diff --git a/files/nova-api-paste.ini b/files/nova-api-paste.ini index 7f27fdcbf9..76c8aae346 100644 --- a/files/nova-api-paste.ini +++ b/files/nova-api-paste.ini @@ -1,131 +1,13 @@ -############ -# Metadata # -############ -[composite:metadata] -use = egg:Paste#urlmap -/: metaversions -/latest: meta -/2007-01-19: meta -/2007-03-01: meta -/2007-08-29: meta -/2007-10-10: meta -/2007-12-15: meta -/2008-02-01: meta -/2008-09-01: meta -/2009-04-04: meta - -[pipeline:metaversions] -pipeline = ec2faultwrap logrequest metaverapp - -[pipeline:meta] -pipeline = ec2faultwrap logrequest metaapp - -[app:metaverapp] -paste.app_factory = nova.api.metadata.handler:Versions.factory - -[app:metaapp] -paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory - -####### -# EC2 # -####### - -[composite:ec2] -use = egg:Paste#urlmap -/services/Cloud: ec2cloud -/services/Admin: ec2admin - -[pipeline:ec2cloud] -pipeline = ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor - -[pipeline:ec2admin] -pipeline = ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor - -[pipeline:ec2metadata] -pipeline = ec2faultwrap logrequest ec2md - -[pipeline:ec2versions] -pipeline = ec2faultwrap logrequest ec2ver - -[filter:ec2faultwrap] -paste.filter_factory = nova.api.ec2:FaultWrapper.factory - -[filter:logrequest] -paste.filter_factory = nova.api.ec2:RequestLogging.factory - -[filter:ec2lockout] -paste.filter_factory = nova.api.ec2:Lockout.factory - -[filter:totoken] -paste.filter_factory = keystone.middleware.ec2_token:EC2Token.factory - -[filter:ec2noauth] -paste.filter_factory = nova.api.ec2:NoAuth.factory - -[filter:authenticate] -paste.filter_factory = nova.api.ec2:Authenticate.factory - -[filter:cloudrequest] -controller = nova.api.ec2.cloud.CloudController -paste.filter_factory = nova.api.ec2:Requestify.factory - -[filter:adminrequest] -controller = nova.api.ec2.admin.AdminController -paste.filter_factory = nova.api.ec2:Requestify.factory - -[filter:authorizer] -paste.filter_factory = nova.api.ec2:Authorizer.factory - -[app:ec2executor] -paste.app_factory = nova.api.ec2:Executor.factory - -############# -# Openstack # -############# - -[composite:osapi] -use = call:nova.api.openstack.v2.urlmap:urlmap_factory -/: osversions -/v1.1: openstack_api_v2 -/v2: openstack_api_v2 - -[pipeline:openstack_api_v2] -pipeline = faultwrap authtoken keystonecontext ratelimit serialize extensions osapi_app_v2 - -[filter:faultwrap] -paste.filter_factory = nova.api.openstack.v2:FaultWrapper.factory - -[filter:auth] -paste.filter_factory = nova.api.openstack.v2.auth:AuthMiddleware.factory - -[filter:noauth] -paste.filter_factory = nova.api.openstack.v2.auth:NoAuthMiddleware.factory - -[filter:ratelimit] -paste.filter_factory = nova.api.openstack.v2.limits:RateLimitingMiddleware.factory - -[filter:serialize] -paste.filter_factory = nova.api.openstack.wsgi:LazySerializationMiddleware.factory - -[filter:extensions] -paste.filter_factory = nova.api.openstack.v2.extensions:ExtensionMiddleware.factory - -[app:osapi_app_v2] -paste.app_factory = nova.api.openstack.v2:APIRouter.factory - -[pipeline:osversions] -pipeline = faultwrap osversionapp - -[app:osversionapp] -paste.app_factory = nova.api.openstack.v2.versions:Versions.factory - ########## -# Shared # +# Extras # ########## [filter:keystonecontext] paste.filter_factory = keystone.middleware.nova_keystone_context:NovaKeystoneContext.factory +[filter:totoken] +paste.filter_factory = keystone.middleware.ec2_token:EC2Token.factory + [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http diff --git a/stack.sh b/stack.sh index a79f7949d9..c0763d46a3 100755 --- a/stack.sh +++ b/stack.sh @@ -777,14 +777,26 @@ fi # Nova # ---- - if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then # We are going to use a sample http middleware configuration based on the # one from the keystone project to launch nova. This paste config adds - # the configuration required for nova to validate keystone tokens. We add - # our own service token to the configuration. - cp $FILES/nova-api-paste.ini $NOVA_DIR/bin + # the configuration required for nova to validate keystone tokens. + + # First we add a some extra data to the default paste config from nova + cat $NOVA_DIR/etc/nova/api-paste.ini $FILES/nova-api-paste.ini > $NOVA_DIR/bin/nova-api-paste.ini + + # Then we add our own service token to the configuration sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $NOVA_DIR/bin/nova-api-paste.ini + + # Finally, we change the pipelines in nova to use keystone + function replace_pipeline() { + sed "/\[pipeline:$1\]/,/\[/s/^pipeline = .*/pipeline = $2/" -i $NOVA_DIR/bin/nova-api-paste.ini + } + replace_pipeline "ec2cloud" "ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor" + replace_pipeline "ec2admin" "ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor" + replace_pipeline "openstack_api_v2" "faultwrap authtoken keystonecontext ratelimit serialize extensions osapi_app_v2" + replace_pipeline "openstack_compute_api_v2" "faultwrap authtoken keystonecontext ratelimit serialize compute_extensions osapi_compute_app_v2" + replace_pipeline "openstack_volume_api_v1" "faultwrap authtoken keystonecontext ratelimit serialize volume_extensions osapi_volume_app_v1" fi # Helper to clean iptables rules @@ -998,7 +1010,7 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \ tee /etc/rsyslog.d/10-swift.conf sudo restart rsyslog - + # We create two helper scripts : # # - swift-remakerings