From 04e69de6c513e1cddaaa74eb2ff428a5db4d223b Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Wed, 27 Jul 2016 08:05:05 +1000 Subject: [PATCH] Mount identity admin script at /identity_admin The /identity_admin endpoint is the port 80/443 equivalent of the service that typically runs on port 35357. In v2 some operations must be performed on the admin endpoint whereas on v3 the services on 5000 and 35357 are exactly the same. This would be why the service was mounted at /identity_v2_admin however that is misleading because both the v2 and v3 services are present on that endpoint. This is particularly confusing because we set this as the OS_AUTH_URL endpoint and it makes it seem like we are doing v2 authentication when we are not. Change-Id: If73735026079fb19ca5bd44b3a4dc1f507b5c99d --- files/apache-keystone.template | 4 ++-- lib/keystone | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/files/apache-keystone.template b/files/apache-keystone.template index 8a4b0f0c43..428544f25c 100644 --- a/files/apache-keystone.template +++ b/files/apache-keystone.template @@ -44,8 +44,8 @@ Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public WSGIPassAuthorization On -Alias /identity_v2_admin %KEYSTONE_BIN%/keystone-wsgi-admin - +Alias /identity_admin %KEYSTONE_BIN%/keystone-wsgi-admin + SetHandler wsgi-script Options +ExecCGI diff --git a/lib/keystone b/lib/keystone index 851db042ba..23f09a5499 100644 --- a/lib/keystone +++ b/lib/keystone @@ -124,7 +124,7 @@ fi # complete URIs if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then # If running in Apache, use path access rather than port. - KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_v2_admin + KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_admin KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity else KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}