Merge "Use path-mounted keystone when running in httpd"
This commit is contained in:
commit
f5998b0253
@ -44,8 +44,8 @@ Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
|
||||
WSGIPassAuthorization On
|
||||
</Location>
|
||||
|
||||
Alias /identity_admin %KEYSTONE_BIN%/keystone-wsgi-admin
|
||||
<Location /identity_admin>
|
||||
Alias /identity_v2_admin %KEYSTONE_BIN%/keystone-wsgi-admin
|
||||
<Location /identity_v2_admin>
|
||||
SetHandler wsgi-script
|
||||
Options +ExecCGI
|
||||
|
||||
|
31
lib/keystone
31
lib/keystone
@ -122,8 +122,14 @@ if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
|
||||
fi
|
||||
|
||||
# complete URIs
|
||||
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
|
||||
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
|
||||
if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
|
||||
# If running in Apache, use path access rather than port.
|
||||
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_v2_admin
|
||||
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
|
||||
else
|
||||
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
|
||||
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
|
||||
fi
|
||||
|
||||
# V3 URIs
|
||||
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
|
||||
@ -259,7 +265,15 @@ function configure_keystone {
|
||||
# Set the service ports for a proxy to take the originals
|
||||
service_port=$KEYSTONE_SERVICE_PORT_INT
|
||||
auth_port=$KEYSTONE_AUTH_PORT_INT
|
||||
fi
|
||||
|
||||
# Override the endpoints advertised by keystone (the public_endpoint and
|
||||
# admin_endpoint) so that clients use the correct endpoint. By default, the
|
||||
# keystone server uses the public_port and admin_port which isn't going to
|
||||
# work when you want to use a different port (in the case of proxy), or you
|
||||
# don't want the port (in the case of putting keystone on a path in
|
||||
# apache).
|
||||
if is_service_enabled tls-proxy || [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
|
||||
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
|
||||
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
|
||||
fi
|
||||
@ -582,7 +596,14 @@ function start_keystone {
|
||||
# Check that the keystone service is running. Even if the tls tunnel
|
||||
# should be enabled, make sure the internal port is checked using
|
||||
# unencryted traffic at this point.
|
||||
if ! wait_for_service $SERVICE_TIMEOUT $auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/; then
|
||||
# If running in Apache, use the path rather than port.
|
||||
|
||||
local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/
|
||||
if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
|
||||
service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v$IDENTITY_API_VERSION/
|
||||
fi
|
||||
|
||||
if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then
|
||||
die $LINENO "keystone did not start"
|
||||
fi
|
||||
|
||||
@ -625,8 +646,8 @@ function bootstrap_keystone {
|
||||
--bootstrap-service-name keystone \
|
||||
--bootstrap-region-id "$REGION_NAME" \
|
||||
--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
|
||||
--bootstrap-public-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT" \
|
||||
--bootstrap-internal-url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT"
|
||||
--bootstrap-public-url "$KEYSTONE_SERVICE_URI" \
|
||||
--bootstrap-internal-url "$KEYSTONE_SERVICE_URI"
|
||||
}
|
||||
|
||||
# Restore xtrace
|
||||
|
Loading…
Reference in New Issue
Block a user