Integrated keystone with opentack-common's PKI toggling

2013-01-09 16:13:16 -08:00
parent ff86f183ac
commit a3a74f02ca
4 changed files with 7 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -250,7 +250,6 @@ Attributes
 * `keystone["admin_token"]` - Admin token for bootstraping keystone server
 * `keystone["roles"]` - Array of roles to create in the keystone server
 * `keystone["users"]` - Array of users to create in the keystone server
-* `keystone["pki"]["enabled"]` - Defaults to false.  Set to true to enable PKI in `auth_token` middleware.

 License and Author
 ==================
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -57,18 +57,12 @@ default["keystone"]["users"] = {
    }
 }

-default["keystone"]["nova"]["pki"]["enabled"] = false
-if node["keystone"]["nova"]["pki"]["enabled"]
-  node.set["keystone"]["signing"]["token_format"] = "PKI"
-else
-  node.set["keystone"]["signing"]["token_format"] = "UUID"
-end
 default["keystone"]["signing"]["certfile"] = "/etc/keystone/ssl/certs/signing_cert.pem"
 default["keystone"]["signing"]["keyfile"] = "/etc/keystone/ssl/private/signing_key.pem"
 default["keystone"]["signing"]["ca_certs"] = "/etc/keystone/ssl/certs/ca.pem"
 default["keystone"]["signing"]["key_size"] = "1024"
 default["keystone"]["signing"]["valid_days"] = "3650"
-default["keystone"]["signing"]["ca_password"] = "None"
+default["keystone"]["signing"]["ca_password"] = nil

 # platform defaults
 case platform
--- a/recipes/server.rb
+++ b/recipes/server.rb
@@ -80,7 +80,7 @@ execute "keystone-manage pki_setup" do

  action :nothing

-  only_if { node["keystone"]["nova"]["pki"]["enabled"] }
+  only_if { node["openstack"]["signing"]["pki"] }
 end

 identity_admin_endpoint = endpoint "identity-admin"
--- a/templates/default/keystone.conf.erb
+++ b/templates/default/keystone.conf.erb
@@ -58,15 +58,17 @@ driver = keystone.policy.backends.rules.Policy
 driver = keystone.contrib.ec2.backends.sql.Ec2

 [signing]
-token_format = <%= node["keystone"]["signing"]["token_format"] %>
-<% if node["keystone"]["nova"]["pki"]["enabled"] -%>
+<% if node["openstack"]["signing"]["pki"] -%>
+token_format = PKI
 certfile = <%= node["keystone"]["signing"]["certfile"] %>
 keyfile = <%= node["keystone"]["signing"]["keyfile"] %>
 ca_certs = <%= node["keystone"]["signing"]["ca_certs"] %>
 key_size = <%= node["keystone"]["signing"]["key_size"] %>
 valid_days = <%= node["keystone"]["signing"]["valid_days"] %>
 ca_password = <%= node["keystone"]["signing"]["ca_password"] %>
-<% end %>
+<% else -%>
+token_format = UUID
+<% end -%>

 [filter:debug]
 paste.filter_factory = keystone.common.wsgi:Debug.factory