diff --git a/keystone-18.0.0.tar.gz b/keystone-18.0.0.tar.gz deleted file mode 100644 index c235bda..0000000 Binary files a/keystone-18.0.0.tar.gz and /dev/null differ diff --git a/keystone-19.0.0.tar.gz b/keystone-19.0.0.tar.gz new file mode 100644 index 0000000..eab72bd Binary files /dev/null and b/keystone-19.0.0.tar.gz differ diff --git a/keystone-dist.conf b/keystone-dist.conf new file mode 100644 index 0000000..62f250a --- /dev/null +++ b/keystone-dist.conf @@ -0,0 +1,12 @@ +[DEFAULT] +log_file=/var/log/keystone/keystone.log +use_stderr = False + +[database] +connection=mysql://keystone:keystone@localhost/keystone + +[catalog] +template_file=/etc/keystone/default_catalog.templates + +[paste_deploy] +config_file=/etc/keystone/keystone-paste.ini diff --git a/openstack-keystone-sample-data b/openstack-keystone-sample-data new file mode 100755 index 0000000..a0a3619 --- /dev/null +++ b/openstack-keystone-sample-data @@ -0,0 +1,3 @@ +#!/bin/bash + +/usr/share/keystone/sample_data.sh "$@" diff --git a/openstack-keystone.logrotate b/openstack-keystone.logrotate index cd2dd5a..b3b4650 100644 --- a/openstack-keystone.logrotate +++ b/openstack-keystone.logrotate @@ -1,13 +1,7 @@ /var/log/keystone/*.log { + rotate 14 + size 10M + missingok compress copytruncate - dateext - minsize 100k - missingok - notifempty - rotate 10 - sharedscripts - size 1M - su keystone keystone - weekly } diff --git a/openstack-keystone.spec b/openstack-keystone.spec index fa7eb65..e2f6347 100644 --- a/openstack-keystone.spec +++ b/openstack-keystone.spec @@ -1,178 +1,284 @@ +%global with_doc 1 +%global service keystone + +%{!?upstream_version: %global upstream_version %{version}%{?milestone}} + +%global common_desc \ +Keystone is a Python implementation of the OpenStack \ +(http://www.openstack.org) identity service API. + Name: openstack-keystone -Version: 18.0.0 -Release: 3 +Version: 19.0.0 +Release: 1 Summary: OpenStack Identity Service License: ASL 2.0 -URL: https://launchpad.net/keystone -Source0: keystone-18.0.0.tar.gz +URL: http://keystone.openstack.org/ +Source0: https://tarballs.openstack.org/%{service}/%{service}-%{upstream_version}.tar.gz Source1: openstack-keystone.logrotate -Source2: openstack-keystone.sysctl - -BuildRequires: openstack-macros -BuildRequires: python3-flask -BuildRequires: python3-flask-restful -BuildRequires: python3-webtest -BuildRequires: python3-bcrypt -BuildRequires: python3-fixtures -BuildRequires: python3-freezegun -BuildRequires: python3-jsonschema -BuildRequires: python3-keystonemiddleware -BuildRequires: python3-lxml -BuildRequires: python3-mock -BuildRequires: python3-oauthlib -BuildRequires: python3-oslo-cache -BuildRequires: python3-oslo-config -BuildRequires: python3-oslo-db -BuildRequires: python3-oslo-messaging -BuildRequires: python3-oslo-policy -BuildRequires: python3-oslo-upgradecheck -BuildRequires: python3-oslotest -BuildRequires: python3-osprofiler -BuildRequires: python3-passlib -BuildRequires: python3-pbr -BuildRequires: python3-pysaml2 -BuildRequires: python3-requests -BuildRequires: python3-scrypt -BuildRequires: python3-sqlparse -BuildRequires: which - -Requires: logrotate -Requires: python3-keystone - +Source3: openstack-keystone.sysctl +Source5: openstack-keystone-sample-data +Source20: keystone-dist.conf BuildArch: noarch -%description -Keystone is a Python implementation of the OpenStack -(http://www.openstack.org) identity service API. -. -This package contains the keystone python libraries. +BuildRequires: openstack-macros +BuildRequires: python3-devel +BuildRequires: python3-osprofiler >= 1.1.0 +BuildRequires: python3-pbr >= 2.0.0 +BuildRequires: git-core +BuildRequires: python3-oslo-cache >= 1.26.0 +BuildRequires: python3-oslo-config >= 6.8.0 +BuildRequires: python3-passlib >= 1.6 +BuildRequires: python3-pycadf >= 2.1.0 +BuildRequires: python3-babel +BuildRequires: python3-oslo-policy +BuildRequires: python3-jsonschema >= 2.6.0 +BuildRequires: python3-oslo-db >= 4.27.0 +BuildRequires: python3-oauthlib +BuildRequires: python3-pysaml2 +BuildRequires: python3-keystonemiddleware >= 7.0.0 +BuildRequires: python3-testresources +BuildRequires: python3-testscenarios +BuildRequires: python3-oslotest +BuildRequires: python3-redis +BuildRequires: python3-ldappool >= 2.0.0 +BuildRequires: python3-webtest +BuildRequires: python3-freezegun -%package -n python3-keystone -Summary: Keystone Python libraries -Group: Applications/System -Requires: python3-ldap -Requires: python3-babel -Requires: python3-flask -Requires: python3-flask-restful -Requires: python3-jwt -Requires: python3-sqlalchemy -Requires: python3-webob -Requires: python3-bcrypt -Requires: python3-cryptography -Requires: python3-dogpile-cache -Requires: python3-jsonschema -Requires: python3-keystoneclient -Requires: python3-keystonemiddleware -Requires: python3-msgpack -Requires: python3-oauthlib -Requires: python3-oslo-cache -Requires: python3-oslo-concurrency -Requires: python3-oslo-config -Requires: python3-oslo-context -Requires: python3-oslo-db -Requires: python3-oslo-i18n -Requires: python3-oslo-log -Requires: python3-oslo-messaging -Requires: python3-oslo-middleware -Requires: python3-oslo-policy -Requires: python3-oslo-serialization -Requires: python3-oslo-upgradecheck -Requires: python3-oslo-utils -Requires: python3-osprofiler -Requires: python3-passlib -Requires: python3-pbr -Requires: python3-pycadf -Requires: python3-pysaml2 -Requires: python3-memcached -Requires: python3-pytz -Requires: python3-scrypt -Requires: python3-six +Requires: python3-keystone = %{version}-%{release} +Requires: python3-keystoneclient >= 3.8.0 + +%{?systemd_ordering} + +BuildRequires: systemd +Requires(pre): shadow-utils + +%description +%{common_desc} + +This package contains the Keystone daemon. + +%package -n python3-keystone +Summary: Keystone Python libraries +%{?python_provide:%python_provide python3-keystone} + +Requires: python3-pbr >= 2.0.0 +Requires: python3-bcrypt >= 3.1.3 +Requires: python3-sqlalchemy >= 1.3.0 +Requires: python3-passlib >= 1.7.0 +Requires: openssl +Requires: python3-oauthlib >= 0.6.2 +Requires: python3-jsonschema >= 3.2.0 +Requires: python3-pycadf >= 1.1.0 +Requires: python3-keystonemiddleware >= 7.0.0 +Requires: python3-oslo-cache >= 1.26.0 +Requires: python3-oslo-config >= 6.8.0 +Requires: python3-oslo-context >= 2.22.0 +Requires: python3-oslo-db >= 6.0.0 +Requires: python3-oslo-i18n >= 3.15.3 +Requires: python3-oslo-log >= 3.44.0 +Requires: python3-oslo-messaging >= 5.29.0 +Requires: python3-oslo-middleware >= 3.31.0 +Requires: python3-oslo-policy >= 3.6.0 +Requires: python3-oslo-serialization >= 2.18.0 +Requires: python3-oslo-upgradecheck >= 1.3.0 +Requires: python3-oslo-utils >= 3.33.0 +Requires: python3-osprofiler >= 1.4.0 +Requires: python3-pysaml2 >= 5.0.0 +Requires: python3-stevedore >= 1.20.0 +Requires: python3-scrypt >= 0.8.0 +Requires: python3-flask >= 1.0.2 +Requires: python3-flask-restful >= 0.3.5 +Requires: python3-jwt >= 1.6.1 +Requires: python3-pytz >= 2013.6 +Requires: python3-cryptography >= 2.7 +Requires: python3-ldap >= 3.1.0 +Requires: python3-ldappool >= 2.0.0 +Requires: python3-memcached >= 1.56 Requires: python3-sqlalchemy-migrate -Requires: python3-stevedore +Requires: python3-webob >= 1.7.1 +Requires: python3-dogpile-cache >= 1.0.2 +Requires: python3-msgpack >= 0.5.0 + %description -n python3-keystone -Keystone is a Python implementation of the OpenStack -(https://docs.openstack.org/developer/keystone/) identity service API. +%{common_desc} + This package contains the Keystone Python library. +%package -n python3-%{service}-tests +Summary: Keystone tests +%{?python_provide:%python_provide python3-%{service}-tests} +Requires: openstack-%{service} = %{version}-%{release} + + +%description -n python3-%{service}-tests +%{common_desc} + +This package contains the Keystone test files. + + +%if 0%{?with_doc} +%package doc +Summary: Documentation for OpenStack Identity Service + +# for API autodoc +BuildRequires: python3-sphinx >= 1.1.2 +BuildRequires: python3-sphinx-feature-classification +BuildRequires: python3-openstackdocstheme +BuildRequires: python3-sphinxcontrib-apidoc +BuildRequires: python3-sphinxcontrib-seqdiag +BuildRequires: python3-sphinxcontrib-blockdiag +BuildRequires: python3-flask >= 1.0.2 +BuildRequires: python3-flask-restful >= 0.3.5 +BuildRequires: python3-cryptography >= 2.1 +BuildRequires: python3-oslo-log >= 3.44.0 +BuildRequires: python3-oslo-messaging >= 5.29.0 +BuildRequires: python3-oslo-middleware >= 3.31.0 +BuildRequires: python3-oslo-policy >= 2.3.0 +BuildRequires: python3-mock +BuildRequires: python3-dogpile-cache >= 0.5.7 +BuildRequires: python3-memcached >= 1.56 +BuildRequires: python3-lxml + + +%description doc +%{common_desc} + +This package contains documentation for Keystone. +%endif + %prep -%autosetup -p1 -n keystone-18.0.0 -%py_req_cleanup +%autosetup -n keystone-%{upstream_version} + find . \( -name .gitignore -o -name .placeholder \) -delete find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \; -# adjust paths to WSGI scripts +%py_req_cleanup + sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf %build -%{py3_build} +PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf +PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml +PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json +# distribution defaults are located in keystone-dist.conf -# config file generation -PYTHONPATH=. oslo-config-generator --config-file config-generator/keystone.conf \ ---output-file etc/keystone.conf.sample -# policy file generation -oslopolicy-sample-generator --config-file config-generator/keystone-policy-generator.conf --output-file etc/keystone.policy.yaml +%{py3_build} +%{__python3} setup.py compile_catalog -d build/lib/%{service}/locale -D keystone %install %{py3_install} + +echo "{}" > policy.json + install -d -m 755 %{buildroot}%{_sysconfdir}/keystone -install -d -m 755 %{buildroot}%{_sysconfdir}/sysctl.d -install -d -m 750 %{buildroot}%{_localstatedir}/{lib,log,cache}/keystone -install -d -m 755 %{buildroot}%{_sysconfdir}/keystone/keystone.conf.d/ -# default dir for fernet tokens -install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/ +install -d -m 755 %{buildroot}%{_sysconfdir}/keystone/policy.d install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf +install -p -D -m 640 policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json +install -p -D -m 640 %{service}-schema.yaml %{buildroot}%{_datadir}/%{service}/%{service}-schema.yaml +install -p -D -m 640 %{service}-schema.json %{buildroot}%{_datadir}/%{service}/%{service}-schema.json +install -p -D -m 644 %{SOURCE20} %{buildroot}%{_datadir}/keystone/keystone-dist.conf install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf -install -p -D -m 640 etc/keystone.policy.yaml %{buildroot}%{_sysconfdir}/keystone/keystone.policy.yaml install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone -install -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysctl.d/openstack-keystone.conf -# remove wrongly installed tree -rm -rv %{buildroot}/%{_prefix}%{_sysconfdir}/ -# Install sample data script. +install -d -m 755 %{buildroot}%{_prefix}/lib/sysctl.d +install -p -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sysctl.d/openstack-keystone.conf install -p -D -m 755 tools/sample_data.sh %{buildroot}%{_datadir}/keystone/sample_data.sh -# Install apache configuration files +install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample-data install -p -D -m 644 httpd/wsgi-keystone.conf %{buildroot}%{_datadir}/keystone/ +install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone +install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone + +rm -rf %{buildroot}/%{_prefix}%{_sysconfdir} + +%if 0%{?with_doc} +sphinx-build -b html doc/source doc/build/html + +mkdir -p doc/build/man/_static +sphinx-build -b man doc/source doc/build/man +mkdir -p %{buildroot}%{_mandir}/man1 +install -p -D -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1/ +%endif +%if 0%{?with_doc} +# Fix hidden-file-or-dir warnings +rm -fr doc/build/html/.doctrees doc/build/html/.buildinfo +%endif + +# Install i18n .mo files (.po and .pot are not required) +install -d -m 755 %{buildroot}%{_datadir} +rm -f %{buildroot}%{python3_sitelib}/%{service}/locale/*/LC_*/%{service}*po +rm -f %{buildroot}%{python3_sitelib}/%{service}/locale/*pot +mv %{buildroot}%{python3_sitelib}/%{service}/locale %{buildroot}%{_datadir}/locale + +%find_lang %{service} --all-name + %pre -%openstack_pre_user_group_create keystone keystone /sbin/nologin +getent group keystone >/dev/null || groupadd -r --gid 163 keystone +getent passwd keystone >/dev/null || \ +useradd --uid 163 -r -g keystone -d %{_sharedstatedir}/keystone -s /sbin/nologin \ +-c "OpenStack Keystone Daemons" keystone exit 0 %post %sysctl_apply openstack-keystone.conf +touch %{_localstatedir}/log/keystone/keystone.log +chown root:keystone %{_localstatedir}/log/keystone/keystone.log +chmod 660 %{_localstatedir}/log/keystone/keystone.log %files %license LICENSE %doc README.rst +%if 0%{?with_doc} +%{_mandir}/man1/keystone*.1.gz +%endif %{_bindir}/keystone-wsgi-admin %{_bindir}/keystone-wsgi-public %{_bindir}/keystone-manage %{_bindir}/keystone-status +%{_bindir}/openstack-keystone-sample-data %dir %{_datadir}/keystone +%attr(0644, root, keystone) %{_datadir}/keystone/keystone-dist.conf +%attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.yaml +%attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.json %attr(0755, root, root) %{_datadir}/keystone/sample_data.sh %attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf -%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone/ -%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone/keystone.conf.d/ -%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone/credential-keys +%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone +%dir %attr(0750, root, keystone) %{_sysconfdir}/keystone/policy.d %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf +%config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/policy.json %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates -%config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/keystone.policy.yaml %config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html %config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone -%dir %attr(0750, keystone, keystone) %{_localstatedir}/lib/keystone +%dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone %dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone -%dir %attr(0750, keystone, keystone) %{_localstatedir}/cache/keystone -%{_sysconfdir}/sysctl.d/openstack-keystone.conf +%ghost %attr(0660, root, keystone) %{_localstatedir}/log/keystone/keystone.log +%{_prefix}/lib/sysctl.d/openstack-keystone.conf -%files -n python3-keystone -%doc README.rst + +%files -n python3-keystone -f %{service}.lang +%defattr(-,root,root,-) %license LICENSE -%{python3_sitelib}/keystone* -%exclude %{python3_sitelib}/keystone/tests +%{python3_sitelib}/keystone +%{python3_sitelib}/keystone-*.egg-info +%exclude %{python3_sitelib}/%{service}/tests + +%files -n python3-%{service}-tests +%license LICENSE +%{python3_sitelib}/%{service}/tests + +%if 0%{?with_doc} +%files doc +%license LICENSE +%doc doc/build/html +%endif %changelog +* Thu Jul 15 2021 openstack-sig +- Update to 19.0.0 + * Fri Feb 26 2021 zhaorenhai - 18.0.0-3 - Change reserved port to 5000 @@ -182,3 +288,5 @@ exit 0 * Wed Feb 3 2021 wangxiyuan - Support OpenStack Victoria release + + diff --git a/openstack-keystone.sysctl b/openstack-keystone.sysctl index 431c133..58e86a8 100644 --- a/openstack-keystone.sysctl +++ b/openstack-keystone.sysctl @@ -1,3 +1,3 @@ -# By default, keystone starts a service on IANA-assigned port 35357 +# By default, keystone starts a service on IANA-assigned port 5000 # http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt net.ipv4.ip_local_reserved_ports = 5000