[openstack-keystone] change default database to mysql
Alan Pevec
apevec at fedoraproject.org
Wed Feb 29 00:48:00 UTC 2012
commit a54b58f61811aa292923672ed6c8c216fec3350e
Author: Alan Pevec <apevec at redhat.com>
Date: Sat Feb 25 00:26:00 2012 +0100
change default database to mysql
New helper scripts:
openstack-config-set - for modifying Openstack config files
openstack-keystone-db-setup - generalized from openstack-nova-db-setup
openstack-keystone-sample-data - sample data for Keystone
.gitignore | 8 +-
openstack-config-set | 22 ++
openstack-keystone-db-setup | 249 ++++++++++++++++++++
openstack-keystone.spec | 71 +++---
....sh-check-file-paths-for-packaged-install.patch | 73 ++++++
sources | 2 +-
6 files changed, 382 insertions(+), 43 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 737b7b4..a690d61 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1 @@
-/keystone-1.0~d4~20110930.1213.tar.gz
-/keystone-0.9.1~e2~20111109.1250.tar.gz
-/keystone-2011.3.1~e2~20111118.1262.tar.gz
-/keystone-2012.1~e2.tar.gz
-/keystone-2012.1~e3.tar.gz
-/keystone-2012.1~e4~20120219.1982.tar.gz
-/keystone-2012.1~e4~20120221.1990.tar.gz
+/keystone-2012.1~e4~20120228.2052.tar.gz
diff --git a/openstack-config-set b/openstack-config-set
new file mode 100755
index 0000000..4173435
--- /dev/null
+++ b/openstack-config-set
@@ -0,0 +1,22 @@
+#!/usr/bin/python
+
+import iniparse
+import sys
+
+try:
+ cfgfile=sys.argv[1]
+ section=sys.argv[2]
+ parameter=sys.argv[3]
+ value=sys.argv[4]
+except:
+ print sys.argv[0]+" config_file section parameter value"
+ sys.exit(1)
+
+conf=iniparse.ConfigParser()
+conf.read(cfgfile)
+conf.set(section, parameter, value)
+
+fp=open(cfgfile,"w")
+conf.write(fp)
+fp.close()
+
diff --git a/openstack-keystone-db-setup b/openstack-keystone-db-setup
new file mode 100755
index 0000000..4c95a3a
--- /dev/null
+++ b/openstack-keystone-db-setup
@@ -0,0 +1,249 @@
+#!/bin/bash
+#
+# Copyright (C) 2011, Red Hat, Inc.
+# Russell Bryant <rbryant at redhat.com>
+# Alan Pevec <apevec at redhat.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+#
+# Print --help output and exit.
+#
+
+# TODO put it in common place for all openstack service
+# (nova, glance and keystone) to use
+APP=keystone
+
+usage() {
+
+cat << EOF
+Set up a local MySQL database for use with openstack-$APP.
+This script will create a '$APP' database that is accessible
+only on localhost by user '$APP' with password '$APP'.
+The setup of MySQL with a multi-server OpenStack installation
+is outside of the scope of this simple helper script.
+
+Usage: openstack-$APP-db-setup [options]
+Options:
+ --help | -h
+ Print usage information.
+ --password <pw> | -p <pw>
+ Specify the password for the '$APP' MySQL user that $APP will
+ use to connect to the '$APP' MySQL database. By default,
+ the password '$APP' will be used.
+ --rootpw <pw> | -r <pw>
+ Specify the root MySQL password. If the script installs
+ the MySQL server, it will set the root password to this value
+ instead of prompting for a password. If the MySQL server is
+ already installed, this password will be used to connect to the
+ database instead of having to prompt for it.
+ --yes | -y
+ In cases where the script would normally ask for confirmation
+ before doing something, such as installing mysql-server,
+ just assume yes. This is useful if you want to run the script
+ non-interactively.
+EOF
+
+ exit 0
+}
+
+install_mysql_server() {
+ if [ -z "${ASSUME_YES}" ] ; then
+ yum install mysql-server
+ else
+ yum install -y mysql-server
+ fi
+}
+
+start_mysql_server() {
+ systemctl start mysqld.service
+}
+
+MYSQL_APP_PW_DEFAULT="$APP"
+MYSQL_APP_PW=${MYSQL_APP_PW_DEFAULT}
+APP_CONFIG="/etc/$APP/$APP.conf"
+ASSUME_YES=""
+
+while [ $# -gt 0 ]
+do
+ case "$1" in
+ -h|--help)
+ usage
+ ;;
+ -p|--password)
+ shift
+ MYSQL_APP_PW=${1}
+ ;;
+ -r|--rootpw)
+ shift
+ MYSQL_ROOT_PW=${1}
+ ;;
+ -y|--yes)
+ ASSUME_YES="yes"
+ ;;
+ *)
+ # ignore
+ shift
+ ;;
+ esac
+ shift
+done
+
+
+# Make sure MySQL is installed.
+
+NEW_MYSQL_INSTALL=0
+if ! rpm -q mysql-server > /dev/null
+then
+ if [ -z "${ASSUME_YES}" ] ; then
+ printf "mysql-server is not installed. Would you like to install it now? (y/n): "
+ read response
+ case "$response" in
+ y|Y)
+ ;;
+ n|N)
+ echo "mysql-server must be installed. Please install it before proceeding."
+ exit 0
+ ;;
+ *)
+ echo "Invalid response."
+ exit 1
+ esac
+ fi
+
+ NEW_MYSQL_INSTALL=1
+ install_mysql_server
+fi
+
+
+# Make sure mysqld is running.
+
+if ! systemctl status mysqld.service > /dev/null
+then
+ if [ -z "${ASSUME_YES}" ] ; then
+ printf "mysqld is not running. Would you like to start it now? (y/n): "
+ read response
+ case "$response" in
+ y|Y)
+ ;;
+ n|N)
+ echo "mysqld must be running. Please start it before proceeding."
+ exit 0
+ ;;
+ *)
+ echo "Invalid response."
+ exit 1
+ esac
+ fi
+
+ start_mysql_server
+
+ # If we both installed and started, ensure it starts at boot
+ [ $NEW_MYSQL_INSTALL -eq 1 ] && chkconfig mysqld on
+fi
+
+
+# Get MySQL root access.
+
+if [ $NEW_MYSQL_INSTALL -eq 1 ]
+then
+ if [ ! "${MYSQL_ROOT_PW+defined}" ] ; then
+ echo "Since this is a fresh installation of MySQL, please set a password for the 'root' mysql user."
+
+ PW_MATCH=0
+ while [ $PW_MATCH -eq 0 ]
+ do
+ printf "Enter new password for 'root' mysql user: "
+ read -s MYSQL_ROOT_PW
+ echo
+ printf "Enter new password again: "
+ read -s PW2
+ echo
+ if [ "${MYSQL_ROOT_PW}" = "${PW2}" ] ; then
+ PW_MATCH=1
+ else
+ echo "Passwords did not match."
+ fi
+ done
+ fi
+
+ echo "UPDATE mysql.user SET password = password('${MYSQL_ROOT_PW}') WHERE user = 'root'; DELETE FROM mysql.user WHERE user = ''; flush privileges;" | mysql -u root
+ if ! [ $? -eq 0 ] ; then
+ echo "Failed to set password for 'root' MySQL user."
+ exit 1
+ fi
+elif [ ! "${MYSQL_ROOT_PW+defined}" ] ; then
+ printf "Please enter the password for the 'root' MySQL user: "
+ read -s MYSQL_ROOT_PW
+ echo
+fi
+
+
+# Sanity check MySQL credentials.
+
+MYSQL_ROOT_PW_ARG=""
+if [ "${MYSQL_ROOT_PW+defined}" ]
+then
+ MYSQL_ROOT_PW_ARG="--password=${MYSQL_ROOT_PW}"
+fi
+echo "SELECT 1;" | mysql -u root ${MYSQL_ROOT_PW_ARG} > /dev/null
+if ! [ $? -eq 0 ]
+then
+ echo "Failed to connect to the MySQL server. Please check your root user credentials."
+ exit 1
+fi
+echo "Verified connectivity to MySQL."
+
+
+# Now create the db.
+
+echo "Creating '$APP' database."
+cat << EOF | mysql -u root ${MYSQL_ROOT_PW_ARG}
+CREATE DATABASE $APP;
+CREATE USER '$APP'@'localhost' IDENTIFIED BY '${MYSQL_APP_PW}';
+CREATE USER '$APP'@'%' IDENTIFIED BY '${MYSQL_APP_PW}';
+GRANT ALL ON $APP.* TO '$APP'@'localhost';
+GRANT ALL ON $APP.* TO '$APP'@'%';
+flush privileges;
+EOF
+
+
+# Make sure $APP configuration has the right MySQL password.
+
+if [ "${MYSQL_APP_PW}" != "${MYSQL_APP_PW_DEFAULT}" ] ; then
+ echo "Updating '$APP' database password in ${APP_CONFIG}"
+ sed -i -e "s/mysql:\/\/$APP:\(.*\)@/mysql:\/\/$APP:${MYSQL_APP_PW}@/" ${APP_CONFIG}
+fi
+
+
+# Ask openstack-$APP to sync the db.
+
+echo "Asking openstack-$APP to sync the databse."
+if [ "${APP}" = "nova" ]; then
+ nova-manage db sync
+else
+ # glance and keystone
+ $APP-manage db_sync
+fi
+
+# Do a final sanity check on the database.
+
+echo "SELECT * FROM migrate_version;" | mysql -u $APP --password=${MYSQL_APP_PW} $APP > /dev/null
+if ! [ $? -eq 0 ]
+then
+ echo "Final sanity check failed. File a bug report on bugzilla.redhat.com against the openstack-$APP package."
+ exit 1
+fi
+
+echo "Complete!"
diff --git a/openstack-keystone.spec b/openstack-keystone.spec
index 6aaba61..a07957a 100644
--- a/openstack-keystone.spec
+++ b/openstack-keystone.spec
@@ -4,13 +4,13 @@
%global release_name essex
%global release_letter e
%global milestone 4
-%global snapdate 20120221
-%global git_revno 1990
+%global snapdate 20120228
+%global git_revno 2052
%global snaptag ~%{release_letter}%{milestone}~%{snapdate}.%{git_revno}
Name: openstack-keystone
Version: 2012.1
-Release: 0.7.%{release_letter}%{milestone}%{?dist}
+Release: 0.8.%{release_letter}%{milestone}%{?dist}
Summary: OpenStack Identity Service
License: ASL 2.0
@@ -19,6 +19,11 @@ Source0: http://keystone.openstack.org/tarballs/keystone-%{version}%{snap
#Source0: http://launchpad.net/keystone/%{release_name}/%{release_name}-%{milestone}/+download/keystone-%{version}~%{release_letter}%{milestone}.tar.gz
Source1: openstack-keystone.logrotate
Source2: openstack-keystone.service
+Source3: openstack-keystone-db-setup
+Source4: openstack-config-set
+
+# upstream review: https://review.openstack.org/4658
+Patch1: sample_data.sh-check-file-paths-for-packaged-install.patch
BuildArch: noarch
BuildRequires: python2-devel
@@ -31,24 +36,13 @@ Requires: python-keystone = %{version}-%{release}
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
-Requires(postun): python-iniparse
Requires(pre): shadow-utils
%description
Keystone is a Python implementation of the OpenStack
(http://www.openstack.org) identity service API.
-Services included are:
-* Keystone - identity store and authentication service
-* Auth_Token - WSGI middleware that can be used to handle token auth protocol
- (WSGI or remote proxy)
-* Auth_Basic - Stub for WSGI middleware that will be used to handle basic auth
-* Auth_OpenID - Stub for WSGI middleware that will be used to handle openid
- auth protocol
-* RemoteAuth - WSGI middleware that can be used in services (like Swift, Nova,
- and Glance) when Auth middleware is running remotely
-
-This package contains the daemons.
+This package contains the Keystone daemon.
%package -n python-keystone
Summary: Keystone Python libraries
@@ -81,20 +75,15 @@ This package contains the Keystone Python library.
%prep
%setup -q -n keystone-%{version}
+%patch1 -p1
-# set logfile and database
-python -c 'import iniparse
-conf=iniparse.ConfigParser()
-conf.read("etc/keystone.conf")
-conf.set("DEFAULT", "log_file", "%{_localstatedir}/log/keystone/keystone.log")
-conf.set("sql", "connection", "sqlite:///%{_sharedstatedir}/keystone/keystone.sqlite")
-conf.set("catalog", "template_file", "%{_sysconfdir}/keystone/default_catalog.templates")
-conf.set("identity", "driver", "keystone.identity.backends.sql.Identity")
-conf.set("token", "driver", "keystone.token.backends.sql.Token")
-conf.set("ec2", "driver", "keystone.contrib.ec2.backends.sql.Ec2")
-fp=open("etc/keystone.conf","w")
-conf.write(fp)
-fp.close()'
+# change default configuration
+%{SOURCE4} etc/keystone.conf DEFAULT log_file %{_localstatedir}/log/keystone/keystone.log
+%{SOURCE4} etc/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone
+%{SOURCE4} etc/keystone.conf catalog template_file %{_sysconfdir}/keystone/default_catalog.templates
+%{SOURCE4} etc/keystone.conf identity driver keystone.identity.backends.sql.Identity
+%{SOURCE4} etc/keystone.conf token driver keystone.token.backends.sql.Token
+%{SOURCE4} etc/keystone.conf ec2 driver keystone.contrib.ec2.backends.sql.Ec2
find . \( -name .gitignore -o -name .placeholder \) -delete
find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \;
@@ -102,24 +91,29 @@ find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \;
%build
%{__python} setup.py build
-# XXX examples not in tarball
-#find examples -type f -exec chmod 0664 \{\} \;
%install
%{__python} setup.py install --skip-build --root %{buildroot}
+# Delete tests
+rm -fr %{buildroot}%{python_sitelib}/tests
+rm -fr %{buildroot}%{python_sitelib}/run_tests.*
+
install -d -m 755 %{buildroot}%{_sysconfdir}/keystone
install -p -D -m 640 etc/keystone.conf %{buildroot}%{_sysconfdir}/keystone/keystone.conf
install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
install -p -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/openstack-keystone.service
+# Install database setup helper script.
+install -p -D -m 755 %{SOURCE3} %{buildroot}%{_bindir}/openstack-keystone-db-setup
+# Install sample data script.
+install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_bindir}/openstack-keystone-sample-data
+# Install configuration helper script.
+install -p -D -m 755 %{SOURCE4} %{buildroot}%{_bindir}/openstack-config-set
+
install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone
install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone
-rm -rf %{buildroot}%{python_sitelib}/tools
-rm -rf %{buildroot}%{python_sitelib}/examples
-rm -rf %{buildroot}%{python_sitelib}/doc
-
# docs generation requires everything to be installed first
export PYTHONPATH="$( pwd ):$PYTHONPATH"
pushd docs
@@ -159,7 +153,11 @@ fi
%doc LICENSE
%doc README.rst
%doc docs/build/html
-%{_bindir}/keystone*
+%{_bindir}/keystone-all
+%{_bindir}/keystone-manage
+%{_bindir}/openstack-config-set
+%{_bindir}/openstack-keystone-db-setup
+%{_bindir}/openstack-keystone-sample-data
%{_unitdir}/openstack-keystone.service
%dir %{_sysconfdir}/keystone
%config(noreplace) %attr(-, keystone, keystone) %{_sysconfdir}/keystone/keystone.conf
@@ -175,6 +173,9 @@ fi
%{python_sitelib}/keystone-%{version}-*.egg-info
%changelog
+* Sat Feb 25 2012 Alan Pevec <apevec at redhat.com> 2012.1-0.8.e4
+- change default database to mysql
+
* Tue Feb 21 2012 Alan Pevec <apevec at redhat.com> 2012.1-0.7.e4
- switch all backends to sql
diff --git a/sample_data.sh-check-file-paths-for-packaged-install.patch b/sample_data.sh-check-file-paths-for-packaged-install.patch
new file mode 100644
index 0000000..ef2c22f
--- /dev/null
+++ b/sample_data.sh-check-file-paths-for-packaged-install.patch
@@ -0,0 +1,73 @@
+From 3b891c980003239adae9195557c69a3497e9a457 Mon Sep 17 00:00:00 2001
+From: Alan Pevec <apevec at redhat.com>
+Date: Mon, 27 Feb 2012 17:59:33 +0100
+Subject: [PATCH] sample_data.sh: check file paths for packaged installations
+
+---
+ tools/sample_data.sh | 24 ++++++++++++++++++------
+ 1 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/tools/sample_data.sh b/tools/sample_data.sh
+index 500da48..02b591a 100755
+--- a/tools/sample_data.sh
++++ b/tools/sample_data.sh
+@@ -20,6 +20,18 @@
+ # invisible_to_admin demo Member
+
+ TOOLS_DIR=$(cd $(dirname "$0") && pwd)
++if [[ -r $TOOLS_DIR/../etc/keystone.conf ]]; then
++ KEYSTONE_CONF=$TOOLS_DIR/../etc/keystone.conf
++ EC2RC="$TOOLS_DIR/../etc/ec2rc"
++ QUANTUM_DIR="$TOOLD_DIR/../../quantum"
++ SWIFT_DIR="$TOOLS_DIR/../../swift"
++else
++ # default locations for packaged installation
++ KEYSTONE_CONF="/etc/keystone/keystone.conf"
++ EC2RC="/etc/keystone/ec2rc"
++ QUANTUM_DIR="/etc/quantum"
++ SWIFT_DIR="/etc/swift"
++fi
+
+ # Please set this, it is ONLY A SAMPLE PASSWORD!
+ ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
+@@ -29,9 +41,9 @@ if [[ "$ADMIN_PASSWORD" == "secrete" ]]; then
+ fi
+
+ # Extract some info from Keystone's configuration file
+-if [[ -r $TOOLS_DIR/../etc/keystone.conf ]]; then
+- CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $TOOLS_DIR/../etc/keystone.conf | grep ^admin_token= | cut -d'=' -f2)
+- CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $TOOLS_DIR/../etc/keystone.conf | grep ^admin_port= | cut -d'=' -f2)
++if [[ -r $KEYSTONE_CONF ]]; then
++ CONFIG_SERVICE_TOKEN=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_token= | cut -d'=' -f2)
++ CONFIG_ADMIN_PORT=$(sed 's/[[:space:]]//g' $KEYSTONE_CONF | grep ^admin_port= | cut -d'=' -f2)
+ fi
+
+ export SERVICE_TOKEN=${SERVICE_TOKEN:-$CONFIG_SERVICE_TOKEN}
+@@ -106,13 +118,13 @@ keystone service-create --name=swift \
+ --type="nova-volume" \
+ --description="Nova Volume Service"
+
+-if [[ -d "$TOOLS_DIR/../../swift" ]]; then
++if [[ -d "$SWIFT_DIR" ]]; then
+ keystone service-create --name=swift \
+ --type="object-store" \
+ --description="Swift Service"
+ fi
+
+-if [[ -d "$TOOLD_DIR/../../quantum" ]]; then
++if [[ -d "$QUANTUM_DIR" ]]; then
+ keystone service-create --name=quantum \
+ --type=network \
+ --description="Quantum Service"
+@@ -129,7 +141,7 @@ DEMO_ACCESS=`echo "$RESULT" | grep access | awk '{print $4}'`
+ DEMO_SECRET=`echo "$RESULT" | grep secret | awk '{print $4}'`
+
+ # write the secret and access to ec2rc
+-cat > $TOOLS_DIR/../etc/ec2rc <<EOF
++cat > $EC2RC <<EOF
+ ADMIN_ACCESS=$ADMIN_ACCESS
+ ADMIN_SECRET=$ADMIN_SECRET
+ DEMO_ACCESS=$DEMO_ACCESS
+--
+1.7.7.6
+
diff --git a/sources b/sources
index 76903dc..f6f47dc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f39878bd9f5b2d3d6b03198ee806e03b keystone-2012.1~e4~20120221.1990.tar.gz
+037bea8a243aebffbf0fd49c6bfe6f81 keystone-2012.1~e4~20120228.2052.tar.gz
More information about the scm-commits
mailing list