openstack/devstack
Code Issues Proposed changes

Merge "Create dedicated function to manage only keystoneauth options"

Browse Source
This commit is contained in:
Zuul
2026-02-18 16:30:50 +00:00
committed by Gerrit Code Review
parent cc82266a57 fe4d1e6059
commit 6611fc1619
4 changed files with 29 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/cinder
View File

@@ -304,15 +304,6 @@ function configure_cinder {
cp $CINDER_DIR/etc/cinder/api-paste.ini $CINDER_API_PASTE_INI
inicomment $CINDER_API_PASTE_INI filter:authtoken auth_host
inicomment $CINDER_API_PASTE_INI filter:authtoken auth_port
inicomment $CINDER_API_PASTE_INI filter:authtoken auth_protocol
inicomment $CINDER_API_PASTE_INI filter:authtoken cafile
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_user
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
configure_keystone_authtoken_middleware $CINDER_CONF cinder
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@@ -424,7 +415,7 @@ function configure_cinder {
configure_keystone_authtoken_middleware $CINDER_CONF glance glance
# Set nova credentials (used for os-assisted-snapshots)
configure_keystone_authtoken_middleware $CINDER_CONF nova nova
configure_keystoneauth $CINDER_CONF nova nova
iniset $CINDER_CONF nova region_name "$REGION_NAME"
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
@@ -749,8 +740,8 @@ function configure_cinder_volume_upload {
}
function init_cinder_service_user_conf {
configure_keystone_authtoken_middleware $CINDER_CONF cinder service_user
iniset $CINDER_CONF service_user send_service_user_token True
configure_keystoneauth $CINDER_CONF cinder service_user
}
# Restore xtrace

30
lib/keystone
View File

@@ -425,9 +425,27 @@ function create_service_user {
fi
}
# Configure options for keystoneauth
#
# configure_keystoneauth conf_file admin_user section
function configure_keystoneauth {
local conf_file=$1
local admin_user=$2
local section=$3
iniset $conf_file $section auth_type password
iniset $conf_file $section interface public
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
iniset $conf_file $section username $admin_user
iniset $conf_file $section password $SERVICE_PASSWORD
iniset $conf_file $section user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
}
# Configure a service to use the auth token middleware.
#
# configure_keystone_authtoken_middleware conf_file admin_user IGNORED [section]
# configure_keystone_authtoken_middleware conf_file admin_user [section]
#
# section defaults to keystone_authtoken, which is where auth_token looks in
# the .conf file. If the paste config file is used (api-paste.ini) then
@@ -438,15 +456,7 @@ function configure_keystone_authtoken_middleware {
local section=${3:-keystone_authtoken}
local service_type=$4
iniset $conf_file $section auth_type password
iniset $conf_file $section interface public
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
iniset $conf_file $section username $admin_user
iniset $conf_file $section password $SERVICE_PASSWORD
iniset $conf_file $section user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
configure_keystoneauth $conf_file $admin_user $section
iniset $conf_file $section cafile $SSL_BUNDLE_FILE
iniset $conf_file $section memcached_servers $MEMCACHE_SERVERS
if [[ -n "$service_type" ]]; then

13
lib/neutron
View File

@@ -454,14 +454,7 @@ function configure_neutron_nova {
function create_nova_conf_neutron {
local conf=${1:-$NOVA_CONF}
iniset $conf neutron auth_type "password"
iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI"
iniset $conf neutron username nova
iniset $conf neutron password "$SERVICE_PASSWORD"
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf neutron project_name "$SERVICE_PROJECT_NAME"
iniset $conf neutron project_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf neutron auth_strategy "$Q_AUTH_STRATEGY"
configure_keystoneauth $conf nova neutron
iniset $conf neutron region_name "$REGION_NAME"
# optionally set options in nova_conf
@@ -1029,10 +1022,10 @@ function _configure_neutron_service {
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova
configure_keystoneauth $NEUTRON_CONF nova nova
# Configuration for placement client
configure_keystone_authtoken_middleware $NEUTRON_CONF placement placement
configure_keystoneauth $NEUTRON_CONF placement placement
# Configure plugin
neutron_plugin_configure_service

34
lib/nova
View File

@@ -632,32 +632,19 @@ function create_nova_conf {
function configure_placement_nova_compute {
# Use the provided config file path or default to $NOVA_CONF.
local conf=${1:-$NOVA_CONF}
iniset $conf placement auth_type "password"
iniset $conf placement auth_url "$KEYSTONE_SERVICE_URI"
iniset $conf placement username nova
iniset $conf placement password "$SERVICE_PASSWORD"
iniset $conf placement user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf placement project_name "$SERVICE_TENANT_NAME"
iniset $conf placement project_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf placement region_name "$REGION_NAME"
configure_keystoneauth $conf nova placement
}
# Configure access to cinder.
function configure_cinder_access {
iniset $NOVA_CONF cinder os_region_name "$REGION_NAME"
iniset $NOVA_CONF cinder auth_type "password"
iniset $NOVA_CONF cinder auth_url "$KEYSTONE_SERVICE_URI"
# NOTE(mriedem): This looks a bit weird but we use the nova user here
# since it has the admin role and the cinder user does not. This is
# similar to using the nova user in init_nova_service_user_conf. We need
# to use a user with the admin role for background tasks in nova to
# be able to GET block-storage API resources owned by another project
# since cinder has low-level "is_admin" checks in its DB API.
iniset $NOVA_CONF cinder username nova
iniset $NOVA_CONF cinder password "$SERVICE_PASSWORD"
iniset $NOVA_CONF cinder user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NOVA_CONF cinder project_name "$SERVICE_TENANT_NAME"
iniset $NOVA_CONF cinder project_domain_name "$SERVICE_DOMAIN_NAME"
configure_keystoneauth $conf nova cinder
if is_service_enabled tls-proxy; then
CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
@@ -667,14 +654,7 @@ function configure_cinder_access {
# Configure access to manila.
function configure_manila_access {
iniset $NOVA_CONF manila os_region_name "$REGION_NAME"
iniset $NOVA_CONF manila auth_type "password"
iniset $NOVA_CONF manila auth_url "$KEYSTONE_SERVICE_URI"
iniset $NOVA_CONF manila username nova
iniset $NOVA_CONF manila password "$SERVICE_PASSWORD"
iniset $NOVA_CONF manila user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NOVA_CONF manila project_name "$SERVICE_TENANT_NAME"
iniset $NOVA_CONF manila project_domain_name "$SERVICE_DOMAIN_NAME"
configure_keystoneauth $conf nova manila
}
function configure_console_compute {
@@ -840,13 +820,7 @@ function configure_nova_unified_limits {
function init_nova_service_user_conf {
iniset $NOVA_CONF service_user send_service_user_token True
iniset $NOVA_CONF service_user auth_type password
iniset $NOVA_CONF service_user auth_url "$KEYSTONE_SERVICE_URI"
iniset $NOVA_CONF service_user username nova
iniset $NOVA_CONF service_user password "$SERVICE_PASSWORD"
iniset $NOVA_CONF service_user user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NOVA_CONF service_user project_name "$SERVICE_PROJECT_NAME"
iniset $NOVA_CONF service_user project_domain_name "$SERVICE_DOMAIN_NAME"
configure_keystoneauth $NOVA_CONF nova service_user
}
function conductor_conf {