Always create signing_dir regardless of token format

Fixes bug 1088801

devstack does not create signing_dir when keystone token format is UUID.
If the default value of signing_dir is read-only, OpenStack services
such as Quantum server failed to start due to permission denied.

On the keystone client cannot know which token_format is used in keystone
in advance, so signing_dir should be created regardless of the token format.

Change-Id: I1b0d25c1ac4d22d9fb2c5443d15b96fdaa5a4c81
This commit is contained in:
Akihiro MOTOKI 2012-12-11 17:09:02 +09:00
parent c50a86e917
commit 5e3deb678e
4 changed files with 19 additions and 36 deletions

View File

@ -105,10 +105,7 @@ function configure_cinder() {
iniset $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME iniset $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder
iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
fi
cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
iniset $CINDER_CONF DEFAULT auth_strategy keystone iniset $CINDER_CONF DEFAULT auth_strategy keystone
@ -212,11 +209,9 @@ function init_cinder() {
fi fi
fi fi
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then # Create cache dir
# Create cache dir sudo mkdir -p $CINDER_AUTH_CACHE_DIR
sudo mkdir -p $CINDER_AUTH_CACHE_DIR sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
fi
} }
# install_cinder() - Collect source and prepare # install_cinder() - Collect source and prepare

View File

@ -95,9 +95,7 @@ function configure_glance() {
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
fi
cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
iniset $GLANCE_API_CONF DEFAULT debug True iniset $GLANCE_API_CONF DEFAULT debug True
@ -121,9 +119,7 @@ function configure_glance() {
iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST
iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
fi fi
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
fi
cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI
@ -163,13 +159,11 @@ function init_glance() {
$GLANCE_BIN_DIR/glance-manage db_sync $GLANCE_BIN_DIR/glance-manage db_sync
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then # Create cache dir
# Create cache dir sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
fi
} }
# install_glanceclient() - Collect source and prepare # install_glanceclient() - Collect source and prepare

View File

@ -172,9 +172,7 @@ function configure_nova() {
" -i $NOVA_API_PASTE_INI " -i $NOVA_API_PASTE_INI
fi fi
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
fi
if is_service_enabled n-cpu; then if is_service_enabled n-cpu; then
# Force IP forwarding on, just on case # Force IP forwarding on, just on case
@ -378,11 +376,9 @@ function init_nova() {
$NOVA_BIN_DIR/nova-manage db sync $NOVA_BIN_DIR/nova-manage db sync
fi fi
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then # Create cache dir
# Create cache dir sudo mkdir -p $NOVA_AUTH_CACHE_DIR
sudo mkdir -p $NOVA_AUTH_CACHE_DIR sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
fi
} }
# install_novaclient() - Collect source and prepare # install_novaclient() - Collect source and prepare

View File

@ -68,12 +68,10 @@ function quantum_setup_keystone() {
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
iniset $conf_file $section admin_password $SERVICE_PASSWORD iniset $conf_file $section admin_password $SERVICE_PASSWORD
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR # Create cache dir
# Create cache dir sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
fi
} }
function quantum_setup_ovs_bridge() { function quantum_setup_ovs_bridge() {