From 5e3deb678e95737e05f43832d07a37d74c4e8aca Mon Sep 17 00:00:00 2001 From: Akihiro MOTOKI Date: Tue, 11 Dec 2012 17:09:02 +0900 Subject: [PATCH] Always create signing_dir regardless of token format Fixes bug 1088801 devstack does not create signing_dir when keystone token format is UUID. If the default value of signing_dir is read-only, OpenStack services such as Quantum server failed to start due to permission denied. On the keystone client cannot know which token_format is used in keystone in advance, so signing_dir should be created regardless of the token format. Change-Id: I1b0d25c1ac4d22d9fb2c5443d15b96fdaa5a4c81 --- lib/cinder | 13 ++++--------- lib/glance | 20 +++++++------------- lib/nova | 12 ++++-------- lib/quantum | 10 ++++------ 4 files changed, 19 insertions(+), 36 deletions(-) diff --git a/lib/cinder b/lib/cinder index 9b9d50d148..0dc86cadf0 100644 --- a/lib/cinder +++ b/lib/cinder @@ -105,10 +105,7 @@ function configure_cinder() { iniset $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD - - if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then - iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR - fi + iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF iniset $CINDER_CONF DEFAULT auth_strategy keystone @@ -212,11 +209,9 @@ function init_cinder() { fi fi - if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then - # Create cache dir - sudo mkdir -p $CINDER_AUTH_CACHE_DIR - sudo chown `whoami` $CINDER_AUTH_CACHE_DIR - fi + # Create cache dir + sudo mkdir -p $CINDER_AUTH_CACHE_DIR + sudo chown `whoami` $CINDER_AUTH_CACHE_DIR } # install_cinder() - Collect source and prepare diff --git a/lib/glance b/lib/glance index b02a4b63c8..4f631b2c8b 100644 --- a/lib/glance +++ b/lib/glance @@ -95,9 +95,7 @@ function configure_glance() { iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD - if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then - iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry - fi + iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF iniset $GLANCE_API_CONF DEFAULT debug True @@ -121,9 +119,7 @@ function configure_glance() { iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD fi - if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then - iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api - fi + iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI @@ -163,13 +159,11 @@ function init_glance() { $GLANCE_BIN_DIR/glance-manage db_sync - if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then - # Create cache dir - sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api - sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api - sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry - sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry - fi + # Create cache dir + sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api + sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api + sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry + sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry } # install_glanceclient() - Collect source and prepare diff --git a/lib/nova b/lib/nova index 3a4d34d85e..f059576d40 100644 --- a/lib/nova +++ b/lib/nova @@ -172,9 +172,7 @@ function configure_nova() { " -i $NOVA_API_PASTE_INI fi - if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then - iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR - fi + iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR if is_service_enabled n-cpu; then # Force IP forwarding on, just on case @@ -378,11 +376,9 @@ function init_nova() { $NOVA_BIN_DIR/nova-manage db sync fi - if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then - # Create cache dir - sudo mkdir -p $NOVA_AUTH_CACHE_DIR - sudo chown `whoami` $NOVA_AUTH_CACHE_DIR - fi + # Create cache dir + sudo mkdir -p $NOVA_AUTH_CACHE_DIR + sudo chown `whoami` $NOVA_AUTH_CACHE_DIR } # install_novaclient() - Collect source and prepare diff --git a/lib/quantum b/lib/quantum index cb683398e1..f7fe90a0bc 100644 --- a/lib/quantum +++ b/lib/quantum @@ -68,12 +68,10 @@ function quantum_setup_keystone() { iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME iniset $conf_file $section admin_user $Q_ADMIN_USERNAME iniset $conf_file $section admin_password $SERVICE_PASSWORD - if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then - iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR - # Create cache dir - sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR - sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR - fi + iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR + # Create cache dir + sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR + sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR } function quantum_setup_ovs_bridge() {