ldap3
|
||||
python2-ldap3
|
||||
|
@ -16,7 +16,6 @@ openstack/python-keystoneclient
|
||||
openstack/python-neutronclient
|
||||
openstack/python-novaclient
|
||||
openstack/python-openstackdocstheme
|
||||
openstack/python-oslo-service
|
||||
openstack/python-oslo-messaging
|
||||
openstack/python-pankoclient
|
||||
openstack/rabbitmq-server
|
||||
|
@ -1,5 +1,2 @@
|
||||
TAR_NAME="keystone"
|
||||
SRC_DIR="$CGCS_BASE/git/keystone"
|
||||
TIS_PATCH_VER=1
|
||||
COPY_LIST="$FILES_BASE/*"
|
||||
TIS_BASE_SRCREV=6a67918f9d5f39564af8eacc57b80cba98242683
|
||||
TIS_PATCH_VER=GITREVCOUNT+2
|
||||
|
@ -1,2 +0,0 @@
|
||||
[DEFAULT]
|
||||
log_dir= /var/log/keystone
|
@ -1,11 +0,0 @@
|
||||
/var/log/keystone/*.log {
|
||||
weekly
|
||||
dateext
|
||||
rotate 10
|
||||
size 1M
|
||||
missingok
|
||||
compress
|
||||
notifempty
|
||||
su keystone keystone
|
||||
minsize 100k
|
||||
}
|
@ -1,3 +0,0 @@
|
||||
# By default, keystone starts a service on port 5000
|
||||
# http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
|
||||
net.ipv4.ip_local_reserved_ports = 5000
|
@ -1 +0,0 @@
|
||||
d /run/keystone 0700 keystone keystone -
|
@ -0,0 +1,34 @@
|
||||
From 7feac57d571e49e042adb96738a3688c56adade0 Mon Sep 17 00:00:00 2001
|
||||
From: Tyler Smith <tyler.smith@windriver.com>
|
||||
Date: Mon, 8 Apr 2019 15:33:16 -0400
|
||||
Subject: [PATCH 1/1] Add keyring patch
|
||||
|
||||
---
|
||||
SPECS/openstack-keystone.spec | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/openstack-keystone.spec b/SPECS/openstack-keystone.spec
|
||||
index a20bda1..945de6d 100644
|
||||
--- a/SPECS/openstack-keystone.spec
|
||||
+++ b/SPECS/openstack-keystone.spec
|
||||
@@ -28,7 +28,7 @@ Name: openstack-keystone
|
||||
# https://review.openstack.org/#/q/I6a35fa0dda798fad93b804d00a46af80f08d475c,n,z
|
||||
Epoch: 1
|
||||
Version: 15.0.0
|
||||
-Release: 0.2%{?milestone}%{?dist}
|
||||
+Release: 0.2.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Summary: OpenStack Identity Service
|
||||
License: ASL 2.0
|
||||
URL: http://keystone.openstack.org/
|
||||
@@ -42,6 +42,9 @@ Source3: openstack-keystone.sysctl
|
||||
Source5: openstack-keystone-sample-data
|
||||
Source20: keystone-dist.conf
|
||||
|
||||
+# STX: Include patches here
|
||||
+Patch1: 0001-Rebasing-Keyring-integration.patch
|
||||
+
|
||||
BuildArch: noarch
|
||||
BuildRequires: openstack-macros
|
||||
BuildRequires: python%{pyver}-devel
|
||||
--
|
||||
1.8.3.1
|
@ -0,0 +1,2 @@
|
||||
Add-keyring-patch.patch
|
||||
Update-spec-with-tis-additions.patch
|
@ -0,0 +1,134 @@
|
||||
From 7afb60e6591d9d1e6d6374a85cf516182b660815 Mon Sep 17 00:00:00 2001
|
||||
From: Tyler Smith <tyler.smith@windriver.com>
|
||||
Date: Mon, 8 Apr 2019 15:40:07 -0400
|
||||
Subject: [PATCH 1/1] Update-spec-with-tis-additions
|
||||
|
||||
---
|
||||
SPECS/openstack-keystone.spec | 44 +++++++++++++++++++++++++++++++++++++++----
|
||||
1 file changed, 40 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/SPECS/openstack-keystone.spec b/SPECS/openstack-keystone.spec
|
||||
index 945de6d..74b6ba2 100644
|
||||
--- a/SPECS/openstack-keystone.spec
|
||||
+++ b/SPECS/openstack-keystone.spec
|
||||
@@ -12,7 +12,8 @@
|
||||
%global pyver_build %py%{pyver}_build
|
||||
# End of macros for py2/py3 compatibility
|
||||
|
||||
-%global with_doc 1
|
||||
+#STX: Turn off doc building
|
||||
+%global with_doc 0
|
||||
%global service keystone
|
||||
# guard for package OSP does not support
|
||||
%global rhosp 0
|
||||
@@ -42,6 +43,13 @@ Source3: openstack-keystone.sysctl
|
||||
Source5: openstack-keystone-sample-data
|
||||
Source20: keystone-dist.conf
|
||||
|
||||
+#STX
|
||||
+Source99: openstack-keystone.service
|
||||
+Source100: keystone-all
|
||||
+Source101: keystone-fernet-keys-rotate-active
|
||||
+Source102: password-rules.conf
|
||||
+Source103: public.py
|
||||
+
|
||||
# STX: Include patches here
|
||||
Patch1: 0001-Rebasing-Keyring-integration.patch
|
||||
|
||||
@@ -234,9 +242,9 @@ sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf
|
||||
sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf
|
||||
|
||||
%build
|
||||
-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf
|
||||
-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml
|
||||
-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json
|
||||
+PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf
|
||||
+PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml
|
||||
+PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json
|
||||
# distribution defaults are located in keystone-dist.conf
|
||||
|
||||
%{pyver_build}
|
||||
@@ -251,6 +259,8 @@ PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keyst
|
||||
# Instead, ship an empty file that operators can override.
|
||||
echo "{}" > policy.json
|
||||
|
||||
+# STX: default dir for fernet tokens
|
||||
+install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/
|
||||
install -d -m 755 %{buildroot}%{_sysconfdir}/keystone
|
||||
install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
|
||||
install -p -D -m 640 policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json
|
||||
@@ -261,7 +271,8 @@ install -p -D -m 644 etc/policy.v3cloudsample.json %{buildroot}%{_datadir}/keyst
|
||||
install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf
|
||||
install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates
|
||||
install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html
|
||||
-install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
|
||||
+# STX: don't install a separate keystone logrotate file as this is managed by syslog-ng
|
||||
+#install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
|
||||
install -d -m 755 %{buildroot}%{_prefix}/lib/sysctl.d
|
||||
install -p -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sysctl.d/openstack-keystone.conf
|
||||
# Install sample data script.
|
||||
@@ -270,6 +281,21 @@ install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample
|
||||
# Install sample HTTPD integration files
|
||||
install -p -D -m 644 httpd/wsgi-keystone.conf %{buildroot}%{_datadir}/keystone/
|
||||
|
||||
+# STX install keystone cron script
|
||||
+install -p -D -m 755 %{SOURCE101} %{buildroot}%{_bindir}/keystone-fernet-keys-rotate-active
|
||||
+
|
||||
+# STX: install password rules(readable only)
|
||||
+install -p -D -m 440 %{SOURCE102} %{buildroot}%{_sysconfdir}/keystone/password-rules.conf
|
||||
+
|
||||
+# STX: install keystone public gunicorn app
|
||||
+install -p -D -m 755 %{SOURCE103} %{buildroot}/%{_datarootdir}/keystone/public.py
|
||||
+
|
||||
+# STX: install openstack-keystone service script
|
||||
+install -p -D -m 644 %{SOURCE99} %{buildroot}%{_unitdir}/openstack-keystone.service
|
||||
+
|
||||
+# STX: Install keystone-all bash script
|
||||
+install -p -D -m 755 %{SOURCE100} %{buildroot}%{_bindir}/keystone-all
|
||||
+
|
||||
install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone
|
||||
install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone
|
||||
|
||||
@@ -325,6 +351,10 @@ chmod 660 %{_localstatedir}/log/keystone/keystone.log
|
||||
%{_bindir}/keystone-manage
|
||||
%{_bindir}/keystone-status
|
||||
%{_bindir}/openstack-keystone-sample-data
|
||||
+# STX: add keystone-all
|
||||
+%{_bindir}/keystone-all
|
||||
+# STX: add Keystone fernet keys cron job
|
||||
+%{_bindir}/keystone-fernet-keys-rotate-active
|
||||
%dir %{_datadir}/keystone
|
||||
%attr(0644, root, keystone) %{_datadir}/keystone/keystone-dist.conf
|
||||
%attr(0644, root, keystone) %{_datadir}/keystone/policy.v3cloudsample.json
|
||||
@@ -332,20 +362,26 @@ chmod 660 %{_localstatedir}/log/keystone/keystone.log
|
||||
%attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.json
|
||||
%attr(0755, root, root) %{_datadir}/keystone/sample_data.sh
|
||||
%attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf
|
||||
+# STX: add openstack-keystone sysinit script
|
||||
+%{_unitdir}/openstack-keystone.service
|
||||
%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone
|
||||
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf
|
||||
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf
|
||||
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/policy.json
|
||||
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates
|
||||
%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html
|
||||
-%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
|
||||
+# STX: log rotate not needed
|
||||
+#%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
|
||||
%dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone
|
||||
%dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone
|
||||
%ghost %attr(0660, root, keystone) %{_localstatedir}/log/keystone/keystone.log
|
||||
%{_prefix}/lib/sysctl.d/openstack-keystone.conf
|
||||
-
|
||||
+# STX: add password rules configuration
|
||||
+%attr(0440, root, keystone) %{_sysconfdir}/keystone/password-rules.conf
|
||||
|
||||
%files -n python%{pyver}-keystone -f %{service}.lang
|
||||
+# STX: public.py addition
|
||||
+%{_datarootdir}/keystone/public*.py*
|
||||
%defattr(-,root,root,-)
|
||||
%license LICENSE
|
||||
%{pyver_sitelib}/keystone
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,320 +0,0 @@
|
||||
%global with_doc %{!?_without_doc:1}%{?_without_doc:0}
|
||||
%global service keystone
|
||||
|
||||
%{!?upstream_version: %global upstream_version %{version}%{?milestone}}
|
||||
|
||||
Name: openstack-keystone
|
||||
Epoch: 0
|
||||
Version: 12.0.0
|
||||
Release: 1%{?_tis_dist}.%{tis_patch_ver}
|
||||
Summary: OpenStack Identity Service
|
||||
License: Apache-2.0
|
||||
URL: https://launchpad.net/keystone/
|
||||
Source0: %{service}-%{version}.tar.gz
|
||||
|
||||
Source1: openstack-keystone.logrotate
|
||||
Source2: openstack-keystone.sysctl
|
||||
Source3: openstack-keystone.tmpfiles
|
||||
Source4: openstack-keystone.defaultconf
|
||||
|
||||
#WRS
|
||||
Source99: openstack-keystone.service
|
||||
Source100: keystone-all
|
||||
Source101: keystone-fernet-keys-rotate-active
|
||||
Source102: password-rules.conf
|
||||
Source103: public.py
|
||||
|
||||
BuildArch: noarch
|
||||
BuildRequires: openstack-macros
|
||||
BuildRequires: openstack-tempest
|
||||
BuildRequires: python-webtest
|
||||
BuildRequires: python-bcrypt
|
||||
BuildRequires: python2-devel
|
||||
BuildRequires: python-fixtures
|
||||
BuildRequires: python-freezegun
|
||||
BuildRequires: python-lxml
|
||||
BuildRequires: python-mock
|
||||
# WRS: Required for debian based builds only
|
||||
# use openstackdocstheme on RHEL instead
|
||||
#BuildRequires: python-os-api-ref
|
||||
BuildRequires: python2-openstackdocstheme
|
||||
BuildRequires: python-os-testr
|
||||
# Required to build keystone.conf
|
||||
BuildRequires: python-oslo-cache >= 1.5.0
|
||||
BuildRequires: python-oslo-config >= 2:3.9.0
|
||||
BuildRequires: python-oslotest
|
||||
BuildRequires: python-osprofiler >= 1.1.0
|
||||
BuildRequires: python-pbr >= 1.8
|
||||
BuildRequires: python-subunit
|
||||
BuildRequires: python-reno
|
||||
BuildRequires: python-requests
|
||||
BuildRequires: python2-scrypt
|
||||
BuildRequires: python-testrepository
|
||||
BuildRequires: python-testresources
|
||||
# Required to compile translation files
|
||||
BuildRequires: python-babel
|
||||
|
||||
#WRS: Need these for build_sphinx
|
||||
BuildRequires: tsconfig
|
||||
BuildRequires: python2-pycodestyle
|
||||
|
||||
Requires: python-keystone = %{epoch}:%{version}-%{release}
|
||||
Requires: python-keystoneclient >= 1:2.3.1
|
||||
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
BuildRequires: systemd
|
||||
BuildRequires: systemd-devel
|
||||
BuildRequires: xmlsec1-openssl
|
||||
Requires(pre): shadow-utils
|
||||
|
||||
%description
|
||||
Keystone is a Python implementation of the OpenStack
|
||||
(http://www.openstack.org) identity service API.
|
||||
.
|
||||
This package contains the keystone python libraries.
|
||||
|
||||
%package -n python-keystone
|
||||
Summary: Keystone Python libraries
|
||||
Group: Application/System
|
||||
Requires: python-babel
|
||||
Requires: python-paste
|
||||
Requires: python-paste-deploy
|
||||
Requires: python-PyMySQL
|
||||
Requires: python-routes
|
||||
Requires: python-sqlalchemy
|
||||
Requires: python-webob
|
||||
Requires: python-bcrypt
|
||||
Requires: python-cryptography
|
||||
Requires: python-dogpile-cache
|
||||
Requires: python-jsonschema
|
||||
Requires: python-keystoneclient
|
||||
Requires: python-keystonemiddleware
|
||||
Requires: python-ldappool
|
||||
Requires: python-msgpack
|
||||
Requires: python-oauthlib
|
||||
Requires: python-oslo-cache
|
||||
Requires: python-oslo-concurrency
|
||||
Requires: python-oslo-config
|
||||
Requires: python-oslo-context
|
||||
Requires: python-oslo-db
|
||||
Requires: python-oslo-i18n
|
||||
Requires: python-oslo-log
|
||||
Requires: python-oslo-messaging
|
||||
Requires: python-oslo-middleware
|
||||
Requires: python-oslo-policy
|
||||
Requires: python-oslo-serialization
|
||||
Requires: python-oslo-utils
|
||||
Requires: python-osprofiler
|
||||
Requires: python-passlib
|
||||
Requires: python-pbr
|
||||
Requires: python-pycadf
|
||||
Requires: python-pysaml2
|
||||
Requires: python-memcached
|
||||
Requires: python-six
|
||||
Requires: python-migrate
|
||||
Requires: python-stevedore
|
||||
Requires: python-ldap
|
||||
|
||||
%description -n python-keystone
|
||||
Keystone is a Python implementation of the OpenStack
|
||||
(http://www.openstack.org) identity service API.
|
||||
This package contains the Keystone Python library.
|
||||
|
||||
%package doc
|
||||
Summary: Documentation for OpenStack Identity Service
|
||||
Group: Documentation
|
||||
BuildRequires: python-paste-deploy
|
||||
BuildRequires: python-routes
|
||||
BuildRequires: python-sphinx
|
||||
BuildRequires: python-cryptography
|
||||
BuildRequires: python-dogpile-cache
|
||||
BuildRequires: python-jsonschema
|
||||
BuildRequires: python-keystonemiddleware
|
||||
BuildRequires: python-ldappool
|
||||
BuildRequires: python-msgpack
|
||||
BuildRequires: python-oauthlib
|
||||
BuildRequires: python-oslo-concurrency
|
||||
BuildRequires: python-oslo-db
|
||||
BuildRequires: python-oslo-i18n
|
||||
BuildRequires: python-oslo-log
|
||||
BuildRequires: python-oslo-messaging
|
||||
BuildRequires: python-oslo-middleware
|
||||
BuildRequires: python-oslo-policy
|
||||
BuildRequires: python-oslo-sphinx
|
||||
BuildRequires: python-passlib
|
||||
BuildRequires: python-pysaml2
|
||||
BuildRequires: python-memcached
|
||||
BuildRequires: python2-pip
|
||||
BuildRequires: python2-wheel
|
||||
|
||||
%description doc
|
||||
OpenStack Keystone documentaion.
|
||||
.
|
||||
This package contains the documentation
|
||||
|
||||
%prep
|
||||
%setup -q -n keystone-%{upstream_version}
|
||||
|
||||
find . \( -name .gitignore -o -name .placeholder \) -delete
|
||||
find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \;
|
||||
# Let RPM handle the dependencies
|
||||
rm -f test-requirements.txt requirements.txt
|
||||
|
||||
# adjust paths to WSGI scripts
|
||||
sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf
|
||||
sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf
|
||||
sed -i 's/^warning-is-error.*/warning-is-error = 0/g' setup.cfg
|
||||
|
||||
%build
|
||||
#PYTHONPATH=.
|
||||
# WRS: export PBR version
|
||||
export PBR_VERSION=%{version}
|
||||
%{__python2} setup.py build
|
||||
|
||||
%{__python2} setup.py build_sphinx --builder=html,man
|
||||
# remove the Sphinx-build leftovers
|
||||
rm -rf doc/build/html/.{doctrees,buildinfo}
|
||||
# config file generation
|
||||
oslo-config-generator --config-file config-generator/keystone.conf \
|
||||
--output-file etc/keystone.conf.sample
|
||||
# policy file generation
|
||||
oslopolicy-sample-generator --config-file config-generator/keystone-policy-generator.conf --output-file etc/keystone.policy.yaml
|
||||
|
||||
%py2_build_wheel
|
||||
|
||||
%install
|
||||
# WRS: export PBR version
|
||||
export PBR_VERSION=%{version}
|
||||
%{__python2} setup.py install --skip-build --root %{buildroot}
|
||||
mkdir -p $RPM_BUILD_ROOT/wheels
|
||||
install -m 644 dist/*.whl $RPM_BUILD_ROOT/wheels/
|
||||
|
||||
mkdir -p %{buildroot}%{_mandir}/man1
|
||||
install -d -m 755 %{buildroot}%{_sysconfdir}/keystone
|
||||
install -d -m 755 %{buildroot}%{_sysconfdir}/sysctl.d
|
||||
install -d -m 755 %{buildroot}%{_localstatedir}/{lib,log}/keystone
|
||||
install -d -m 750 %{buildroot}%{_localstatedir}/cache/keystone
|
||||
install -d -m 755 %{buildroot}%{_sysconfdir}/keystone/keystone.conf.d/
|
||||
|
||||
# default dir for fernet tokens
|
||||
install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/
|
||||
install -D -m 644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/keystone.conf
|
||||
install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
|
||||
install -D -m 640 %{SOURCE4} %{buildroot}/%{_sysconfdir}/keystone/keystone.conf.d/010-keystone.conf
|
||||
#install -D -m 440 %{SOURCE5} %{buildroot}/%{_sysconfdir}/keystone/README.config
|
||||
install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf
|
||||
install -p -D -m 640 etc/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/keystone-paste.ini
|
||||
install -p -D -m 640 etc/keystone.policy.yaml %{buildroot}%{_sysconfdir}/keystone/keystone.policy.yaml
|
||||
install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates
|
||||
install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html
|
||||
# WRS: don't install a seperate keystone logrotate file as this is managed by syslog-ng
|
||||
#install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
|
||||
install -p -D -m 644 etc/policy.v3cloudsample.json %{buildroot}%{_datadir}/keystone/policy.v3cloudsample.json
|
||||
install -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysctl.d/openstack-keystone.conf
|
||||
install -p -D -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1/
|
||||
# Install sample data script.
|
||||
install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/keystone/sample_data.sh
|
||||
# Install apache configuration files
|
||||
install -p -D -m 644 httpd/wsgi-keystone.conf %{buildroot}%{_datadir}/keystone/
|
||||
|
||||
# WRS install keystone cron script
|
||||
install -p -D -m 755 %{SOURCE101} %{buildroot}%{_bindir}/keystone-fernet-keys-rotate-active
|
||||
|
||||
# WRS: install password rules(readable only)
|
||||
install -p -D -m 440 %{SOURCE102} %{buildroot}%{_sysconfdir}/keystone/password-rules.conf
|
||||
|
||||
# WRS: install keystone public gunicorn app
|
||||
install -p -D -m 755 %{SOURCE103} %{buildroot}/%{_datarootdir}/keystone/public.py
|
||||
|
||||
# WRS: install openstack-keystone service script
|
||||
install -p -D -m 644 %{SOURCE99} %{buildroot}%{_unitdir}/openstack-keystone.service
|
||||
|
||||
# WRS: Install keystone-all bash script
|
||||
install -p -D -m 755 %{SOURCE100} %{buildroot}%{_bindir}/keystone-all
|
||||
|
||||
%pre
|
||||
# 163:163 for keystone (openstack-keystone) - rhbz#752842
|
||||
getent group keystone >/dev/null || groupadd -r --gid 163 keystone
|
||||
getent passwd keystone >/dev/null || \
|
||||
useradd --uid 163 -r -g keystone -d %{_sharedstatedir}/keystone -s /sbin/nologin \
|
||||
-c "OpenStack Keystone Daemons" keystone
|
||||
exit 0
|
||||
|
||||
# WRS: disable testr
|
||||
#%check
|
||||
# don't want to depend on hacking for package building
|
||||
#rm keystone/tests/unit/test_hacking_checks.py
|
||||
#%{__python2} setup.py testr
|
||||
|
||||
%post
|
||||
%tmpfiles_create %{_tmpfilesdir}/keystone.conf
|
||||
%systemd_post openstack-keystone.service
|
||||
%sysctl_apply openstack-keystone.conf
|
||||
|
||||
%preun
|
||||
%systemd_preun openstack-keystone.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart openstack-keystone.service
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README.rst
|
||||
%{_mandir}/man1/keystone*.1.gz
|
||||
%{_bindir}/keystone-wsgi-admin
|
||||
%{_bindir}/keystone-wsgi-public
|
||||
%{_bindir}/keystone-manage
|
||||
# WRS: add keystone-all as part of newton rebase
|
||||
%{_bindir}/keystone-all
|
||||
# WRS: add Keystone fernet keys cron job
|
||||
%{_bindir}/keystone-fernet-keys-rotate-active
|
||||
%_tmpfilesdir/keystone.conf
|
||||
%dir %{_datadir}/keystone
|
||||
%attr(0644, root, keystone) %{_datadir}/keystone/policy.v3cloudsample.json
|
||||
%attr(0755, root, root) %{_datadir}/keystone/sample_data.sh
|
||||
%attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf
|
||||
# WRS: add openstack-keystone sysVinit script
|
||||
%{_unitdir}/openstack-keystone.service
|
||||
%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone
|
||||
%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone/keystone.conf.d/
|
||||
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf
|
||||
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf.d/010-keystone.conf
|
||||
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone-paste.ini
|
||||
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf
|
||||
%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates
|
||||
%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/keystone.policy.yaml
|
||||
%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html
|
||||
# WRS: add password rules configuration
|
||||
%attr(0440, root, keystone) %{_sysconfdir}/keystone/password-rules.conf
|
||||
|
||||
# WRS: log rotate not needed
|
||||
#%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
|
||||
%dir %attr(0755, %{keystone}, %{keystone}) %{_localstatedir}/lib/keystone
|
||||
%dir %attr(0750, %{keystone}, %{keystone}) %{_localstatedir}/log/keystone
|
||||
%dir %attr(0750, %{keystone}, %{keystone}) %{_localstatedir}/cache/keystone
|
||||
%{_sysconfdir}/sysctl.d/openstack-keystone.conf
|
||||
|
||||
%files -n python-keystone
|
||||
%{_datarootdir}/keystone/public*.py*
|
||||
%defattr(-,root,root,-)
|
||||
%doc README.rst
|
||||
%license LICENSE
|
||||
%{python2_sitelib}/keystone
|
||||
%{python2_sitelib}/keystone-*.egg-info
|
||||
|
||||
%files doc
|
||||
%license LICENSE
|
||||
%doc doc/build/html
|
||||
|
||||
%package wheels
|
||||
Summary: %{name} wheels
|
||||
|
||||
%description wheels
|
||||
Contains python wheels for %{name}
|
||||
|
||||
%files wheels
|
||||
/wheels/*
|
||||
|
||||
%changelog
|
@ -0,0 +1,143 @@
|
||||
From dfe0978f6590818487bb9fc5e9b8156e77a25590 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 8 Apr 2019 15:25:28 -0400
|
||||
Subject: [PATCH 1/1] Rebasing Keyring integration
|
||||
|
||||
---
|
||||
keystone/exception.py | 6 ++++++
|
||||
keystone/identity/core.py | 50 +++++++++++++++++++++++++++++++++++++++++++++++
|
||||
requirements.txt | 1 +
|
||||
3 files changed, 57 insertions(+)
|
||||
|
||||
diff --git a/keystone/exception.py b/keystone/exception.py
|
||||
index b85878b..56601ce 100644
|
||||
--- a/keystone/exception.py
|
||||
+++ b/keystone/exception.py
|
||||
@@ -224,6 +224,12 @@ class ApplicationCredentialLimitExceeded(ForbiddenNotSecurity):
|
||||
"maximum of %(limit)d already exceeded for user.")
|
||||
|
||||
|
||||
+class WRSForbiddenAction(Error):
|
||||
+ message_format = _("That action is not permitted")
|
||||
+ code = 403
|
||||
+ title = 'Forbidden'
|
||||
+
|
||||
+
|
||||
class SecurityError(Error):
|
||||
"""Security error exception.
|
||||
|
||||
diff --git a/keystone/identity/core.py b/keystone/identity/core.py
|
||||
index ed43e76..da7e7ba 100644
|
||||
--- a/keystone/identity/core.py
|
||||
+++ b/keystone/identity/core.py
|
||||
@@ -17,6 +17,7 @@
|
||||
import copy
|
||||
import functools
|
||||
import itertools
|
||||
+import keyring
|
||||
import operator
|
||||
import os
|
||||
import threading
|
||||
@@ -54,6 +55,7 @@ MEMOIZE_ID_MAPPING = cache.get_memoization_decorator(group='identity',
|
||||
|
||||
DOMAIN_CONF_FHEAD = 'keystone.'
|
||||
DOMAIN_CONF_FTAIL = '.conf'
|
||||
+KEYRING_CGCS_SERVICE = "CGCS"
|
||||
|
||||
# The number of times we will attempt to register a domain to use the SQL
|
||||
# driver, if we find that another process is in the middle of registering or
|
||||
@@ -1069,6 +1071,26 @@ class Manager(manager.Manager):
|
||||
if new_ref['domain_id'] != orig_ref['domain_id']:
|
||||
raise exception.ValidationError(_('Cannot change Domain ID'))
|
||||
|
||||
+ def _update_keyring_password(self, user, new_password):
|
||||
+ """Update user password in Keyring backend.
|
||||
+ This method Looks up user entries in Keyring backend
|
||||
+ and accordingly update the corresponding user password.
|
||||
+ :param user : keyring user struct
|
||||
+ :param new_password : new password to set
|
||||
+ """
|
||||
+ if (new_password is not None) and ('name' in user):
|
||||
+ try:
|
||||
+ # only update if an entry exists
|
||||
+ if (keyring.get_password(KEYRING_CGCS_SERVICE, user['name'])):
|
||||
+ keyring.set_password(KEYRING_CGCS_SERVICE,
|
||||
+ user['name'], new_password)
|
||||
+ except (keyring.errors.PasswordSetError, RuntimeError):
|
||||
+ msg = ('Failed to Update Keyring Password for the user %s')
|
||||
+ LOG.warning(msg, user['name'])
|
||||
+ # only raise an exception if this is the admin user
|
||||
+ if (user['name'] == 'admin'):
|
||||
+ raise exception.WRSForbiddenAction(msg % user['name'])
|
||||
+
|
||||
@domains_configured
|
||||
@exception_translated('user')
|
||||
def update_user(self, user_id, user_ref, initiator=None):
|
||||
@@ -1113,6 +1135,13 @@ class Manager(manager.Manager):
|
||||
)
|
||||
notifications.invalidate_token_cache_notification(reason)
|
||||
|
||||
+ # Certain local Keystone users are stored in Keystone as opposed
|
||||
+ # to the default SQL Identity backend, such as the admin user.
|
||||
+ # When its password is updated, we need to update Keyring as well
|
||||
+ # as certain services retrieve this user context from Keyring and
|
||||
+ # will get auth failures
|
||||
+ if ('password' in user) and ('name' in ref):
|
||||
+ self._update_keyring_password(ref, user['password'])
|
||||
return self._set_domain_id_and_mapping(
|
||||
ref, domain_id, driver, mapping.EntityType.USER)
|
||||
|
||||
@@ -1128,6 +1157,7 @@ class Manager(manager.Manager):
|
||||
hints.add_filter('user_id', user_id)
|
||||
fed_users = PROVIDERS.shadow_users_api.list_federated_users_info(hints)
|
||||
|
||||
+ username = user_old.get('name', "")
|
||||
driver.delete_user(entity_id)
|
||||
PROVIDERS.assignment_api.delete_user_assignments(user_id)
|
||||
self.get_user.invalidate(self, user_id)
|
||||
@@ -1141,6 +1171,18 @@ class Manager(manager.Manager):
|
||||
|
||||
PROVIDERS.credential_api.delete_credentials_for_user(user_id)
|
||||
PROVIDERS.id_mapping_api.delete_id_mapping(user_id)
|
||||
+
|
||||
+ # Delete the keyring entry associated with this user (if present)
|
||||
+ try:
|
||||
+ keyring.delete_password(KEYRING_CGCS_SERVICE, username)
|
||||
+ except keyring.errors.PasswordDeleteError:
|
||||
+ LOG.warning(('delete_user: PasswordDeleteError for %s'),
|
||||
+ username)
|
||||
+ pass
|
||||
+ except exception.UserNotFound:
|
||||
+ LOG.warning(('delete_user: UserNotFound for %s'),
|
||||
+ username)
|
||||
+ pass
|
||||
notifications.Audit.deleted(self._USER, user_id, initiator)
|
||||
|
||||
# Invalidate user role assignments cache region, as it may be caching
|
||||
@@ -1390,6 +1432,14 @@ class Manager(manager.Manager):
|
||||
notifications.Audit.updated(self._USER, user_id, initiator)
|
||||
self._persist_revocation_event_for_user(user_id)
|
||||
|
||||
+ user = self.get_user(user_id)
|
||||
+ # Update Keyring password for the 'user' if it
|
||||
+ # has an entry in Keyring
|
||||
+ if (original_password) and ('name' in user):
|
||||
+ # Change the 'user' password in keyring, provided the user
|
||||
+ # has an entry in Keyring backend
|
||||
+ self._update_keyring_password(user, new_password)
|
||||
+
|
||||
@MEMOIZE
|
||||
def _shadow_nonlocal_user(self, user):
|
||||
try:
|
||||
diff --git a/requirements.txt b/requirements.txt
|
||||
index e3de1c6..e6d3536 100644
|
||||
--- a/requirements.txt
|
||||
+++ b/requirements.txt
|
||||
@@ -42,3 +42,4 @@ pycadf!=2.0.0,>=1.1.0 # Apache-2.0
|
||||
msgpack>=0.5.0 # Apache-2.0
|
||||
osprofiler>=1.4.0 # Apache-2.0
|
||||
pytz>=2013.6 # MIT
|
||||
+keyring>=5.3
|
||||
--
|
||||
1.8.3.1
|
||||
|
1
openstack/python-keystone/centos/srpm_path
Normal file
1
openstack/python-keystone/centos/srpm_path
Normal file
@ -0,0 +1 @@
|
||||
mirror:Source/openstack-keystone-15.0.0-0.2.0rc2.el7.src.rpm
|
@ -1,7 +0,0 @@
|
||||
BUILDER=loci
|
||||
LABEL=stx-keystone
|
||||
PROJECT=keystone
|
||||
PROJECT_REPO=https://github.com/openstack/keystone.git
|
||||
PIP_PACKAGES="python-openstackclient ldap ldappool python-ldap pylint"
|
||||
PROFILES="fluent apache"
|
||||
|
@ -1 +0,0 @@
|
||||
TIS_PATCH_VER=1
|
@ -1,35 +0,0 @@
|
||||
commit fd40ac6be0cb4e0dcc8295e9f9673fa5970e0035
|
||||
Author: Shoaib Nasir <shoaib.nasir@windriver.com>
|
||||
Date: Wed Feb 14 17:00:55 2018 -0500
|
||||
|
||||
0001-update-package-versioning-for-TIS-format
|
||||
|
||||
diff --git a/SPECS/python-keystonemiddleware.spec b/SPECS/python-keystonemiddleware.spec
|
||||
index 8ccc7b4..63e83d2 100644
|
||||
--- a/SPECS/python-keystonemiddleware.spec
|
||||
+++ b/SPECS/python-keystonemiddleware.spec
|
||||
@@ -9,7 +9,7 @@
|
||||
|
||||
Name: python-%{sname}
|
||||
Version: 4.17.0
|
||||
-Release: 1%{?dist}
|
||||
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Summary: Middleware for OpenStack Identity
|
||||
|
||||
License: ASL 2.0
|
||||
@@ -133,6 +133,7 @@ rm -rf %{sname}.egg-info
|
||||
sed -i 's/^warning-is-error.*/warning-is-error = 0/g' setup.cfg
|
||||
|
||||
%build
|
||||
+export PBR_VERSION=%{version}
|
||||
%py2_build
|
||||
%if 0%{?with_python3}
|
||||
%py3_build
|
||||
@@ -147,6 +148,7 @@ rm -rf doc/build/html/.{doctrees,buildinfo}
|
||||
|
||||
|
||||
%install
|
||||
+export PBR_VERSION=%{version}
|
||||
%if 0%{?with_python3}
|
||||
%py3_install
|
||||
# Delete tests
|
@ -1,21 +0,0 @@
|
||||
commit 5ba75388d3394c3016570a4e68fb79aebd18bf31
|
||||
Author: Shoaib Nasir <shoaib.nasir@windriver.com>
|
||||
Date: Wed Feb 14 19:01:00 2018 -0500
|
||||
|
||||
WRS: 0002-Upstream-gnnochi-panko-fix
|
||||
|
||||
diff --git a/SPECS/python-keystonemiddleware.spec b/SPECS/python-keystonemiddleware.spec
|
||||
index 63e83d2..cb3c9c9 100644
|
||||
--- a/SPECS/python-keystonemiddleware.spec
|
||||
+++ b/SPECS/python-keystonemiddleware.spec
|
||||
@@ -15,6 +15,10 @@ Summary: Middleware for OpenStack Identity
|
||||
License: ASL 2.0
|
||||
URL: http://launchpad.net/keystonemiddleware
|
||||
Source0: https://tarballs.openstack.org/%{sname}/%{sname}-%{version}.tar.gz
|
||||
+
|
||||
+# WRS
|
||||
+Patch0001: 0001-Upstream-gnnochi-panko-fix.patch
|
||||
+
|
||||
BuildArch: noarch
|
||||
|
||||
|
@ -1,2 +0,0 @@
|
||||
0001-update-package-versioning-for-TIS-format.patch
|
||||
0002-Upstream-gnnochi-panko-fix.patch
|
@ -1,70 +0,0 @@
|
||||
commit c475ceb3658309e5c24bae2423e2ec1b125531d8
|
||||
Author: rpm-build <rpm-build>
|
||||
Date: Wed Feb 14 18:41:21 2018 -0500
|
||||
|
||||
0002-Upstream-gnocchi-panko-bug
|
||||
|
||||
|
||||
Expect paste.deploy and gnocchi/panko options
|
||||
|
||||
The authtoken middleware has been printing warning log messages to
|
||||
the API logs for all services, reporting unexpected conf keys. This
|
||||
was traced back to paste.deploy adding 'here' and '__file__' and
|
||||
both gnocchi and panko adding 'configkey' keys in wsgi apps though
|
||||
these do not actually exist in the conf file. This change allows
|
||||
for those keys without printing a warning that unnecessarily
|
||||
confuses operators.
|
||||
|
||||
But it's kind of a hack, especially the configkey bit. We shouldn't
|
||||
have to know about gnocchi/panko specifics like this. And it doesn't
|
||||
address the comment in the bug about what is seen for ironic. So I
|
||||
think there will still be more to do here.
|
||||
|
||||
Change-Id: I678482309c7dd35ce147bebf13ebefc84251fe91
|
||||
Partial-Bug: 1722444
|
||||
|
||||
Signed-of-by: Shoaib Nasir <shoaib.nasir@windriver.com>
|
||||
|
||||
#enter the commit message for your changes. Lines starting
|
||||
|
||||
diff --git a/keystonemiddleware/_common/config.py b/keystonemiddleware/_common/config.py
|
||||
index 3e38eba..de701b0 100644
|
||||
--- a/keystonemiddleware/_common/config.py
|
||||
+++ b/keystonemiddleware/_common/config.py
|
||||
@@ -49,17 +49,18 @@ def _conf_values_type_convert(group_name, all_options, conf):
|
||||
for k, v in conf.items():
|
||||
dest = k
|
||||
try:
|
||||
- if v is not None:
|
||||
+ # 'here' and '__file__' come from paste.deploy
|
||||
+ # 'configkey' is added by panko and gnocchi
|
||||
+ if v is not None and k not in ['here', '__file__', 'configkey']:
|
||||
type_, dest = opt_types[k]
|
||||
v = type_(v)
|
||||
except KeyError: # nosec
|
||||
- # This option is not known to auth_token. v is not converted.
|
||||
_LOG.warning(
|
||||
- 'The option "%s" in conf is not known to auth_token', k)
|
||||
+ 'The option "%s" is not known to keystonemiddleware', k)
|
||||
except ValueError as e:
|
||||
raise exceptions.ConfigurationError(
|
||||
- _('Unable to convert the value of %(key)s option into correct '
|
||||
- 'type: %(ex)s') % {'key': k, 'ex': e})
|
||||
+ _('Unable to convert the value of option "%(key)s" into '
|
||||
+ 'correct type: %(ex)s') % {'key': k, 'ex': e})
|
||||
opts[dest] = v
|
||||
|
||||
return opts
|
||||
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
|
||||
index 6c66aee..b3aa8ff 100644
|
||||
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
|
||||
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
|
||||
@@ -495,7 +495,7 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
|
||||
conf = {
|
||||
'wrong_key': '123'
|
||||
}
|
||||
- log = 'The option "wrong_key" in conf is not known to auth_token'
|
||||
+ log = 'The option "wrong_key" is not known to keystonemiddleware'
|
||||
auth_token.AuthProtocol(self.fake_app, conf)
|
||||
self.assertThat(self.logger.output, matchers.Contains(log))
|
||||
|
@ -1 +0,0 @@
|
||||
mirror:Source/python-keystonemiddleware-4.17.0-1.el7.src.rpm
|
@ -0,0 +1,25 @@
|
||||
From 1ca217ce27dbb37c131476d0abf32b9deefa80a4 Mon Sep 17 00:00:00 2001
|
||||
From: Tyler Smith <tyler.smith@windriver.com>
|
||||
Date: Wed, 17 Apr 2019 15:56:33 -0400
|
||||
Subject: [PATCH 1/1] turning off doc building
|
||||
|
||||
---
|
||||
SPECS/python-oslo-messaging.spec | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/python-oslo-messaging.spec b/SPECS/python-oslo-messaging.spec
|
||||
index c1f7400..c2aff2c 100644
|
||||
--- a/SPECS/python-oslo-messaging.spec
|
||||
+++ b/SPECS/python-oslo-messaging.spec
|
||||
@@ -2,7 +2,7 @@
|
||||
%if 0%{?fedora} >= 24
|
||||
%global with_python3 1
|
||||
%endif
|
||||
-%global with_doc 1
|
||||
+%global with_doc 0
|
||||
#guard for including python-pyngus (OSP 12 does not ship python-pyngus)
|
||||
%global rhosp 0
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -2,3 +2,4 @@ update-package-versioning-for-tis-format.patch
|
||||
spec-rabbit-increase-heartbeat-rate-to-decrease-polling-interval.patch
|
||||
fix-pifpaf-build-error.patch
|
||||
0004-disable-check-on-build.patch
|
||||
0005-turning-off-doc-building.patch
|
||||
|
@ -1 +0,0 @@
|
||||
TIS_PATCH_VER=2
|
@ -1,2 +0,0 @@
|
||||
update-package-versioning-for-tis-format.patch
|
||||
spec-loopingcall-permit-aborting-while-sleeping.patch
|
@ -1,27 +0,0 @@
|
||||
From e6daf4d7dbe603e82a267d6d99a454453b902f68 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 14:42:44 -0400
|
||||
Subject: [PATCH] WRS: spec-loopingcall-permit-aborting-while-sleeping.patch
|
||||
|
||||
---
|
||||
SPECS/python-oslo-service.spec | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/SPECS/python-oslo-service.spec b/SPECS/python-oslo-service.spec
|
||||
index 658bb42..5ff8f34 100644
|
||||
--- a/SPECS/python-oslo-service.spec
|
||||
+++ b/SPECS/python-oslo-service.spec
|
||||
@@ -14,6 +14,10 @@ Summary: Oslo service library
|
||||
License: ASL 2.0
|
||||
URL: http://launchpad.net/oslo
|
||||
Source0: https://tarballs.openstack.org/%{pypi_name}/%{pypi_name}-%{upstream_version}.tar.gz
|
||||
+
|
||||
+# WRS
|
||||
+Patch0001: loopingcall-permit-aborting-while-sleeping.patch
|
||||
+
|
||||
BuildArch: noarch
|
||||
|
||||
%package -n python2-%{pname}
|
||||
--
|
||||
2.7.4
|
||||
|
@ -1,27 +0,0 @@
|
||||
From 7081d0aaaf782a19251d9e43b543c99c93ab218d Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 14:42:44 -0400
|
||||
Subject: [PATCH 1/2] WRS: update-package-versioning-for-tis-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/python-oslo-service.spec
|
||||
---
|
||||
SPECS/python-oslo-service.spec | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/python-oslo-service.spec b/SPECS/python-oslo-service.spec
|
||||
index d95f88e..658bb42 100644
|
||||
--- a/SPECS/python-oslo-service.spec
|
||||
+++ b/SPECS/python-oslo-service.spec
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
Name: python-%{pname}
|
||||
Version: 1.25.1
|
||||
-Release: 1%{?dist}
|
||||
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Summary: Oslo service library
|
||||
|
||||
License: ASL 2.0
|
||||
--
|
||||
2.7.4
|
||||
|
@ -1,177 +0,0 @@
|
||||
From a4de48a129ff6526ae19533af76730c4707d8a53 Mon Sep 17 00:00:00 2001
|
||||
From: Allain Legacy <allain.legacy@windriver.com>
|
||||
Date: Wed, 31 May 2017 16:18:19 -0400
|
||||
Subject: [PATCH] Permit aborting loopingcall while sleeping
|
||||
|
||||
Some of the openstack services implement worker tasks that are based on
|
||||
the oslo-service LoopingCallBase objects. They do this as a way to have
|
||||
a task that runs periodically as a greenthread within a child worker
|
||||
process. For example, the neutron-server runs AgentStatusCheckWorker()
|
||||
objects as base service workers in its child worker processes.
|
||||
|
||||
When the parent server process handles a SIGTERM signal it attempts to
|
||||
stop all services launched on each of the child worker processes (i.e.,
|
||||
ProcessLauncher.stop()). That results in a stop() being called on each
|
||||
of the underlying base services and then a wait() to ensure that they
|
||||
complete before shutdown.
|
||||
|
||||
If any service that is implemented on a LoopingCallBase related object
|
||||
is suspended on a greenthread.sleep() the previous call to stop() will
|
||||
have no effect and so the wait() will block until the sleep() finishes.
|
||||
For tasks that either have a frequent FixedLoopingBase interface or a
|
||||
short initial_delay this may not be a problem, but for those with a long
|
||||
delay this could mean that the wait() blocks for minutes before the
|
||||
process is allowed to shutdown.
|
||||
|
||||
To solve this the LoopingCallBase calls to greenthread.sleep() are being
|
||||
replaced with a threading.Event() object's wait() method. This allows a
|
||||
caller of stop() to interrupt the sleep and expedite the shutdown.
|
||||
|
||||
Closes-Bug: #1660210
|
||||
|
||||
Change-Id: I5835f9595826df5349e4cc8b1da8529bb960ee04
|
||||
Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
|
||||
---
|
||||
oslo_service/loopingcall.py | 19 +++++++++++++------
|
||||
oslo_service/tests/test_loopingcall.py | 14 +++++++-------
|
||||
2 files changed, 20 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/oslo_service/loopingcall.py b/oslo_service/loopingcall.py
|
||||
index 1747fda..ee2813d 100644
|
||||
--- a/oslo_service/loopingcall.py
|
||||
+++ b/oslo_service/loopingcall.py
|
||||
@@ -18,6 +18,7 @@
|
||||
import random
|
||||
import sys
|
||||
import time
|
||||
+import threading
|
||||
|
||||
from eventlet import event
|
||||
from eventlet import greenthread
|
||||
@@ -85,19 +86,25 @@ class LoopingCallBase(object):
|
||||
self.args = args
|
||||
self.kw = kw
|
||||
self.f = f
|
||||
- self._running = False
|
||||
self._thread = None
|
||||
self.done = None
|
||||
+ self.abort = threading.Event()
|
||||
+
|
||||
+ @property
|
||||
+ def _running(self):
|
||||
+ return not self.abort.is_set()
|
||||
|
||||
def stop(self):
|
||||
- self._running = False
|
||||
+ self.abort.set()
|
||||
|
||||
def wait(self):
|
||||
return self.done.wait()
|
||||
|
||||
def _on_done(self, gt, *args, **kwargs):
|
||||
self._thread = None
|
||||
- self._running = False
|
||||
+
|
||||
+ def _sleep(self, timeout):
|
||||
+ return self.abort.wait(timeout)
|
||||
|
||||
def _start(self, idle_for, initial_delay=None, stop_on_exception=True):
|
||||
"""Start the looping
|
||||
@@ -114,8 +121,8 @@ class LoopingCallBase(object):
|
||||
"""
|
||||
if self._thread is not None:
|
||||
raise RuntimeError(self._RUN_ONLY_ONE_MESSAGE)
|
||||
- self._running = True
|
||||
self.done = event.Event()
|
||||
+ self.abort.clear()
|
||||
self._thread = greenthread.spawn(
|
||||
self._run_loop, idle_for,
|
||||
initial_delay=initial_delay, stop_on_exception=stop_on_exception)
|
||||
@@ -129,7 +136,7 @@ class LoopingCallBase(object):
|
||||
func = self.f if stop_on_exception else _safe_wrapper(self.f, kind,
|
||||
func_name)
|
||||
if initial_delay:
|
||||
- greenthread.sleep(initial_delay)
|
||||
+ self._sleep(initial_delay)
|
||||
try:
|
||||
watch = timeutils.StopWatch()
|
||||
while self._running:
|
||||
@@ -143,7 +150,7 @@ class LoopingCallBase(object):
|
||||
'for %(idle).02f seconds',
|
||||
{'func_name': func_name, 'idle': idle,
|
||||
'kind': kind})
|
||||
- greenthread.sleep(idle)
|
||||
+ self._sleep(idle)
|
||||
except LoopingCallDone as e:
|
||||
self.done.send(e.retvalue)
|
||||
except Exception:
|
||||
diff --git a/oslo_service/tests/test_loopingcall.py b/oslo_service/tests/test_loopingcall.py
|
||||
index 7ac8025..218e9d1 100644
|
||||
--- a/oslo_service/tests/test_loopingcall.py
|
||||
+++ b/oslo_service/tests/test_loopingcall.py
|
||||
@@ -285,7 +285,7 @@ class DynamicLoopingCallTestCase(test_base.BaseTestCase):
|
||||
else:
|
||||
self.num_runs = self.num_runs - 1
|
||||
|
||||
- @mock.patch('eventlet.greenthread.sleep')
|
||||
+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep')
|
||||
def test_timeout_task_without_return(self, sleep_mock):
|
||||
self.num_runs = 1
|
||||
timer = loopingcall.DynamicLoopingCall(
|
||||
@@ -294,7 +294,7 @@ class DynamicLoopingCallTestCase(test_base.BaseTestCase):
|
||||
timer.start(periodic_interval_max=5).wait()
|
||||
sleep_mock.assert_has_calls([mock.call(5)])
|
||||
|
||||
- @mock.patch('eventlet.greenthread.sleep')
|
||||
+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep')
|
||||
def test_interval_adjustment(self, sleep_mock):
|
||||
self.num_runs = 2
|
||||
|
||||
@@ -303,7 +303,7 @@ class DynamicLoopingCallTestCase(test_base.BaseTestCase):
|
||||
|
||||
sleep_mock.assert_has_calls([mock.call(5), mock.call(1)])
|
||||
|
||||
- @mock.patch('eventlet.greenthread.sleep')
|
||||
+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep')
|
||||
def test_initial_delay(self, sleep_mock):
|
||||
self.num_runs = 1
|
||||
|
||||
@@ -315,7 +315,7 @@ class DynamicLoopingCallTestCase(test_base.BaseTestCase):
|
||||
|
||||
class TestBackOffLoopingCall(test_base.BaseTestCase):
|
||||
@mock.patch('random.SystemRandom.gauss')
|
||||
- @mock.patch('eventlet.greenthread.sleep')
|
||||
+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep')
|
||||
def test_exponential_backoff(self, sleep_mock, random_mock):
|
||||
def false():
|
||||
return False
|
||||
@@ -366,7 +366,7 @@ class TestBackOffLoopingCall(test_base.BaseTestCase):
|
||||
self.assertEqual(expected_times, sleep_mock.call_args_list)
|
||||
|
||||
@mock.patch('random.SystemRandom.gauss')
|
||||
- @mock.patch('eventlet.greenthread.sleep')
|
||||
+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep')
|
||||
def test_no_backoff(self, sleep_mock, random_mock):
|
||||
random_mock.return_value = 1
|
||||
func = mock.Mock()
|
||||
@@ -381,7 +381,7 @@ class TestBackOffLoopingCall(test_base.BaseTestCase):
|
||||
self.assertTrue(retvalue, 'return value')
|
||||
|
||||
@mock.patch('random.SystemRandom.gauss')
|
||||
- @mock.patch('eventlet.greenthread.sleep')
|
||||
+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep')
|
||||
def test_no_sleep(self, sleep_mock, random_mock):
|
||||
# Any call that executes properly the first time shouldn't sleep
|
||||
random_mock.return_value = 1
|
||||
@@ -394,7 +394,7 @@ class TestBackOffLoopingCall(test_base.BaseTestCase):
|
||||
self.assertTrue(retvalue, 'return value')
|
||||
|
||||
@mock.patch('random.SystemRandom.gauss')
|
||||
- @mock.patch('eventlet.greenthread.sleep')
|
||||
+ @mock.patch('oslo_service.loopingcall.LoopingCallBase._sleep')
|
||||
def test_max_interval(self, sleep_mock, random_mock):
|
||||
def false():
|
||||
return False
|
||||
--
|
||||
2.7.4
|
||||
|
@ -1 +0,0 @@
|
||||
mirror:Source/python-oslo-service-1.25.1-1.el7.src.rpm
|
Loading…
Reference in New Issue
Block a user