Merge "Configure PKI cache dirs"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
00bd761474
13
lib/cinder
13
lib/cinder
@ -4,8 +4,8 @@
|
||||
# Dependencies:
|
||||
# - functions
|
||||
# - DEST, DATA_DIR must be defined
|
||||
# - KEYSTONE_AUTH_* must be defined
|
||||
# SERVICE_{TENANT_NAME|PASSWORD} must be defined
|
||||
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
|
||||
|
||||
# stack.sh
|
||||
# ---------
|
||||
@ -30,6 +30,7 @@ CINDERCLIENT_DIR=$DEST/python-cinderclient
|
||||
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
|
||||
CINDER_CONF_DIR=/etc/cinder
|
||||
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
|
||||
CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
|
||||
|
||||
# Support entry points installation of console scripts
|
||||
if [[ -d $CINDER_DIR/bin ]]; then
|
||||
@ -106,6 +107,10 @@ function configure_cinder() {
|
||||
iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder
|
||||
iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
|
||||
fi
|
||||
|
||||
cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
|
||||
iniset $CINDER_CONF DEFAULT auth_strategy keystone
|
||||
iniset $CINDER_CONF DEFAULT verbose True
|
||||
@ -186,6 +191,12 @@ function init_cinder() {
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
# Create cache dir
|
||||
sudo mkdir -p $CINDER_AUTH_CACHE_DIR
|
||||
sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
|
||||
fi
|
||||
}
|
||||
|
||||
# install_cinder() - Collect source and prepare
|
||||
|
||||
16
lib/glance
16
lib/glance
@ -6,6 +6,7 @@
|
||||
# ``DEST``, ``DATA_DIR`` must be defined
|
||||
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
|
||||
# ``SERVICE_HOST``
|
||||
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
|
||||
|
||||
# ``stack.sh`` calls the entry points in this order:
|
||||
#
|
||||
@ -31,6 +32,7 @@ GLANCE_DIR=$DEST/glance
|
||||
GLANCECLIENT_DIR=$DEST/python-glanceclient
|
||||
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
|
||||
GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
|
||||
GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
|
||||
|
||||
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
|
||||
GLANCE_REGISTRY_CONF=$GLANCE_CONF_DIR/glance-registry.conf
|
||||
@ -91,6 +93,9 @@ function configure_glance() {
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
|
||||
fi
|
||||
|
||||
cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
|
||||
iniset $GLANCE_API_CONF DEFAULT debug True
|
||||
@ -114,6 +119,9 @@ function configure_glance() {
|
||||
iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST
|
||||
iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
|
||||
fi
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
|
||||
fi
|
||||
|
||||
cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI
|
||||
|
||||
@ -153,6 +161,14 @@ function init_glance() {
|
||||
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE glance CHARACTER SET utf8;'
|
||||
|
||||
$GLANCE_BIN_DIR/glance-manage db_sync
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
# Create cache dir
|
||||
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
|
||||
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
|
||||
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
|
||||
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
|
||||
fi
|
||||
}
|
||||
|
||||
# install_glanceclient() - Collect source and prepare
|
||||
|
||||
18
lib/keystone
18
lib/keystone
@ -32,13 +32,18 @@ set +o xtrace
|
||||
KEYSTONE_DIR=$DEST/keystone
|
||||
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
|
||||
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
|
||||
KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
|
||||
|
||||
KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
|
||||
|
||||
# Select the backend for Keystopne's service catalog
|
||||
# Select the backend for Keystone's service catalog
|
||||
KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
|
||||
KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
|
||||
|
||||
# Select Keystone's token format
|
||||
# Choose from 'UUID' and 'PKI'
|
||||
KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
|
||||
|
||||
# Set Keystone interface configuration
|
||||
KEYSTONE_API_PORT=${KEYSTONE_API_PORT:-5000}
|
||||
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
|
||||
@ -47,7 +52,6 @@ KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-http}
|
||||
KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST}
|
||||
KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
|
||||
KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-http}
|
||||
KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
|
||||
|
||||
|
||||
# Entry Points
|
||||
@ -147,8 +151,14 @@ function init_keystone() {
|
||||
# Initialize keystone database
|
||||
$KEYSTONE_DIR/bin/keystone-manage db_sync
|
||||
|
||||
# Set up certificates
|
||||
$KEYSTONE_DIR/bin/keystone-manage pki_setup
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
# Set up certificates
|
||||
$KEYSTONE_DIR/bin/keystone-manage pki_setup
|
||||
|
||||
# Create cache dir
|
||||
sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
|
||||
sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR
|
||||
fi
|
||||
}
|
||||
|
||||
# install_keystoneclient() - Collect source and prepare
|
||||
|
||||
11
lib/nova
11
lib/nova
@ -7,6 +7,7 @@
|
||||
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
|
||||
# ``LIBVIRT_TYPE`` must be defined
|
||||
# ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
|
||||
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
|
||||
|
||||
# ``stack.sh`` calls the entry points in this order:
|
||||
#
|
||||
@ -32,6 +33,7 @@ NOVACLIENT_DIR=$DEST/python-novaclient
|
||||
NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}
|
||||
# INSTANCES_PATH is the previous name for this
|
||||
NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}
|
||||
NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova}
|
||||
|
||||
NOVA_CONF_DIR=/etc/nova
|
||||
NOVA_CONF=$NOVA_CONF_DIR/nova.conf
|
||||
@ -174,6 +176,10 @@ function configure_nova() {
|
||||
" -i $NOVA_API_PASTE_INI
|
||||
fi
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
|
||||
fi
|
||||
|
||||
if is_service_enabled n-cpu; then
|
||||
# Force IP forwarding on, just on case
|
||||
sudo sysctl -w net.ipv4.ip_forward=1
|
||||
@ -385,6 +391,11 @@ function init_nova() {
|
||||
$NOVA_BIN_DIR/nova-manage db sync
|
||||
fi
|
||||
|
||||
if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
|
||||
# Create cache dir
|
||||
sudo mkdir -p $NOVA_AUTH_CACHE_DIR
|
||||
sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
|
||||
fi
|
||||
}
|
||||
|
||||
# install_novaclient() - Collect source and prepare
|
||||
|
||||
2
stack.sh
2
stack.sh
@ -2039,7 +2039,7 @@ fi
|
||||
|
||||
if is_service_enabled g-reg; then
|
||||
echo_summary "Uploading images"
|
||||
TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
|
||||
TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
|
||||
|
||||
# Option to upload legacy ami-tty, which works with xenserver
|
||||
if [[ -n "$UPLOAD_LEGACY_TTY" ]]; then
|
||||
|
||||
Loading…
Reference in New Issue
Block a user