x/snap-keystone
Code Issues Proposed changes

Switch to classic confinement

Browse Source 
Classic confinement allows the snap to behave like a traditionally
packaged application with full access to the system, and enables the
use of traditional directories such as /etc and /var/log.

We will continue to store all of the snap's files in $SNAP* directories.
This enables the snap to cleanup after itself if it is removed. However,
traditional directory locations are symlinked to their corresponding
$SNAP* directories.

For example, keystone configs are installed in $SNAP_COMMON/etc/keystone
which has a symlink at /etc/keystone.

The keystone apps then use the traditional directories when running
commands and services.

Change-Id: Ib33d958adab660a092110c4beae928dc9661d0c6
This commit is contained in:
Corey Bryant 2017-03-07 18:19:09 +00:00
parent 8264c3bcaf
commit e62cd74e7e
7 changed files with 44 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bindep.txt
View File

@ -1 +1,2 @@
snapcraft [platform:dpkg]
snapd [platform:dpkg]

38
snap/snap-openstack.yaml
View File

@ -1,25 +1,35 @@
setup:
dirs:
- "{snap_common}/etc/keystone.conf.d"
- "{snap_common}/etc/keystone"
- "{snap_common}/etc/keystone/keystone.conf.d"
- "{snap_common}/etc/keystone/fernet-keys"
- "{snap_common}/etc/uwsgi"
- "{snap_common}/log"
- "{snap_common}/lock"
- "{snap_common}/run"
- "{snap_common}/fernet-keys"
- "{snap_common}/lib/keystone"
- "{snap_common}/lock/keystone"
- "{snap_common}/log/keystone"
- "{snap_common}/log/uwsgi"
- "{snap_common}/run/keystone"
symlinks:
"{snap_common}/etc/keystone": /etc/keystone
"{snap_common}/etc/uwsgi": /etc/uwsgi
"{snap_common}/lib/keystone": /var/lib/keystone
"{snap_common}/lock/keystone": /var/lock/keystone
"{snap_common}/log/keystone": /var/log/keystone
"{snap_common}/log/uwsgi": /var/log/uwsgi
"{snap_common}/run/keystone": /var/run/keystone
templates:
"keystone-snap.conf.j2": "{snap_common}/etc/keystone.conf.d/keystone-snap.conf"
"admin.ini.j2": "{snap_common}/etc/uwsgi/admin.ini"
"public.ini.j2": "{snap_common}/etc/uwsgi/public.ini"
keystone-snap.conf.j2: "{snap_common}/etc/keystone/keystone.conf.d/keystone-snap.conf"
admin.ini.j2: "{snap_common}/etc/uwsgi/keystone-admin.ini"
public.ini.j2: "{snap_common}/etc/uwsgi/keystone-public.ini"
copyfiles:
"{snap}/etc/keystone": "{snap_common}/etc/keystone"
entry_points:
keystone-manage:
binary: keystone-manage
config-files:
- "{snap}/etc/keystone/keystone.conf"
- "{snap_common}/etc/keystone/keystone.conf"
- "/etc/keystone/keystone.conf"
config-dirs:
- "{snap_common}/etc/keystone.conf.d"
- "/etc/keystone/keystone.conf.d"
keystone-api:
type: uwsgi
uwsgi-dir: "{snap_common}/etc/uwsgi"
log-file: "{snap_common}/log/uwsgi.log"
uwsgi-dir: "/etc/uwsgi"
log-file: "/var/log/uwsgi/keystone.log"

4
snap/templates/admin.ini.j2
View File

@ -1,6 +1,6 @@
[uwsgi]
wsgi-file = {{ snap }}/bin/keystone-wsgi-admin
uwsgi-socket = {{ snap_common }}/run/keystone-admin.sock
uwsgi-socket = /var/run/keystone-admin.sock
buffer-size = 65535
http = 0.0.0.0:35357
master = true
@ -9,4 +9,4 @@ processes = 4
thunder-lock = true
plugins = python
lazy-apps = true
pyargv = --config-file={{ snap }}/etc/keystone/keystone.conf --config-dir={{ snap_common }}/etc/keystone.conf.d --log-file={{ snap_common }}/log/keystone.log
pyargv = --config-file=/etc/keystone/keystone.conf --config-dir=/etc/keystone/keystone.conf.d --log-file=/var/log/keystone/keystone.log

6
snap/templates/keystone-snap.conf.j2
View File

@ -1,11 +1,11 @@
[DEFAULT]
# Set state path to writable directory
state_path = {{ snap_common }}
state_path = /var/lib/keystone
[oslo_concurrency]
# Oslo Concurrency lock path
lock_path = {{ snap_common }}/lock
lock_path = /var/lock/keystone
[fernet_tokens]
# Fernet key repository
key_repository = {{ snap_common }}/fernet-keys
key_repository = /etc/keystone/fernet-keys

4
snap/templates/public.ini.j2
View File

@ -1,6 +1,6 @@
[uwsgi]
wsgi-file = {{ snap }}/bin/keystone-wsgi-public
uwsgi-socket = {{ snap_common }}/run/keystone-public.sock
uwsgi-socket = /var/run/keystone-public.sock
buffer-size = 65535
http = 0.0.0.0:5000
master = true
@ -9,4 +9,4 @@ processes = 4
thunder-lock = true
plugins = python
lazy-apps = true
pyargv = --config-file={{ snap }}/etc/keystone/keystone.conf --config-dir={{ snap_common }}/etc/keystone.conf.d --log-file={{ snap_common }}/log/keystone.log
pyargv = --config-file=/etc/keystone/keystone.conf --config-dir=/etc/keystone/keystone.conf.d --log-file=/var/log/keystone/keystone.log

23
snapcraft.yaml
View File

@ -6,20 +6,18 @@ description: |
mechanisms via HTTP primarily for use by projects in the OpenStack
family. It is most commonly deployed as an HTTP interface to existing
identity systems, such as LDAP.
confinement: strict
confinement: classic
grade: devel
environment:
PATH: $PATH:$SNAP/bin/
apps:
api:
command: snap-openstack keystone-api
daemon: simple
plugs:
- network
- network-bind
manage:
command: snap-openstack keystone-manage
plugs:
- network
parts:
keystone:
@ -29,23 +27,18 @@ parts:
python-packages:
- pymysql
- uwsgi
- git+https://github.com/openstack-snaps/snap.openstack#egg=snap.openstack
- git+https://github.com/openstack/snap.openstack#egg=snap.openstack
constraints: https://raw.githubusercontent.com/openstack/requirements/master/upper-constraints.txt
build-packages:
- gcc
- libffi-dev
- libssl-dev
- libxml2-dev
- libxslt1-dev
- pkg-config
- gcc
templates:
after:
- keystone
after: [keystone]
plugin: dump
source: snap
config:
after:
- keystone
after: [keystone]
plugin: dump
source: http://tarballs.openstack.org/keystone/keystone-master.tar.gz
organize:

4
tox.ini
View File

@ -6,9 +6,13 @@ skipsdist = True
basepython = python3.5
install_command = pip install {opts} {packages}
passenv = HOME TERM
whitelist_externals =
sudo
snapcraft
[testenv:snap]
deps = -r{toxinidir}/requirements.txt
commands =
sudo snap install core
snapcraft clean
snapcraft snap