From aea896eb195c1b8bc4791ee98de041c87c26fa03 Mon Sep 17 00:00:00 2001 From: Charles Short Date: Tue, 22 Feb 2022 11:20:48 +0000 Subject: [PATCH] debian: Cleanup Debian Keystone configuration This patch does several things at once: - Simplify the keystone patch that we carry by adding only the Centos changes that we carry. This also fixes the keystone user creation when the packages installed, ensuring that the keystone log directories are created properly when the package is installed. - Disable keystone from starting when the package is installed. Under a normal situation when the keystone package asks a series of questions to configure the package. When the ISO is built it uses the non-interactive package installation, which means debconf questions that configures the endpoints are not configured properly. This leaves keystone in a bad state when the package is installed and prevents the uwsgi process from starting properly. To fix this we override the init/systemd script installation in the debian/rules. However, this is not enough since the keystone.postinst.in will also enable the systemd keystone unit and try to start it as well. This patch will also disable that mechanism as well. - Note: 0001-Rebasing-Keyring-integration.patch was dropped earlier because it no longer applied to Keystone. This patch needs to be re-worked and tracked seperately in order to have the same functionality in Centos. Test Plan PASS Build and boot ISO PASS Bootstrap Story: 2009101 Task: 43770 Signed-off-by: Charles Short Change-Id: Ibf31672242be6510a0e673525094a909db22dd3a --- .../deb_patches/0001-Add-stx-support.patch | 414 ++---------------- 1 file changed, 35 insertions(+), 379 deletions(-) diff --git a/openstack/keystone/debian/deb_patches/0001-Add-stx-support.patch b/openstack/keystone/debian/deb_patches/0001-Add-stx-support.patch index 3aa75ef6..939c4a28 100644 --- a/openstack/keystone/debian/deb_patches/0001-Add-stx-support.patch +++ b/openstack/keystone/debian/deb_patches/0001-Add-stx-support.patch @@ -1,32 +1,25 @@ -From ac62af6bc51c77afbc62d6166feca3187cde6d59 Mon Sep 17 00:00:00 2001 -From: Charles Short -Date: Tue, 23 Nov 2021 13:52:31 +0000 +From 129e40a0c304cc76d4841188a7700f3e5d049322 Mon Sep 17 00:00:00 2001 +From: Charles Short +Date: Tue, 15 Feb 2022 15:59:20 +0000 Subject: [PATCH] Add stx support Apply Centos 7 patches to the debian packaging. -Signed-off-by: Charles Short +Signed-off-by: Charles Short --- - debian/control | 3 +- + debian/control | 2 + debian/keystone.dirs | 1 + debian/keystone.install | 4 + debian/keystone.logrotate | 8 - - debian/keystone.postinst | 40 ++++ - debian/keystone.postinst.in | 220 ------------------ - debian/keystone.postrm | 19 +- - debian/keystone.prerm | 15 -- - debian/python3-keystone.install | 1 + - debian/rules | 10 +- - debian/stx/keystone-all | 156 +++++++++++++ - debian/stx/keystone-fernet-keys-rotate-active | 64 +++++ + debian/keystone.postinst.in | 10 +- + debian/rules | 6 + + debian/stx/keystone-all | 156 ++++++++++++++++++ + debian/stx/keystone-fernet-keys-rotate-active | 64 +++++++ debian/stx/keystone.service | 14 ++ - debian/stx/password-rules.conf | 34 +++ - debian/stx/public.py | 21 ++ - 15 files changed, 343 insertions(+), 267 deletions(-) + debian/stx/password-rules.conf | 34 ++++ + debian/stx/public.py | 21 +++ + 11 files changed, 303 insertions(+), 17 deletions(-) delete mode 100644 debian/keystone.logrotate - create mode 100755 debian/keystone.postinst - delete mode 100755 debian/keystone.postinst.in - delete mode 100755 debian/keystone.prerm create mode 100644 debian/stx/keystone-all create mode 100644 debian/stx/keystone-fernet-keys-rotate-active create mode 100644 debian/stx/keystone.service @@ -34,7 +27,7 @@ Signed-off-by: Charles Short create mode 100644 debian/stx/public.py diff --git a/debian/control b/debian/control -index 9d0a3a41f..ced0c4820 100644 +index 9d0a3a41f..9a67234fa 100644 --- a/debian/control +++ b/debian/control @@ -31,6 +31,8 @@ Build-Depends-Indep: @@ -46,14 +39,6 @@ index 9d0a3a41f..ced0c4820 100644 python3-ldap, python3-ldappool, python3-lxml (>= 4.5.0), -@@ -87,7 +89,6 @@ Package: keystone - Architecture: all - Depends: - adduser, -- dbconfig-common, - debconf, - python3-keystone (= ${source:Version}), - python3-keystoneclient, diff --git a/debian/keystone.dirs b/debian/keystone.dirs index a4b3a9e86..6c6e31faf 100644 --- a/debian/keystone.dirs @@ -90,230 +75,14 @@ index 2709c72aa..000000000 - copytruncate -} \ No newline at end of file -diff --git a/debian/keystone.postinst b/debian/keystone.postinst -new file mode 100755 -index 000000000..59e6c6799 ---- /dev/null -+++ b/debian/keystone.postinst -@@ -0,0 +1,40 @@ -+#!/bin/sh -+ -+set -e -+ -+if [ "$1" = "configure" ]; then -+ # create the keystone group -+ if ! getent group keystone > /dev/null 2>&1 -+ then -+ addgroup --system keystone >/dev/null || true -+ fi -+ -+ # create the keystone user to avoid running keystone as root -+ if ! getent passwd keystone > /dev/null 2>&1 -+ then -+ adduser --quiet \ -+ --system \ -+ --home /var/lib/keystone \ -+ --no-create-home \ -+ --ingroup keystone \ -+ --shell /bin/false \ -+ keystone || true -+ fi -+ -+ if [ "$(id -gn keystone)" = "nogroup" ] -+ then -+ usermod -g keystone keystone -+ fi -+ -+ # change the permissions on key directories -+ chown keystone:adm /var/log/keystone -+ chmod 0750 /var/log/keystone -+ -+ find /etc/keystone -exec chown keystone:keystone "{}" + -+ find /etc/keystone -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" + -+ -+ find /var/lib/keystone -exec chown keystone:keystone "{}" + -+ find /var/lib/keystone -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" + -+fi -+ -+#DEBHELPER# diff --git a/debian/keystone.postinst.in b/debian/keystone.postinst.in -deleted file mode 100755 -index 207cbc22e..000000000 +index 207cbc22e..4aadd2161 100755 --- a/debian/keystone.postinst.in -+++ /dev/null -@@ -1,220 +0,0 @@ --#!/bin/sh -- --set -e -- --#PKGOS-INCLUDE# -- --KEY_CONF=/etc/keystone/keystone.conf -- --keystone_get_debconf_admin_credentials () { -- db_get keystone/admin-user -- ADMIN_USER_NAME=${RET:-admin} -- db_get keystone/admin-password -- ADMIN_USER_PW=${RET:-$(gen_password)} -- db_get keystone/admin-email -- ADMIN_USER_EMAIL=${RET:-root@localhost} -- db_get keystone/admin-tenant-name -- ADMIN_TENANT_NAME=${RET:-admin} -- db_get keystone/admin-role-name -- ADMIN_ROLE_NAME=${RET:-admin} -- -- # We export the retrived credentials for later use -- export OS_PROJECT_DOMAIN_ID=default -- export OS_USER_DOMAIN_ID=default -- export OS_USERNAME=admin -- export OS_PASSWORD=${ADMIN_USER_PW} -- export OS_TENANT_NAME=${ADMIN_TENANT_NAME} -- export OS_PROJECT_NAME=${ADMIN_TENANT_NAME} -- export OS_AUTH_URL=http://127.0.0.1:5000/v3/ -- export OS_IDENTITY_API_VERSION=3 -- export OS_AUTH_VERSION=3 -- export OS_PROJECT_DOMAIN_ID=default -- export OS_USER_DOMAIN_ID=default -- export OS_NO_CACHE=1 --} -- --keystone_bootstrap_admin () { -- # This is the new way to bootstrap the admin user of Keystone -- # and we shouldn't use the admin auth token anymore. -- export OS_BOOTSTRAP_USERNAME=${ADMIN_USER_NAME} -- export OS_BOOTSTRAP_PROJECT_NAME=${ADMIN_TENANT_NAME} -- export OS_BOOTSTRAP_PASSWORD=${ADMIN_USER_PW} -- -- REG_ENDPOINT_IPV4_REGEX='^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$' -- REG_ENDPOINT_IPV6_REGEX="^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$" -- REG_ENDPOINT_FQDN_REGEX='^((([a-z0-9]([-a-z0-9]*[a-z0-9])?)|(#[0-9]+)|(\[((([01]?[0-9]{0,2})|(2(([0-4][0-9])|(5[0-5]))))\.){3}(([01]?[0-9]{0,2})|(2(([0-4][0-9])|(5[0-5]))))\]))\.)*(([a-z]([-a-z0-9]*[a-z0-9])?)|(#[0-9]+)|(\[((([01]?[0-9]{0,2})|(2(([0-4][0-9])|(5[0-5]))))\.){3}(([01]?[0-9]{0,2})|(2(([0-4][0-9])|(5[0-5]))))\]))$' -- REG_ENDPOINT_REGION_REGEX="^([_a-zA-Z0-9]+)([_.a-zA-Z0-9-]*)([_.a-zA-Z0-9]+)\$" -- -- -- db_get keystone/register-endpoint -- if [ "$RET" = "true" ] ; then -- do_REGISTER_THE_KS_ENDPOINT=yes -- db_get keystone/region-name -- my_REGION_NAME=${RET} -- REGION_NAME=${RET} -- -- db_get keystone/endpoint-ip -- # Validate that the choosen endpoint is an IPv4, IPv6 or FQDN -- KEYSTONE_ENDPOINT_IP=`echo "${RET}" | egrep ${REG_ENDPOINT_IPV4_REGEX}` || true -- if [ -z "${KEYSTONE_ENDPOINT_IP}" ] ; then -- KEYSTONE_ENDPOINT_IP=`echo "${RET}" | egrep ${REG_ENDPOINT_IPV6_REGEX}` || true -- if [ -z ${KEYSTONE_ENDPOINT_IP} ] ; then -- KEYSTONE_ENDPOINT_IP=`echo ${RET} | egrep ${REG_ENDPOINT_FQDN_REGEX}` || true -- if [ -z ${KEYSTONE_ENDPOINT_IP} ] ; then -- echo "Keystone's address could not be validated: will not register endpoint." -- do_REGISTER_THE_KS_ENDPOINT=no -- fi -- fi -- fi -- -- # Validate that the region name has only chars, dashes and dots -- my_REGION_NAME=`echo "${REGION_NAME}" | egrep ${REG_ENDPOINT_REGION_REGEX}` || true -- if [ -z "${my_REGION_NAME}" ] ; then -- echo "This region could not be validated: will not register endpoint." -- do_REGISTER_THE_KS_ENDPOINT=no -- fi -- -- if [ "${do_REGISTER_THE_KS_ENDPOINT}" = "yes" ] ; then -- db_get keystone/endpoint-proto -- PROTO=${RET} -- BOOTSTRAP_ADDED_PARAMS="--bootstrap-region-id ${REGION_NAME} --bootstrap-admin-url ${PROTO}://${KEYSTONE_ENDPOINT_IP}:5000 --bootstrap-public-url ${PROTO}://${KEYSTONE_ENDPOINT_IP}:5000 --bootstrap-internal-url ${PROTO}://${KEYSTONE_ENDPOINT_IP}:5000" -- else -- BOOTSTRAP_ADDED_PARAMS="" -- fi -- else -- BOOTSTRAP_ADDED_PARAMS="" -- fi -- echo "Now doing: su keystone -s /bin/sh -c 'keystone-manage bootstrap --bootstrap-role-name admin --bootstrap-service-name keystone ${BOOTSTRAP_ADDED_PARAMS}'" -- su keystone -s /bin/sh -c "keystone-manage bootstrap --bootstrap-role-name admin --bootstrap-service-name keystone ${BOOTSTRAP_ADDED_PARAMS}" --} -- --keystone_create_admin_tenant () { -- echo -n "Fixing-up: admin-project-desc " -- openstack project set --description "Default Debian admin project" $ADMIN_TENANT_NAME -- echo -n "service-project " -- openstack project create --or-show service --description "Default Debian service project" >/dev/null -- echo -n "default-admin-email " -- openstack user set --description "Default Debian admin user" --email ${ADMIN_USER_EMAIL} --enable $ADMIN_USER_NAME -- echo "...done!" -- -- # Note: heat_stack_owner, heat_stack_user is needed for heat to work, and Member ResellerAdmin -- # are needed for swift auto account creation. -- echo -n "Adding roles: " -- for i in KeystoneAdmin KeystoneServiceAdmin heat_stack_owner \ -- heat_stack_user Member ResellerAdmin rating service \ -- owner k8s_admin k8s_developer k8s_viewer \ -- load-balancer_admin load-balancer_member; do -- echo -n "${i} " -- openstack role create --or-show ${i} >/dev/null -- # Note: If heat_stack_user role is adding, don't assing it to admin user. -- # This role is automatically assigned by Heat to the users it creates. -- # This role is restricted from all API access, and it never should be assigned to any user explicitly. -- if [ "${i}" != "heat_stack_user" ]; then -- openstack role add --project $ADMIN_TENANT_NAME --user $ADMIN_USER_NAME ${i} >/dev/null -- fi -- done -- echo "...done!" --} -- --if [ "$1" = "configure" ] ; then -- . /usr/share/debconf/confmodule -- . /usr/share/dbconfig-common/dpkg/postinst -- -- # Create user and group keystone, plus /var/log and /var/lib owned by it -- # We need a bash shell so that keystone-manage pkg_setup works, and the -- # Wheezy package doesn't have it, failing upgrades -- pkgos_var_user_group keystone /bin/sh -- # Make sure we have a folder to create certs, that isn't world readable -- mkdir -p /etc/keystone/ssl/certs -- chown keystone:keystone /etc/keystone/ssl/certs -- chmod 750 /etc/keystone/ssl/certs -- chown keystone:keystone /etc/keystone/ssl -- chmod 750 /etc/keystone/ssl -- -- # Create keystone.conf if it's not there -- pkgos_write_new_conf keystone keystone.conf -- -- # The on-disk policy file is currently broken for Keystone. -- # The admin bootstraping will not work anymore, due to enforcing of system-scope:all. -- rm -f /etc/keystone/policy.json --# pkgos_write_new_conf keystone policy.json --# if ! [ -e /etc/keystone/policy.json ] ; then --# touch /etc/keystone/policy.json --# chown 0640 /etc/keystone/policy.json --# chown root:keystone /etc/keystone/policy.json --# fi -- -- OSTACKCLI_PARAMS="--os-url=http://127.0.0.1:5000/v3/ --os-domain-name default --os-identity-api-version=3" -- -- # Make sure /var/log/keystone/keystone.log is owned by keystone -- # BEFORE any keystone-manage calls. -- chown -R keystone:keystone /var/log/keystone -- -- # Upgrade or create the db if directed to do so -- db_get keystone/configure_db -- if [ "$RET" = "true" ] ; then -- # Configure the SQL connection of keystone.conf according to dbconfig-common -- pkgos_dbc_postinst ${KEY_CONF} database connection keystone $@ -- echo "Running: su keystone -s /bin/sh -c 'keystone-manage db_sync'..." -- su keystone -s /bin/sh -c "keystone-manage db_sync" -- fi -- -- db_get keystone/create-admin-tenant -- if [ "$RET" = "true" ] ; then -- mkdir -p /etc/keystone/fernet-keys -- chown keystone:keystone /etc/keystone/fernet-keys -- chmod 700 /etc/keystone/fernet-keys -- echo "Running: su keystone -s /bin/sh -c 'keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone'..." -- su keystone -s /bin/sh -c 'keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone' -- echo "Running: su keystone -s /bin/sh -c 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone'..." -- su keystone -s /bin/sh -c 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone' -- fi -- ++++ b/debian/keystone.postinst.in +@@ -170,15 +170,7 @@ if [ "$1" = "configure" ] ; then + su keystone -s /bin/sh -c 'keystone-manage credential_setup --keystone-user keystone --keystone-group keystone' + fi + - chown keystone:adm /var/log/keystone - - if [ -n $(which systemctl)"" ] ; then @@ -323,140 +92,27 @@ index 207cbc22e..000000000 - update-rc.d keystone defaults - fi - invoke-rc.d keystone start -- -- db_get keystone/create-admin-tenant -- if [ "$RET" = "true" ] ; then -- echo -n "Sleeping 10 seconds to make sure the keystone daemon is up and running: 10..." -- sleep 1 -- echo -n "9..." -- sleep 1 -- echo -n "8..." -- sleep 1 -- echo -n "7..." -- sleep 1 -- echo -n "6..." -- sleep 1 -- echo -n "5..." -- sleep 1 -- echo -n "4..." -- sleep 1 -- echo -n "3..." -- sleep 1 -- echo -n "2..." -- sleep 1 -- echo -n "1..." -- sleep 1 -- echo "0" -- -- keystone_get_debconf_admin_credentials -- echo "===> Bootstraping tenants with 'keystone-manage bootstrap':" -- keystone_get_debconf_admin_credentials -- keystone_bootstrap_admin -- db_unregister keystone/register-endpoint -- echo "===> Editing bootstraped tenants and adding default roles" -- keystone_create_admin_tenant -- echo "done!" -- fi -- db_unregister keystone/create-admin-tenant -- db_stop --fi -- --exit 0 -diff --git a/debian/keystone.postrm b/debian/keystone.postrm -index 230a08730..847076d3f 100755 ---- a/debian/keystone.postrm -+++ b/debian/keystone.postrm -@@ -2,20 +2,9 @@ ++ chown -R keystone:keystone /var/log/keystone - set -e - --if [ "${1}" = "purge" ] ; then -- if [ -f /usr/share/debconf/confmodule ] && [ -f /usr/share/dbconfig-common/dpkg/postrm ] ; then -- . /usr/share/debconf/confmodule -- -- db_get keystone/configure_db -- if [ "$RET" = "true" ] ; then -- . /usr/share/dbconfig-common/dpkg/postrm -- dbc_go keystone $@ -- fi -- fi -- rm -rf /var/log/keystone /var/lib/keystone /etc/keystone -- if [ -x `which a2dissite`"" ] ; then -- a2dissite wsgi-keystone.conf || true -- fi --fi -+case "$1" in -+ purge) -+ rm -rf /var/log/keystone -+esac - - #DEBHELPER# -diff --git a/debian/keystone.prerm b/debian/keystone.prerm -deleted file mode 100755 -index 9f89a1ae0..000000000 ---- a/debian/keystone.prerm -+++ /dev/null -@@ -1,15 +0,0 @@ --#!/bin/sh -- --set -e -- --. /usr/share/debconf/confmodule -- --db_get keystone/configure_db --if [ "$RET" = "true" ]; then -- . /usr/share/dbconfig-common/dpkg/prerm -- dbc_go keystone $@ --fi -- --#DEBHELPER# -- --exit 0 -diff --git a/debian/python3-keystone.install b/debian/python3-keystone.install -index 44d7fcb64..3c76ffb99 100644 ---- a/debian/python3-keystone.install -+++ b/debian/python3-keystone.install -@@ -1,2 +1,3 @@ - usr/bin/* - usr/lib/python3/* -+debian/stx/public.py usr/share/keystone + db_get keystone/create-admin-tenant + if [ "$RET" = "true" ] ; then diff --git a/debian/rules b/debian/rules -index 3744142f9..bb6f72302 100755 +index 3744142f9..f827d1b68 100755 --- a/debian/rules +++ b/debian/rules -@@ -11,7 +11,7 @@ export KSCTEST_PATH=/usr/lib/python3/dist-packages/keystoneclient - include /usr/share/openstack-pkg-tools/pkgos.make +@@ -106,6 +106,12 @@ ifeq (,$(findstring nodocs, $(DEB_BUILD_OPTIONS))) + dh_installman + endif - %: -- dh $@ --buildsystem=python_distutils --with python3,sphinxdoc,systemd -+ dh $@ --buildsystem=pybuild --with python3,sphinxdoc,systemd ++override_dh_installsystemd: ++ dh_installsystemd --no-enable --no-start ++ ++override_dh_installinit: ++ dh_installinit --no-enable --no-start ++ + override_dh_python3: + dh_python3 --shebang=/usr/bin/python3 - override_dh_clean: - rm -rf $(CURDIR)/build $(CURDIR)/keystone.egg-info $(CURDIR)/.cache -@@ -35,10 +35,6 @@ override_dh_clean: - rm -f AUTHORS ChangeLog - dh_clean - --override_dh_auto_build: -- /usr/share/openstack-pkg-tools/pkgos_insert_include pkgos_func keystone.config -- /usr/share/openstack-pkg-tools/pkgos_insert_include pkgos_func keystone.postinst -- - override_dh_auto_clean: - python3 setup.py clean - -@@ -78,11 +74,9 @@ endif - --namespace oslo.db \ - --namespace oslo.middleware \ - --namespace osprofiler -- pkgos-fix-config-default $(CURDIR)/debian/keystone/usr/share/keystone/keystone.conf catalog template_file /etc/keystone/default_catalog.templates -- pkgos-fix-config-default $(CURDIR)/debian/keystone/usr/share/keystone/keystone.conf DEFAULT log_dir /var/log/keystone -- pkgos-fix-config-default $(CURDIR)/debian/keystone/usr/share/keystone/keystone.conf DEFAULT log_file keystone.log - - mkdir -p $(CURDIR)/debian/keystone/etc/keystone/policy.d -+ mkdir -p $(CURDIR)/debian/keystone/etc/keystone/credential-keys - PYTHONPATH=$(CURDIR)/debian/tmp/usr/lib/python3/dist-packages oslopolicy-sample-generator \ - --output-file $(CURDIR)/debian/keystone/etc/keystone/policy.d/00_default_policy.yaml \ - --format yaml \ diff --git a/debian/stx/keystone-all b/debian/stx/keystone-all new file mode 100644 index 000000000..de339caa6 @@ -777,5 +433,5 @@ index 000000000..d3a29f3b3 + +application = wsgi_server.initialize_public_application() -- -2.30.2 +2.32.0