File openstack-keystone.spec of Package openstack-keystone
#
# spec file for package openstack-keystone
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define component keystone
%define groupname openstack-%{component}
%define username openstack-%{component}
Name: openstack-%{component}
Version: 2013.2
Release: 0
Summary: OpenStack Identity Service (Keystone)
License: Apache-2.0
Group: Development/Languages/Python
Url: https://github.com/openstack/keystone
Source: keystone-2013.2.tar.gz
Source1: %{name}.init
Source2: logging.conf
Source3: default_catalog.templates
Source7: %{name}.logrotate
Patch0: 0001-Make-ROOTDIR-determination-more-robust.patch
BuildRequires: crudini
BuildRequires: openstack-suse-macros
BuildRequires: python-Babel
BuildRequires: python-base
BuildRequires: python-netaddr
BuildRequires: python-oslo.config
BuildRequires: python-oslo.sphinx
BuildRequires: python-pbr
BuildRequires: python-setuptools
# Needed for %%post section keystone-manage invocation:
BuildRequires: python-WebOb
BuildRequires: python-passlib
BuildRequires: python-routes
# Documentation build requirements:
BuildRequires: python-Sphinx
Requires: logrotate
Requires: python-argparse
Requires: python-iso8601 >= 0.1.4
Requires: python-keystone = %{version}
Requires: python-oslo.config >= 1.2.0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# To generate a self-signed certificate to be used in demo setups:
Requires(post): coreutils
Requires(post): python-keystone
Requires(post): python-dogpile.cache
Requires(post): python-argparse
Requires(post): python-iso8601
Requires(post): openssl
Requires(post): sysconfig
Requires(pre): pwdutils
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%else
BuildArch: noarch
%endif
%description
Keystone is an OpenStack project that provides Identity, Token, Catalog
and Policy services for use specifically by projects in the OpenStack
family.
%package -n python-keystone
Summary: OpenStack Identity Service (Keystone) - Python module
Group: Development/Languages/Python
Requires: python >= 2.6.8
Requires: python-Babel >= 1.1
Requires: python-Paste
Requires: python-PasteDeploy
Requires: python-Routes
Requires: python-SQLAlchemy >= 0.7.8
Requires: python-WebOb >= 1.0.8
Requires: python-dogpile.cache >= 0.5.0
Requires: python-eventlet >= 0.9.12
Requires: python-greenlet
Requires: python-iso8601 >= 0.1.4
Requires: python-keystoneclient >= 0.3.0
Requires: python-ldap
Requires: python-lxml
Requires: python-netaddr
Requires: python-oauth2
Requires: python-pam >= 0.1.4
Requires: python-passlib
Requires: python-pbr >= 0.5
Requires: python-routes
Requires: python-sqlalchemy >= 0.7.8
BuildRequires: python-sqlalchemy >= 0.7.8
Requires: python-sqlalchemy-migrate >= 0.7.2
BuildRequires: python-sqlalchemy-migrate >= 0.7.2
%description -n python-keystone
Keystone is an OpenStack project that provides Identity, Token, Catalog
and Policy services for use specifically by projects in the OpenStack
family.
This package contains the core Python module of OpenStack Keystone.
%package test
Summary: Testsuite for the OpenStack Keystone
Group: Development/Languages/Python
Requires: %{name} = %{version}
Requires: python-Sphinx >= 1.1.2
Requires: python-WebTest
Requires: python-coverage
Requires: python-flake8 >= 2.0
Requires: python-hacking >= 0.5.6
Requires: python-keystoneclient >= 0.3.0
Requires: python-mox
Requires: python-netifaces
Requires: python-nose
Requires: python-nosehtmloutput
Requires: python-nosexcover
Requires: python-openstack.nose_plugin
Requires: python-pep8 >= 1.4.5
Requires: python-pyflakes >= 0.7.2
Requires: python-python-memcached
Requires: python-requests >= 1.0.0
Requires: python-swift
Requires: python-unittest2
# checkout_vendor in ./keystone/test.py
Requires: git-core
%description test
The OpenStack Keystone testsuite. It is used to verify the
functionality of OpenStack Keystone.
%prep
%setup -q -n keystone-2013.2
%patch0 -p1
%openstack_cleanup_prep
%build
python setup.py build
python setup.py build_sphinx -b man
%install
python setup.py install --prefix=%{_prefix} --root=%{buildroot}
### directories
install -d -m 755 %{buildroot}%{_localstatedir}/{lib,log,run}/keystone
### configuration files
install -d -m 0755 %{buildroot}%{_sysconfdir}/keystone
cp %{SOURCE2} %{buildroot}%{_sysconfdir}/keystone/
cp %{SOURCE3} %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates.sample
cp etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
cp etc/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/
cp etc/policy.json %{buildroot}%{_sysconfdir}/keystone/
install -p -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
### init scripts
install -p -D -m 755 %{SOURCE1} %{buildroot}%{_initddir}/%{name}
mkdir -p %{buildroot}%{_sbindir}
ln -s ../..%{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}
### documentation
install -d %{buildroot}%{_mandir}/man1
install -m 644 doc/build/man/keystone-{all,manage}.1 %{buildroot}%{_mandir}/man1
### test subpackage
%openstack_test_package_install
### create keystone ssl dirs
install -d %{buildroot}%{_sysconfdir}/keystone/ssl/private
touch %{buildroot}%{_sysconfdir}/keystone/ssl/private/signing_key.pem
install -d %{buildroot}%{_sysconfdir}/keystone/ssl/certs
touch %{buildroot}%{_sysconfdir}/keystone/ssl/certs/signing_cert.pem
### set default configuration (mostly applies to package-only setups and quickstart, i.e. not generally crowbar)
%define keystone_conf %{buildroot}%{_sysconfdir}/keystone/keystone.conf
crudini --set %{keystone_conf} DEFAULT verbose True
crudini --set %{keystone_conf} DEFAULT log_file keystone.log
crudini --set %{keystone_conf} DEFAULT log_dir /var/log/keystone
#TODO/FIXME(saschpe): Do we really want to use the file-based catalog or move into DB by default?
crudini --set %{keystone_conf} catalog template_file /etc/keystone/default_catalog.templates
crudini --set %{keystone_conf} catalog driver keystone.catalog.backends.templated.TemplatedCatalog
#TODO/FIXME(saschpe): Do we want to use sqlite per default or demand PostgreSQL right away?
crudini --set %{keystone_conf} sql connection sqlite:////var/lib/keystone/keystone.db
%pre
getent group %{groupname} >/dev/null || groupadd -r %{groupname}
getent passwd %{username} >/dev/null || useradd -r -g %{groupname} -d %{_localstatedir}/lib/keystone -s /sbin/nologin -c "OpenStack keystone Daemon" %{username}
exit 0
%post
# create an example.com certificate if not available already
if ! [ -r /etc/keystone/ssl/certs/signing_cert.pem ]; then
if [ -r /etc/keystone/ssl/certs/index.txt ]; then
# recreate index.txt if it is only about the example.com config
if [ 0$(wc -l </etc/keystone/ssl/certs/index.txt) -le 1 ] && grep -q CN=www.example.com /etc/keystone/ssl/certs/index.txt; then
rm /etc/keystone/ssl/certs/index.txt
fi
fi
/usr/bin/keystone-manage pki_setup --keystone-user %{username} --keystone-group %{groupname}
# keystone-manage will create a keystone.log file owned by root; fix that
test -f %{_localstatedir}/log/keystone/keystone.log && chown %{username}:%{groupname} %{_localstatedir}/log/keystone/keystone.log
fi
%fillup_and_insserv %{name}
%restart_on_update %{name}
%preun
%stop_on_removal %{name}
%postun
%restart_on_update openstack-keystone
%insserv_cleanup
%files
%defattr(-,root,root)
%dir %attr(0755, %{username}, %{groupname}) %{_localstatedir}/lib/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/log/%{component}
%ghost %dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/run/%{component}
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}
%dir %attr(0755, root, %{groupname}) %{_sysconfdir}/%{component}/ssl
%dir %attr(0755, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/certs
%ghost %attr(0644, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/certs/signing_cert.pem
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/private
%ghost %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/private/signing_key.pem
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/logging.conf
%config %{_sysconfdir}/%{component}/keystone-paste.ini
%config %{_sysconfdir}/%{component}/policy.json
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0640, %{username}, %{groupname}) %{_sysconfdir}/%{component}/default_catalog.templates.sample
%{_initddir}/%{name}
%{_sbindir}/rc%{name}
%{_bindir}/keystone-all
%{_bindir}/keystone-manage
%{_mandir}/man1/keystone*
%doc tools/sample_data.sh
%files -n python-keystone
%defattr(-,root,root,-)
%doc LICENSE
%{python_sitelib}
%files test
%defattr(-,root,root)
%{_localstatedir}/lib/openstack-%{component}-test
%changelog
