Drop code that is no longer used or no longer required since the move
back to strictly confined snaps.
* Everything is run as root in strict snaps so there's no need
to drop privileges, no need to chown dirs/templates to anything
but root, and the default dir/file modes should suffice.
* copyfiles: we wanted to move away from this and finally did, so
so it's no longer used.
* rchown and rchmod: these are no longer used.
chmod is still used by nova-hypervisor, so let's keep it. I'm not
sure that we still need chown, but I've left that in case we happen
to.
Change-Id: I45be76121b73f0c354a9bcc4014af534455cb533
The config override patch was a bit too aggressive in not allowing
multiple OpenStack config files/dirs to be specified. Some projects
need to specify more than one, so this re-enables the ability to
specify multiple OpenStack config files/dirs.
Additionally this makes the override of OpenStack config files more
flexible in that individual files can be overridden while others are
not.
Change-Id: Id512a96e3a7b408b519f29f860d522a584f1e5d9
Enables the ability for default config files to be overriden for
each entry point type (simple, uwsgi, and nginx).
Additionally, align unit tests with keystone's snap-openstack.yaml,
as features tend to land in the keystone snap first.
Change-Id: I9fe54f1dae2b94d2f78783f38ced48ebe7c66f0f
Refactor the template rending code into a static function.
Ensure that templates for the entry point are rendered during
execute, not the global templates.
Change-Id: Idddd6361deabb8a2c21caa77a42a55cd8b8d2cbc
As snaps only write out to snap specific locations, create locks
scoped to the individual snap, not globally for all snaps.
Change-Id: Ife03fb66eb97b89040495ffa51e867adca10a3a1
Targets for copyfiles and template directives should be considered
as owned by the snap, and as a result should always be executed,
irrespective of whether the target file exists or not.
This ensures that any use of {{ snap }} is current, and that changes
to templates in the snap are reflected on refresh.
Execute copyfiles prior to template rendering to ensure templated
files overwrite any files copied as a copyfiles target.
Change-Id: I97bf668cc86099227670a00defd4ee3c36b58ed7
Specifying hard-coded config files via the uwsgi pyargv option
caused failures when a file didn't exist.
This patch enables dynamic creation of the pyargv option. This
value is pushed onto the context for templated file generation
which is now supported as a subelement of an entry point as
well as a top level global option.
Change-Id: I1d0fae42b2e43fe8808fda3de83e122502233a4c
Add support for running commands, defined by a snap, as a specific
user/group.
Additionally, file permissions and ownership of setup files can
be adjusted to limit access from other users.
Change-Id: I8563abce55b2b20936eb4e1d55a9016b97e8f6e0
By dropping the install setup key, snaps will decide for themselves
the full path where setup dirs, templates, and copyfiles are created.
Change-Id: I5347186cc586b54dfb11bf1884a0d804d5c1303f
Common utility functions that were defined in base.py are moved to their
own Utils class. Additionally this patch adds some checks to ensure keys
exist in setup() before attempting to access them.
Change-Id: Ib940eefce140e3552f41ff0e32123ae90fe81fe4
Add support for an install setup key that is set in snap-openstack.yaml
and defines whether the snap should be installed as a 'classic' or
'strict' snap. This determines the root directory where setup dirs,
templates, and copyfiles are created. If install is set to classic
the root directory will be / and if install is set to strict the root
directory will be $SNAP_COMMON.
Additionally the symlinks setup key is dropped. Classic snaps will
install files into / as defined by the install key.
Change-Id: I6750957654e75169108e6e866ab0d43e588cbd12
The code in OpenStackSnap.setup() creates users, files,
directories, symlinks, etc. Locking support is added to ensure
that setup() code is only executed by a single process at a time.
Change-Id: Ia7ea6251d68284f5ea6e726e474f65d393b296ea
Missing configuration files are a 'normal' thing to expect, so
don't need to be logged as warning messages.
Change-Id: I2413969d48c3785db497549465564a4d493a6b26
