x
/
snap-keystone
Code Issues Proposed changes
Snap package for Keystone
20 Commits 1 Branch 0 Tags 497 KiB
Diff 60.5%
Jinja 19.5%
Shell 12.6%
Python 7.4%
Go to file
Corey Bryant c10ad0d9eb Drop privileges when running commands 
Drop privileges to a regular user when running commands defined
by this snap. In most cases this is done prior to executing the
command.

NGINX is an exception in that the command will be run as root,
allowing the the master process to bind to ports. The nginx.conf
template is configured to then drop privileges for worker processes,
which do all work, such as handling network connections, r/w to
disk, and communication with servers.

Change-Id: If9bf24fc65412b90b8b1890944a469de23888c32
 		2017-05-18 16:12:11 +00:00
snap Drop privileges when running commands 2017-05-18 16:12:11 +00:00
.gitignore Baseline standalone snap 2016-11-21 15:07:30 +00:00
.gitreview Hygiene tidy 2016-11-24 16:33:10 +00:00
CONTRIBUTING.rst Hygiene tidy 2016-11-24 16:33:10 +00:00
LICENSE Hygiene tidy 2016-11-24 16:33:10 +00:00
README.md Hygiene tidy 2016-11-24 16:33:10 +00:00
bindep.txt Switch to classic confinement 2017-03-16 15:22:38 +00:00
requirements.txt Log file updates for keystone and uwsgi 2017-01-04 09:17:03 +00:00
snapcraft.yaml Drop privileges when running commands 2017-05-18 16:12:11 +00:00
tox.ini Switch to classic confinement 2017-03-16 15:22:38 +00:00

README.md

Keystone Snap

This repository contains the source code of the snap for the OpenStack Identity service, Keystone.

Installing this snap

The keystone snap can be installed directly from the snap store:

sudo snap install [--edge] keystone

Configuring Keystone

Snaps run in an AppArmor and seccomp confined profile, so don't read configuration from /etc/keystone on the hosting operating system install.

This snap supports configuration via the $SNAP_COMMON writable area for the snap:

etc
├── keystone
│   ├── keystone.conf
└── keystone.conf.d
    ├── database.conf
    ├── keystone-snap.conf
    └── keystone.conf

The keystone applications can be configured in a few ways.

Firstly the WSGI daemon will detect and read etc/keystone/keystone.conf if it exists so you can just place all configuration in the file for each daemon.

Alternatively the WSGI daemon will load all configuration files from etc/keystone.conf.d - in the above example, database and keystone authtoken configuration is shared across both daemons using configuration snippets in separate files in etc/keystone.conf.d.

For reference, $SNAP_COMMON is typically located under /var/snap/keystone/common.

Managing Keystone

Currently all snap binaries must be run as root; for example, to run the keystone-manage binary use:

sudo keystone.manage

Restarting Keystone services

To restart all keystone services:

sudo systemctl restart snap.keystone.*

or use the individual service:

sudo systemctl restart snap.keystone.api

Building the Keystone snap

Simply clone this repository and then install and run snapcraft:

git clone https://github.com/openstack-snaps/snap-keystone
sudo apt install snapcraft
cd keystone
snapcraft

Support

Please report any bugs related to this snap on Launchpad.

Alternatively you can find the OpenStack Snap team in #openstack-snaps on Freenode IRC.