openstack/devstack
Code Issues Proposed changes

Drop signing_dir option from configure_auth_token_middleware

Browse Source 
This is no longer being used due to Keystone PKI tokens no longer
being implemented.

In order to not break backward compatibility we create a new function
that is to be used instead and deprecate the old one. Modify the old
function to ignore the 3rd argument and display a deprecation warning.
Adjust callers to no longer create and set that directory, calling the
new function instead.

Change-Id: Id0dec1ba72467cce5cacfcfdb2bc0af2bd3a3610
This commit is contained in:
Dirk Mueller 2017-11-17 19:52:29 +01:00 committed by Jens Harbott
parent 20190ee83a
commit 8ab64b3236
8 changed files with 25 additions and 92 deletions

13
lib/cinder

@ -51,7 +51,6 @@ else
fi fi
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder} CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
CINDER_CONF_DIR=/etc/cinder CINDER_CONF_DIR=/etc/cinder
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
@ -217,7 +216,7 @@ function configure_cinder {
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR configure_keystone_authtoken_middleware $CINDER_CONF cinder
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@ -314,7 +313,7 @@ function configure_cinder {
fi fi
# Set nova credentials (used for os-assisted-snapshots) # Set nova credentials (used for os-assisted-snapshots)
configure_auth_token_middleware $CINDER_CONF nova $CINDER_AUTH_CACHE_DIR nova configure_keystone_authtoken_middleware $CINDER_CONF nova nova
iniset $CINDER_CONF nova region_name "$REGION_NAME" iniset $CINDER_CONF nova region_name "$REGION_NAME"
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT" iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
@ -380,13 +379,6 @@ function create_cinder_accounts {
fi fi
} }
# create_cinder_cache_dir() - Part of the init_cinder() process
function create_cinder_cache_dir {
# Create cache dir
sudo install -d -o $STACK_USER $CINDER_AUTH_CACHE_DIR
rm -f $CINDER_AUTH_CACHE_DIR/*
}
# init_cinder() - Initialize database and volume group # init_cinder() - Initialize database and volume group
function init_cinder { function init_cinder {
if is_service_enabled $DATABASE_BACKENDS; then if is_service_enabled $DATABASE_BACKENDS; then
@ -415,7 +407,6 @@ function init_cinder {
fi fi
mkdir -p $CINDER_STATE_PATH/volumes mkdir -p $CINDER_STATE_PATH/volumes
create_cinder_cache_dir
} }
# install_cinder() - Collect source and prepare # install_cinder() - Collect source and prepare

24
lib/glance

@ -44,7 +44,6 @@ fi
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache} GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images} GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
GLANCE_LOCK_DIR=${GLANCE_LOCK_DIR:=$DATA_DIR/glance/locks} GLANCE_LOCK_DIR=${GLANCE_LOCK_DIR:=$DATA_DIR/glance/locks}
GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance} GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
@ -97,20 +96,14 @@ function is_glance_enabled {
# cleanup_glance() - Remove residual data files, anything left over from previous # cleanup_glance() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up # runs that a clean run would need to clean up
function cleanup_glance { function cleanup_glance {
# kill instances (nova)
# delete image files (glance) # delete image files (glance)
sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR
} }
# configure_glance() - Set config files, create data dirs, etc # configure_glance() - Set config files, create data dirs, etc
function configure_glance { function configure_glance {
sudo install -d -o $STACK_USER $GLANCE_CONF_DIR $GLANCE_METADEF_DIR sudo install -d -o $STACK_USER $GLANCE_CONF_DIR $GLANCE_METADEF_DIR
# We run this here as this configures cache dirs for the auth middleware
# which is used in the api server and not in the registry. The api
# Server is configured through this function and not init_glance.
create_glance_cache_dir
# Set non-default configuration options for registry # Set non-default configuration options for registry
iniset $GLANCE_REGISTRY_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL iniset $GLANCE_REGISTRY_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $GLANCE_REGISTRY_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS iniset $GLANCE_REGISTRY_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
@ -120,7 +113,7 @@ function configure_glance {
iniset $GLANCE_REGISTRY_CONF database connection $dburl iniset $GLANCE_REGISTRY_CONF database connection $dburl
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry configure_keystone_authtoken_middleware $GLANCE_REGISTRY_CONF glance
iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2 iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2
iniset_rpc_backend glance $GLANCE_REGISTRY_CONF iniset_rpc_backend glance $GLANCE_REGISTRY_CONF
iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT" iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
@ -132,7 +125,7 @@ function configure_glance {
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF oslo_concurrency lock_path $GLANCE_LOCK_DIR iniset $GLANCE_API_CONF oslo_concurrency lock_path $GLANCE_LOCK_DIR
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api configure_keystone_authtoken_middleware $GLANCE_API_CONF glance
iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2 iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2
iniset_rpc_backend glance $GLANCE_API_CONF iniset_rpc_backend glance $GLANCE_API_CONF
if [ "$VIRT_DRIVER" = 'xenserver' ]; then if [ "$VIRT_DRIVER" = 'xenserver' ]; then
@ -279,23 +272,12 @@ function create_glance_accounts {
fi fi
} }
# create_glance_cache_dir() - Part of the configure_glance() process
function create_glance_cache_dir {
# Create cache dir
sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search $GLANCE_AUTH_CACHE_DIR/artifact
rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/* $GLANCE_AUTH_CACHE_DIR/artifact/*
}
# init_glance() - Initialize databases, etc. # init_glance() - Initialize databases, etc.
function init_glance { function init_glance {
# Delete existing images # Delete existing images
rm -rf $GLANCE_IMAGE_DIR rm -rf $GLANCE_IMAGE_DIR
mkdir -p $GLANCE_IMAGE_DIR mkdir -p $GLANCE_IMAGE_DIR
# Delete existing cache
rm -rf $GLANCE_CACHE_DIR
mkdir -p $GLANCE_CACHE_DIR
# (Re)create glance database # (Re)create glance database
recreate_database glance recreate_database glance

17
lib/keystone

@ -397,18 +397,17 @@ function create_service_user {
fi fi
} }
# Configure the service to use the auth token middleware. # Configure a service to use the auth token middleware.
# #
# configure_auth_token_middleware conf_file admin_user signing_dir [section] # configure_keystone_authtoken_middleware conf_file admin_user IGNORED [section]
# #
# section defaults to keystone_authtoken, which is where auth_token looks in # section defaults to keystone_authtoken, which is where auth_token looks in
# the .conf file. If the paste config file is used (api-paste.ini) then # the .conf file. If the paste config file is used (api-paste.ini) then
# provide the section name for the auth_token filter. # provide the section name for the auth_token filter.
function configure_auth_token_middleware { function configure_keystone_authtoken_middleware {
local conf_file=$1 local conf_file=$1
local admin_user=$2 local admin_user=$2
local signing_dir=$3 local section=${3:-keystone_authtoken}
local section=${4:-keystone_authtoken}
iniset $conf_file $section auth_type password iniset $conf_file $section auth_type password
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
@ -419,10 +418,16 @@ function configure_auth_token_middleware {
iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME" iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf_file $section cafile $SSL_BUNDLE_FILE iniset $conf_file $section cafile $SSL_BUNDLE_FILE
iniset $conf_file $section signing_dir $signing_dir
iniset $conf_file $section memcached_servers localhost:11211 iniset $conf_file $section memcached_servers localhost:11211
} }
# configure_auth_token_middleware conf_file admin_user IGNORED [section]
# TODO(frickler): old function for backwards compatibility, remove in U cycle
function configure_auth_token_middleware {
echo "WARNING: configure_auth_token_middleware is deprecated, use configure_keystone_authtoken_middleware instead"
configure_keystone_authtoken_middleware $1 $2 $4
}
# init_keystone() - Initialize databases, etc. # init_keystone() - Initialize databases, etc.
function init_keystone { function init_keystone {
if is_service_enabled ldap; then if is_service_enabled ldap; then

17
lib/neutron

@ -36,7 +36,6 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient
NEUTRON_DEPLOY_MOD_WSGI=$(trueorfalse False NEUTRON_DEPLOY_MOD_WSGI) NEUTRON_DEPLOY_MOD_WSGI=$(trueorfalse False NEUTRON_DEPLOY_MOD_WSGI)
NEUTRON_AGENT=${NEUTRON_AGENT:-openvswitch} NEUTRON_AGENT=${NEUTRON_AGENT:-openvswitch}
NEUTRON_DIR=$DEST/neutron NEUTRON_DIR=$DEST/neutron
NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
NEUTRON_DISTRIBUTED_ROUTING=$(trueorfalse False NEUTRON_DISTRIBUTED_ROUTING) NEUTRON_DISTRIBUTED_ROUTING=$(trueorfalse False NEUTRON_DISTRIBUTED_ROUTING)
# Distributed Virtual Router (DVR) configuration # Distributed Virtual Router (DVR) configuration
@ -62,7 +61,6 @@ NEUTRON_AGENT_CONF=$NEUTRON_CONF_DIR/
NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True} NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}
NEUTRON_STATE_PATH=${NEUTRON_STATE_PATH:=$DATA_DIR/neutron} NEUTRON_STATE_PATH=${NEUTRON_STATE_PATH:=$DATA_DIR/neutron}
NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
NEUTRON_UWSGI_CONF=$NEUTRON_CONF_DIR/neutron-api-uwsgi.ini NEUTRON_UWSGI_CONF=$NEUTRON_CONF_DIR/neutron-api-uwsgi.ini
@ -200,8 +198,8 @@ function configure_neutron_new {
iniset $NEUTRON_CONF DEFAULT router_distributed $NEUTRON_DISTRIBUTED_ROUTING iniset $NEUTRON_CONF DEFAULT router_distributed $NEUTRON_DISTRIBUTED_ROUTING
iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY
configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken configure_keystone_authtoken_middleware $NEUTRON_CONF neutron
configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova
# Configure VXLAN # Configure VXLAN
# TODO(sc68cal) not hardcode? # TODO(sc68cal) not hardcode?
@ -292,7 +290,7 @@ function configure_neutron_new {
# TODO(dtroyer): remove the v2.0 hard code below # TODO(dtroyer): remove the v2.0 hard code below
iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
configure_auth_token_middleware $NEUTRON_META_CONF neutron $NEUTRON_AUTH_CACHE_DIR DEFAULT configure_keystone_authtoken_middleware $NEUTRON_META_CONF neutron DEFAULT
fi fi
# Format logging # Format logging
@ -389,13 +387,6 @@ function create_neutron_accounts_new {
fi fi
} }
# create_neutron_cache_dir() - Part of the init_neutron() process
function create_neutron_cache_dir {
# Create cache dir
sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR
rm -f $NEUTRON_AUTH_CACHE_DIR/*
}
# init_neutron() - Initialize databases, etc. # init_neutron() - Initialize databases, etc.
function init_neutron_new { function init_neutron_new {
@ -405,8 +396,6 @@ function init_neutron_new {
# Run Neutron db migrations # Run Neutron db migrations
$NEUTRON_BIN_DIR/neutron-db-manage upgrade heads $NEUTRON_BIN_DIR/neutron-db-manage upgrade heads
time_stop "dbsync" time_stop "dbsync"
create_neutron_cache_dir
} }
# install_neutron() - Collect source and prepare # install_neutron() - Collect source and prepare

14
lib/neutron-legacy

@ -71,7 +71,6 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient
NEUTRON_DIR=$DEST/neutron NEUTRON_DIR=$DEST/neutron
NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
# Support entry points installation of console scripts # Support entry points installation of console scripts
if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then
@ -841,13 +840,13 @@ function _configure_neutron_service {
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
_neutron_setup_keystone $NEUTRON_CONF keystone_authtoken configure_keystone_authtoken_middleware $NEUTRON_CONF $Q_ADMIN_USERNAME
# Configuration for neutron notifications to nova. # Configuration for neutron notifications to nova.
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova
# Configure plugin # Configure plugin
neutron_plugin_configure_service neutron_plugin_configure_service
@ -933,15 +932,6 @@ function _neutron_setup_rootwrap {
fi fi
} }
# Configures keystone integration for neutron service
function _neutron_setup_keystone {
local conf_file=$1
local section=$2
create_neutron_cache_dir
configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
}
function _neutron_setup_interface_driver { function _neutron_setup_interface_driver {
# ovs_use_veth needs to be set before the plugin configuration # ovs_use_veth needs to be set before the plugin configuration

13
lib/nova

@ -46,7 +46,6 @@ fi
NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova} NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}
# INSTANCES_PATH is the previous name for this # INSTANCES_PATH is the previous name for this
NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}} NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}
NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova}
NOVA_CONF_DIR=/etc/nova NOVA_CONF_DIR=/etc/nova
NOVA_CONF=$NOVA_CONF_DIR/nova.conf NOVA_CONF=$NOVA_CONF_DIR/nova.conf
@ -215,7 +214,7 @@ function cleanup_nova {
sudo rm -rf $NOVA_INSTANCES_PATH/* sudo rm -rf $NOVA_INSTANCES_PATH/*
fi fi
sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR sudo rm -rf $NOVA_STATE_PATH
# NOTE(dtroyer): This really should be called from here but due to the way # NOTE(dtroyer): This really should be called from here but due to the way
# nova abuses the _cleanup() function we're moving it # nova abuses the _cleanup() function we're moving it
@ -443,7 +442,7 @@ function create_nova_conf {
iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT
fi fi
configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR configure_keystone_authtoken_middleware $NOVA_CONF nova
fi fi
if is_service_enabled cinder; then if is_service_enabled cinder; then
@ -690,13 +689,6 @@ function conductor_conf {
echo "${NOVA_CONF_DIR}/nova_cell${cell}.conf" echo "${NOVA_CONF_DIR}/nova_cell${cell}.conf"
} }
# create_nova_cache_dir() - Part of the init_nova() process
function create_nova_cache_dir {
# Create cache dir
sudo install -d -o $STACK_USER $NOVA_AUTH_CACHE_DIR
rm -f $NOVA_AUTH_CACHE_DIR/*
}
# create_nova_keys_dir() - Part of the init_nova() process # create_nova_keys_dir() - Part of the init_nova() process
function create_nova_keys_dir { function create_nova_keys_dir {
# Create keys dir # Create keys dir
@ -738,7 +730,6 @@ function init_nova {
done done
fi fi
create_nova_cache_dir
create_nova_keys_dir create_nova_keys_dir
if [[ "$NOVA_BACKEND" == "LVM" ]]; then if [[ "$NOVA_BACKEND" == "LVM" ]]; then

12
lib/placement

@ -29,7 +29,6 @@ set +o xtrace
PLACEMENT_DIR=$DEST/placement PLACEMENT_DIR=$DEST/placement
PLACEMENT_CONF_DIR=/etc/placement PLACEMENT_CONF_DIR=/etc/placement
PLACEMENT_CONF=$PLACEMENT_CONF_DIR/placement.conf PLACEMENT_CONF=$PLACEMENT_CONF_DIR/placement.conf
PLACEMENT_AUTH_CACHE_DIR=${PLACEMENT_AUTH_CACHE_DIR:-/var/cache/placement}
PLACEMENT_AUTH_STRATEGY=${PLACEMENT_AUTH_STRATEGY:-keystone} PLACEMENT_AUTH_STRATEGY=${PLACEMENT_AUTH_STRATEGY:-keystone}
# Placement virtual environment # Placement virtual environment
if [[ ${USE_VENV} = True ]]; then if [[ ${USE_VENV} = True ]]; then
@ -64,7 +63,6 @@ function is_placement_enabled {
function cleanup_placement { function cleanup_placement {
sudo rm -f $(apache_site_config_for placement-api) sudo rm -f $(apache_site_config_for placement-api)
remove_uwsgi_config "$PLACEMENT_UWSGI_CONF" "$PLACEMENT_UWSGI" remove_uwsgi_config "$PLACEMENT_UWSGI_CONF" "$PLACEMENT_UWSGI"
sudo rm -f $PLACEMENT_AUTH_CACHE_DIR/*
} }
# _config_placement_apache_wsgi() - Set WSGI config files # _config_placement_apache_wsgi() - Set WSGI config files
@ -99,7 +97,7 @@ function create_placement_conf {
iniset $PLACEMENT_CONF placement_database connection `database_connection_url placement` iniset $PLACEMENT_CONF placement_database connection `database_connection_url placement`
iniset $PLACEMENT_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL" iniset $PLACEMENT_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
iniset $PLACEMENT_CONF api auth_strategy $PLACEMENT_AUTH_STRATEGY iniset $PLACEMENT_CONF api auth_strategy $PLACEMENT_AUTH_STRATEGY
configure_auth_token_middleware $PLACEMENT_CONF placement $PLACEMENT_AUTH_CACHE_DIR configure_keystone_authtoken_middleware $PLACEMENT_CONF placement
setup_logging $PLACEMENT_CONF setup_logging $PLACEMENT_CONF
} }
@ -127,19 +125,11 @@ function create_placement_accounts {
"$placement_api_url" "$placement_api_url"
} }
# create_placement_cache_dir() - Create directories for keystone cache
function create_placement_cache_dir {
# Create cache dir
sudo install -d -o $STACK_USER $PLACEMENT_AUTH_CACHE_DIR
rm -f $PLACEMENT_AUTH_CACHE_DIR/*
}
# init_placement() - Create service user and endpoints # init_placement() - Create service user and endpoints
function init_placement { function init_placement {
recreate_database placement recreate_database placement
$PLACEMENT_BIN_DIR/placement-manage db sync $PLACEMENT_BIN_DIR/placement-manage db sync
create_placement_accounts create_placement_accounts
create_placement_cache_dir
} }
# install_placement() - Collect source and prepare # install_placement() - Collect source and prepare

7
lib/swift

@ -47,7 +47,6 @@ else
SWIFT_BIN_DIR=$(get_python_exec_prefix) SWIFT_BIN_DIR=$(get_python_exec_prefix)
fi fi
SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift} SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
@ -452,7 +451,7 @@ function configure_swift {
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken configure_keystone_authtoken_middleware $SWIFT_CONFIG_PROXY_SERVER swift filter:authtoken
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1 iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False
@ -735,10 +734,6 @@ function init_swift {
$SWIFT_BIN_DIR/swift-ring-builder container.builder rebalance 42 $SWIFT_BIN_DIR/swift-ring-builder container.builder rebalance 42
$SWIFT_BIN_DIR/swift-ring-builder account.builder rebalance 42 $SWIFT_BIN_DIR/swift-ring-builder account.builder rebalance 42
} && popd >/dev/null } && popd >/dev/null
# Create cache dir
sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR
rm -f $SWIFT_AUTH_CACHE_DIR/*
} }
function install_swift { function install_swift {