diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index c10b5a0ec932..1ca1ed0cfbdc 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -281,7 +281,7 @@
stanchion = 262;
riak-cs = 263;
infinoted = 264;
- keystone = 265;
+ # keystone = 265; # unused, removed 2017-12-13
glance = 266;
couchpotato = 267;
gogs = 268;
@@ -551,7 +551,7 @@
stanchion = 262;
riak-cs = 263;
infinoted = 264;
- keystone = 265;
+ # keystone = 265; # unused, removed 2017-12-13
glance = 266;
couchpotato = 267;
gogs = 268;
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 5f5ebae891f2..43548609ee8a 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -748,6 +748,5 @@
./virtualisation/vmware-guest.nix
./virtualisation/xen-dom0.nix
./virtualisation/xe-guest-utilities.nix
- ./virtualisation/openstack/keystone.nix
./virtualisation/openstack/glance.nix
]
diff --git a/nixos/modules/virtualisation/openstack/keystone.nix b/nixos/modules/virtualisation/openstack/keystone.nix
deleted file mode 100644
index e32c5a4cae1b..000000000000
--- a/nixos/modules/virtualisation/openstack/keystone.nix
+++ /dev/null
@@ -1,220 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib; with import ./common.nix {inherit lib;};
-
-let
- cfg = config.virtualisation.openstack.keystone;
- keystoneConfTpl = pkgs.writeText "keystone.conf" ''
- [DEFAULT]
- admin_token = ${cfg.adminToken.pattern}
- policy_file=${cfg.package}/etc/policy.json
-
- [database]
-
- connection = "mysql://${cfg.database.user}:${cfg.database.password.pattern}@${cfg.database.host}/${cfg.database.name}"
-
- [paste_deploy]
- config_file = ${cfg.package}/etc/keystone-paste.ini
-
- ${cfg.extraConfig}
- '';
- keystoneConf = "/var/lib/keystone/keystone.conf";
-
-in {
- options.virtualisation.openstack.keystone = {
- package = mkOption {
- type = types.package;
- example = literalExample "pkgs.keystone";
- description = ''
- Keystone package to use.
- '';
- };
-
- enable = mkOption {
- default = false;
- type = types.bool;
- description = ''
- Enable Keystone, the OpenStack Identity Service
- '';
- };
-
- extraConfig = mkOption {
- default = "";
- type = types.lines;
- description = ''
- Additional text appended to keystone.conf,
- the main Keystone configuration file.
- '';
- };
-
- adminToken = mkSecretOption {
- name = "adminToken";
- description = ''
- This is the admin token used to boostrap keystone,
- ie. to provision first resources.
- '';
- };
-
- bootstrap = {
- enable = mkOption {
- default = false;
- type = types.bool;
- description = ''
- Bootstrap the Keystone service by creating the service
- tenant, an admin account and a public endpoint. This options
- provides a ready-to-use admin account. This is only done at
- the first Keystone execution by the systemd post start.
-
- Note this option is a helper for setting up development or
- testing environments.
- '';
- };
-
- endpointPublic = mkOption {
- type = types.str;
- default = "http://localhost:5000/v2.0";
- description = ''
- The public identity endpoint. The link
- create keystone endpoint provides more informations
- about that.
- '';
- };
-
- adminUsername = mkOption {
- type = types.str;
- default = "admin";
- description = ''
- A keystone admin username.
- '';
- };
-
- adminPassword = mkSecretOption {
- name = "keystoneAdminPassword";
- description = ''
- The keystone admin user's password.
- '';
- };
-
- adminTenant = mkOption {
- type = types.str;
- default = "admin";
- description = ''
- A keystone admin tenant name.
- '';
- };
- };
-
- database = {
- host = mkOption {
- type = types.str;
- default = "localhost";
- description = ''
- Host of the database.
- '';
- };
-
- name = mkOption {
- type = types.str;
- default = "keystone";
- description = ''
- Name of the existing database.
- '';
- };
-
- user = mkOption {
- type = types.str;
- default = "keystone";
- description = ''
- The database user. The user must exist and has access to
- the specified database.
- '';
- };
- password = mkSecretOption {
- name = "mysqlPassword";
- description = "The database user's password";};
- };
- };
-
- config = mkIf cfg.enable {
- # Note: when changing the default, make it conditional on
- # ‘system.stateVersion’ to maintain compatibility with existing
- # systems!
- virtualisation.openstack.keystone.package = mkDefault pkgs.keystone;
-
- users.extraUsers = [{
- name = "keystone";
- group = "keystone";
- uid = config.ids.uids.keystone;
- }];
- users.extraGroups = [{
- name = "keystone";
- gid = config.ids.gids.keystone;
- }];
-
- systemd.services.keystone-all = {
- description = "OpenStack Keystone Daemon";
- after = [ "network.target"];
- path = [ cfg.package pkgs.mysql pkgs.curl pkgs.pythonPackages.keystoneclient pkgs.gawk ];
- wantedBy = [ "multi-user.target" ];
- preStart = ''
- mkdir -m 755 -p /var/lib/keystone
-
- cp ${keystoneConfTpl} ${keystoneConf};
- chown keystone:keystone ${keystoneConf};
- chmod 640 ${keystoneConf}
-
- ${replaceSecret cfg.database.password keystoneConf}
- ${replaceSecret cfg.adminToken keystoneConf}
-
- # Initialise the database
- ${cfg.package}/bin/keystone-manage --config-file=${keystoneConf} db_sync
- # Set up the keystone's PKI infrastructure
- ${cfg.package}/bin/keystone-manage --config-file=${keystoneConf} pki_setup --keystone-user keystone --keystone-group keystone
- '';
- postStart = optionalString cfg.bootstrap.enable ''
- set -eu
- # Wait until the keystone is available for use
- count=0
- while ! curl --fail -s http://localhost:35357/v2.0 > /dev/null
- do
- if [ $count -eq 30 ]
- then
- echo "Tried 30 times, giving up..."
- exit 1
- fi
-
- echo "Keystone not yet started. Waiting for 1 second..."
- count=$((count++))
- sleep 1
- done
-
- # We use the service token to create a first admin user
- export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0
- export OS_SERVICE_TOKEN=${getSecret cfg.adminToken}
-
- # If the tenant service doesn't exist, we consider
- # keystone is not initialized
- if ! keystone tenant-get service
- then
- keystone tenant-create --name service
- keystone tenant-create --name ${cfg.bootstrap.adminTenant}
- keystone user-create --name ${cfg.bootstrap.adminUsername} --tenant ${cfg.bootstrap.adminTenant} --pass ${getSecret cfg.bootstrap.adminPassword}
- keystone role-create --name admin
- keystone role-create --name Member
- keystone user-role-add --tenant ${cfg.bootstrap.adminTenant} --user ${cfg.bootstrap.adminUsername} --role admin
- keystone service-create --type identity --name keystone
- ID=$(keystone service-get keystone | awk '/ id / { print $4 }')
- keystone endpoint-create --region RegionOne --service $ID --publicurl ${cfg.bootstrap.endpointPublic} --adminurl http://localhost:35357/v2.0 --internalurl http://localhost:5000/v2.0
- fi
- '';
- serviceConfig = {
- PermissionsStartOnly = true; # preStart must be run as root
- TimeoutStartSec = "600"; # 10min for initial db migrations
- User = "keystone";
- Group = "keystone";
- ExecStart = "${cfg.package}/bin/keystone-all --config-file=${keystoneConf}";
- };
- };
- };
-}
diff --git a/nixos/release.nix b/nixos/release.nix
index 426a5eef34ae..d5d7e1bf2cc9 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -293,7 +293,6 @@ in rec {
tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {};
tests.kernel-latest = callTest tests/kernel-latest.nix {};
tests.kernel-lts = callTest tests/kernel-lts.nix {};
- tests.keystone = callTest tests/keystone.nix {};
tests.kubernetes = hydraJob (import tests/kubernetes/default.nix { system = "x86_64-linux"; });
tests.latestKernel.login = callTest tests/login.nix { latestKernel = true; };
tests.ldap = callTest tests/ldap.nix {};
diff --git a/nixos/tests/keystone.nix b/nixos/tests/keystone.nix
deleted file mode 100644
index 358e352f776f..000000000000
--- a/nixos/tests/keystone.nix
+++ /dev/null
@@ -1,82 +0,0 @@
-{ system ? builtins.currentSystem }:
-
-with import ../lib/testing.nix { inherit system; };
-with pkgs.lib;
-
-let
- keystoneMysqlPassword = "keystoneMysqlPassword";
- keystoneMysqlPasswordFile = "/var/run/keystoneMysqlPassword";
- keystoneAdminPassword = "keystoneAdminPassword";
-
- createKeystoneDb = pkgs.writeText "create-keystone-db.sql" ''
- create database keystone;
- GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '${keystoneMysqlPassword}';
- GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '${keystoneMysqlPassword}';
- '';
- # The admin keystone account
- adminOpenstackCmd = "OS_TENANT_NAME=admin OS_USERNAME=admin OS_PASSWORD=${keystoneAdminPassword} OS_AUTH_URL=http://localhost:5000/v3 OS_IDENTITY_API_VERSION=3 openstack";
- # The created demo keystone account
- demoOpenstackCmd = "OS_TENANT_NAME=demo OS_USERNAME=demo OS_PASSWORD=demo OS_AUTH_URL=http://localhost:5000/v3 OS_IDENTITY_API_VERSION=3 openstack";
-
-in makeTest {
- meta = with pkgs.stdenv.lib.maintainers; {
- maintainers = [ lewo ];
- };
- machine =
- { config, pkgs, ... }:
- {
- # This is to simulate nixops deployment process.
- # https://nixos.org/nixops/manual/#opt-deployment.keys
- boot.postBootCommands = "echo ${keystoneMysqlPassword} > ${keystoneMysqlPasswordFile}";
-
- services.mysql.enable = true;
- services.mysql.initialScript = createKeystoneDb;
-
- virtualisation = {
-
- openstack.keystone = {
- enable = true;
- # Check if we can get the secret from a file
- database.password = {
- value = keystoneMysqlPasswordFile;
- storage = "fromFile";
- };
- adminToken = {
- value = "adminToken";
- storage = "fromNixStore";
- };
-
- bootstrap.enable = true;
- # Check if we can get the secret from the store
- bootstrap.adminPassword = {
- value = keystoneAdminPassword;
- storage = "fromNixStore";
- };
- };
-
- memorySize = 2096;
- diskSize = 4 * 1024;
- };
-
- environment.systemPackages = with pkgs.pythonPackages; with pkgs; [
- openstackclient
- ];
- };
-
- testScript =
- ''
- $machine->waitForUnit("keystone-all.service");
-
- # Verify that admin ccount is working
- $machine->succeed("${adminOpenstackCmd} token issue");
-
- # Try to create a new user
- $machine->succeed("${adminOpenstackCmd} project create --domain default --description 'Demo Project' demo");
- $machine->succeed("${adminOpenstackCmd} user create --domain default --password demo demo");
- $machine->succeed("${adminOpenstackCmd} role create user");
- $machine->succeed("${adminOpenstackCmd} role add --project demo --user demo user");
-
- # Verify this new account is working
- $machine->succeed("${demoOpenstackCmd} token issue");
- '';
-}
diff --git a/pkgs/applications/virtualization/openstack/keystone.nix b/pkgs/applications/virtualization/openstack/keystone.nix
deleted file mode 100644
index 39c54f0d204b..000000000000
--- a/pkgs/applications/virtualization/openstack/keystone.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ stdenv, fetchurl, python2Packages, xmlsec, which, openssl }:
-
-python2Packages.buildPythonApplication rec {
- name = "keystone-${version}";
- version = "8.0.0";
- namePrefix = "";
-
- PBR_VERSION = "${version}";
-
- src = fetchurl {
- url = "https://github.com/openstack/keystone/archive/${version}.tar.gz";
- sha256 = "1xbrs7xgwjzrs07zyxxcl2lq18dh582gd6lx1zzzji8c0qmffy0z";
- };
-
- # remove on next version bump
- patches = [ ./remove-oslo-policy-tests.patch ];
-
- # https://github.com/openstack/keystone/blob/stable/liberty/requirements.txt
- propagatedBuildInputs = with python2Packages; [
- pbr webob eventlet greenlet PasteDeploy paste routes cryptography six
- sqlalchemy sqlalchemy_migrate stevedore passlib keystoneclient memcached
- keystonemiddleware oauthlib pysaml2 dogpile_cache jsonschema pycadf msgpack
- xmlsec MySQL_python
-
- # oslo
- oslo-cache oslo-concurrency oslo-config oslo-context oslo-messaging oslo-db
- oslo-i18n oslo-log oslo-middleware oslo-policy oslo-serialization oslo-service
- oslo-utils
- ];
-
- buildInputs = with python2Packages; [
- coverage fixtures mock subunit tempest-lib testtools testrepository
- ldap ldappool webtest requests oslotest pep8 pymongo which
- ];
-
- makeWrapperArgs = ["--prefix PATH : '${openssl.bin}/bin:$PATH'"];
-
- postInstall = ''
- # install .ini files
- mkdir -p $out/etc
- cp etc/* $out/etc
-
- # check all binaries don't crash
- for i in $out/bin/*; do
- $i --help
- done
- '';
-
- meta = with stdenv.lib; {
- homepage = http://keystone.openstack.org/;
- description = "Authentication, authorization and service discovery mechanisms via HTTP";
- license = stdenv.lib.licenses.asl20;
- platforms = stdenv.lib.platforms.linux;
- };
-}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 447701e0efc2..ed98377fb2a9 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -16113,7 +16113,6 @@ with pkgs;
notmuch-addrlookup = callPackage ../applications/networking/mailreaders/notmuch-addrlookup { };
# Open Stack
- keystone = callPackage ../applications/virtualization/openstack/keystone.nix { };
neutron = callPackage ../applications/virtualization/openstack/neutron.nix { };
glance = callPackage ../applications/virtualization/openstack/glance.nix { };