openstack/devstack
Code Issues Proposed changes

B) Use keystone config files from source; move to /etc/keystone

Browse Source 
* Put all config files in /etc/keystone
* keystone.conf rewritten
* logging.conf.sample rewritten to logging.conf
* default_catalog.templates copied from devstack/files
* iniset() now properly adds options that do not previously exist

Fixed to re-configure the catalog templated backend; sql is the
default in trunk now but DevStack needs a bit more work before
it can use it.

Change-Id: Ic7060ef897e47495cd08ca3786e49fdebadf6723
This commit is contained in:
Dean Troyer 2012-03-19 16:31:12 -05:00
parent e474403d5e
commit 09e636e435
4 changed files with 88 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
files/keystone.conf
View File

@ -1,99 +0,0 @@
[DEFAULT]
bind_host = 0.0.0.0
public_port = 5000
admin_port = 35357
admin_token = %SERVICE_TOKEN%
compute_port = 3000
verbose = True
debug = True
# commented out so devstack logs to stdout
# log_file = %DEST%/keystone/keystone.log
# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log-file`
use_syslog = False
# Facility to use. If unset defaults to LOG_USER.
# syslog_log_facility = LOG_LOCAL0
[sql]
connection = %SQL_CONN%
idle_timeout = 30
min_pool_size = 5
max_pool_size = 10
pool_timeout = 200
[identity]
driver = keystone.identity.backends.sql.Identity
[catalog]
driver = keystone.catalog.backends.templated.TemplatedCatalog
template_file = %KEYSTONE_DIR%/etc/default_catalog.templates
[token]
driver = keystone.token.backends.kvs.Token
[policy]
driver = keystone.policy.backends.rules.Policy
[ec2]
driver = keystone.contrib.ec2.backends.sql.Ec2
[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory
[filter:token_auth]
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
[filter:admin_token_auth]
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
[filter:xml_body]
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
[filter:json_body]
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
[filter:crud_extension]
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
[app:public_service]
paste.app_factory = keystone.service:public_app_factory
[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory
[pipeline:public_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service
[pipeline:admin_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory
[app:admin_version_service]
paste.app_factory = keystone.service:admin_version_app_factory
[pipeline:public_version_api]
pipeline = xml_body public_version_service
[pipeline:admin_version_api]
pipeline = xml_body admin_version_service
[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api
[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api

23
functions
View File

@ -184,7 +184,7 @@ function git_clone {
# Comment an option in an INI file # Comment an option in an INI file
# optset config-file section option # iniset config-file section option
function inicomment() { function inicomment() {
local file=$1 local file=$1
local section=$2 local section=$2
@ -194,7 +194,7 @@ function inicomment() {
# Get an option from an INI file # Get an option from an INI file
# optget config-file section option # iniget config-file section option
function iniget() { function iniget() {
local file=$1 local file=$1
local section=$2 local section=$2
@ -206,16 +206,25 @@ function iniget() {
# Set an option in an INI file # Set an option in an INI file
# This is NOT a complete option setter, it assumes that the section and # iniset config-file section option value
# option already exist in the INI file. If the section does not exist,
# nothing happens.
# optset config-file section option value
function iniset() { function iniset() {
local file=$1 local file=$1
local section=$2 local section=$2
local option=$3 local option=$3
local value=$4 local value=$4
sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=[ \t]*\).*$|\1$value|" $file if ! grep -q "^\[$section\]" $file; then
# Add section at the end
echo -e "\n[$section]" >>$file
fi
if [[ -z "$(iniget $file $section $option)" ]]; then
# Add it
sed -i -e "/^\[$section\]/ a\\
$option = $value
" $file
else
# Replace it
sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=[ \t]*\).*$|\1$value|" $file
fi
} }

78
stack.sh
View File

@ -1514,16 +1514,42 @@ if is_service_enabled key; then
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;' mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone CHARACTER SET utf8;' mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone CHARACTER SET utf8;'
# Configure keystone.conf KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
cp $FILES/keystone.conf $KEYSTONE_CONF KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone?charset=utf8,g" -i $KEYSTONE_CONF
sudo sed -e "s,%DEST%,$DEST,g" -i $KEYSTONE_CONF
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_CONF
sudo sed -e "s,%KEYSTONE_DIR%,$KEYSTONE_DIR,g" -i $KEYSTONE_CONF
KEYSTONE_CATALOG=$KEYSTONE_DIR/etc/default_catalog.templates if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
cp $FILES/default_catalog.templates $KEYSTONE_CATALOG sudo mkdir -p $KEYSTONE_CONF_DIR
sudo chown `whoami` $KEYSTONE_CONF_DIR
fi
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
# FIXME(dtroyer): etc/keystone.conf causes trouble if the config files
# are located anywhere else (say, /etc/keystone).
# LP 966670 fixes this in keystone, we fix it
# here until the bug fix is committed.
if [[ -r $KEYSTONE_DIR/etc/keystone.conf ]]; then
# Get the sample config file out of the way
mv $KEYSTONE_DIR/etc/keystone.conf $KEYSTONE_DIR/etc/keystone.conf.sample
fi
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR
fi
cp -p $FILES/default_catalog.templates $KEYSTONE_CATALOG
# Rewrite stock keystone.conf:
iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
iniset $KEYSTONE_CONF sql connection "$BASE_SQL_CONN/keystone?charset=utf8"
iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
iniset $KEYSTONE_CONF ec2 driver "keystone.contrib.ec2.backends.sql.Ec2"
# Configure keystone.conf to use templates
iniset $KEYSTONE_CONF catalog driver "keystone.catalog.backends.templated.TemplatedCatalog"
iniset $KEYSTONE_CONF catalog template_file "$KEYSTONE_CATALOG"
sed -e "
/^pipeline.*ec2_extension crud_/s|ec2_extension crud_extension|ec2_extension s3_extension crud_extension|;
" -i $KEYSTONE_CONF
# Append the S3 bits
iniset $KEYSTONE_CONF filter:s3_extension paste.filter_factory "keystone.contrib.s3:S3Extension.factory"
# Add swift endpoints to service catalog if swift is enabled # Add swift endpoints to service catalog if swift is enabled
if is_service_enabled swift; then if is_service_enabled swift; then
@ -1541,34 +1567,32 @@ if is_service_enabled key; then
echo "catalog.RegionOne.network.name = Quantum Service" >> $KEYSTONE_CATALOG echo "catalog.RegionOne.network.name = Quantum Service" >> $KEYSTONE_CATALOG
fi fi
sudo sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -i $KEYSTONE_CATALOG sudo sed -e "
s,%SERVICE_HOST%,$SERVICE_HOST,g;
sudo sed -e "s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g" -i $KEYSTONE_CATALOG s,%S3_SERVICE_PORT%,$S3_SERVICE_PORT,g;
" -i $KEYSTONE_CATALOG
# Set up logging
LOGGING_ROOT="devel"
if [ "$SYSLOG" != "False" ]; then if [ "$SYSLOG" != "False" ]; then
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_DIR/etc/logging.conf LOGGING_ROOT="$LOGGING_ROOT,production"
sed -i -e '/^handlers=devel$/s/=devel/=production/' \
$KEYSTONE_DIR/etc/logging.conf
sed -i -e "/^log_file/s/log_file/\#log_file/" \
$KEYSTONE_DIR/etc/keystone.conf
KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_DIR/etc/logging.conf"
fi fi
fi KEYSTONE_LOG_CONFIG="--log-config $KEYSTONE_CONF_DIR/logging.conf"
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
# launch the keystone and wait for it to answer before continuing # initialize keystone database
if is_service_enabled key; then $KEYSTONE_DIR/bin/keystone-manage db_sync
# launch keystone and wait for it to answer before continuing
screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug" screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
echo "Waiting for keystone to start..." echo "Waiting for keystone to start..."
if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/; do sleep 1; done"; then if ! timeout $SERVICE_TIMEOUT sh -c "while http_proxy= wget -O- $KEYSTONE_AUTH_PROTOCOL://$SERVICE_HOST:$KEYSTONE_API_PORT/v2.0/ 2>&1 | grep -q 'refused'; do sleep 1; done"; then
echo "keystone did not start" echo "keystone did not start"
exit 1 exit 1
fi fi
# initialize keystone with default users/endpoints
pushd $KEYSTONE_DIR
$KEYSTONE_DIR/bin/keystone-manage db_sync
popd
# keystone_data.sh creates services, admin and demo users, and roles. # keystone_data.sh creates services, admin and demo users, and roles.
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0 SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \ ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=$TOP_DIR ENABLED_SERVICES=$ENABLED_SERVICES \

24
tests/functions.sh
View File

@ -98,7 +98,7 @@ fi
VAL=$(iniget test.ini zzz handlers) VAL=$(iniget test.ini zzz handlers)
if [[ -z "$VAL" ]]; then if [[ -z "$VAL" ]]; then
echo "OK" echo "OK: zzz not present"
else else
echo "iniget failed: $VAL" echo "iniget failed: $VAL"
fi fi
@ -106,13 +106,31 @@ fi
iniset test.ini zzz handlers "999" iniset test.ini zzz handlers "999"
VAL=$(iniget test.ini zzz handlers) VAL=$(iniget test.ini zzz handlers)
if [[ -z "$VAL" ]]; then if [[ -n "$VAL" ]]; then
echo "OK" echo "OK: zzz not present"
else else
echo "iniget failed: $VAL" echo "iniget failed: $VAL"
fi fi
# Test option not exist
VAL=$(iniget test.ini aaa debug)
if [[ -z "$VAL" ]]; then
echo "OK aaa.debug not present"
else
echo "iniget failed: $VAL"
fi
iniset test.ini aaa debug "999"
VAL=$(iniget test.ini aaa debug)
if [[ -n "$VAL" ]]; then
echo "OK aaa.debug present"
else
echo "iniget failed: $VAL"
fi
# Test comments # Test comments
inicomment test.ini aaa handlers inicomment test.ini aaa handlers