Rename keystone-main service
* rename keystone-main to keystone-public to better align with Keystone conventions[0] [0] https://review.openstack.org/194442 Change-Id: I98a5d41b4de3a3d7ef680d00ac898c93c5bc2a41
This commit is contained in:
parent
a781e6c11f
commit
aff741a327
|
@ -7,6 +7,7 @@
|
|||
# Copyright 2013, Opscode, Inc.
|
||||
# Copyright 2013, IBM Corp.
|
||||
# Copyright 2017, x-ion GmbH
|
||||
# Copyright 2018, Workday, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -22,8 +23,10 @@
|
|||
|
||||
# Set to some text value if you want templated config files
|
||||
# to contain a custom banner at the top of the written file
|
||||
default['openstack']['identity']['custom_template_banner'] =
|
||||
'# This file is autogenerated by Chef, changes will be overwritten'
|
||||
default['openstack']['identity']['custom_template_banner'] = '
|
||||
# This file is automatically generated by Chef
|
||||
# Any changes will be overwritten
|
||||
'
|
||||
|
||||
%w(admin internal public).each do |ep_type|
|
||||
# host for openstack admin/internal/public identity endpoint
|
||||
|
@ -42,9 +45,9 @@ default['openstack']['endpoints']['internal']['identity']['port'] = 5000
|
|||
default['openstack']['endpoints']['admin']['identity']['port'] = 35357
|
||||
|
||||
# address for openstack identity service main endpoint to bind to
|
||||
default['openstack']['bind_service']['main']['identity']['host'] = '127.0.0.1'
|
||||
default['openstack']['bind_service']['public']['identity']['host'] = '127.0.0.1'
|
||||
# port for openstack identity service main endpoint to bind to
|
||||
default['openstack']['bind_service']['main']['identity']['port'] = 5000
|
||||
default['openstack']['bind_service']['public']['identity']['port'] = 5000
|
||||
# address for openstack identity service admin endpoint to bind to
|
||||
default['openstack']['bind_service']['admin']['identity']['host'] = '127.0.0.1'
|
||||
# port for openstack identity service admin endpoint to bind to
|
||||
|
|
|
@ -143,9 +143,9 @@ execute 'credential setup' do
|
|||
EOH
|
||||
end
|
||||
|
||||
# define the address to bind the keystone apache main service to
|
||||
main_bind_service = node['openstack']['bind_service']['main']['identity']
|
||||
main_bind_address = bind_address main_bind_service
|
||||
# define the address to bind the keystone apache public service to
|
||||
public_bind_service = node['openstack']['bind_service']['public']['identity']
|
||||
public_bind_address = bind_address public_bind_service
|
||||
# define the address to bind the keystone apache admin service to
|
||||
admin_bind_service = node['openstack']['bind_service']['admin']['identity']
|
||||
admin_bind_address = bind_address admin_bind_service
|
||||
|
@ -167,10 +167,10 @@ memcache_servers = memcached_servers.join ','
|
|||
identity_public_endpoint = public_endpoint 'identity'
|
||||
ie = identity_public_endpoint
|
||||
# define the keystone public endpoint full path
|
||||
public_endpoint = "#{ie.scheme}://#{ie.host}:#{ie.port}/"
|
||||
api_public_endpoint = "#{ie.scheme}://#{ie.host}:#{ie.port}/"
|
||||
ae = identity_admin_endpoint
|
||||
# define the keystone admin endpoint full path
|
||||
admin_endpoint = "#{ae.scheme}://#{ae.host}:#{ae.port}/"
|
||||
api_admin_endpoint = "#{ae.scheme}://#{ae.host}:#{ae.port}/"
|
||||
|
||||
# If a keystone-paste.ini is specified use it.
|
||||
# If platform_family is RHEL and we do not specify keystone-paste.ini,
|
||||
|
@ -200,8 +200,8 @@ end
|
|||
|
||||
# set keystone config parameters for admin_token, endpoints and memcache
|
||||
node.default['openstack']['identity']['conf'].tap do |conf|
|
||||
conf['DEFAULT']['public_endpoint'] = public_endpoint
|
||||
conf['DEFAULT']['admin_endpoint'] = admin_endpoint
|
||||
conf['DEFAULT']['public_endpoint'] = api_public_endpoint
|
||||
conf['DEFAULT']['admin_endpoint'] = api_admin_endpoint
|
||||
conf['memcache']['servers'] = memcache_servers if memcache_servers
|
||||
end
|
||||
|
||||
|
@ -293,7 +293,7 @@ apache_listen = Array(node['apache']['listen']) # include already defined listen
|
|||
# Remove the default apache2 cookbook port, as that is also the default for horizon, but with
|
||||
# a different address syntax. *:80 vs 0.0.0.0:80
|
||||
apache_listen -= ['*:80']
|
||||
apache_listen += ["#{main_bind_address}:#{main_bind_service['port']}"]
|
||||
apache_listen += ["#{public_bind_address}:#{public_bind_service['port']}"]
|
||||
apache_listen += ["#{admin_bind_address}:#{admin_bind_service['port']}"]
|
||||
node.normal['apache']['listen'] = apache_listen.uniq
|
||||
|
||||
|
@ -312,15 +312,17 @@ directory keystone_apache_dir do
|
|||
end
|
||||
|
||||
wsgi_apps = {
|
||||
'main' => {
|
||||
server_host: main_bind_address,
|
||||
server_port: main_bind_service['port'],
|
||||
'public' => {
|
||||
server_host: public_bind_address,
|
||||
server_port: public_bind_service['port'],
|
||||
server_entry: '/usr/bin/keystone-wsgi-public',
|
||||
server_alias: 'identity',
|
||||
},
|
||||
'admin' => {
|
||||
server_host: admin_bind_address,
|
||||
server_port: admin_bind_service['port'],
|
||||
server_entry: '/usr/bin/keystone-wsgi-admin',
|
||||
server_alias: 'identity_admin',
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -332,6 +334,7 @@ wsgi_apps.each do |app, opt|
|
|||
server_host opt[:server_host]
|
||||
server_port opt[:server_port]
|
||||
server_entry opt[:server_entry]
|
||||
server_alias opt[:server_alias]
|
||||
server_suffix app
|
||||
log_dir node['apache']['log_dir']
|
||||
log_debug node['openstack']['identity']['debug']
|
||||
|
@ -348,9 +351,10 @@ wsgi_apps.each do |app, opt|
|
|||
end
|
||||
end
|
||||
|
||||
# disable keystone-site since ubuntu autoenables this
|
||||
# disable default keystone config file from UCA package
|
||||
apache_site 'keystone' do
|
||||
enable false
|
||||
only_if { platform_family?('debian') }
|
||||
end
|
||||
|
||||
# Hack until Apache cookbook has lwrp's for proper use of notify
|
||||
|
|
|
@ -354,7 +354,7 @@ describe 'openstack-identity::server-apache' do
|
|||
end
|
||||
|
||||
describe 'apache wsgi' do
|
||||
['/etc/apache2/sites-available/keystone-main.conf',
|
||||
['/etc/apache2/sites-available/keystone-public.conf',
|
||||
'/etc/apache2/sites-available/keystone-admin.conf'].each do |file|
|
||||
it "creates #{file}" do
|
||||
expect(chef_run).to create_template(file).with(
|
||||
|
@ -364,14 +364,25 @@ describe 'openstack-identity::server-apache' do
|
|||
)
|
||||
end
|
||||
|
||||
it "configures #{file} common lines" do
|
||||
it 'configures keystone-admin.conf lines' do
|
||||
node.set['openstack']['identity']['custom_template_banner'] = 'custom_template_banner_value'
|
||||
[/^custom_template_banner_value$/,
|
||||
/user=keystone/,
|
||||
/group=keystone/,
|
||||
%r{^ ErrorLog /var/log/apache2/keystone.log$},
|
||||
%r{^ CustomLog /var/log/apache2/keystone_access.log combined$}].each do |line|
|
||||
expect(chef_run).to render_file(file).with_content(line)
|
||||
%r{^ ErrorLog /var/log/apache2/keystone-admin.log$},
|
||||
%r{^ CustomLog /var/log/apache2/keystone-admin_access.log combined$}].each do |line|
|
||||
expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-admin.conf').with_content(line)
|
||||
end
|
||||
end
|
||||
|
||||
it 'configures keystone-public.conf lines' do
|
||||
node.set['openstack']['identity']['custom_template_banner'] = 'custom_template_banner_value'
|
||||
[/^custom_template_banner_value$/,
|
||||
/user=keystone/,
|
||||
/group=keystone/,
|
||||
%r{^ ErrorLog /var/log/apache2/keystone-public.log$},
|
||||
%r{^ CustomLog /var/log/apache2/keystone-public_access.log combined$}].each do |line|
|
||||
expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-public.conf').with_content(line)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -381,6 +392,7 @@ describe 'openstack-identity::server-apache' do
|
|||
expect(chef_run).not_to render_file(file).with_content(line)
|
||||
end
|
||||
end
|
||||
|
||||
context 'Enable SSL' do
|
||||
before do
|
||||
node.set['openstack']['identity']['ssl']['enabled'] = true
|
||||
|
@ -419,13 +431,13 @@ describe 'openstack-identity::server-apache' do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'keystone-main.conf' do
|
||||
describe 'keystone-public.conf' do
|
||||
it 'configures required lines' do
|
||||
[/^<VirtualHost 127.0.0.1:5000>$/,
|
||||
/^ WSGIDaemonProcess keystone-main/,
|
||||
/^ WSGIProcessGroup keystone-main$/,
|
||||
/^ WSGIDaemonProcess keystone-public/,
|
||||
/^ WSGIProcessGroup keystone-public$/,
|
||||
%r{^ WSGIScriptAlias / /usr/bin/keystone-wsgi-public$}].each do |line|
|
||||
expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-main.conf').with_content(line)
|
||||
expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-public.conf').with_content(line)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,7 +7,7 @@ ChefSpec::Coverage.start! { add_filter 'openstack-identity' }
|
|||
LOG_LEVEL = :fatal
|
||||
REDHAT_OPTS = {
|
||||
platform: 'redhat',
|
||||
version: '7.1',
|
||||
version: '7.3',
|
||||
log_level: LOG_LEVEL,
|
||||
}.freeze
|
||||
UBUNTU_OPTS = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<%= node["openstack"]["identity"]["custom_template_banner"] %>
|
||||
<%= node['openstack']['identity']['custom_template_banner'] %>
|
||||
|
||||
<VirtualHost <%= @params[:server_host] %>:<%= @params[:server_port] %>>
|
||||
WSGIDaemonProcess keystone-<%= @params[:server_suffix] %> processes=5 threads=1 user=<%= @params[:user] %> group=<%= @params[:group] %> display-name=%{GROUP}
|
||||
|
@ -8,8 +8,8 @@
|
|||
WSGIPassAuthorization On
|
||||
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
ErrorLog <%= @params[:log_dir] %>/keystone.log
|
||||
CustomLog <%= @params[:log_dir] %>/keystone_access.log combined
|
||||
ErrorLog <%= @params[:log_dir] %>/keystone-<%= @params[:server_suffix] %>.log
|
||||
CustomLog <%= @params[:log_dir] %>/keystone-<%= @params[:server_suffix] %>_access.log combined
|
||||
<% if [true, 'true', 'True'].include?(@params[:log_debug]) -%>
|
||||
LogLevel debug
|
||||
<% end -%>
|
||||
|
|
Loading…
Reference in New Issue