B) Use keystone config files from source; move to /etc/keystone
* Put all config files in /etc/keystone * keystone.conf rewritten * logging.conf.sample rewritten to logging.conf * default_catalog.templates copied from devstack/files * iniset() now properly adds options that do not previously exist Fixed to re-configure the catalog templated backend; sql is the default in trunk now but DevStack needs a bit more work before it can use it. Change-Id: Ic7060ef897e47495cd08ca3786e49fdebadf6723
This commit is contained in:
parent
e474403d5e
commit
09e636e435
@ -1,99 +0,0 @@
|
|||||||
[DEFAULT]
|
|
||||||
bind_host = 0.0.0.0
|
|
||||||
public_port = 5000
|
|
||||||
admin_port = 35357
|
|
||||||
admin_token = %SERVICE_TOKEN%
|
|
||||||
compute_port = 3000
|
|
||||||
verbose = True
|
|
||||||
debug = True
|
|
||||||
# commented out so devstack logs to stdout
|
|
||||||
# log_file = %DEST%/keystone/keystone.log
|
|
||||||
|
|
||||||
# ================= Syslog Options ============================
|
|
||||||
# Send logs to syslog (/dev/log) instead of to file specified
|
|
||||||
# by `log-file`
|
|
||||||
use_syslog = False
|
|
||||||
|
|
||||||
# Facility to use. If unset defaults to LOG_USER.
|
|
||||||
# syslog_log_facility = LOG_LOCAL0
|
|
||||||
|
|
||||||
[sql]
|
|
||||||
connection = %SQL_CONN%
|
|
||||||
idle_timeout = 30
|
|
||||||
min_pool_size = 5
|
|
||||||
max_pool_size = 10
|
|
||||||
pool_timeout = 200
|
|
||||||
|
|
||||||
[identity]
|
|
||||||
driver = keystone.identity.backends.sql.Identity
|
|
||||||
|
|
||||||
[catalog]
|
|
||||||
driver = keystone.catalog.backends.templated.TemplatedCatalog
|
|
||||||
template_file = %KEYSTONE_DIR%/etc/default_catalog.templates
|
|
||||||
|
|
||||||
[token]
|
|
||||||
driver = keystone.token.backends.kvs.Token
|
|
||||||
|
|
||||||
[policy]
|
|
||||||
driver = keystone.policy.backends.rules.Policy
|
|
||||||
|
|
||||||
[ec2]
|
|
||||||
driver = keystone.contrib.ec2.backends.sql.Ec2
|
|
||||||
|
|
||||||
[filter:debug]
|
|
||||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
|
||||||
|
|
||||||
[filter:token_auth]
|
|
||||||
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
|
|
||||||
|
|
||||||
[filter:admin_token_auth]
|
|
||||||
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
|
|
||||||
|
|
||||||
[filter:xml_body]
|
|
||||||
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
|
|
||||||
|
|
||||||
[filter:json_body]
|
|
||||||
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
|
|
||||||
|
|
||||||
[filter:crud_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
|
|
||||||
|
|
||||||
[filter:ec2_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
|
|
||||||
|
|
||||||
[filter:s3_extension]
|
|
||||||
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
|
|
||||||
|
|
||||||
[app:public_service]
|
|
||||||
paste.app_factory = keystone.service:public_app_factory
|
|
||||||
|
|
||||||
[app:admin_service]
|
|
||||||
paste.app_factory = keystone.service:admin_app_factory
|
|
||||||
|
|
||||||
[pipeline:public_api]
|
|
||||||
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
|
|
||||||
|
|
||||||
[pipeline:admin_api]
|
|
||||||
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
|
|
||||||
|
|
||||||
[app:public_version_service]
|
|
||||||
paste.app_factory = keystone.service:public_version_app_factory
|
|
||||||
|
|
||||||
[app:admin_version_service]
|
|
||||||
paste.app_factory = keystone.service:admin_version_app_factory
|
|
||||||
|
|
||||||
[pipeline:public_version_api]
|
|
||||||
pipeline = xml_body public_version_service
|
|
||||||
|
|
||||||
[pipeline:admin_version_api]
|
|
||||||
pipeline = xml_body admin_version_service
|
|
||||||
|
|
||||||
[composite:main]
|
|
||||||
use = egg:Paste#urlmap
|
|
||||||
/v2.0 = public_api
|
|
||||||
/ = public_version_api
|
|
||||||
|
|
||||||
[composite:admin]
|
|
||||||
use = egg:Paste#urlmap
|
|
||||||
/v2.0 = admin_api
|
|
||||||
/ = admin_version_api
|
|
21
functions
21
functions
@ -184,7 +184,7 @@ function git_clone {
|
|||||||
|
|
||||||
|
|
||||||
# Comment an option in an INI file
|
# Comment an option in an INI file
|
||||||
# optset config-file section option
|
# iniset config-file section option
|
||||||
function inicomment() {
|
function inicomment() {
|
||||||
local file=$1
|
local file=$1
|
||||||
local section=$2
|
local section=$2
|
||||||
@ -194,7 +194,7 @@ function inicomment() {
|
|||||||
|
|
||||||
|
|
||||||
# Get an option from an INI file
|
# Get an option from an INI file
|
||||||
# optget config-file section option
|
# iniget config-file section option
|
||||||
function iniget() {
|
function iniget() {
|
||||||
local file=$1
|
local file=$1
|
||||||
local section=$2
|
local section=$2
|
||||||
@ -206,16 +206,25 @@ function iniget() {
|
|||||||
|
|
||||||
|
|
||||||
# Set an option in an INI file
|
# Set an option in an INI file
|
||||||
# This is NOT a complete option setter, it assumes that the section and
|
# iniset config-file section option value
|
||||||
# option already exist in the INI file. If the section does not exist,
|
|
||||||
# nothing happens.
|
|
||||||
# optset config-file section option value
|
|
||||||
function iniset() {
|
function iniset() {
|
||||||
local file=$1
|
local file=$1
|
||||||
local section=$2
|
local section=$2
|
||||||
local option=$3
|
local option=$3
|
||||||
local value=$4
|
local value=$4
|
||||||
|
if ! grep -q "^\[$section\]" $file; then
|
||||||
|
# Add section at the end
|
||||||
|
echo -e "\n[$section]" >>$file
|
||||||
|
fi
|
||||||
|
if [[ -z "$(iniget $file $section $option)" ]]; then
|
||||||
|
# Add it
|
||||||
|
sed -i -e "/^\[$section\]/ a\\
|
||||||
|
$option = $value
|
||||||
|
" $file
|
||||||
|
else
|
||||||
|
# Replace it
|
||||||
sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=[ \t]*\).*$|\1$value|" $file
|
sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=[ \t]*\).*$|\1$value|" $file
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
78
stack.sh
78
stack.sh
@ -1514,16 +1514,42 @@ if is_service_enabled key; then
|
|||||||
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'
|
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'
|
||||||
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone CHARACTER SET utf8;'
|
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone CHARACTER SET utf8;'
|
||||||
|
|
||||||
# Configure keystone.conf
|
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
|
||||||
KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf
|
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
|
||||||
cp $FILES/keystone.conf $KEYSTONE_CONF
|
KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
|
||||||
sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone?charset=utf8,g" -i $KEYSTONE_CONF
|
|
||||||
sudo sed -e "s,%DEST%,$DEST,g" -i $KEYSTONE_CONF
|
|
||||||
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_CONF
|
|
||||||
sudo sed -e "s,%KEYSTONE_DIR%,$KEYSTONE_DIR,g" -i $KEYSTONE_CONF
|
|
||||||
|
|
||||||
KEYSTONE_CATALOG=$KEYSTONE_DIR/etc/default_catalog.templates
|
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
|
||||||
cp $FILES/default_catalog.templates $KEYSTONE_CATALOG
|
sudo mkdir -p $KEYSTONE_CONF_DIR
|
||||||
|
sudo chown `whoami` $KEYSTONE_CONF_DIR
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
|
||||||
|
# FIXME(dtroyer): etc/keystone.conf causes trouble if the config files
|
||||||
|
# are located anywhere else (say, /etc/keystone).
|
||||||
|
# LP 966670 fixes this in keystone, we fix it
|
||||||
|
# here until the bug fix is committed.
|
||||||
|
if [[ -r $KEYSTONE_DIR/etc/keystone.conf ]]; then
|
||||||
|
# Get the sample config file out of the way
|
||||||
|
mv $KEYSTONE_DIR/etc/keystone.conf $KEYSTONE_DIR/etc/keystone.conf.sample
|
||||||
|
fi
|
||||||
|
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
|
||||||
|
cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR
|
||||||
|
fi
|
||||||
|
cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG
|
||||||
|
|
||||||
|
# Rewrite stock keystone.conf:
|
||||||
|
iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
|
||||||
|
iniset $KEYSTONE_CONF sql connection "$BASE_SQL_CONN/keystone?charset=utf8"
|
||||||
|
iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
|
||||||
|
iniset $KEYSTONE_CONF ec2 driver "keystone.contrib.ec2.backends.sql.Ec2"
|
||||||
|
# Configure keystone.conf to use templates
|
||||||
|
iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.TemplatedCatalog"
|
||||||
|
iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
|
||||||
|
sed -e "
|
||||||
|
/^pipeline.*ec2_extension crud_/s|ec2_extension crud_extension|ec2_extension s3_extension crud_extension|;
|
||||||
|
" -i $KEYSTONE_CONF
|
||||||
|
# Append the S3 bits
|
||||||
|
iniset $KEYSTONE_CONF filter:s3_extension paste.filter_factory "keystone.contrib.s3:S3Extension.factory"
|
||||||
|
|
||||||
# Add swift endpoints to service catalog if swift is enabled
|
# Add swift endpoints to service catalog if swift is enabled
|
||||||
if is_service_enabled swift; then
|
if is_service_enabled swift; then
|
||||||
@ -1541,34 +1567,32 @@ if is_service_enabled key; then
|
|||||||
echo "catalog.RegionOne.network.name = Quantum Service" >> $KEYSTONE_CATALOG
|
echo "catalog.RegionOne.network.name = Quantum Service" >> $KEYSTONE_CATALOG
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG
|
sudo sed -e "
|
||||||
|
s,%SERVICE_HOST%,$SERVICE_HOST,g;
|
||||||
sudo sed -e "s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g" -i $KEYSTONE_CATALOG
|
s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g;
|
||||||
|
" -i $KEYSTONE_CATALOG
|
||||||
|
|
||||||
|
# Set up logging
|
||||||
|
LOGGING_ROOT="devel"
|
||||||
if [ "$SYSLOG" != "False" ]; then
|
if [ "$SYSLOG" != "False" ]; then
|
||||||
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf
|
LOGGING_ROOT="$LOGGING_ROOT,production"
|
||||||
sed -i -e '/^handlers=devel$/s/=devel/=production/' \
|
|
||||||
$KEYSTONE_DIR/etc/logging.conf
|
|
||||||
sed -i -e "/^log_file/s/log_file/\#log_file/" \
|
|
||||||
$KEYSTONE_DIR/etc/keystone.conf
|
|
||||||
KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_DIR/etc/logging.conf"
|
|
||||||
fi
|
fi
|
||||||
fi
|
KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_CONF_DIR/logging.conf"
|
||||||
|
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf
|
||||||
|
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
|
||||||
|
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
|
||||||
|
|
||||||
# launch the keystone and wait for it to answer before continuing
|
# initialize keystone database
|
||||||
if is_service_enabled key; then
|
$KEYSTONE_DIR/bin/keystone-manage db_sync
|
||||||
|
|
||||||
|
# launch keystone and wait for it to answer before continuing
|
||||||
screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
|
screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
|
||||||
echo "Waiting for keystone to start..."
|
echo "Waiting for keystone to start..."
|
||||||
if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/; do sleep 1; done"; then
|
if ! timeout $SERVICE_TIMEOUT sh -c "while http_proxy= wget -O- $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/ 2>&1 | grep -q 'refused'; do sleep 1; done"; then
|
||||||
echo "keystone did not start"
|
echo "keystone did not start"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# initialize keystone with default users/endpoints
|
|
||||||
pushd $KEYSTONE_DIR
|
|
||||||
$KEYSTONE_DIR/bin/keystone-manage db_sync
|
|
||||||
popd
|
|
||||||
|
|
||||||
# keystone_data.sh creates services, admin and demo users, and roles.
|
# keystone_data.sh creates services, admin and demo users, and roles.
|
||||||
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
|
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
|
||||||
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
|
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \
|
||||||
|
@ -98,7 +98,7 @@ fi
|
|||||||
|
|
||||||
VAL=$(iniget test.ini zzz handlers)
|
VAL=$(iniget test.ini zzz handlers)
|
||||||
if [[ -z "$VAL" ]]; then
|
if [[ -z "$VAL" ]]; then
|
||||||
echo "OK"
|
echo "OK: zzz not present"
|
||||||
else
|
else
|
||||||
echo "iniget failed: $VAL"
|
echo "iniget failed: $VAL"
|
||||||
fi
|
fi
|
||||||
@ -106,13 +106,31 @@ fi
|
|||||||
iniset test.ini zzz handlers "999"
|
iniset test.ini zzz handlers "999"
|
||||||
|
|
||||||
VAL=$(iniget test.ini zzz handlers)
|
VAL=$(iniget test.ini zzz handlers)
|
||||||
if [[ -z "$VAL" ]]; then
|
if [[ -n "$VAL" ]]; then
|
||||||
echo "OK"
|
echo "OK: zzz not present"
|
||||||
else
|
else
|
||||||
echo "iniget failed: $VAL"
|
echo "iniget failed: $VAL"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Test option not exist
|
||||||
|
|
||||||
|
VAL=$(iniget test.ini aaa debug)
|
||||||
|
if [[ -z "$VAL" ]]; then
|
||||||
|
echo "OK aaa.debug not present"
|
||||||
|
else
|
||||||
|
echo "iniget failed: $VAL"
|
||||||
|
fi
|
||||||
|
|
||||||
|
iniset test.ini aaa debug "999"
|
||||||
|
|
||||||
|
VAL=$(iniget test.ini aaa debug)
|
||||||
|
if [[ -n "$VAL" ]]; then
|
||||||
|
echo "OK aaa.debug present"
|
||||||
|
else
|
||||||
|
echo "iniget failed: $VAL"
|
||||||
|
fi
|
||||||
|
|
||||||
# Test comments
|
# Test comments
|
||||||
|
|
||||||
inicomment test.ini aaa handlers
|
inicomment test.ini aaa handlers
|
||||||
|
Loading…
Reference in New Issue
Block a user