Always create signing_dir regardless of token format
Fixes bug 1088801 devstack does not create signing_dir when keystone token format is UUID. If the default value of signing_dir is read-only, OpenStack services such as Quantum server failed to start due to permission denied. On the keystone client cannot know which token_format is used in keystone in advance, so signing_dir should be created regardless of the token format. Change-Id: I1b0d25c1ac4d22d9fb2c5443d15b96fdaa5a4c81
This commit is contained in:
parent
c50a86e917
commit
5e3deb678e
13
lib/cinder
13
lib/cinder
@ -105,10 +105,7 @@ function configure_cinder() {
|
||||
iniset $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder
|
||||
iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
|
||||
fi
|
||||
iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
|
||||
|
||||
cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
|
||||
iniset $CINDER_CONF DEFAULT auth_strategy keystone
|
||||
@ -212,11 +209,9 @@ function init_cinder() {
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
# Create cache dir
|
||||
sudo mkdir -p $CINDER_AUTH_CACHE_DIR
|
||||
sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
|
||||
fi
|
||||
# Create cache dir
|
||||
sudo mkdir -p $CINDER_AUTH_CACHE_DIR
|
||||
sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
|
||||
}
|
||||
|
||||
# install_cinder() - Collect source and prepare
|
||||
|
20
lib/glance
20
lib/glance
@ -95,9 +95,7 @@ function configure_glance() {
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
|
||||
fi
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
|
||||
|
||||
cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
|
||||
iniset $GLANCE_API_CONF DEFAULT debug True
|
||||
@ -121,9 +119,7 @@ function configure_glance() {
|
||||
iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST
|
||||
iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
|
||||
fi
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
|
||||
fi
|
||||
iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
|
||||
|
||||
cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI
|
||||
|
||||
@ -163,13 +159,11 @@ function init_glance() {
|
||||
|
||||
$GLANCE_BIN_DIR/glance-manage db_sync
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
# Create cache dir
|
||||
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
|
||||
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
|
||||
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
|
||||
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
|
||||
fi
|
||||
# Create cache dir
|
||||
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
|
||||
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
|
||||
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
|
||||
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
|
||||
}
|
||||
|
||||
# install_glanceclient() - Collect source and prepare
|
||||
|
12
lib/nova
12
lib/nova
@ -172,9 +172,7 @@ function configure_nova() {
|
||||
" -i $NOVA_API_PASTE_INI
|
||||
fi
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
|
||||
fi
|
||||
iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
|
||||
|
||||
if is_service_enabled n-cpu; then
|
||||
# Force IP forwarding on, just on case
|
||||
@ -378,11 +376,9 @@ function init_nova() {
|
||||
$NOVA_BIN_DIR/nova-manage db sync
|
||||
fi
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
# Create cache dir
|
||||
sudo mkdir -p $NOVA_AUTH_CACHE_DIR
|
||||
sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
|
||||
fi
|
||||
# Create cache dir
|
||||
sudo mkdir -p $NOVA_AUTH_CACHE_DIR
|
||||
sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
|
||||
}
|
||||
|
||||
# install_novaclient() - Collect source and prepare
|
||||
|
10
lib/quantum
10
lib/quantum
@ -68,12 +68,10 @@ function quantum_setup_keystone() {
|
||||
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
|
||||
iniset $conf_file $section admin_password $SERVICE_PASSWORD
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
|
||||
# Create cache dir
|
||||
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
|
||||
sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
|
||||
fi
|
||||
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
|
||||
# Create cache dir
|
||||
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
|
||||
sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
|
||||
}
|
||||
|
||||
function quantum_setup_ovs_bridge() {
|
||||
|
Loading…
Reference in New Issue
Block a user