Merge "Use path-mounted keystone when running in httpd"

This commit is contained in:
Jenkins 2016-05-24 20:13:19 +00:00 committed by Gerrit Code Review
commit f5998b0253
2 changed files with 28 additions and 7 deletions

View File

@ -44,8 +44,8 @@ Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
WSGIPassAuthorization On
</Location>
Alias /identity_admin %KEYSTONE_BIN%/keystone-wsgi-admin
<Location /identity_admin>
Alias /identity_v2_admin %KEYSTONE_BIN%/keystone-wsgi-admin
<Location /identity_v2_admin>
SetHandler wsgi-script
Options +ExecCGI

View File

@ -122,8 +122,14 @@ if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
fi
# complete URIs
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
# If running in Apache, use path access rather than port.
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_v2_admin
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
else
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
fi
# V3 URIs
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
@ -259,7 +265,15 @@ function configure_keystone {
# Set the service ports for a proxy to take the originals
service_port=$KEYSTONE_SERVICE_PORT_INT
auth_port=$KEYSTONE_AUTH_PORT_INT
fi
# Override the endpoints advertised by keystone (the public_endpoint and
# admin_endpoint) so that clients use the correct endpoint. By default, the
# keystone server uses the public_port and admin_port which isn't going to
# work when you want to use a different port (in the case of proxy), or you
# don't want the port (in the case of putting keystone on a path in
# apache).
if is_service_enabled tls-proxy || [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
fi
@ -582,7 +596,14 @@ function start_keystone {
# Check that the keystone service is running. Even if the tls tunnel
# should be enabled, make sure the internal port is checked using
# unencryted traffic at this point.
if ! wait_for_service $SERVICE_TIMEOUT $auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/; then
# If running in Apache, use the path rather than port.
local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/
if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v$IDENTITY_API_VERSION/
fi
if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then
die $LINENO "keystone did not start"
fi
@ -625,8 +646,8 @@ function bootstrap_keystone {
--bootstrap-service-name keystone \
--bootstrap-region-id "$REGION_NAME" \
--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
--bootstrap-public-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT" \
--bootstrap-internal-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT"
--bootstrap-public-url "$KEYSTONE_SERVICE_URI" \
--bootstrap-internal-url "$KEYSTONE_SERVICE_URI"
}
# Restore xtrace