x
/
snap-keystone
Code Issues Proposed changes

Switch to classic confinement 

Classic confinement allows the snap to behave like a traditionally
packaged application with full access to the system, and enables the
use of traditional directories such as /etc and /var/log.

We will continue to store all of the snap's files in $SNAP* directories.
This enables the snap to cleanup after itself if it is removed. However,
traditional directory locations are symlinked to their corresponding
$SNAP* directories.

For example, keystone configs are installed in $SNAP_COMMON/etc/keystone
which has a symlink at /etc/keystone.

The keystone apps then use the traditional directories when running
commands and services.

Change-Id: Ib33d958adab660a092110c4beae928dc9661d0c6
This commit is contained in:
Corey Bryant 2017-03-07 18:19:09 +00:00
parent 8264c3bcaf
commit e62cd74e7e
7 changed files with 44 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bindep.txt
View File

@ -1 +1,2 @@
snapcraft [platform:dpkg] snapcraft [platform:dpkg]
snapd [platform:dpkg]

38
snap/snap-openstack.yaml
View File

@ -1,25 +1,35 @@
setup: setup:
dirs: dirs:
- "{snap_common}/etc/keystone.conf.d" - "{snap_common}/etc/keystone/keystone.conf.d"
- "{snap_common}/etc/keystone" - "{snap_common}/etc/keystone/fernet-keys"
- "{snap_common}/etc/uwsgi" - "{snap_common}/etc/uwsgi"
- "{snap_common}/log" - "{snap_common}/lib/keystone"
- "{snap_common}/lock" - "{snap_common}/lock/keystone"
- "{snap_common}/run" - "{snap_common}/log/keystone"
- "{snap_common}/fernet-keys" - "{snap_common}/log/uwsgi"
- "{snap_common}/run/keystone"
symlinks:
"{snap_common}/etc/keystone": /etc/keystone
"{snap_common}/etc/uwsgi": /etc/uwsgi
"{snap_common}/lib/keystone": /var/lib/keystone
"{snap_common}/lock/keystone": /var/lock/keystone
"{snap_common}/log/keystone": /var/log/keystone
"{snap_common}/log/uwsgi": /var/log/uwsgi
"{snap_common}/run/keystone": /var/run/keystone
templates: templates:
"keystone-snap.conf.j2": "{snap_common}/etc/keystone.conf.d/keystone-snap.conf" keystone-snap.conf.j2: "{snap_common}/etc/keystone/keystone.conf.d/keystone-snap.conf"
"admin.ini.j2": "{snap_common}/etc/uwsgi/admin.ini" admin.ini.j2: "{snap_common}/etc/uwsgi/keystone-admin.ini"
"public.ini.j2": "{snap_common}/etc/uwsgi/public.ini" public.ini.j2: "{snap_common}/etc/uwsgi/keystone-public.ini"
copyfiles:
"{snap}/etc/keystone": "{snap_common}/etc/keystone"
entry_points: entry_points:
keystone-manage: keystone-manage:
binary: keystone-manage binary: keystone-manage
config-files: config-files:
- "{snap}/etc/keystone/keystone.conf" - "/etc/keystone/keystone.conf"
- "{snap_common}/etc/keystone/keystone.conf"
config-dirs: config-dirs:
- "{snap_common}/etc/keystone.conf.d" - "/etc/keystone/keystone.conf.d"
keystone-api: keystone-api:
type: uwsgi type: uwsgi
uwsgi-dir: "{snap_common}/etc/uwsgi" uwsgi-dir: "/etc/uwsgi"
log-file: "{snap_common}/log/uwsgi.log" log-file: "/var/log/uwsgi/keystone.log"

4
snap/templates/admin.ini.j2
View File

@ -1,6 +1,6 @@
[uwsgi] [uwsgi]
wsgi-file = {{ snap }}/bin/keystone-wsgi-admin wsgi-file = {{ snap }}/bin/keystone-wsgi-admin
uwsgi-socket = {{ snap_common }}/run/keystone-admin.sock uwsgi-socket = /var/run/keystone-admin.sock
buffer-size = 65535 buffer-size = 65535
http = 0.0.0.0:35357 http = 0.0.0.0:35357
master = true master = true
@ -9,4 +9,4 @@ processes = 4
thunder-lock = true thunder-lock = true
plugins = python plugins = python
lazy-apps = true lazy-apps = true
pyargv = --config-file={{ snap }}/etc/keystone/keystone.conf --config-dir={{ snap_common }}/etc/keystone.conf.d --log-file={{ snap_common }}/log/keystone.log pyargv = --config-file=/etc/keystone/keystone.conf --config-dir=/etc/keystone/keystone.conf.d --log-file=/var/log/keystone/keystone.log

6
snap/templates/keystone-snap.conf.j2
View File

@ -1,11 +1,11 @@
[DEFAULT] [DEFAULT]
# Set state path to writable directory # Set state path to writable directory
state_path = {{ snap_common }} state_path = /var/lib/keystone
[oslo_concurrency] [oslo_concurrency]
# Oslo Concurrency lock path # Oslo Concurrency lock path
lock_path = {{ snap_common }}/lock lock_path = /var/lock/keystone
[fernet_tokens] [fernet_tokens]
# Fernet key repository # Fernet key repository
key_repository = {{ snap_common }}/fernet-keys key_repository = /etc/keystone/fernet-keys

4
snap/templates/public.ini.j2
View File

@ -1,6 +1,6 @@
[uwsgi] [uwsgi]
wsgi-file = {{ snap }}/bin/keystone-wsgi-public wsgi-file = {{ snap }}/bin/keystone-wsgi-public
uwsgi-socket = {{ snap_common }}/run/keystone-public.sock uwsgi-socket = /var/run/keystone-public.sock
buffer-size = 65535 buffer-size = 65535
http = 0.0.0.0:5000 http = 0.0.0.0:5000
master = true master = true
@ -9,4 +9,4 @@ processes = 4
thunder-lock = true thunder-lock = true
plugins = python plugins = python
lazy-apps = true lazy-apps = true
pyargv = --config-file={{ snap }}/etc/keystone/keystone.conf --config-dir={{ snap_common }}/etc/keystone.conf.d --log-file={{ snap_common }}/log/keystone.log pyargv = --config-file=/etc/keystone/keystone.conf --config-dir=/etc/keystone/keystone.conf.d --log-file=/var/log/keystone/keystone.log

23
snapcraft.yaml
View File

@ -6,20 +6,18 @@ description: |
mechanisms via HTTP primarily for use by projects in the OpenStack mechanisms via HTTP primarily for use by projects in the OpenStack
family. It is most commonly deployed as an HTTP interface to existing family. It is most commonly deployed as an HTTP interface to existing
identity systems, such as LDAP. identity systems, such as LDAP.
confinement: strict confinement: classic
grade: devel grade: devel
environment:
PATH: $PATH:$SNAP/bin/
apps: apps:
api: api:
command: snap-openstack keystone-api command: snap-openstack keystone-api
daemon: simple daemon: simple
plugs:
- network
- network-bind
manage: manage:
command: snap-openstack keystone-manage command: snap-openstack keystone-manage
plugs:
- network
parts: parts:
keystone: keystone:
@ -29,23 +27,18 @@ parts:
python-packages: python-packages:
- pymysql - pymysql
- uwsgi - uwsgi
- git+https://github.com/openstack-snaps/snap.openstack#egg=snap.openstack - git+https://github.com/openstack/snap.openstack#egg=snap.openstack
constraints: https://raw.githubusercontent.com/openstack/requirements/master/upper-constraints.txt constraints: https://raw.githubusercontent.com/openstack/requirements/master/upper-constraints.txt
build-packages: build-packages:
- gcc
- libffi-dev - libffi-dev
- libssl-dev - libssl-dev
- libxml2-dev
- libxslt1-dev
- pkg-config
- gcc
templates: templates:
after: after: [keystone]
- keystone
plugin: dump plugin: dump
source: snap source: snap
config: config:
after: after: [keystone]
- keystone
plugin: dump plugin: dump
source: http://tarballs.openstack.org/keystone/keystone-master.tar.gz source: http://tarballs.openstack.org/keystone/keystone-master.tar.gz
organize: organize:

4
tox.ini
View File

@ -6,9 +6,13 @@ skipsdist = True
basepython = python3.5 basepython = python3.5
install_command = pip install {opts} {packages} install_command = pip install {opts} {packages}
passenv = HOME TERM passenv = HOME TERM
whitelist_externals =
sudo
snapcraft
[testenv:snap] [testenv:snap]
deps = -r{toxinidir}/requirements.txt deps = -r{toxinidir}/requirements.txt
commands = commands =
sudo snap install core
snapcraft clean snapcraft clean
snapcraft snap snapcraft snap