This helps us not break when transitioning to using the new version of
snapstack, with the config files for each snap in the individual
steps, rather than in a config step.
Change-Id: If845bff36ed7f1256a8150ec806a13d6fb08a05e
This is part of a transition to storing the config files in the snap,
rather than in snapstack.
Also updated .gitignore to ignore emacs temp files and snapcraft
cruft.
Change-Id: I30a5421faec0a976741f3dd0d5452f2437e19503
Tweaked tox.ini to invoke snapstack, and added test_snapstack.py to
tests dir.
Also added keystone.sh to keystone/tests, as part of the plan to move
those scripts from snap-test to the individual snaps.
Change-Id: Id39209ee1534670506f0d97bb3dcb34a173ebc92
The current snaps now have well-known aliases defined at install time
for commands [1]. This means we can drop the manual alias definition
from snapcraft.yaml and the instructions for setting it up.
When building/installing locally users can still create the alias
with 'snap alias'.
[1] https://forum.snapcraft.io/t/auto-aliases-for-openstack-base-snaps/1146/6
Change-Id: I6ca747b83e8a930c9ba65cdfb36f8fc67609bd54
Without ssl at compile time Nginx cannot run SSL sites.
Use the --with-http_ssl switch at compile time.
Change-Id: I6210671665c4509382c6621cabb4612e2ba15ee9
The admin port was connecting to the public socket and the public
port was connecting to the admin socket to communicate with uwsgi.
The config is updated to connect the correct ports and sockets.
Thanks to David Ames <david.ames@canonical.com> for figuring this
out.
Change-Id: I3a909a0982513923c35ab4103b6eee57753b0595
The following are included in the switch to strict confinement:
* Set snapcraft.yaml confinement to strict and restore/update plugs
* Drop building of python as it's not required for strict snaps
* Patch setgroups from ngnix since it's not covered by a plug
* Switch back to running apps under root
* Build libxml into snap
Change-Id: I3f73f79844728ffc8e12632e14595e1cd7c375cf
Enable the ability for default config files to be overridden for each
entry point type (simple, uwsgi, and nginx).
Also refresh the README while documenting how default config files can
be overridden.
Change-Id: I2b2479df2ca93eb6b82d115efafb62081e6e28c2
Drop copyfiles from snap-openstack.yaml for nginx, and modify the nginx
template files such that we can install them in $SNAP_COMMON while pointing
them at additional default config files in $SNAP.
Change-Id: I82c71c0ca25385eccbffee38a80a31a5b6275608
As part of this change, the pyargv uwsgi option is dynamically
created. This is needed because specifying hard-coded config
files via the uwsgi pyargv option caused failures when a file
didn't exist. Now, when dynamically creating pyargv, if an
OpenStack config file doesn't exist, it won't be added.
This change requires that the uwsgi templated configuration be
rendered as part of the entry point, rather than globally for
the snap.
Change-Id: I99541fbf1292a3a4d118c0a8da8dd34891337c88
Drop privileges to a regular user when running commands defined
by this snap. In most cases this is done prior to executing the
command.
NGINX is an exception in that the command will be run as root,
allowing the the master process to bind to ports. The nginx.conf
template is configured to then drop privileges for worker processes,
which do all work, such as handling network connections, r/w to
disk, and communication with servers.
Change-Id: If9bf24fc65412b90b8b1890944a469de23888c32
Add alias for the keystone-manage command to be inline with
actual command naming and documentation.
Change-Id: If04c1d168a0001a777b56aafeb17e6f16427a0af
The install setup key is dropped, and SNAP_COMMON is used as the
root directory where setup dirs, templates, and copyfiles are
installed. This aligns better with how snaps should behave.
Change-Id: I6a7b60ad22739bca55a556d936731f37788f623e
Classic python snaps require python to be compiled from source.
Additionaly, move away from using the environment dictionary
until it is fully supported by snapd. Finally, use a fixed python
path in order to get the correct site-specific config.
These changes were recommended in the following bug:
https://bugs.launchpad.net/snapcraft/+bug/1675479
Change-Id: I61be2595bd063f9d7605450e556066b9d72cc90f
When this snap is built on xenial, ngnix is unable to find libgd.so.3.
Updating LD_LIBRARY_PATH to include the path to libgd.so.3 fixes this.
Change-Id: I1920e84b4888369d56bd46869381c9649934a311
This is a work-around for https://bugs.launchpad.net/bugs/1675479,
where namespace packages aren't installed correctly.
Change-Id: If97986f63e666047f9cf482825ada4acbd6808ac
There will be multiple OpenStack snaps that have their own nginx/uwsgi files,
such as nginx.conf template, systemd unit files, pid files, log files, and
more. This change isolates the keystone directories for nginx and uwsgi so
that they won't conflict with other OpenStack snaps that use nginx and uwsgi.
Change-Id: Ia558bed548580f4b82a85b65ec029fd534334e2c
With this patch we use nginx as the web server for API requests,
and continue to run the keystone API wsgi apps under uwsgi.
Change-Id: I637daec2424ef4c377dac249fcc03f43db70a2fe
The install setup key is introduced to determine the root directory
where setup dirs, templates, and copyfiles are installed. We set
the install key to 'classic' in snap-openstack.yaml, which results
in using / as the root directory. This is used in favor of symlinks
which are dropped in this change.
Additionally PYTHONPATH is updated as that is required in later
snapcraft versions, and /etc/keystone/keystone.conf.d is moved
to /etc/keystone/conf.d to align with the other OpenStack snaps.
Change-Id: I62ba36d6f3efd3493a8e268bf1babfe232b41764
Classic confinement allows the snap to behave like a traditionally
packaged application with full access to the system, and enables the
use of traditional directories such as /etc and /var/log.
We will continue to store all of the snap's files in $SNAP* directories.
This enables the snap to cleanup after itself if it is removed. However,
traditional directory locations are symlinked to their corresponding
$SNAP* directories.
For example, keystone configs are installed in $SNAP_COMMON/etc/keystone
which has a symlink at /etc/keystone.
The keystone apps then use the traditional directories when running
commands and services.
Change-Id: Ib33d958adab660a092110c4beae928dc9661d0c6
Enable the uwsgi log file in snap-openstack.yaml and enable the keystone
log file in the uwsgi templates.
Update bindep and requirements to use snapcraft from packages until
fully installable from git source.
Change-Id: I6342254a5ebd322e430ea90df5f7ec2d29ae6704