Remove USE_SSL support
tls-proxy is the way we're now doing a standard install using https between services. There is a lot more work to make services directly handle https, and having python daemons do that directly is a bit of an anti pattern. Nothing currently tests this in project-config from my recent grepping, so in the interest of long term maintenance, delete it all. Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
This commit is contained in:
parent
2f8c88e053
commit
f3b2f4c853
20
lib/cinder
20
lib/cinder
@ -58,7 +58,7 @@ CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
|
||||
CINDER_API_PASTE_INI=$CINDER_CONF_DIR/api-paste.ini
|
||||
|
||||
# Public facing bits
|
||||
if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
CINDER_SERVICE_PROTOCOL="https"
|
||||
fi
|
||||
CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
|
||||
@ -215,11 +215,6 @@ function _cinder_config_apache_wsgi {
|
||||
local cinder_api_port=$CINDER_SERVICE_PORT
|
||||
local venv_path=""
|
||||
|
||||
if is_ssl_enabled_service c-api; then
|
||||
cinder_ssl="SSLEngine On"
|
||||
cinder_certfile="SSLCertificateFile $CINDER_SSL_CERT"
|
||||
cinder_keyfile="SSLCertificateKeyFile $CINDER_SSL_KEY"
|
||||
fi
|
||||
if [[ ${USE_VENV} = True ]]; then
|
||||
venv_path="python-path=${PROJECT_VENV["cinder"]}/lib/python2.7/site-packages"
|
||||
fi
|
||||
@ -347,7 +342,7 @@ function configure_cinder {
|
||||
iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS"
|
||||
|
||||
iniset $CINDER_CONF DEFAULT glance_api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"
|
||||
if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
iniset $CINDER_CONF DEFAULT glance_protocol https
|
||||
iniset $CINDER_CONF DEFAULT glance_ca_certificates_file $SSL_BUNDLE_FILE
|
||||
fi
|
||||
@ -356,14 +351,6 @@ function configure_cinder {
|
||||
iniset $CINDER_CONF DEFAULT glance_api_version 2
|
||||
fi
|
||||
|
||||
# Register SSL certificates if provided
|
||||
if is_ssl_enabled_service cinder; then
|
||||
ensure_certificates CINDER
|
||||
|
||||
iniset $CINDER_CONF DEFAULT ssl_cert_file "$CINDER_SSL_CERT"
|
||||
iniset $CINDER_CONF DEFAULT ssl_key_file "$CINDER_SSL_KEY"
|
||||
fi
|
||||
|
||||
# Set os_privileged_user credentials (used for os-assisted-snapshots)
|
||||
iniset $CINDER_CONF DEFAULT os_privileged_user_name nova
|
||||
iniset $CINDER_CONF DEFAULT os_privileged_user_password "$SERVICE_PASSWORD"
|
||||
@ -464,9 +451,6 @@ function install_cinder {
|
||||
|
||||
if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
|
||||
install_apache_wsgi
|
||||
if is_ssl_enabled_service "c-api"; then
|
||||
enable_mod_ssl
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
17
lib/glance
17
lib/glance
@ -57,7 +57,7 @@ GLANCE_SCHEMA_JSON=$GLANCE_CONF_DIR/schema-image.json
|
||||
GLANCE_SWIFT_STORE_CONF=$GLANCE_CONF_DIR/glance-swift-store.conf
|
||||
GLANCE_V1_ENABLED=${GLANCE_V1_ENABLED:-False}
|
||||
|
||||
if is_ssl_enabled_service "glance" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
GLANCE_SERVICE_PROTOCOL="https"
|
||||
fi
|
||||
|
||||
@ -187,18 +187,7 @@ function configure_glance {
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||
fi
|
||||
|
||||
# Register SSL certificates if provided
|
||||
if is_ssl_enabled_service glance; then
|
||||
ensure_certificates GLANCE
|
||||
|
||||
iniset $GLANCE_API_CONF DEFAULT cert_file "$GLANCE_SSL_CERT"
|
||||
iniset $GLANCE_API_CONF DEFAULT key_file "$GLANCE_SSL_KEY"
|
||||
|
||||
iniset $GLANCE_REGISTRY_CONF DEFAULT cert_file "$GLANCE_SSL_CERT"
|
||||
iniset $GLANCE_REGISTRY_CONF DEFAULT key_file "$GLANCE_SSL_KEY"
|
||||
fi
|
||||
|
||||
if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
iniset $GLANCE_API_CONF DEFAULT registry_client_protocol https
|
||||
fi
|
||||
|
||||
@ -233,7 +222,7 @@ function configure_glance {
|
||||
|
||||
cp -p $GLANCE_DIR/etc/metadefs/*.json $GLANCE_METADEF_DIR
|
||||
|
||||
if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
|
||||
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
|
||||
|
||||
|
17
lib/keystone
17
lib/keystone
@ -116,7 +116,7 @@ SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
|
||||
SERVICE_TENANT_NAME=${SERVICE_PROJECT_NAME:-service}
|
||||
|
||||
# if we are running with SSL use https protocols
|
||||
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
KEYSTONE_AUTH_PROTOCOL="https"
|
||||
KEYSTONE_SERVICE_PROTOCOL="https"
|
||||
fi
|
||||
@ -171,12 +171,6 @@ function _config_keystone_apache_wsgi {
|
||||
local keystone_auth_port=$KEYSTONE_AUTH_PORT
|
||||
local venv_path=""
|
||||
|
||||
if is_ssl_enabled_service key; then
|
||||
keystone_ssl_listen=""
|
||||
keystone_ssl="SSLEngine On"
|
||||
keystone_certfile="SSLCertificateFile $KEYSTONE_SSL_CERT"
|
||||
keystone_keyfile="SSLCertificateKeyFile $KEYSTONE_SSL_KEY"
|
||||
fi
|
||||
if is_service_enabled tls-proxy; then
|
||||
keystone_service_port=$KEYSTONE_SERVICE_PORT_INT
|
||||
keystone_auth_port=$KEYSTONE_AUTH_PORT_INT
|
||||
@ -247,11 +241,6 @@ function configure_keystone {
|
||||
|
||||
iniset_rpc_backend keystone $KEYSTONE_CONF
|
||||
|
||||
# Register SSL certificates if provided
|
||||
if is_ssl_enabled_service key; then
|
||||
ensure_certificates KEYSTONE
|
||||
fi
|
||||
|
||||
local service_port=$KEYSTONE_SERVICE_PORT
|
||||
local auth_port=$KEYSTONE_AUTH_PORT
|
||||
|
||||
@ -297,7 +286,6 @@ function configure_keystone {
|
||||
_config_keystone_apache_wsgi
|
||||
else # uwsgi
|
||||
# iniset creates these files when it's called if they don't exist.
|
||||
|
||||
write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" "$KEYSTONE_SERVICE_HOST:$service_port"
|
||||
write_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" "/identity_admin" "$KEYSTONE_ADMIN_BIND_HOST:$auth_port"
|
||||
fi
|
||||
@ -546,9 +534,6 @@ function install_keystone {
|
||||
|
||||
if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
|
||||
install_apache_wsgi
|
||||
if is_ssl_enabled_service "key"; then
|
||||
enable_mod_ssl
|
||||
fi
|
||||
elif [ "$KEYSTONE_DEPLOY" == "uwsgi" ]; then
|
||||
pip_install uwsgi
|
||||
fi
|
||||
|
17
lib/neutron
17
lib/neutron
@ -61,7 +61,7 @@ NEUTRON_META_BINARY=${NEUTRON_META_BINARY:-neutron-metadata-agent}
|
||||
NEUTRON_METERING_BINARY=${NEUTRON_METERING_BINARY:-neutron-metering-agent}
|
||||
|
||||
# Public facing bits
|
||||
if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
NEUTRON_SERVICE_PROTOCOL="https"
|
||||
fi
|
||||
NEUTRON_SERVICE_HOST=${NEUTRON_SERVICE_HOST:-$SERVICE_HOST}
|
||||
@ -243,14 +243,6 @@ function configure_neutron_new {
|
||||
iniset $NEUTRON_CONF DEFAULT bind_port "$NEUTRON_SERVICE_PORT_INT"
|
||||
fi
|
||||
|
||||
if is_ssl_enabled_service "neutron"; then
|
||||
ensure_certificates NEUTRON
|
||||
|
||||
iniset $NEUTRON_CONF DEFAULT use_ssl True
|
||||
iniset $NEUTRON_CONF DEFAULT ssl_cert_file "$NEUTRON_SSL_CERT"
|
||||
iniset $NEUTRON_CONF DEFAULT ssl_key_file "$NEUTRON_SSL_KEY"
|
||||
fi
|
||||
|
||||
# Metering
|
||||
if is_service_enabled neutron-metering; then
|
||||
cp $NEUTRON_DIR/etc/metering_agent.ini.sample $NEUTRON_METERING_AGENT_CONF
|
||||
@ -404,16 +396,9 @@ function start_neutron_api {
|
||||
# TODO(sc68cal) Stop hard coding this
|
||||
run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server $opts"
|
||||
|
||||
if is_ssl_enabled_service "neutron"; then
|
||||
ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
|
||||
local testcmd="wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$NEUTRON_SERVICE_HOST:$service_port"
|
||||
test_with_retry "$testcmd" "Neutron did not start" $SERVICE_TIMEOUT
|
||||
else
|
||||
if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$NEUTRON_SERVICE_HOST:$service_port; then
|
||||
die $LINENO "neutron-api did not start"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# Start proxy if enabled
|
||||
if is_service_enabled tls-proxy; then
|
||||
|
@ -61,7 +61,7 @@
|
||||
|
||||
deprecated "Using lib/neutron-legacy is deprecated, and it will be removed in the future"
|
||||
|
||||
if is_ssl_enabled_service "neutron" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
Q_PROTOCOL="https"
|
||||
fi
|
||||
|
||||
@ -461,9 +461,6 @@ function start_neutron_service_and_check {
|
||||
# Start the Neutron service
|
||||
run_process q-svc "$NEUTRON_BIN_DIR/neutron-server $cfg_file_options"
|
||||
echo "Waiting for Neutron to start..."
|
||||
if is_ssl_enabled_service "neutron"; then
|
||||
ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
|
||||
fi
|
||||
|
||||
local testcmd="wget ${ssl_ca} --no-proxy -q -O- $service_protocol://$Q_HOST:$service_port"
|
||||
test_with_retry "$testcmd" "Neutron did not start" $SERVICE_TIMEOUT
|
||||
@ -714,18 +711,6 @@ function _configure_neutron_common {
|
||||
iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT"
|
||||
fi
|
||||
|
||||
if is_ssl_enabled_service "nova"; then
|
||||
iniset $NEUTRON_CONF nova cafile $SSL_BUNDLE_FILE
|
||||
fi
|
||||
|
||||
if is_ssl_enabled_service "neutron"; then
|
||||
ensure_certificates NEUTRON
|
||||
|
||||
iniset $NEUTRON_CONF DEFAULT use_ssl True
|
||||
iniset $NEUTRON_CONF DEFAULT ssl_cert_file "$NEUTRON_SSL_CERT"
|
||||
iniset $NEUTRON_CONF DEFAULT ssl_key_file "$NEUTRON_SSL_KEY"
|
||||
fi
|
||||
|
||||
_neutron_setup_rootwrap
|
||||
}
|
||||
|
||||
|
24
lib/nova
24
lib/nova
@ -68,7 +68,7 @@ fi
|
||||
# Toggle for deploying Nova-API under HTTPD + mod_wsgi
|
||||
NOVA_USE_MOD_WSGI=${NOVA_USE_MOD_WSGI:-False}
|
||||
|
||||
if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
NOVA_SERVICE_PROTOCOL="https"
|
||||
fi
|
||||
|
||||
@ -262,11 +262,6 @@ function _config_nova_apache_wsgi {
|
||||
local nova_metadata_port=$METADATA_SERVICE_PORT
|
||||
local venv_path=""
|
||||
|
||||
if is_ssl_enabled_service nova-api; then
|
||||
nova_ssl="SSLEngine On"
|
||||
nova_certfile="SSLCertificateFile $NOVA_SSL_CERT"
|
||||
nova_keyfile="SSLCertificateKeyFile $NOVA_SSL_KEY"
|
||||
fi
|
||||
if [[ ${USE_VENV} = True ]]; then
|
||||
venv_path="python-path=${PROJECT_VENV["nova"]}/lib/$(python_version)/site-packages"
|
||||
fi
|
||||
@ -501,7 +496,7 @@ function create_nova_conf {
|
||||
fi
|
||||
|
||||
if is_service_enabled cinder; then
|
||||
if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
|
||||
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
|
||||
iniset $NOVA_CONF cinder cafile $SSL_BUNDLE_FILE
|
||||
@ -586,20 +581,10 @@ function create_nova_conf {
|
||||
|
||||
iniset $NOVA_CONF cinder os_region_name "$REGION_NAME"
|
||||
|
||||
if is_ssl_enabled_service glance || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
iniset $NOVA_CONF DEFAULT glance_protocol https
|
||||
fi
|
||||
|
||||
# Register SSL certificates if provided
|
||||
if is_ssl_enabled_service nova; then
|
||||
ensure_certificates NOVA
|
||||
|
||||
iniset $NOVA_CONF DEFAULT ssl_cert_file "$NOVA_SSL_CERT"
|
||||
iniset $NOVA_CONF DEFAULT ssl_key_file "$NOVA_SSL_KEY"
|
||||
|
||||
iniset $NOVA_CONF DEFAULT enabled_ssl_apis "$NOVA_ENABLED_APIS"
|
||||
fi
|
||||
|
||||
if is_service_enabled n-sproxy; then
|
||||
iniset $NOVA_CONF serial_console serialproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS"
|
||||
iniset $NOVA_CONF serial_console enabled True
|
||||
@ -790,9 +775,6 @@ function install_nova {
|
||||
|
||||
if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
|
||||
install_apache_wsgi
|
||||
if is_ssl_enabled_service "nova-api"; then
|
||||
enable_mod_ssl
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -40,7 +40,7 @@ PLACEMENT_AUTH_STRATEGY=${PLACEMENT_AUTH_STRATEGY:-placement}
|
||||
# yet merged in nova but is coming soon.
|
||||
PLACEMENT_DB_ENABLED=$(trueorfalse False PLACEMENT_DB_ENABLED)
|
||||
|
||||
if is_ssl_enabled_service "placement-api" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
PLACEMENT_SERVICE_PROTOCOL="https"
|
||||
fi
|
||||
|
||||
@ -72,12 +72,6 @@ function _config_placement_apache_wsgi {
|
||||
nova_bin_dir=$(get_python_exec_prefix)
|
||||
placement_api_apache_conf=$(apache_site_config_for placement-api)
|
||||
|
||||
# reuse nova's cert if a cert is being used
|
||||
if is_ssl_enabled_service "placement-api"; then
|
||||
placement_ssl="SSLEngine On"
|
||||
placement_certfile="SSLCertificateFile $NOVA_SSL_CERT"
|
||||
placement_keyfile="SSLCertificateKeyFile $NOVA_SSL_KEY"
|
||||
fi
|
||||
# reuse nova's venv if there is one as placement code lives
|
||||
# there
|
||||
if [[ ${USE_VENV} = True ]]; then
|
||||
@ -149,9 +143,6 @@ function init_placement {
|
||||
# install_placement() - Collect source and prepare
|
||||
function install_placement {
|
||||
install_apache_wsgi
|
||||
if is_ssl_enabled_service "placement-api"; then
|
||||
enable_mod_ssl
|
||||
fi
|
||||
}
|
||||
|
||||
# start_placement_api() - Start the API processes ahead of other things
|
||||
|
@ -31,7 +31,7 @@ set +o xtrace
|
||||
# Defaults
|
||||
# --------
|
||||
|
||||
if is_ssl_enabled_service "s-proxy" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
SWIFT_SERVICE_PROTOCOL="https"
|
||||
fi
|
||||
|
||||
@ -398,13 +398,6 @@ function configure_swift {
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT}
|
||||
fi
|
||||
|
||||
if is_ssl_enabled_service s-proxy; then
|
||||
ensure_certificates SWIFT
|
||||
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT cert_file "$SWIFT_SSL_CERT"
|
||||
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT key_file "$SWIFT_SSL_KEY"
|
||||
fi
|
||||
|
||||
# DevStack is commonly run in a small slow environment, so bump the timeouts up.
|
||||
# ``node_timeout`` is the node read operation response time to the proxy server
|
||||
# ``conn_timeout`` is how long it takes a connect() system call to return
|
||||
|
@ -279,7 +279,7 @@ function configure_tempest {
|
||||
fi
|
||||
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
|
||||
|
||||
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
|
||||
fi
|
||||
|
||||
|
25
lib/tls
25
lib/tls
@ -343,7 +343,7 @@ function make_root_CA {
|
||||
# one. If the value for the CA is not rooted in /etc then we know
|
||||
# we need to change it.
|
||||
function fix_system_ca_bundle_path {
|
||||
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
local capath
|
||||
capath=$(python -c $'try:\n from requests import certs\n print certs.where()\nexcept ImportError: pass')
|
||||
|
||||
@ -362,27 +362,14 @@ function fix_system_ca_bundle_path {
|
||||
}
|
||||
|
||||
|
||||
# Only for compatibility, return if the tls-proxy is enabled
|
||||
function is_ssl_enabled_service {
|
||||
return is_service_enabled tls-proxy
|
||||
}
|
||||
|
||||
# Certificate Input Configuration
|
||||
# ===============================
|
||||
|
||||
# check to see if the service(s) specified are to be SSL enabled.
|
||||
#
|
||||
# Multiple services specified as arguments are ``OR``'ed together; the test
|
||||
# is a short-circuit boolean, i.e it returns on the first match.
|
||||
#
|
||||
# Uses global ``SSL_ENABLED_SERVICES``
|
||||
function is_ssl_enabled_service {
|
||||
local services=$@
|
||||
local service=""
|
||||
if [ "$USE_SSL" == "False" ]; then
|
||||
return 1
|
||||
fi
|
||||
for service in ${services}; do
|
||||
[[ ,${SSL_ENABLED_SERVICES}, =~ ,${service}, ]] && return 0
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
# Ensure that the certificates for a service are in place. This function does
|
||||
# not check that a service is SSL enabled, this should already have been
|
||||
# completed.
|
||||
|
11
stack.sh
11
stack.sh
@ -539,13 +539,6 @@ rm -f $SSL_BUNDLE_FILE
|
||||
source $TOP_DIR/lib/database
|
||||
source $TOP_DIR/lib/rpc_backend
|
||||
|
||||
# Service to enable with SSL if ``USE_SSL`` is True
|
||||
SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron"
|
||||
|
||||
if is_service_enabled tls-proxy && [ "$USE_SSL" == "True" ]; then
|
||||
die $LINENO "tls-proxy and SSL are mutually exclusive"
|
||||
fi
|
||||
|
||||
# Configure Projects
|
||||
# ==================
|
||||
|
||||
@ -806,7 +799,7 @@ if is_service_enabled cinder nova; then
|
||||
fi
|
||||
|
||||
# Setup TLS certs
|
||||
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
configure_CA
|
||||
init_CA
|
||||
init_cert
|
||||
@ -886,7 +879,7 @@ if is_service_enabled horizon; then
|
||||
stack_install_service horizon
|
||||
fi
|
||||
|
||||
if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then
|
||||
if is_service_enabled tls-proxy; then
|
||||
fix_system_ca_bundle_path
|
||||
fi
|
||||
|
||||
|
3
stackrc
3
stackrc
@ -846,9 +846,6 @@ SYSLOG_PORT=${SYSLOG_PORT:-516}
|
||||
# Set to 0 to disable shallow cloning
|
||||
GIT_DEPTH=${GIT_DEPTH:-0}
|
||||
|
||||
# Use native SSL for servers in ``SSL_ENABLED_SERVICES``
|
||||
USE_SSL=$(trueorfalse False USE_SSL)
|
||||
|
||||
# We may not need to recreate database in case 2 Keystone services
|
||||
# sharing the same database. It would be useful for multinode Grenade tests.
|
||||
RECREATE_KEYSTONE_DB=$(trueorfalse True RECREATE_KEYSTONE_DB)
|
||||
|
@ -129,9 +129,6 @@ if is_service_enabled tls-proxy; then
|
||||
stop_tls_proxy
|
||||
cleanup_CA
|
||||
fi
|
||||
if [ "$USE_SSL" == "True" ]; then
|
||||
cleanup_CA
|
||||
fi
|
||||
|
||||
SCSI_PERSIST_DIR=$CINDER_STATE_PATH/volumes/*
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user