Function for auth_token middleware config
Each project was configuring the auth_token middleware using several lines of inisets. Since all the projects should configure the auth_token middleware in the same way create a function and call it. Change-Id: I3b6727d5a3bdc0ca600d8faa23bc6db32bb32260
This commit is contained in:
Brant Knudson
parent
d13eb8ec40
commit
0595237e8a
@ -146,11 +146,7 @@ function configure_ceilometer {
|
||||
iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD
|
||||
iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME
|
||||
|
||||
iniset $CEILOMETER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $CEILOMETER_CONF keystone_authtoken admin_user ceilometer
|
||||
iniset $CEILOMETER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset $CEILOMETER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $CEILOMETER_CONF keystone_authtoken signing_dir $CEILOMETER_AUTH_CACHE_DIR
|
||||
configure_auth_token_middleware $CEILOMETER_CONF ceilometer $CEILOMETER_AUTH_CACHE_DIR
|
||||
|
||||
if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then
|
||||
iniset $CEILOMETER_CONF database connection `database_connection_url ceilometer`
|
||||
|
||||
11
lib/cinder
11
lib/cinder
@ -212,12 +212,7 @@ function configure_cinder {
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
|
||||
|
||||
iniset $CINDER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $CINDER_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $CINDER_CONF keystone_authtoken admin_user cinder
|
||||
iniset $CINDER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset $CINDER_CONF keystone_authtoken signing_dir $CINDER_AUTH_CACHE_DIR
|
||||
configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR
|
||||
|
||||
iniset $CINDER_CONF DEFAULT auth_strategy keystone
|
||||
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
||||
@ -302,10 +297,6 @@ function configure_cinder {
|
||||
-e 's/snapshot_autoextend_percent =.*/snapshot_autoextend_percent = 20/' \
|
||||
/etc/lvm/lvm.conf
|
||||
fi
|
||||
configure_API_version $CINDER_CONF $IDENTITY_API_VERSION
|
||||
iniset $CINDER_CONF keystone_authtoken admin_user cinder
|
||||
iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $CINDER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
|
||||
iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS"
|
||||
}
|
||||
|
||||
16
lib/glance
16
lib/glance
@ -96,13 +96,7 @@ function configure_glance {
|
||||
iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
|
||||
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
|
||||
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
configure_API_version $GLANCE_REGISTRY_CONF $IDENTITY_API_VERSION
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
|
||||
configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
|
||||
if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
|
||||
iniset $GLANCE_REGISTRY_CONF DEFAULT notification_driver messaging
|
||||
fi
|
||||
@ -115,17 +109,11 @@ function configure_glance {
|
||||
iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG
|
||||
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
|
||||
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
|
||||
iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $GLANCE_API_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
configure_API_version $GLANCE_API_CONF $IDENTITY_API_VERSION
|
||||
iniset $GLANCE_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $GLANCE_API_CONF keystone_authtoken admin_user glance
|
||||
iniset $GLANCE_API_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
|
||||
if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
|
||||
iniset $GLANCE_API_CONF DEFAULT notification_driver messaging
|
||||
fi
|
||||
iniset_rpc_backend glance $GLANCE_API_CONF DEFAULT
|
||||
iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
|
||||
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
|
||||
iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz"
|
||||
iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,raw,iso"
|
||||
|
||||
9
lib/heat
9
lib/heat
@ -110,14 +110,7 @@ function configure_heat {
|
||||
setup_colorized_logging $HEAT_CONF DEFAULT tenant user
|
||||
fi
|
||||
|
||||
# keystone authtoken
|
||||
iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
configure_API_version $HEAT_CONF $IDENTITY_API_VERSION
|
||||
iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $HEAT_CONF keystone_authtoken admin_user heat
|
||||
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
|
||||
configure_auth_token_middleware $HEAT_CONF heat $HEAT_AUTH_CACHE_DIR
|
||||
|
||||
if is_ssl_enabled_service "key"; then
|
||||
iniset $HEAT_CONF clients_keystone ca_file $KEYSTONE_SSL_CA
|
||||
|
||||
@ -243,14 +243,8 @@ function configure_ironic {
|
||||
function configure_ironic_api {
|
||||
iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone
|
||||
iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
configure_auth_token_middleware $IRONIC_CONF_FILE ironic $IRONIC_AUTH_CACHE_DIR/api
|
||||
iniset_rpc_backend ironic $IRONIC_CONF_FILE DEFAULT
|
||||
iniset $IRONIC_CONF_FILE keystone_authtoken signing_dir $IRONIC_AUTH_CACHE_DIR/api
|
||||
|
||||
cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON
|
||||
}
|
||||
|
||||
30
lib/keystone
30
lib/keystone
@ -386,11 +386,37 @@ function create_keystone_accounts {
|
||||
}
|
||||
|
||||
# Configure the API version for the OpenStack projects.
|
||||
# configure_API_version conf_file version
|
||||
# configure_API_version conf_file version [section]
|
||||
function configure_API_version {
|
||||
local conf_file=$1
|
||||
local api_version=$2
|
||||
iniset $conf_file keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$api_version
|
||||
local section=${3:-keystone_authtoken}
|
||||
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$api_version
|
||||
}
|
||||
|
||||
# Configure the service to use the auth token middleware.
|
||||
#
|
||||
# configure_auth_token_middleware conf_file admin_user signing_dir [section]
|
||||
#
|
||||
# section defaults to keystone_authtoken, which is where auth_token looks in
|
||||
# the .conf file. If the paste config file is used (api-paste.ini) then
|
||||
# provide the section name for the auth_token filter.
|
||||
function configure_auth_token_middleware {
|
||||
local conf_file=$1
|
||||
local admin_user=$2
|
||||
local signing_dir=$3
|
||||
local section=${4:-keystone_authtoken}
|
||||
|
||||
iniset $conf_file $section auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $conf_file $section auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $conf_file $section cafile $KEYSTONE_SSL_CA
|
||||
configure_API_version $conf_file $IDENTITY_API_VERSION $section
|
||||
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $conf_file $section admin_user $admin_user
|
||||
iniset $conf_file $section admin_password $SERVICE_PASSWORD
|
||||
iniset $conf_file $section signing_dir $signing_dir
|
||||
}
|
||||
|
||||
# init_keystone() - Initialize databases, etc.
|
||||
|
||||
20
lib/neutron
20
lib/neutron
@ -794,7 +794,7 @@ function _configure_neutron_metadata_agent {
|
||||
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
|
||||
iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
|
||||
|
||||
_neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True
|
||||
_neutron_setup_keystone $Q_META_CONF_FILE DEFAULT
|
||||
|
||||
}
|
||||
|
||||
@ -936,23 +936,9 @@ function _neutron_setup_rootwrap {
|
||||
function _neutron_setup_keystone {
|
||||
local conf_file=$1
|
||||
local section=$2
|
||||
local use_auth_url=$3
|
||||
local skip_auth_cache=$4
|
||||
|
||||
if [[ -n $use_auth_url ]]; then
|
||||
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
|
||||
else
|
||||
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
|
||||
iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
|
||||
fi
|
||||
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
|
||||
iniset $conf_file $section admin_password $SERVICE_PASSWORD
|
||||
if [[ -z $skip_auth_cache ]]; then
|
||||
iniset $conf_file $section signing_dir $NEUTRON_AUTH_CACHE_DIR
|
||||
# Create cache dir
|
||||
create_neutron_cache_dir
|
||||
fi
|
||||
create_neutron_cache_dir
|
||||
configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
|
||||
}
|
||||
|
||||
function _neutron_setup_interface_driver {
|
||||
|
||||
10
lib/nova
10
lib/nova
@ -438,17 +438,9 @@ function create_nova_conf {
|
||||
iniset $NOVA_CONF DEFAULT osapi_compute_listen_port "$NOVA_SERVICE_PORT_INT"
|
||||
fi
|
||||
|
||||
# Add keystone authtoken configuration
|
||||
|
||||
iniset $NOVA_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $NOVA_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $NOVA_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $NOVA_CONF keystone_authtoken admin_user nova
|
||||
iniset $NOVA_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR
|
||||
fi
|
||||
|
||||
iniset $NOVA_CONF keystone_authtoken signing_dir $NOVA_AUTH_CACHE_DIR
|
||||
|
||||
if [ -n "$NOVA_STATE_PATH" ]; then
|
||||
iniset $NOVA_CONF DEFAULT state_path "$NOVA_STATE_PATH"
|
||||
iniset $NOVA_CONF DEFAULT lock_path "$NOVA_STATE_PATH"
|
||||
|
||||
11
lib/sahara
11
lib/sahara
@ -106,16 +106,7 @@ function configure_sahara {
|
||||
sudo chown $STACK_USER $SAHARA_AUTH_CACHE_DIR
|
||||
rm -rf $SAHARA_AUTH_CACHE_DIR/*
|
||||
|
||||
# Set actual keystone auth configs
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken admin_user sahara
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken signing_dir $SAHARA_AUTH_CACHE_DIR
|
||||
iniset $SAHARA_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
|
||||
configure_auth_token_middleware $SAHARA_CONF_FILE sahara $SAHARA_AUTH_CACHE_DIR
|
||||
|
||||
# Set configuration to send notifications
|
||||
|
||||
|
||||
10
lib/swift
10
lib/swift
@ -382,15 +382,7 @@ function configure_swift {
|
||||
|
||||
# Configure Keystone
|
||||
sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_host $KEYSTONE_AUTH_HOST
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_port $KEYSTONE_AUTH_PORT
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken signing_dir $SWIFT_AUTH_CACHE_DIR
|
||||
configure_auth_token_middleware ${SWIFT_CONFIG_PROXY_SERVER} swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
|
||||
# This causes the authtoken middleware to use the same python logging
|
||||
# adapter provided by the swift proxy-server, so that request transaction
|
||||
# IDs will included in all of its log messages.
|
||||
|
||||
@ -128,12 +128,7 @@ function configure_trove {
|
||||
cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini
|
||||
TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
|
||||
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken cafile $KEYSTONE_SSL_CA
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken admin_user trove
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset $TROVE_API_PASTE_INI filter:authtoken signing_dir $TROVE_AUTH_CACHE_DIR
|
||||
configure_auth_token_middleware $TROVE_API_PASTE_INI trove $TROVE_AUTH_CACHE_DIR filter:authtoken
|
||||
|
||||
# (Re)create trove conf files
|
||||
rm -f $TROVE_CONF_DIR/trove.conf
|
||||
|
||||
@ -107,11 +107,7 @@ function configure_zaqar {
|
||||
iniset $ZAQAR_CONF DEFAULT log_file $ZAQAR_API_LOG_FILE
|
||||
iniset $ZAQAR_CONF 'drivers:transport:wsgi' bind $ZAQAR_SERVICE_HOST
|
||||
|
||||
iniset $ZAQAR_CONF keystone_authtoken auth_protocol http
|
||||
iniset $ZAQAR_CONF keystone_authtoken admin_user zaqar
|
||||
iniset $ZAQAR_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
iniset $ZAQAR_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $ZAQAR_CONF keystone_authtoken signing_dir $ZAQAR_AUTH_CACHE_DIR
|
||||
configure_auth_token_middleware $ZAQAR_CONF zaqar $ZAQAR_AUTH_CACHE_DIR
|
||||
|
||||
if [ "$ZAQAR_BACKEND" = 'mysql' ] || [ "$ZAQAR_BACKEND" = 'postgresql' ] ; then
|
||||
iniset $ZAQAR_CONF drivers storage sqlalchemy
|
||||
|
||||
Loading…
Reference in New Issue
Block a user