Create dedicated function to manage only keystoneauth options
Using the common function to configure keystoneauth middleware leaves some options not actually used for service-to-service communication. Create a dedicated function, which configures only options loaded by keystoneauth library, to drop unnecessary options. Change-Id: Idafdd4a3925d09f155d8ec651786ccbcd6a5f2e4 Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
13
lib/cinder
13
lib/cinder
@@ -303,15 +303,6 @@ function configure_cinder {
|
||||
|
||||
cp $CINDER_DIR/etc/cinder/api-paste.ini $CINDER_API_PASTE_INI
|
||||
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken auth_host
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken auth_port
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken auth_protocol
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken cafile
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_user
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
|
||||
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
|
||||
|
||||
configure_keystone_authtoken_middleware $CINDER_CONF cinder
|
||||
|
||||
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
||||
@@ -423,7 +414,7 @@ function configure_cinder {
|
||||
configure_keystone_authtoken_middleware $CINDER_CONF glance glance
|
||||
|
||||
# Set nova credentials (used for os-assisted-snapshots)
|
||||
configure_keystone_authtoken_middleware $CINDER_CONF nova nova
|
||||
configure_keystoneauth $CINDER_CONF nova nova
|
||||
iniset $CINDER_CONF nova region_name "$REGION_NAME"
|
||||
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
|
||||
|
||||
@@ -733,8 +724,8 @@ function configure_cinder_volume_upload {
|
||||
}
|
||||
|
||||
function init_cinder_service_user_conf {
|
||||
configure_keystone_authtoken_middleware $CINDER_CONF cinder service_user
|
||||
iniset $CINDER_CONF service_user send_service_user_token True
|
||||
configure_keystoneauth $CINDER_CONF cinder service_user
|
||||
}
|
||||
|
||||
# Restore xtrace
|
||||
|
||||
30
lib/keystone
30
lib/keystone
@@ -421,9 +421,27 @@ function create_service_user {
|
||||
fi
|
||||
}
|
||||
|
||||
# Configure options for keystoneauth
|
||||
#
|
||||
# configure_keystoneauth conf_file admin_user section
|
||||
function configure_keystoneauth {
|
||||
local conf_file=$1
|
||||
local admin_user=$2
|
||||
local section=$3
|
||||
|
||||
iniset $conf_file $section auth_type password
|
||||
iniset $conf_file $section interface public
|
||||
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
|
||||
iniset $conf_file $section username $admin_user
|
||||
iniset $conf_file $section password $SERVICE_PASSWORD
|
||||
iniset $conf_file $section user_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
|
||||
iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
}
|
||||
|
||||
# Configure a service to use the auth token middleware.
|
||||
#
|
||||
# configure_keystone_authtoken_middleware conf_file admin_user IGNORED [section]
|
||||
# configure_keystone_authtoken_middleware conf_file admin_user [section]
|
||||
#
|
||||
# section defaults to keystone_authtoken, which is where auth_token looks in
|
||||
# the .conf file. If the paste config file is used (api-paste.ini) then
|
||||
@@ -434,15 +452,7 @@ function configure_keystone_authtoken_middleware {
|
||||
local section=${3:-keystone_authtoken}
|
||||
local service_type=$4
|
||||
|
||||
iniset $conf_file $section auth_type password
|
||||
iniset $conf_file $section interface public
|
||||
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
|
||||
iniset $conf_file $section username $admin_user
|
||||
iniset $conf_file $section password $SERVICE_PASSWORD
|
||||
iniset $conf_file $section user_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
|
||||
iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
|
||||
configure_keystoneauth $conf_file $admin_user $section
|
||||
iniset $conf_file $section cafile $SSL_BUNDLE_FILE
|
||||
iniset $conf_file $section memcached_servers $MEMCACHE_SERVERS
|
||||
if [[ -n "$service_type" ]]; then
|
||||
|
||||
13
lib/neutron
13
lib/neutron
@@ -460,14 +460,7 @@ function configure_neutron_nova {
|
||||
|
||||
function create_nova_conf_neutron {
|
||||
local conf=${1:-$NOVA_CONF}
|
||||
iniset $conf neutron auth_type "password"
|
||||
iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI"
|
||||
iniset $conf neutron username nova
|
||||
iniset $conf neutron password "$SERVICE_PASSWORD"
|
||||
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
iniset $conf neutron project_name "$SERVICE_PROJECT_NAME"
|
||||
iniset $conf neutron project_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
iniset $conf neutron auth_strategy "$Q_AUTH_STRATEGY"
|
||||
configure_keystoneauth $conf nova neutron
|
||||
iniset $conf neutron region_name "$REGION_NAME"
|
||||
|
||||
# optionally set options in nova_conf
|
||||
@@ -1011,10 +1004,10 @@ function _configure_neutron_service {
|
||||
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
|
||||
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
|
||||
|
||||
configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova
|
||||
configure_keystoneauth $NEUTRON_CONF nova nova
|
||||
|
||||
# Configuration for placement client
|
||||
configure_keystone_authtoken_middleware $NEUTRON_CONF placement placement
|
||||
configure_keystoneauth $NEUTRON_CONF placement placement
|
||||
|
||||
# Configure plugin
|
||||
neutron_plugin_configure_service
|
||||
|
||||
34
lib/nova
34
lib/nova
@@ -628,32 +628,19 @@ function create_nova_conf {
|
||||
function configure_placement_nova_compute {
|
||||
# Use the provided config file path or default to $NOVA_CONF.
|
||||
local conf=${1:-$NOVA_CONF}
|
||||
iniset $conf placement auth_type "password"
|
||||
iniset $conf placement auth_url "$KEYSTONE_SERVICE_URI"
|
||||
iniset $conf placement username nova
|
||||
iniset $conf placement password "$SERVICE_PASSWORD"
|
||||
iniset $conf placement user_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
iniset $conf placement project_name "$SERVICE_TENANT_NAME"
|
||||
iniset $conf placement project_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
iniset $conf placement region_name "$REGION_NAME"
|
||||
configure_keystoneauth $conf nova placement
|
||||
}
|
||||
|
||||
# Configure access to cinder.
|
||||
function configure_cinder_access {
|
||||
iniset $NOVA_CONF cinder os_region_name "$REGION_NAME"
|
||||
iniset $NOVA_CONF cinder auth_type "password"
|
||||
iniset $NOVA_CONF cinder auth_url "$KEYSTONE_SERVICE_URI"
|
||||
# NOTE(mriedem): This looks a bit weird but we use the nova user here
|
||||
# since it has the admin role and the cinder user does not. This is
|
||||
# similar to using the nova user in init_nova_service_user_conf. We need
|
||||
# to use a user with the admin role for background tasks in nova to
|
||||
# be able to GET block-storage API resources owned by another project
|
||||
# since cinder has low-level "is_admin" checks in its DB API.
|
||||
iniset $NOVA_CONF cinder username nova
|
||||
iniset $NOVA_CONF cinder password "$SERVICE_PASSWORD"
|
||||
iniset $NOVA_CONF cinder user_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
iniset $NOVA_CONF cinder project_name "$SERVICE_TENANT_NAME"
|
||||
iniset $NOVA_CONF cinder project_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
configure_keystoneauth $conf nova cinder
|
||||
if is_service_enabled tls-proxy; then
|
||||
CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
|
||||
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
|
||||
@@ -663,14 +650,7 @@ function configure_cinder_access {
|
||||
|
||||
# Configure access to manila.
|
||||
function configure_manila_access {
|
||||
iniset $NOVA_CONF manila os_region_name "$REGION_NAME"
|
||||
iniset $NOVA_CONF manila auth_type "password"
|
||||
iniset $NOVA_CONF manila auth_url "$KEYSTONE_SERVICE_URI"
|
||||
iniset $NOVA_CONF manila username nova
|
||||
iniset $NOVA_CONF manila password "$SERVICE_PASSWORD"
|
||||
iniset $NOVA_CONF manila user_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
iniset $NOVA_CONF manila project_name "$SERVICE_TENANT_NAME"
|
||||
iniset $NOVA_CONF manila project_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
configure_keystoneauth $conf nova manila
|
||||
}
|
||||
|
||||
function configure_console_compute {
|
||||
@@ -836,13 +816,7 @@ function configure_nova_unified_limits {
|
||||
|
||||
function init_nova_service_user_conf {
|
||||
iniset $NOVA_CONF service_user send_service_user_token True
|
||||
iniset $NOVA_CONF service_user auth_type password
|
||||
iniset $NOVA_CONF service_user auth_url "$KEYSTONE_SERVICE_URI"
|
||||
iniset $NOVA_CONF service_user username nova
|
||||
iniset $NOVA_CONF service_user password "$SERVICE_PASSWORD"
|
||||
iniset $NOVA_CONF service_user user_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
iniset $NOVA_CONF service_user project_name "$SERVICE_PROJECT_NAME"
|
||||
iniset $NOVA_CONF service_user project_domain_name "$SERVICE_DOMAIN_NAME"
|
||||
configure_keystoneauth $NOVA_CONF nova service_user
|
||||
}
|
||||
|
||||
function conductor_conf {
|
||||
|
||||
Reference in New Issue
Block a user