It maps the name of the config values that we use in our templates to
the name of the key in the snap config. This allows us to stick a
bunch of stuff in the questions namespace in the snap config, and to
use dashes, with minimal changes to our templates.
Drop Python 2 support, to fix tests.
Change-Id: I48b86b5e557e30f81e9cc415e7fa3a9133aa9f39
We present these as seperate invocations of the script, rather than
automatically running them one after the other. This allows us to run
the setup script once for multiple daemons, then run launch steps
individually for the daemons.
Change-Id: Ia223f6bd6c1d3b544831652d4a076c4bee13ce43
This allows us to access values from the snap config in our templates,
just like we access the snap environment variables.
Change-Id: Id9d499482ec7c2f1b63cd854b4a5cee8e519a712
Add automatic addition of REQUESTS_CA_BUNDLE to the execution
environment if $SNAP_COMMON/etc/ssl/certs/ca-certificates.crt
is detected, allowing the certs from the core snap to be
overridden on a per snap basis.
This supports use of privately signed certificates in snap
based deployments.
Change-Id: Iac789d25b9a5d0e71ba0afdc8462ff0c2344ef7b
Related-Bug: 1724012
This mostly just updates test paths to align with new locations based
on the changes that enabled overriding default configs. The test
snap-openstack.yaml is also updated with the the current one from
the keystone snap, dropping run-as which is no longer used since the
move to strict confinement.
Change-Id: I9ffc15e561b36ba87585b3615f34fccf8ef2d753
Drop code that is no longer used or no longer required since the move
back to strictly confined snaps.
* Everything is run as root in strict snaps so there's no need
to drop privileges, no need to chown dirs/templates to anything
but root, and the default dir/file modes should suffice.
* copyfiles: we wanted to move away from this and finally did, so
so it's no longer used.
* rchown and rchmod: these are no longer used.
chmod is still used by nova-hypervisor, so let's keep it. I'm not
sure that we still need chown, but I've left that in case we happen
to.
Change-Id: I45be76121b73f0c354a9bcc4014af534455cb533
The config override patch was a bit too aggressive in not allowing
multiple OpenStack config files/dirs to be specified. Some projects
need to specify more than one, so this re-enables the ability to
specify multiple OpenStack config files/dirs.
Additionally this makes the override of OpenStack config files more
flexible in that individual files can be overridden while others are
not.
Change-Id: Id512a96e3a7b408b519f29f860d522a584f1e5d9
Enables the ability for default config files to be overriden for
each entry point type (simple, uwsgi, and nginx).
Additionally, align unit tests with keystone's snap-openstack.yaml,
as features tend to land in the keystone snap first.
Change-Id: I9fe54f1dae2b94d2f78783f38ced48ebe7c66f0f
Refactor the template rending code into a static function.
Ensure that templates for the entry point are rendered during
execute, not the global templates.
Change-Id: Idddd6361deabb8a2c21caa77a42a55cd8b8d2cbc
As snaps only write out to snap specific locations, create locks
scoped to the individual snap, not globally for all snaps.
Change-Id: Ife03fb66eb97b89040495ffa51e867adca10a3a1
Targets for copyfiles and template directives should be considered
as owned by the snap, and as a result should always be executed,
irrespective of whether the target file exists or not.
This ensures that any use of {{ snap }} is current, and that changes
to templates in the snap are reflected on refresh.
Execute copyfiles prior to template rendering to ensure templated
files overwrite any files copied as a copyfiles target.
Change-Id: I97bf668cc86099227670a00defd4ee3c36b58ed7
Specifying hard-coded config files via the uwsgi pyargv option
caused failures when a file didn't exist.
This patch enables dynamic creation of the pyargv option. This
value is pushed onto the context for templated file generation
which is now supported as a subelement of an entry point as
well as a top level global option.
Change-Id: I1d0fae42b2e43fe8808fda3de83e122502233a4c
Add support for running commands, defined by a snap, as a specific
user/group.
Additionally, file permissions and ownership of setup files can
be adjusted to limit access from other users.
Change-Id: I8563abce55b2b20936eb4e1d55a9016b97e8f6e0
By dropping the install setup key, snaps will decide for themselves
the full path where setup dirs, templates, and copyfiles are created.
Change-Id: I5347186cc586b54dfb11bf1884a0d804d5c1303f
Common utility functions that were defined in base.py are moved to their
own Utils class. Additionally this patch adds some checks to ensure keys
exist in setup() before attempting to access them.
Change-Id: Ib940eefce140e3552f41ff0e32123ae90fe81fe4
Add support for an install setup key that is set in snap-openstack.yaml
and defines whether the snap should be installed as a 'classic' or
'strict' snap. This determines the root directory where setup dirs,
templates, and copyfiles are created. If install is set to classic
the root directory will be / and if install is set to strict the root
directory will be $SNAP_COMMON.
Additionally the symlinks setup key is dropped. Classic snaps will
install files into / as defined by the install key.
Change-Id: I6750957654e75169108e6e866ab0d43e588cbd12
The code in OpenStackSnap.setup() creates users, files,
directories, symlinks, etc. Locking support is added to ensure
that setup() code is only executed by a single process at a time.
Change-Id: Ia7ea6251d68284f5ea6e726e474f65d393b296ea
Missing configuration files are a 'normal' thing to expect, so
don't need to be logged as warning messages.
Change-Id: I2413969d48c3785db497549465564a4d493a6b26
Pete Vander Giessen