Merge "Heat - revise keystone/trusts config to avoid deprecated options"
This commit is contained in:
commit
b5f0f3e98f
29
lib/heat
29
lib/heat
|
@ -56,6 +56,10 @@ HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
|
||||||
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
|
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
|
||||||
HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
|
HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
|
||||||
HEAT_API_PORT=${HEAT_API_PORT:-8004}
|
HEAT_API_PORT=${HEAT_API_PORT:-8004}
|
||||||
|
HEAT_SERVICE_USER=${HEAT_SERVICE_USER:-heat}
|
||||||
|
HEAT_TRUSTEE_USER=${HEAT_TRUSTEE_USER:-$HEAT_SERVICE_USER}
|
||||||
|
HEAT_TRUSTEE_PASSWORD=${HEAT_TRUSTEE_PASSWORD:-$SERVICE_PASSWORD}
|
||||||
|
HEAT_TRUSTEE_DOMAIN=${HEAT_TRUSTEE_DOMAIN:-default}
|
||||||
|
|
||||||
# Support entry points installation of console scripts
|
# Support entry points installation of console scripts
|
||||||
HEAT_BIN_DIR=$(get_python_exec_prefix)
|
HEAT_BIN_DIR=$(get_python_exec_prefix)
|
||||||
|
@ -73,7 +77,7 @@ if [[ "$HEAT_STANDALONE" = "True" ]]; then
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
|
HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN)
|
||||||
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
|
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-}
|
||||||
fi
|
fi
|
||||||
HEAT_PLUGIN_DIR=${HEAT_PLUGIN_DIR:-$DATA_DIR/heat/plugins}
|
HEAT_PLUGIN_DIR=${HEAT_PLUGIN_DIR:-$DATA_DIR/heat/plugins}
|
||||||
ENABLE_HEAT_PLUGINS=${ENABLE_HEAT_PLUGINS:-}
|
ENABLE_HEAT_PLUGINS=${ENABLE_HEAT_PLUGINS:-}
|
||||||
|
@ -134,30 +138,39 @@ function configure_heat {
|
||||||
setup_colorized_logging $HEAT_CONF DEFAULT tenant user
|
setup_colorized_logging $HEAT_CONF DEFAULT tenant user
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$HEAT_DEFERRED_AUTH" ]; then
|
||||||
iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH
|
iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$HEAT_USE_MOD_WSGI" == "True" ]; then
|
if [ "$HEAT_USE_MOD_WSGI" == "True" ]; then
|
||||||
_config_heat_apache_wsgi
|
_config_heat_apache_wsgi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# NOTE(jamielennox): heat re-uses specific values from the
|
|
||||||
# keystone_authtoken middleware group and so currently fails when using the
|
|
||||||
# auth plugin setup. This should be fixed in heat. Heat is also the only
|
|
||||||
# service that requires the auth_uri to include a /v2.0. Remove this custom
|
|
||||||
# setup when bug #1300246 is resolved.
|
|
||||||
iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
|
|
||||||
if [[ "$HEAT_STANDALONE" = "True" ]]; then
|
if [[ "$HEAT_STANDALONE" = "True" ]]; then
|
||||||
iniset $HEAT_CONF paste_deploy flavor standalone
|
iniset $HEAT_CONF paste_deploy flavor standalone
|
||||||
iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s"
|
iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s"
|
||||||
else
|
else
|
||||||
iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
||||||
iniset $HEAT_CONF keystone_authtoken admin_user heat
|
iniset $HEAT_CONF keystone_authtoken admin_user $HEAT_SERVICE_USER
|
||||||
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
||||||
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
||||||
iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
|
iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
|
||||||
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
|
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# If HEAT_DEFERRED_AUTH is unset or explicitly set to trusts, configure
|
||||||
|
# the section for the client plugin associated with the trustee
|
||||||
|
if [ -z "$HEAT_DEFERRED_AUTH" -o "trusts" == "$HEAT_DEFERRED_AUTH" ]; then
|
||||||
|
iniset $HEAT_CONF trustee auth_plugin password
|
||||||
|
iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI
|
||||||
|
iniset $HEAT_CONF trustee username $HEAT_TRUSTEE_USER
|
||||||
|
iniset $HEAT_CONF trustee password $HEAT_TRUSTEE_PASSWORD
|
||||||
|
iniset $HEAT_CONF trustee user_domain_id $HEAT_TRUSTEE_DOMAIN
|
||||||
|
fi
|
||||||
|
|
||||||
|
# clients_keystone
|
||||||
|
iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI
|
||||||
|
|
||||||
# ec2authtoken
|
# ec2authtoken
|
||||||
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
|
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue