From e62cd74e7e868ce643482a206a42bfa947b62eb9 Mon Sep 17 00:00:00 2001
From: Corey Bryant <corey.bryant@canonical.com>
Date: Tue, 7 Mar 2017 18:19:09 +0000
Subject: [PATCH] Switch to classic confinement

Classic confinement allows the snap to behave like a traditionally
packaged application with full access to the system, and enables the
use of traditional directories such as /etc and /var/log.

We will continue to store all of the snap's files in $SNAP* directories.
This enables the snap to cleanup after itself if it is removed. However,
traditional directory locations are symlinked to their corresponding
$SNAP* directories.

For example, keystone configs are installed in $SNAP_COMMON/etc/keystone
which has a symlink at /etc/keystone.

The keystone apps then use the traditional directories when running
commands and services.

Change-Id: Ib33d958adab660a092110c4beae928dc9661d0c6
---
 bindep.txt                           |  1 +
 snap/snap-openstack.yaml             | 38 ++++++++++++++++++----------
 snap/templates/admin.ini.j2          |  4 +--
 snap/templates/keystone-snap.conf.j2 |  6 ++---
 snap/templates/public.ini.j2         |  4 +--
 snapcraft.yaml                       | 23 ++++++-----------
 tox.ini                              |  4 +++
 7 files changed, 44 insertions(+), 36 deletions(-)

diff --git a/bindep.txt b/bindep.txt
index 5816a55..8d8c1a2 100644
--- a/bindep.txt
+++ b/bindep.txt
@@ -1 +1,2 @@
 snapcraft [platform:dpkg]
+snapd [platform:dpkg]
diff --git a/snap/snap-openstack.yaml b/snap/snap-openstack.yaml
index 55cdf5f..5cfcd1e 100644
--- a/snap/snap-openstack.yaml
+++ b/snap/snap-openstack.yaml
@@ -1,25 +1,35 @@
 setup:
   dirs:
-    - "{snap_common}/etc/keystone.conf.d"
-    - "{snap_common}/etc/keystone"
+    - "{snap_common}/etc/keystone/keystone.conf.d"
+    - "{snap_common}/etc/keystone/fernet-keys"
     - "{snap_common}/etc/uwsgi"
-    - "{snap_common}/log"
-    - "{snap_common}/lock"
-    - "{snap_common}/run"
-    - "{snap_common}/fernet-keys"
+    - "{snap_common}/lib/keystone"
+    - "{snap_common}/lock/keystone"
+    - "{snap_common}/log/keystone"
+    - "{snap_common}/log/uwsgi"
+    - "{snap_common}/run/keystone"
+  symlinks:
+    "{snap_common}/etc/keystone": /etc/keystone
+    "{snap_common}/etc/uwsgi": /etc/uwsgi
+    "{snap_common}/lib/keystone": /var/lib/keystone
+    "{snap_common}/lock/keystone": /var/lock/keystone
+    "{snap_common}/log/keystone": /var/log/keystone
+    "{snap_common}/log/uwsgi": /var/log/uwsgi
+    "{snap_common}/run/keystone": /var/run/keystone
   templates:
-    "keystone-snap.conf.j2": "{snap_common}/etc/keystone.conf.d/keystone-snap.conf"
-    "admin.ini.j2": "{snap_common}/etc/uwsgi/admin.ini"
-    "public.ini.j2": "{snap_common}/etc/uwsgi/public.ini"
+    keystone-snap.conf.j2: "{snap_common}/etc/keystone/keystone.conf.d/keystone-snap.conf"
+    admin.ini.j2: "{snap_common}/etc/uwsgi/keystone-admin.ini"
+    public.ini.j2: "{snap_common}/etc/uwsgi/keystone-public.ini"
+  copyfiles:
+    "{snap}/etc/keystone": "{snap_common}/etc/keystone"
 entry_points:
   keystone-manage:
     binary: keystone-manage
     config-files:
-      - "{snap}/etc/keystone/keystone.conf"
-      - "{snap_common}/etc/keystone/keystone.conf"
+      - "/etc/keystone/keystone.conf"
     config-dirs:
-      - "{snap_common}/etc/keystone.conf.d"
+      - "/etc/keystone/keystone.conf.d"
   keystone-api:
     type: uwsgi
-    uwsgi-dir: "{snap_common}/etc/uwsgi"
-    log-file: "{snap_common}/log/uwsgi.log"
+    uwsgi-dir: "/etc/uwsgi"
+    log-file: "/var/log/uwsgi/keystone.log"
diff --git a/snap/templates/admin.ini.j2 b/snap/templates/admin.ini.j2
index 24151e0..9c31581 100644
--- a/snap/templates/admin.ini.j2
+++ b/snap/templates/admin.ini.j2
@@ -1,6 +1,6 @@
 [uwsgi]
 wsgi-file = {{ snap }}/bin/keystone-wsgi-admin
-uwsgi-socket = {{ snap_common }}/run/keystone-admin.sock
+uwsgi-socket = /var/run/keystone-admin.sock
 buffer-size = 65535
 http = 0.0.0.0:35357
 master = true
@@ -9,4 +9,4 @@ processes = 4
 thunder-lock = true
 plugins = python
 lazy-apps = true
-pyargv = --config-file={{ snap }}/etc/keystone/keystone.conf --config-dir={{ snap_common }}/etc/keystone.conf.d --log-file={{ snap_common }}/log/keystone.log
+pyargv = --config-file=/etc/keystone/keystone.conf --config-dir=/etc/keystone/keystone.conf.d --log-file=/var/log/keystone/keystone.log
diff --git a/snap/templates/keystone-snap.conf.j2 b/snap/templates/keystone-snap.conf.j2
index 8e30e13..11e2959 100644
--- a/snap/templates/keystone-snap.conf.j2
+++ b/snap/templates/keystone-snap.conf.j2
@@ -1,11 +1,11 @@
 [DEFAULT]
 # Set state path to writable directory
-state_path = {{ snap_common }}
+state_path = /var/lib/keystone
 
 [oslo_concurrency]
 # Oslo Concurrency lock path
-lock_path = {{ snap_common }}/lock
+lock_path = /var/lock/keystone
 
 [fernet_tokens]
 # Fernet key repository
-key_repository = {{ snap_common }}/fernet-keys
+key_repository = /etc/keystone/fernet-keys
diff --git a/snap/templates/public.ini.j2 b/snap/templates/public.ini.j2
index b63a560..e43c5c6 100644
--- a/snap/templates/public.ini.j2
+++ b/snap/templates/public.ini.j2
@@ -1,6 +1,6 @@
 [uwsgi]
 wsgi-file = {{ snap }}/bin/keystone-wsgi-public
-uwsgi-socket = {{ snap_common }}/run/keystone-public.sock
+uwsgi-socket = /var/run/keystone-public.sock
 buffer-size = 65535
 http = 0.0.0.0:5000
 master = true
@@ -9,4 +9,4 @@ processes = 4
 thunder-lock = true
 plugins = python
 lazy-apps = true
-pyargv = --config-file={{ snap }}/etc/keystone/keystone.conf --config-dir={{ snap_common }}/etc/keystone.conf.d --log-file={{ snap_common }}/log/keystone.log
+pyargv = --config-file=/etc/keystone/keystone.conf --config-dir=/etc/keystone/keystone.conf.d --log-file=/var/log/keystone/keystone.log
diff --git a/snapcraft.yaml b/snapcraft.yaml
index efbc753..8bae4ef 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -6,20 +6,18 @@ description: |
   mechanisms via HTTP primarily for use by projects in the OpenStack
   family. It is most commonly deployed as an HTTP interface to existing
   identity systems, such as LDAP.
-confinement: strict
+confinement: classic
 grade: devel
 
+environment:
+  PATH: $PATH:$SNAP/bin/
+
 apps:
   api:
     command: snap-openstack keystone-api
     daemon: simple
-    plugs:
-      - network
-      - network-bind
   manage:
     command: snap-openstack keystone-manage
-    plugs:
-      - network
 
 parts:
   keystone:
@@ -29,23 +27,18 @@ parts:
     python-packages:
       - pymysql
       - uwsgi
-      - git+https://github.com/openstack-snaps/snap.openstack#egg=snap.openstack
+      - git+https://github.com/openstack/snap.openstack#egg=snap.openstack
     constraints: https://raw.githubusercontent.com/openstack/requirements/master/upper-constraints.txt
     build-packages:
+      - gcc
       - libffi-dev
       - libssl-dev
-      - libxml2-dev
-      - libxslt1-dev
-      - pkg-config
-      - gcc
   templates:
-    after:
-      - keystone
+    after: [keystone]
     plugin: dump
     source: snap
   config:
-    after:
-      - keystone
+    after: [keystone]
     plugin: dump
     source: http://tarballs.openstack.org/keystone/keystone-master.tar.gz
     organize:
diff --git a/tox.ini b/tox.ini
index 997c257..7360ffc 100644
--- a/tox.ini
+++ b/tox.ini
@@ -6,9 +6,13 @@ skipsdist = True
 basepython = python3.5
 install_command = pip install {opts} {packages}
 passenv = HOME TERM
+whitelist_externals =
+    sudo
+    snapcraft
 
 [testenv:snap]
 deps = -r{toxinidir}/requirements.txt
 commands =
+    sudo snap install core
     snapcraft clean
     snapcraft snap