Remove keystone-paste.ini file in kolla
keystone-paste.ini file is introduced by I3a3ca2e74c0ae341105d3481f97956c6da473046 for a security risk of admin_token_auth middleware. Now this middleware is removed by I57586ccfa0ad1309cc806d95377dc1ecad015914. So it is safe to use upstream keystone-paste.ini file. This patch also keep custom paste file feature. Just put the file to /etc/kolla/config/keystone/keyston-paste.ini path. Closes-Bug: #1695023 Partially-Implements: blueprint custom-paste Change-Id: Ieb983b6a9edb6a156928f6b56a4bd2dbed4281e2
This commit is contained in:
Jeffrey Zhang
Jeffrey Zhang
parent
b236be7cb1
commit
6ce222af3e
@ -116,19 +116,27 @@
|
||||
notify:
|
||||
- Restart keystone container
|
||||
|
||||
- name: Checking whether keystone-paste.ini file exists
|
||||
vars:
|
||||
keystone: "{{ keystone_services.keystone }}"
|
||||
stat:
|
||||
path: "{{ node_custom_config }}/keystone/keystone-paste.ini"
|
||||
register: check_keystone_paste_ini
|
||||
when:
|
||||
- inventory_hostname in groups[keystone.group]
|
||||
- keystone.enabled | bool
|
||||
|
||||
- name: Copying over keystone-paste.ini
|
||||
vars:
|
||||
keystone: "{{ keystone_services.keystone }}"
|
||||
merge_configs:
|
||||
sources:
|
||||
- "{{ role_path }}/templates/keystone-paste.ini.j2"
|
||||
- "{{ node_custom_config }}/keystone/keystone-paste.ini"
|
||||
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone-paste.ini"
|
||||
template:
|
||||
src: "{{ node_custom_config }}/keystone/keystone-paste.ini"
|
||||
dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"
|
||||
register: keystone_paste_ini
|
||||
when:
|
||||
- inventory_hostname in groups[keystone.group]
|
||||
- keystone.enabled | bool
|
||||
- check_keystone_paste_ini.stat.exists | bool
|
||||
notify:
|
||||
- Restart keystone container
|
||||
|
||||
|
||||
@ -1,83 +0,0 @@
|
||||
# Keystone PasteDeploy configuration file.
|
||||
|
||||
[filter:debug]
|
||||
use = egg:oslo.middleware#debug
|
||||
|
||||
[filter:request_id]
|
||||
use = egg:oslo.middleware#request_id
|
||||
|
||||
[filter:build_auth_context]
|
||||
use = egg:keystone#build_auth_context
|
||||
|
||||
[filter:token_auth]
|
||||
use = egg:keystone#token_auth
|
||||
|
||||
[filter:json_body]
|
||||
use = egg:keystone#json_body
|
||||
|
||||
[filter:cors]
|
||||
use = egg:oslo.middleware#cors
|
||||
oslo_config_project = keystone
|
||||
|
||||
[filter:ec2_extension]
|
||||
use = egg:keystone#ec2_extension
|
||||
|
||||
[filter:ec2_extension_v3]
|
||||
use = egg:keystone#ec2_extension_v3
|
||||
|
||||
[filter:s3_extension]
|
||||
use = egg:keystone#s3_extension
|
||||
|
||||
[filter:url_normalize]
|
||||
use = egg:keystone#url_normalize
|
||||
|
||||
[filter:sizelimit]
|
||||
use = egg:oslo.middleware#sizelimit
|
||||
|
||||
[app:public_service]
|
||||
use = egg:keystone#public_service
|
||||
|
||||
[app:service_v3]
|
||||
use = egg:keystone#service_v3
|
||||
|
||||
[app:admin_service]
|
||||
use = egg:keystone#admin_service
|
||||
|
||||
[pipeline:public_api]
|
||||
# The last item in this pipeline must be public_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
|
||||
|
||||
[pipeline:admin_api]
|
||||
# The last item in this pipeline must be admin_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
|
||||
|
||||
[pipeline:api_v3]
|
||||
# The last item in this pipeline must be service_v3 or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
|
||||
|
||||
[app:public_version_service]
|
||||
use = egg:keystone#public_version_service
|
||||
|
||||
[app:admin_version_service]
|
||||
use = egg:keystone#admin_version_service
|
||||
|
||||
[pipeline:public_version_api]
|
||||
pipeline = cors sizelimit url_normalize public_version_service
|
||||
|
||||
[pipeline:admin_version_api]
|
||||
pipeline = cors sizelimit url_normalize admin_version_service
|
||||
|
||||
[composite:main]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = public_api
|
||||
/v3 = api_v3
|
||||
/ = public_version_api
|
||||
|
||||
[composite:admin]
|
||||
use = egg:Paste#urlmap
|
||||
/v2.0 = admin_api
|
||||
/v3 = api_v3
|
||||
/ = admin_version_api
|
||||
@ -13,7 +13,8 @@
|
||||
"source": "{{ container_config_directory }}/keystone-paste.ini",
|
||||
"dest": "/etc/keystone/keystone-paste.ini",
|
||||
"owner": "keystone",
|
||||
"perm": "0600"
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/domains",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user