9d491f55a8
The following are included in the switch to strict confinement: * Set snapcraft.yaml confinement to strict and restore/update plugs * Drop building of python as it's not required for strict snaps * Patch setgroups from ngnix since it's not covered by a plug * Switch back to running apps under root * Build libxml into snap Change-Id: I3f73f79844728ffc8e12632e14595e1cd7c375cf
100 lines
3.2 KiB
YAML
100 lines
3.2 KiB
YAML
name: keystone
|
|
version: ocata
|
|
summary: OpenStack Identity Service (keystone)
|
|
description: |
|
|
Keystone provides authentication, authorization and service discovery
|
|
mechanisms via HTTP primarily for use by projects in the OpenStack
|
|
family. It is most commonly deployed as an HTTP interface to existing
|
|
identity systems, such as LDAP.
|
|
confinement: strict
|
|
grade: devel
|
|
|
|
apps:
|
|
uwsgi:
|
|
command: snap-openstack keystone-uwsgi
|
|
daemon: simple
|
|
plugs:
|
|
- network-bind
|
|
nginx:
|
|
command: snap-openstack keystone-nginx
|
|
daemon: forking
|
|
plugs:
|
|
- browser-support
|
|
- network-bind
|
|
manage:
|
|
command: snap-openstack keystone-manage
|
|
aliases:
|
|
- keystone-manage
|
|
plugs:
|
|
- network
|
|
|
|
parts:
|
|
keystone:
|
|
plugin: python
|
|
python-version: python2
|
|
source: http://tarballs.openstack.org/keystone/keystone-stable-ocata.tar.gz
|
|
python-packages:
|
|
- mysql-python
|
|
- pymysql
|
|
- pysqlite
|
|
- uwsgi
|
|
- git+https://github.com/openstack/snap.openstack#egg=snap.openstack
|
|
constraints: https://raw.githubusercontent.com/openstack/requirements/stable/ocata/upper-constraints.txt
|
|
build-packages:
|
|
- gcc
|
|
- libffi-dev
|
|
- libmysqlclient-dev
|
|
- libssl-dev
|
|
- libsqlite3-dev
|
|
install: |
|
|
touch $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/paste/__init__.py
|
|
touch $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/repoze/__init__.py
|
|
export SNAP_ROOT="../../.."
|
|
export SNAP_SITE_PACKAGES="$SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages"
|
|
patch -d $SNAP_SITE_PACKAGES -p1 < $SNAP_ROOT/patches/oslo-config-dirs.patch
|
|
templates:
|
|
after: [keystone]
|
|
plugin: dump
|
|
source: snap
|
|
config:
|
|
after: [keystone]
|
|
plugin: dump
|
|
source: http://tarballs.openstack.org/keystone/keystone-stable-ocata.tar.gz
|
|
organize:
|
|
etc/*.conf: etc/keystone/
|
|
etc/*.ini: etc/keystone/
|
|
etc/*.json: etc/keystone/
|
|
etc/*.templates: etc/keystone/
|
|
filesets:
|
|
etc:
|
|
- etc/keystone/*.conf
|
|
- etc/keystone/*.ini
|
|
- etc/keystone/*.json
|
|
- etc/keystone/*.templates
|
|
stage: [$etc]
|
|
prime: [$etc]
|
|
nginx:
|
|
source: http://www.nginx.org/download/nginx-1.13.0.tar.gz
|
|
plugin: autotools
|
|
configflags:
|
|
- --prefix=/usr
|
|
- --http-log-path=/var/snap/keystone/common/log/nginx-access.log
|
|
- --error-log-path=/var/snap/keystone/common/log/nginx-error.log
|
|
- --lock-path=/var/snap/keystone/common/lock/nginx.lock
|
|
- --pid-path=/var/snap/keystone/common/run/nginx.pid
|
|
- --http-client-body-temp-path=/var/snap/keystone/common/lib/nginx_client_body
|
|
- --http-proxy-temp-path=/var/snap/keystone/common/lib/nginx_proxy
|
|
- --http-fastcgi-temp-path=/var/snap/keystone/common/lib/nginx_fastcgi
|
|
- --http-uwsgi-temp-path=/var/snap/keystone/common/lib/nginx_uwsgi
|
|
- --http-scgi-temp-path=/var/snap/keystone/common/lib/nginx_scgi
|
|
build-packages:
|
|
- libpcre3-dev
|
|
- libssl-dev
|
|
prepare: |
|
|
export SNAP_ROOT="../../.."
|
|
export SNAP_SOURCE="$SNAP_ROOT/parts/nginx/build"
|
|
patch -d $SNAP_SOURCE -p1 < $SNAP_ROOT/patches/drop-nginx-setgroups.patch
|
|
libxml2:
|
|
source: http://xmlsoft.org/sources/libxml2-2.9.4.tar.gz
|
|
plugin: autotools
|