Merge "Function for auth_token middleware config"

This commit is contained in:
Jenkins 2014-09-22 19:04:48 +00:00 committed by Gerrit Code Review
commit 4c996a75bb
12 changed files with 42 additions and 102 deletions

View File

@ -146,11 +146,7 @@ function configure_ceilometer {
iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD
iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME
iniset $CEILOMETER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI configure_auth_token_middleware $CEILOMETER_CONF ceilometer $CEILOMETER_AUTH_CACHE_DIR
iniset $CEILOMETER_CONF keystone_authtoken admin_user ceilometer
iniset $CEILOMETER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $CEILOMETER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $CEILOMETER_CONF keystone_authtoken signing_dir $CEILOMETER_AUTH_CACHE_DIR
if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then
iniset $CEILOMETER_CONF database connection `database_connection_url ceilometer` iniset $CEILOMETER_CONF database connection `database_connection_url ceilometer`

View File

@ -212,12 +212,7 @@ function configure_cinder {
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
iniset $CINDER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR
iniset $CINDER_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $CINDER_CONF keystone_authtoken admin_user cinder
iniset $CINDER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $CINDER_CONF keystone_authtoken signing_dir $CINDER_AUTH_CACHE_DIR
iniset $CINDER_CONF DEFAULT auth_strategy keystone iniset $CINDER_CONF DEFAULT auth_strategy keystone
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@ -302,10 +297,6 @@ function configure_cinder {
-e 's/snapshot_autoextend_percent =.*/snapshot_autoextend_percent = 20/' \ -e 's/snapshot_autoextend_percent =.*/snapshot_autoextend_percent = 20/' \
/etc/lvm/lvm.conf /etc/lvm/lvm.conf
fi fi
configure_API_version $CINDER_CONF $IDENTITY_API_VERSION
iniset $CINDER_CONF keystone_authtoken admin_user cinder
iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $CINDER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS" iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS"
} }

View File

@ -96,13 +96,7 @@ function configure_glance {
iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
iniset $GLANCE_REGISTRY_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
configure_API_version $GLANCE_REGISTRY_CONF $IDENTITY_API_VERSION
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
iniset $GLANCE_REGISTRY_CONF DEFAULT notification_driver messaging iniset $GLANCE_REGISTRY_CONF DEFAULT notification_driver messaging
fi fi
@ -115,17 +109,11 @@ function configure_glance {
iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
iniset $GLANCE_API_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
configure_API_version $GLANCE_API_CONF $IDENTITY_API_VERSION
iniset $GLANCE_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $GLANCE_API_CONF keystone_authtoken admin_user glance
iniset $GLANCE_API_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
iniset $GLANCE_API_CONF DEFAULT notification_driver messaging iniset $GLANCE_API_CONF DEFAULT notification_driver messaging
fi fi
iniset_rpc_backend glance $GLANCE_API_CONF DEFAULT iniset_rpc_backend glance $GLANCE_API_CONF DEFAULT
iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
if [ "$VIRT_DRIVER" = 'xenserver' ]; then if [ "$VIRT_DRIVER" = 'xenserver' ]; then
iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz" iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz"
iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,raw,iso" iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,raw,iso"

View File

@ -110,14 +110,7 @@ function configure_heat {
setup_colorized_logging $HEAT_CONF DEFAULT tenant user setup_colorized_logging $HEAT_CONF DEFAULT tenant user
fi fi
# keystone authtoken configure_auth_token_middleware $HEAT_CONF heat $HEAT_AUTH_CACHE_DIR
iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
configure_API_version $HEAT_CONF $IDENTITY_API_VERSION
iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $HEAT_CONF keystone_authtoken admin_user heat
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
if is_ssl_enabled_service "key"; then if is_ssl_enabled_service "key"; then
iniset $HEAT_CONF clients_keystone ca_file $KEYSTONE_SSL_CA iniset $HEAT_CONF clients_keystone ca_file $KEYSTONE_SSL_CA

View File

@ -243,14 +243,8 @@ function configure_ironic {
function configure_ironic_api { function configure_ironic_api {
iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone
iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON
iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI configure_auth_token_middleware $IRONIC_CONF_FILE ironic $IRONIC_AUTH_CACHE_DIR/api
iniset $IRONIC_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI
iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic
iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
iniset_rpc_backend ironic $IRONIC_CONF_FILE DEFAULT iniset_rpc_backend ironic $IRONIC_CONF_FILE DEFAULT
iniset $IRONIC_CONF_FILE keystone_authtoken signing_dir $IRONIC_AUTH_CACHE_DIR/api
cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON
} }

View File

@ -386,11 +386,37 @@ function create_keystone_accounts {
} }
# Configure the API version for the OpenStack projects. # Configure the API version for the OpenStack projects.
# configure_API_version conf_file version # configure_API_version conf_file version [section]
function configure_API_version { function configure_API_version {
local conf_file=$1 local conf_file=$1
local api_version=$2 local api_version=$2
iniset $conf_file keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$api_version local section=${3:-keystone_authtoken}
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$api_version
}
# Configure the service to use the auth token middleware.
#
# configure_auth_token_middleware conf_file admin_user signing_dir [section]
#
# section defaults to keystone_authtoken, which is where auth_token looks in
# the .conf file. If the paste config file is used (api-paste.ini) then
# provide the section name for the auth_token filter.
function configure_auth_token_middleware {
local conf_file=$1
local admin_user=$2
local signing_dir=$3
local section=${4:-keystone_authtoken}
iniset $conf_file $section auth_host $KEYSTONE_AUTH_HOST
iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT
iniset $conf_file $section auth_protocol $KEYSTONE_AUTH_PROTOCOL
iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
iniset $conf_file $section cafile $KEYSTONE_SSL_CA
configure_API_version $conf_file $IDENTITY_API_VERSION $section
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
iniset $conf_file $section admin_user $admin_user
iniset $conf_file $section admin_password $SERVICE_PASSWORD
iniset $conf_file $section signing_dir $signing_dir
} }
# init_keystone() - Initialize databases, etc. # init_keystone() - Initialize databases, etc.

View File

@ -794,7 +794,7 @@ function _configure_neutron_metadata_agent {
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND" iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
_neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT
} }
@ -936,23 +936,9 @@ function _neutron_setup_rootwrap {
function _neutron_setup_keystone { function _neutron_setup_keystone {
local conf_file=$1 local conf_file=$1
local section=$2 local section=$2
local use_auth_url=$3
local skip_auth_cache=$4
if [[ -n $use_auth_url ]]; then create_neutron_cache_dir
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0 configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
else
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
fi
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
iniset $conf_file $section admin_password $SERVICE_PASSWORD
if [[ -z $skip_auth_cache ]]; then
iniset $conf_file $section signing_dir $NEUTRON_AUTH_CACHE_DIR
# Create cache dir
create_neutron_cache_dir
fi
} }
function _neutron_setup_interface_driver { function _neutron_setup_interface_driver {

View File

@ -438,17 +438,9 @@ function create_nova_conf {
iniset $NOVA_CONF DEFAULT osapi_compute_listen_port "$NOVA_SERVICE_PORT_INT" iniset $NOVA_CONF DEFAULT osapi_compute_listen_port "$NOVA_SERVICE_PORT_INT"
fi fi
# Add keystone authtoken configuration configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR
iniset $NOVA_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $NOVA_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $NOVA_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $NOVA_CONF keystone_authtoken admin_user nova
iniset $NOVA_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
fi fi
iniset $NOVA_CONF keystone_authtoken signing_dir $NOVA_AUTH_CACHE_DIR
if [ -n "$NOVA_STATE_PATH" ]; then if [ -n "$NOVA_STATE_PATH" ]; then
iniset $NOVA_CONF DEFAULT state_path "$NOVA_STATE_PATH" iniset $NOVA_CONF DEFAULT state_path "$NOVA_STATE_PATH"
iniset $NOVA_CONF DEFAULT lock_path "$NOVA_STATE_PATH" iniset $NOVA_CONF DEFAULT lock_path "$NOVA_STATE_PATH"

View File

@ -106,16 +106,7 @@ function configure_sahara {
sudo chown $STACK_USER $SAHARA_AUTH_CACHE_DIR sudo chown $STACK_USER $SAHARA_AUTH_CACHE_DIR
rm -rf $SAHARA_AUTH_CACHE_DIR/* rm -rf $SAHARA_AUTH_CACHE_DIR/*
# Set actual keystone auth configs configure_auth_token_middleware $SAHARA_CONF_FILE sahara $SAHARA_AUTH_CACHE_DIR
iniset $SAHARA_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
iniset $SAHARA_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
iniset $SAHARA_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
iniset $SAHARA_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
iniset $SAHARA_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $SAHARA_CONF_FILE keystone_authtoken admin_user sahara
iniset $SAHARA_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $SAHARA_CONF_FILE keystone_authtoken signing_dir $SAHARA_AUTH_CACHE_DIR
iniset $SAHARA_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
# Set configuration to send notifications # Set configuration to send notifications

View File

@ -382,15 +382,7 @@ function configure_swift {
# Configure Keystone # Configure Keystone
sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER} sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_host $KEYSTONE_AUTH_HOST configure_auth_token_middleware ${SWIFT_CONFIG_PROXY_SERVER} swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_port $KEYSTONE_AUTH_PORT
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cafile $KEYSTONE_SSL_CA
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken signing_dir $SWIFT_AUTH_CACHE_DIR
# This causes the authtoken middleware to use the same python logging # This causes the authtoken middleware to use the same python logging
# adapter provided by the swift proxy-server, so that request transaction # adapter provided by the swift proxy-server, so that request transaction
# IDs will included in all of its log messages. # IDs will included in all of its log messages.

View File

@ -128,12 +128,7 @@ function configure_trove {
cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini
TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
iniset $TROVE_API_PASTE_INI filter:authtoken identity_uri $KEYSTONE_AUTH_URI configure_auth_token_middleware $TROVE_API_PASTE_INI trove $TROVE_AUTH_CACHE_DIR filter:authtoken
iniset $TROVE_API_PASTE_INI filter:authtoken cafile $KEYSTONE_SSL_CA
iniset $TROVE_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $TROVE_API_PASTE_INI filter:authtoken admin_user trove
iniset $TROVE_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
iniset $TROVE_API_PASTE_INI filter:authtoken signing_dir $TROVE_AUTH_CACHE_DIR
# (Re)create trove conf files # (Re)create trove conf files
rm -f $TROVE_CONF_DIR/trove.conf rm -f $TROVE_CONF_DIR/trove.conf

View File

@ -107,11 +107,7 @@ function configure_zaqar {
iniset $ZAQAR_CONF DEFAULT log_file $ZAQAR_API_LOG_FILE iniset $ZAQAR_CONF DEFAULT log_file $ZAQAR_API_LOG_FILE
iniset $ZAQAR_CONF 'drivers:transport:wsgi' bind $ZAQAR_SERVICE_HOST iniset $ZAQAR_CONF 'drivers:transport:wsgi' bind $ZAQAR_SERVICE_HOST
iniset $ZAQAR_CONF keystone_authtoken auth_protocol http configure_auth_token_middleware $ZAQAR_CONF zaqar $ZAQAR_AUTH_CACHE_DIR
iniset $ZAQAR_CONF keystone_authtoken admin_user zaqar
iniset $ZAQAR_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $ZAQAR_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $ZAQAR_CONF keystone_authtoken signing_dir $ZAQAR_AUTH_CACHE_DIR
if [ "$ZAQAR_BACKEND" = 'mysql' ] || [ "$ZAQAR_BACKEND" = 'postgresql' ] ; then if [ "$ZAQAR_BACKEND" = 'mysql' ] || [ "$ZAQAR_BACKEND" = 'postgresql' ] ; then
iniset $ZAQAR_CONF drivers storage sqlalchemy iniset $ZAQAR_CONF drivers storage sqlalchemy