From 860e7fd7b81f956b54b25224efbd69ff9b1d1cc7 Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Mon, 1 Aug 2016 17:29:50 +0200 Subject: Update script for debian package creation. Change-Id: I0860633b9dc1aedd89e0272b92cb17022d35d01c --- keystone-moon/debian/keystone.postinst.in | 189 ++++++++++++++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 keystone-moon/debian/keystone.postinst.in (limited to 'keystone-moon/debian/keystone.postinst.in') diff --git a/keystone-moon/debian/keystone.postinst.in b/keystone-moon/debian/keystone.postinst.in new file mode 100644 index 00000000..3fd24fe6 --- /dev/null +++ b/keystone-moon/debian/keystone.postinst.in @@ -0,0 +1,189 @@ +#!/bin/sh + +set -e + +#PKGOS-INCLUDE# + +KEY_CONF=/etc/keystone/keystone.conf + +keystone_get_debconf_admin_credentials () { + db_get keystone/admin-user + ADMIN_USER_NAME=${RET:-admin} + db_get keystone/admin-password + ADMIN_USER_PW=${RET:-$(gen_password)} + db_get keystone/admin-email + ADMIN_USER_EMAIL=${RET:-root@localhost} + db_get keystone/admin-tenant-name + ADMIN_TENANT_NAME=${RET:-admin} + db_get keystone/admin-role-name + ADMIN_ROLE_NAME=${RET:-admin} + + # We export the retrived credentials for later use + export OS_PROJECT_DOMAIN_ID=default + export OS_USER_DOMAIN_ID=default + export OS_USERNAME=admin + export OS_PASSWORD=${ADMIN_USER_PW} + export OS_TENANT_NAME=${ADMIN_TENANT_NAME} + export OS_PROJECT_NAME=${ADMIN_TENANT_NAME} + export OS_AUTH_URL=http://127.0.0.1:35357/v3/ + export OS_IDENTITY_API_VERSION=3 + export OS_AUTH_VERSION=3 + export OS_PROJECT_DOMAIN_ID=default + export OS_USER_DOMAIN_ID=default + export OS_NO_CACHE=1 +} + +keystone_bootstrap_admin () { + # This is the new way to bootstrap the admin user of Keystone + # and we shouldn't use the admin auth token anymore. + export OS_BOOTSTRAP_USERNAME=${ADMIN_USER_NAME} + export OS_BOOTSTRAP_PROJECT_NAME=${ADMIN_TENANT_NAME} + export OS_BOOTSTRAP_PASSWORD=${ADMIN_USER_PW} + keystone-manage bootstrap +} + +keystone_create_admin_tenant () { + echo -n "Fixing-up: admin-project-desc " + openstack project set --description "Default Debian admin project" $ADMIN_TENANT_NAME + echo -n "service-project " + openstack project create --or-show service --description "Default Debian service project" >/dev/null + echo -n "default-admin-email " + openstack user set --description "Default Debian admin user" --email ${ADMIN_USER_EMAIL} --enable $ADMIN_USER_NAME + echo "...done!" + + # Note: heat_stack_owner is needed for heat to work, and Member ResellerAdmin + # are needed for swift auto account creation. + echo -n "Adding roles: " + for i in admin KeystoneAdmin KeystoneServiceAdmin heat_stack_owner Member ResellerAdmin ; do + echo -n "${i} " + openstack role create --or-show ${i} >/dev/null + openstack role add --project $ADMIN_TENANT_NAME --user $ADMIN_USER_NAME ${i} >/dev/null + done + echo "...done!" +} + +keystone_create_endpoint_postinst () { + local PKG_NAME + PKG_NAME=${1} + + db_get keystone/endpoint-ip + # Make sure a valid IP has been entered in Debconf. + KEYSTONE_ENDPOINT_IP=`echo ${RET} | egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'` + if [ -n ${KEYSTONE_ENDPOINT_IP} ] ; then + db_get keystone/region-name + REGION_NAME=${RET} + if [ -n "${REGION_NAME}" ] ; then + NUM_LINES=$(OS_TOKEN=`openstack token issue -c id -f value` openstack service list --format=csv --os-url http://localhost:5000/v3 | q -d , -H 'SELECT ID FROM - WHERE `Type`="identity"' | wc -l) + if [ "${NUM_LINES}" = "0" ] ; then + echo -n "Setting-up: create-keystone-service " + OS_TOKEN=`openstack token issue -c id -f value` openstack service create --name=keystone --description="Keystone Identity Service" identity --os-url http://localhost:5000/v3 >/dev/null + echo -n "create-public-endpoint " + OS_TOKEN=`openstack token issue -c id -f value` openstack endpoint create --region "${REGION_NAME}" \ + keystone public http://${KEYSTONE_ENDPOINT_IP}:5000/v2.0 --os-url http://localhost:5000/v3 >/dev/null + echo -n "create-internal-endpoint " + OS_TOKEN=`openstack token issue -c id -f value` openstack endpoint create --region "${REGION_NAME}" \ + keystone internal http://${KEYSTONE_ENDPOINT_IP}:5000/v2.0 --os-url http://localhost:5000/v3 >/dev/null + echo -n "create-admin-endpoint " + OS_TOKEN=`openstack token issue -c id -f value` openstack endpoint create --region "${REGION_NAME}" \ + keystone admin http://${KEYSTONE_ENDPOINT_IP}:35357/v2.0 --os-url http://localhost:5000/v3 >/dev/null + echo "...done!" + else + echo -n "Keystone service already registered..." + fi + fi + fi +} + +if [ "$1" = "configure" ] ; then + . /usr/share/debconf/confmodule + . /usr/share/dbconfig-common/dpkg/postinst + + # Create user and group keystone, plus /var/log and /var/lib owned by it + # We need a bash shell so that keystone-manage pkg_setup works, and the + # Wheezy package doesn't have it, failing upgrades + pkgos_var_user_group keystone /bin/sh + # Make sure we have a folder to create certs, that isn't world readable + mkdir -p /etc/keystone/ssl/certs + chown keystone:keystone /etc/keystone/ssl/certs + chmod 750 /etc/keystone/ssl/certs + chown keystone:keystone /etc/keystone/ssl + chmod 750 /etc/keystone/ssl + + # Create keystone.conf if it's not there + pkgos_write_new_conf keystone keystone.conf + # Set the auth_token directive in in keystone.conf + db_get keystone/auth-token + AUTH_TOKEN=${RET} + if [ -z "${AUTH_TOKEN}" ] ; then + AUTH_TOKEN=`pkgos_gen_pass` + fi + pkgos_inifile set ${KEY_CONF} DEFAULT admin_token ${AUTH_TOKEN} + OSTACKCLI_PARAMS="--os-url=http://127.0.0.1:35357/v3/ --os-domain-name default --os-identity-api-version=3" + + # Make sure /var/log/keystone/keystone.log is owned by keystone + # BEFORE any keystone-manage calls. + chown -R keystone:keystone /var/log/keystone + + # Upgrade or create the db if directed to do so + db_get keystone/configure_db + if [ "$RET" = "true" ] ; then + # Configure the SQL connection of keystone.conf according to dbconfig-common + pkgos_dbc_postinst ${KEY_CONF} database connection keystone $@ + echo "Running su keystone -s /bin/sh -c 'keystone-manage --noverbose db_sync'..." + if [ "${PKGOS_VERBOSE}" = "yes" ] ; then + su keystone -s /bin/sh -c "keystone-manage --verbose db_sync" + else + su keystone -s /bin/sh -c "keystone-manage --noverbose db_sync" + fi + fi + + # Generate the ssl keys for keystone. + # It seems that starting it each time this script is launch + # isn't a problem. + #su keystone -s /bin/sh -c "keystone-manage pki_setup" + + # Activate the keystone.service + deb-systemd-helper unmask keystone.service >/dev/null || true + if deb-systemd-helper --quiet was-enabled keystone.service ; then + deb-systemd-helper enable keystone.service >/dev/null || true + else + deb-systemd-helper update-state keystone.service >/dev/null || true + fi + + # Setup init script and start keystone + pkgos_init keystone + + # On first install, create basics configuration and add roles + if [ -z "$2" ] ; then + echo -n "Sleeping 5 seconds to make sure the keystone daemon is up and running: 5..." + sleep 1 + echo -n "4..." + sleep 1 + echo -n "3..." + sleep 1 + echo -n "2..." + sleep 1 + echo -n "1..." + sleep 1 + echo "0" + db_get keystone/create-admin-tenant + if [ "$RET" = "true" ] ; then + keystone_get_debconf_admin_credentials + echo "===> Bootstraping tenants with 'keystone-manage bootstrap':" + keystone_get_debconf_admin_credentials + keystone_bootstrap_admin + db_get keystone/register-endpoint + if [ "$RET" = "true" ] ; then + echo "===> Registering keystone endpoint" + keystone_create_endpoint_postinst + fi + echo "===> Editing bootstraped tenants and adding default roles" + keystone_create_admin_tenant + + echo "done!" + fi + fi + db_stop +fi + +exit 0 -- cgit 1.2.3-korg