File openstack-keystone.spec of Package openstack-keystone

#
# spec file for package openstack-keystone
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%define component keystone
%define groupname %{component}
%define username %{component}

%if ! %{defined _rundir}
%define _rundir %{_localstatedir}/run
%endif

%define version_unconverted 2014.2.4.dev15

Name:           openstack-%{component}
Version:        2014.2.4.juno
Release:        0
Summary:        OpenStack Identity Service (Keystone)
License:        Apache-2.0
Group:          Development/Languages/Python
Url:            https://github.com/openstack/keystone
Source:         http://tarballs.openstack.org/keystone/keystone-stable-juno.tar.gz
Source1:        %{name}.init
Source2:        logging.conf
# Hybrid identity/assignment backend from
# https://github.com/SUSE-Cloud/keystone-hybrid-backend/tree/icehouse
Source3:        hybrid_identity.py
Source4:        hybrid_assignment.py
Source5:        test_backend_hybrid.py
Source6:        backend_hybrid.conf
Source7:        %{name}.logrotate
%if 0%{?suse_version} > 1230
Source10:       %name.conf
BuildRequires:  systemd
%endif
Patch0:         0001-Restrict-certain-APIs-to-cloud-admin-in-domain-aware.patch
Patch1:         0002-Enable-cloud_admin-to-list-projects-in-all-domains.patch
Patch2:         keystone_max_url_length.diff
BuildRequires:  crudini
BuildRequires:  openstack-suse-macros
BuildRequires:  python-Paste
BuildRequires:  python-PasteDeploy
BuildRequires:  python-WebTest
BuildRequires:  python-base
BuildRequires:  python-fixtures
BuildRequires:  python-jsonschema
BuildRequires:  python-keystoneclient
BuildRequires:  python-ldap
BuildRequires:  python-ldappool
BuildRequires:  python-lockfile
BuildRequires:  python-lxml
BuildRequires:  python-mock
BuildRequires:  python-mox
BuildRequires:  python-netaddr
BuildRequires:  python-oauthlib
BuildRequires:  python-oslo.config
BuildRequires:  python-oslo.db
BuildRequires:  python-oslo.messaging
BuildRequires:  python-pam
BuildRequires:  python-pbr
BuildRequires:  python-pycadf
BuildRequires:  python-testscenarios
BuildRequires:  python-testtools
# Needed for %%post section keystone-manage invocation:
BuildRequires:  python-WebOb
BuildRequires:  python-passlib
# Documentation build requirements:
BuildRequires:  python-Babel
BuildRequires:  python-Sphinx
BuildRequires:  python-oslosphinx
Requires:       logrotate
Requires:       python-iso8601 >= 0.1.9
Requires:       python-keystone = %{version}
Requires:       python-oslo.db >= 1.0.0
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
# keystone dependencies
# To generate a self-signed certificate to be used in demo setups:
Requires(post): coreutils
Requires(post): crudini
Requires(post): python-keystone
Requires(post): python-dogpile.cache >= 0.5.3
Requires(post): python-argparse
Requires(post): python-iso8601 >= 0.1.9
Requires(post): python-oslo.db >= 1.0.0
Requires(post): python-oslo.i18n >= 1.3.0
Requires(post): python-oslo.utils >= 1.4.0
Requires(post): python-sqlalchemy-migrate >= 0.9.1
Requires(post): python-Routes >= 1.12.3
Requires(post): openssl
Requires(post): sysconfig
Requires(pre):  pwdutils
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%else
BuildArch:      noarch
%endif

%description
Keystone is an OpenStack project that provides Identity, Token, Catalog
and Policy services for use specifically by projects in the OpenStack
family.

%package -n python-keystone
Summary:        OpenStack Identity Service (Keystone) - Python module
Group:          Development/Languages/Python
Requires:       python >= 2.6.8
Requires:       python-Babel >= 1.3
Requires:       python-Paste
Requires:       python-PasteDeploy >= 1.5.0
Requires:       python-Routes >= 1.12.3
Requires:       python-SQLAlchemy >= 0.8.4
Requires:       python-WebOb >= 1.2.3
Requires:       python-dogpile.cache >= 0.5.3
Requires:       python-eventlet >= 0.15.1
Requires:       python-greenlet >= 0.3.2
Requires:       python-httplib2 >= 0.7.5
Requires:       python-iso8601 >= 0.1.9
Requires:       python-jsonschema >= 2.0.0
Requires:       python-keystoneclient >= 0.10.0
Requires:       python-keystonemiddleware >= 1.0.0
Requires:       python-kombu >= 2.5.0
Requires:       python-ldap >= 2.3.13
Requires:       python-ldappool >= 1.0
Requires:       python-lockfile >= 0.8
Requires:       python-lxml >= 2.3
Requires:       python-netaddr >= 0.7.12
Requires:       python-oauthlib >= 0.6
Requires:       python-oslo.db >= 1.0.0
Requires:       python-oslo.i18n >= 1.3.0
Requires:       python-oslo.messaging >= 1.4.0
Requires:       python-oslo.serialization >= 1.0.0
Requires:       python-oslo.utils >= 1.4.0
Requires:       python-pam >= 0.1.4
Requires:       python-passlib
Requires:       python-pbr >= 0.6
Requires:       python-posix_ipc
Requires:       python-pycadf >= 0.6.0
Requires:       python-six >= 1.7.0
Requires:       python-sqlalchemy-migrate >= 0.9.1
Requires:       python-stevedore >= 1.0.0

%description -n python-keystone
Keystone is an OpenStack project that provides Identity, Token, Catalog
and Policy services for use specifically by projects in the OpenStack
family.

This package contains the core Python module of OpenStack Keystone.

%package test
Summary:        Testsuite for the OpenStack Keystone
Group:          Development/Languages/Python
Requires:       %{name} = %{version}
Requires:       python-WebTest >= 2.0
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
Requires:       python-discover
%endif
Requires:       python-fixtures >= 0.3.14
Requires:       python-keystoneclient >= 0.10.0
Requires:       python-mock >= 1.0
Requires:       python-oslotest >= 1.1.0
Requires:       python-pysqlite
Requires:       python-python-memcached >= 1.48
Requires:       python-python-subunit >= 0.0.18
Requires:       python-requests >= 1.2.1
Requires:       python-swift
Requires:       python-testrepository >= 0.0.18
Requires:       python-testscenarios >= 0.4
Requires:       python-testtools >= 0.9.34
# checkout_vendor in ./keystone/test.py
Requires:       git-core

%description test
The OpenStack Keystone testsuite. It is used to verify the
functionality of OpenStack Keystone.

%prep
%setup -q -n %{component}-%{version_unconverted}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%openstack_cleanup_prep

%build
python setup.py build
sphinx-build -b man doc/source doc/build/man

%install
python setup.py install --prefix=%{_prefix} --root=%{buildroot}

### directories
install -d -m 755 %{buildroot}%{_localstatedir}/{lib,log}/%{component}
install -d -m 750 %{buildroot}%{_localstatedir}/cache/%{component}
install -d -m 700 %{buildroot}%{_rundir}/%{component}
%if 0%{?suse_version} > 1230
install -D -m 644 %{SOURCE10} %{buildroot}/%_tmpfilesdir/%name.conf
%endif

### configuration files
install -d -m 0755 %{buildroot}%{_sysconfdir}/keystone
cp %{SOURCE2} %{buildroot}%{_sysconfdir}/keystone/
cp etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
cp etc/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/
cp etc/policy.json %{buildroot}%{_sysconfdir}/keystone/
install -p -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}

# Cron jobs
mkdir -p %{buildroot}%{_sysconfdir}/cron.hourly/
cat - > %{buildroot}%{_sysconfdir}/cron.hourly/%name <<EOF
#!/bin/bash
su %{username} -s /bin/bash -c "/usr/bin/keystone-manage --config-file /etc/keystone/keystone.conf token_flush" || :
EOF

### init scripts
install -p -D -m 755 %{SOURCE1} %{buildroot}%{_initddir}/%{name}
mkdir -p %{buildroot}%{_sbindir}
ln -s ../..%{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}

### documentation
install -d %{buildroot}%{_mandir}/man1
install -m 644 doc/build/man/keystone-{all,manage}.1 %{buildroot}%{_mandir}/man1

### test subpackage
%openstack_test_package_install
# upstream does not distribute this directory, but it is required for
# the tests and we want to keep it out of /usr/lib/
# https://review.openstack.org/#q,I9b02a5273dd27db963e9a26085b7456f4c5f6a41,n,z
mkdir -p %{buildroot}%{_localstatedir}/lib/%{name}-test/tmp
ln -s %{_localstatedir}/lib/%{name}-test/tmp %{buildroot}%{python_sitelib}/%{component}/tests/tmp
sed -i -e "s/TMPDIR = .*/TMPDIR = os.path.join(ROOTDIR, 'tmp')/" %{buildroot}%{python_sitelib}/%{component}/tests/core.py

### hybrid backends
install -m 644 %{SOURCE3} %{buildroot}%{python_sitelib}/%{component}/identity/backends/hybrid.py
install -m 644 %{SOURCE4} %{buildroot}%{python_sitelib}/%{component}/assignment/backends/hybrid.py
install -m 644 %{SOURCE5} %{buildroot}%{python_sitelib}/%{component}/tests/test_backend_hybrid.py
install -m 644 %{SOURCE6} %{buildroot}%{python_sitelib}/%{component}/tests/config_files/backend_hybrid.conf

### create keystone ssl dirs
install -d %{buildroot}%{_sysconfdir}/keystone/ssl/private
touch %{buildroot}%{_sysconfdir}/keystone/ssl/private/signing_key.pem
install -d %{buildroot}%{_sysconfdir}/keystone/ssl/certs
touch %{buildroot}%{_sysconfdir}/keystone/ssl/certs/signing_cert.pem

### set default configuration (mostly applies to package-only setups and quickstart, i.e. not generally crowbar)
%define keystone_conf %{buildroot}%{_sysconfdir}/keystone/keystone.conf
crudini --set %{keystone_conf} DEFAULT verbose True
crudini --set %{keystone_conf} DEFAULT log_dir /var/log/keystone
crudini --set %{keystone_conf} catalog driver keystone.catalog.backends.sql.Catalog
crudini --set %{keystone_conf} database connection sqlite:////var/lib/keystone/keystone.db

%pre
%openstack_pre_user_group_create %{username} %{groupname}

%post
if [ $1 -eq 1 ] ; then
  %define keystone_conf %{_sysconfdir}/keystone/keystone.conf
  crudini --set %{keystone_conf} signing cert_subject /C=US/ST=Unset/L=Unset/O=Unset/CN=$(hostname -f || hostname) || :
fi
# create an example.com certificate if not available already
if ! [ -r /etc/keystone/ssl/certs/signing_cert.pem ]; then
  if [ -r /etc/keystone/ssl/certs/index.txt ]; then
    # recreate index.txt if it is only about the example.com config
    if [ 0$(wc -l </etc/keystone/ssl/certs/index.txt) -le 1 ] && grep -q CN=www.example.com /etc/keystone/ssl/certs/index.txt; then
        rm /etc/keystone/ssl/certs/index.txt
    fi
  fi
  /usr/bin/keystone-manage pki_setup --keystone-user %{username} --keystone-group %{groupname}
  # keystone-manage will create a keystone.log file owned by root; fix that
  test -f %{_localstatedir}/log/keystone/keystone-manage.log && {
    chown %{username}:%{groupname} %{_localstatedir}/log/keystone/keystone-manage.log
  }
fi
%fillup_and_insserv %{name}
%restart_on_update %{name}

%preun
%stop_on_removal %{name}

%postun
%restart_on_update openstack-keystone
%insserv_cleanup

%files
%defattr(-,root,root)
%dir %attr(0755, %{username}, %{groupname}) %{_localstatedir}/lib/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/log/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/cache/%{component}
%if 0%{?suse_version} > 1230
%_tmpfilesdir/%name.conf
%else
%dir %attr(0700, %{username}, %{groupname}) %{_rundir}/%{component}
%endif
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}
%dir %attr(0755, root, %{groupname}) %{_sysconfdir}/%{component}/ssl
%dir %attr(0755, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/certs
%ghost %attr(0644, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/certs/signing_cert.pem
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/private
%ghost %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/private/signing_key.pem
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/logging.conf
%config %{_sysconfdir}/%{component}/keystone-paste.ini
%config %{_sysconfdir}/%{component}/policy.json
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_initddir}/%{name}
%{_sbindir}/rc%{name}
%{_bindir}/keystone-all
%{_bindir}/keystone-manage
%{_mandir}/man1/keystone*
%attr(0755, root, %{groupname}) %{_sysconfdir}/cron.hourly/%name
%doc tools/sample_data.sh
# treat this a documentation for now as it can't be used unmodified (it needs 
# as domain id added)
%doc etc/policy.v3cloudsample.json

%files -n python-keystone
%defattr(-,root,root,-)
%doc LICENSE
%exclude %{python_sitelib}/%{component}/tests/tmp
%{python_sitelib}

%files test
%defattr(-,root,root)
%{_localstatedir}/lib/openstack-%{component}-test
%{python_sitelib}/%{component}/tests/tmp

%changelog
openSUSE Build Service is sponsored by