diff --git a/debian/changelog b/debian/changelog index 33b3c3c40845315f2cd3dadbe4e66c2917692ba2..95104fe1689355b05f47895597dc3aca3d3d96f6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,27 @@ +heat (1:11.0.0-3) unstable; urgency=medium + + * d/control: Add me to uploaders field + * d/copyright: Add me to copyright file + * d/rules: Make default + - [trustee] auth_type password + - [trustee] user_domain_name default + * d/heat-common.{config,postinst}.in: + - Handle things via debconf + - [DEFAULT] stack_domain_admin + - [DEFAULT] stack_domain_admin_password + - [DEFAULT] stack_user_domain_name + - [trustee] username + - [trustee] password + - Create heat domain admin + - Create heat domain + - Assign domain admin role to heat_domain_admin + * d/heat-api-cfn.{config,postinst}.in: + - Handle things via debconf + - [DEFAULT] heat_metadata_server_url + - [DEFAULT] heat_waitcondition_server_url + + -- Michal Arbet Wed, 21 Nov 2018 13:34:18 +0100 + heat (1:11.0.0-2) unstable; urgency=medium * Uploading to unstable. diff --git a/debian/control b/debian/control index 4efdc1ef9e0fa45401e90b1b25a805e97e53abba..52953b560d7435635d44d53eafef4091b087b0e8 100644 --- a/debian/control +++ b/debian/control @@ -4,10 +4,11 @@ Priority: optional Maintainer: Debian OpenStack Uploaders: Thomas Goirand , + Michal Arbet , Build-Depends: debhelper (>= 10), dh-python, - openstack-pkg-tools (>= 74~), + openstack-pkg-tools (>= 89~), po-debconf, python3-all, python3-pbr (>= 2.0.0), diff --git a/debian/copyright b/debian/copyright index 251bf4dc2af7ee1f13d3fcfd8479232e950a1ff8..64d80d93801cc7723e1472664a77078779ade183 100644 --- a/debian/copyright +++ b/debian/copyright @@ -21,6 +21,7 @@ License: Apache-2 Files: debian/* Copyright: (c) 2012-2016, Thomas Goirand + (c) 2016-2018, Michal Arbet License: Apache-2 License: Apache-2 diff --git a/debian/heat-api-cfn.postinst.in b/debian/heat-api-cfn.postinst.in index 68a7d61861f0bcffae5820e75daa8eec8898a8ad..0241e061f1bf041f2bd3e31d7bc05fe135457ae6 100644 --- a/debian/heat-api-cfn.postinst.in +++ b/debian/heat-api-cfn.postinst.in @@ -4,8 +4,25 @@ set -e #PKGOS-INCLUDE# +manage_heat_default_metadata () { + db_get heat-api-cfn/api-endpoint-address + ENDPOINT=${RET} + db_get heat-api-cfn/api-endpoint-proto + PROTO=${RET} + + METADATA_SERVER_URL="${PROTO}://${ENDPOINT}:8000" + WAIT_DONDITION_SERVER_URL="${PROTO}://${ENDPOINT}:8000/v1/waitcondition" + pkgos_inifile set /etc/heat/heat.conf DEFAULT heat_metadata_server_url ${METADATA_SERVER_URL} + pkgos_inifile set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url ${WAIT_DONDITION_SERVER_URL} +} + + if [ "$1" = "configure" ] ; then . /usr/share/debconf/confmodule + db_get heat-api-cfn/configure_api-endpoint + if [ "${RET}" = "true" ]; then + manage_heat_default_metadata + fi pkgos_register_endpoint_postinst heat-api-cfn heat-cfn cloudformation "Cloud Formation API" 8000 "/v1" db_stop fi diff --git a/debian/heat-common.config.in b/debian/heat-common.config.in index fa6bf5b8f095dfad5b558bfb182abe09e758c7b8..5a4e13031cd990502b2af70545a9fa2d249add26 100644 --- a/debian/heat-common.config.in +++ b/debian/heat-common.config.in @@ -8,9 +8,22 @@ CONF=/etc/heat/heat.conf #PKGOS-INCLUDE# +read_heat_domain () { + pkgos_read_config -p high ${CONF} DEFAULT stack_domain_admin heat/heat_domain_admin_username + pkgos_read_config -p high ${CONF} DEFAULT stack_domain_admin_password heat/heat_domain_admin_password + pkgos_read_config -p high ${CONF} DEFAULT stack_user_domain_name heat/heat_domain_name +} + + +read_trustee_config () { + pkgos_read_config -p high ${CONF} trustee username heat/ksat-service-username + pkgos_read_config -p high ${CONF} trustee password heat/ksat-service-password +} + pkgos_var_user_group heat pkgos_dbc_read_conf -pkg heat-common ${CONF} database connection heat $@ pkgos_rabbit_read_conf ${CONF} oslo_messaging_rabbit heat pkgos_read_admin_creds ${CONF} keystone_authtoken heat +read_heat_domain exit 0 diff --git a/debian/heat-common.postinst.in b/debian/heat-common.postinst.in index ded11546efb781b5a0789813d00d8d400b28ff31..8c516f869623c7391e126b0e6b58bd70f9d18ecb 100755 --- a/debian/heat-common.postinst.in +++ b/debian/heat-common.postinst.in @@ -7,21 +7,139 @@ CONF=/etc/heat/heat.conf #PKGOS-INCLUDE# +create_heat_domain () { + local ADMIN_USER ADMIN_PASS NO_PROTO AFTER_PORT WRITE_CRED_URL WRITE_CRED_PROTO + ADMIN_USER=${1} + ADMIN_PASS=${2} + + db_get heat/ksat-public-url + KEYSTONE_PUBLIC_ENDPOINT=${RET} + + # Should we create a new keystone user? + db_get heat/ksat-create-service-user + if [ "${RET}" = "true" ] ; then + # Set command line credentials + export OS_USERNAME=${ADMIN_USER} + db_get heat/ksat-admin-project-name + export OS_TENANT_NAME=${RET} + export OS_PROJECT_NAME=${RET} + export OS_PASSWORD=${ADMIN_PASS} + export OS_AUTH_URL=${KEYSTONE_PUBLIC_ENDPOINT} + export OS_IDENTITY_API_VERSION=3 + export OS_PROJECT_DOMAIN_ID=default + export OS_USER_DOMAIN_ID=default + export OS_AUTH_TYPE=password + + db_get heat/heat_domain_name + if [ -n "${RET}" ] ; then + HEAT_DOMAIN_NAME=${RET} + fi + + echo "===> heat-common: Creating domain heat ..." + openstack domain create --or-show --description "Stack projects and users" ${HEAT_DOMAIN_NAME} + fi +} + +create_heat_domain_admin () { + local ADMIN_USER ADMIN_PASS NO_PROTO AFTER_PORT WRITE_CRED_URL WRITE_CRED_PROTO + ADMIN_USER=${1} + ADMIN_PASS=${2} + + db_get heat/ksat-public-url + KEYSTONE_PUBLIC_ENDPOINT=${RET} + + # Should we create a new keystone user? + db_get heat/ksat-create-service-user + if [ "${RET}" = "true" ] ; then + # Set command line credentials + export OS_USERNAME=${ADMIN_USER} + db_get heat/ksat-admin-project-name + export OS_TENANT_NAME=${RET} + export OS_PROJECT_NAME=${RET} + export OS_PASSWORD=${ADMIN_PASS} + export OS_AUTH_URL=${KEYSTONE_PUBLIC_ENDPOINT} + export OS_IDENTITY_API_VERSION=3 + export OS_PROJECT_DOMAIN_ID=default + export OS_USER_DOMAIN_ID=default + export OS_AUTH_TYPE=password + + db_get heat/heat_domain_admin_username + if [ -n "${RET}" ] ; then + HEAT_DOMAIN_ADMIN=${RET} + fi + db_get heat/heat_domain_admin_password + if [ -n "${RET}" ] ; then + HEAT_DOMAIN_ADMIN_PASS=${RET} + fi + db_get heat/heat_domain_name + if [ -n "${RET}" ] ; then + HEAT_DOMAIN_NAME=${RET} + fi + + echo "===> heat-common: Creating user ${HEAT_DOMAIN_ADMIN} ..." + openstack user create --or-show --domain ${HEAT_DOMAIN_NAME} --password ${HEAT_DOMAIN_ADMIN_PASS} --email root@localhost --enable ${HEAT_DOMAIN_ADMIN} + + echo "===> heat-common: Adding role domain admin to the user ${HEAT_DOMAIN_ADMIN} for domain ${HEAT_DOMAIN_NAME}" + openstack role add --domain ${HEAT_DOMAIN_NAME} --user-domain ${HEAT_DOMAIN_NAME} --user ${HEAT_DOMAIN_ADMIN} admin + fi +} + +manage_trustee_config () { + db_get heat/ksat-service-username + pkgos_inifile set ${CONF} trustee username ${RET} + + db_get heat/ksat-service-password + pkgos_inifile set ${CONF} trustee password ${RET} + + db_get heat/ksat-admin-url + pkgos_inifile set ${CONF} trustee auth_url ${RET} +} + +manage_clients_keystone_config () { + db_get heat/ksat-public-url + pkgos_inifile set ${CONF} clients_keystone auth_uri ${RET} +} + +manage_domain_config () { + db_get heat/heat_domain_admin_username + pkgos_inifile set ${CONF} DEFAULT stack_domain_admin ${RET} + + db_get heat/heat_domain_admin_password + pkgos_inifile set ${CONF} DEFAULT stack_domain_admin_password ${RET} + + db_get heat/heat_domain_name + pkgos_inifile set ${CONF} DEFAULT stack_user_domain_name ${RET} +} + if [ "$1" = "configure" ] || [ "$1" = "reconfigure" ] ; then . /usr/share/debconf/confmodule . /usr/share/dbconfig-common/dpkg/postinst pkgos_var_user_group heat - pkgos_write_new_conf heat heat.conf - pkgos_write_new_conf heat policy.json + pkgos_write_new_conf heat heat.conf + pkgos_write_new_conf heat policy.json + + manage_domain_config db_get heat/configure_db if [ "$RET" = "true" ] ; then pkgos_dbc_postinst ${CONF} database connection heat $@ fi pkgos_rabbit_write_conf ${CONF} oslo_messaging_rabbit heat - pkgos_write_admin_creds ${CONF} keystone_authtoken heat + db_get heat/configure_ksat + if [ "${RET}" = "true" ] ; then + db_get heat/ksat-admin-password + ADMIN_PASS=${RET} + db_get heat/ksat-admin-username + ADMIN_USER=${RET} + manage_trustee_config + manage_clients_keystone_config + pkgos_write_admin_creds ${CONF} keystone_authtoken heat + create_heat_domain ${ADMIN_USER} ${ADMIN_PASS} + create_heat_domain_admin ${ADMIN_USER} ${ADMIN_PASS} + fi + # This is the equivalent of db-sync: db_get heat/configure_db diff --git a/debian/heat-common.templates.in b/debian/heat-common.templates.in new file mode 100644 index 0000000000000000000000000000000000000000..99bf686059abcb12fe40baaabf7d8c814f19942b --- /dev/null +++ b/debian/heat-common.templates.in @@ -0,0 +1,17 @@ +Template: heat/heat_domain_admin_username +Type: string +Default: heat_domain_admin +_Description: Heat domain administrator username: + Please enter the username of the Heat domain administrator. + +Template: heat/heat_domain_admin_password +Type: password +_Description: Heat domain administrator password: + Please enter the password of the Heat domain administrator. + +Template: heat/heat_domain_name +Type: string +Default: heat +_Description: Heat domain: + Please enter domain name which will be used as heat domain. + diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000000000000000000000000000000000000..9b500d7a4742d2b8318fc222009bdf14d1af5c71 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] heat-common.templates.in diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000000000000000000000000000000000000..b81b22fd39eaa6ea29934ef5cdd02c15f37fe5e8 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,54 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the heat package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: heat\n" +"Report-Msgid-Bugs-To: heat@packages.debian.org\n" +"POT-Creation-Date: 2018-11-21 13:32+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../heat-common.templates.in:1001 +msgid "Heat domain administrator username:" +msgstr "" + +#. Type: string +#. Description +#: ../heat-common.templates.in:1001 +msgid "Please enter the username of the Heat domain administrator." +msgstr "" + +#. Type: password +#. Description +#: ../heat-common.templates.in:2001 +msgid "Heat domain administrator password:" +msgstr "" + +#. Type: password +#. Description +#: ../heat-common.templates.in:2001 +msgid "Please enter the password of the Heat domain administrator." +msgstr "" + +#. Type: string +#. Description +#: ../heat-common.templates.in:3001 +msgid "Heat domain:" +msgstr "" + +#. Type: string +#. Description +#: ../heat-common.templates.in:3001 +msgid "Please enter domain name which will be used as heat domain." +msgstr "" diff --git a/debian/rules b/debian/rules index 3e804a2d48eb895447f2690535a448a83a87aed0..4fe13e5ec9bca81545146e8fb43c347eee21dc71 100755 --- a/debian/rules +++ b/debian/rules @@ -79,6 +79,9 @@ endif --namespace heat sed -i 's|^[# \t]*connection[\t #]*=.*|connection=sqlite:////var/lib/heat/heatdb|' $(CURDIR)/debian/heat-common/usr/share/heat-common/heat.conf + # Fixup a few default for the [trustee] config + pkgos-fix-config-default $(CURDIR)/debian/heat-common/usr/share/heat-common/heat.conf trustee auth_type password + pkgos-fix-config-default $(CURDIR)/debian/heat-common/usr/share/heat-common/heat.conf trustee user_domain_name default dh_install dh_missing -Xbin/cinder-keystone-setup --fail-missing