Use wsgi_scripts to create admin and public httpd files
The httpd/keystone.py file needed to be copied and then symlinked when used by web servers to "admin" and "main". pbr 1.4.0 added support for wsgi_scripts that creates scripts for wsgi servers on install. Keystone will now specify wsgi_scripts so that the admin (keystone-wsgi-admin) and main (keystone-wsgi-public) scripts will be created on install. See http://httpd.apache.org/docs/2.4/upgrading.html#access for the apache docs with examples for the Allow/Deny/Require directives. DocImpact Related-Bug: #1441733 Change-Id: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
This commit is contained in:
parent
3bac87ef2c
commit
3624c2f5ad
@ -45,13 +45,6 @@ Update the file to match your system configuration. Note the following:
|
||||
server logs in the ``apache2`` directory and some in the ``httpd`` directory.
|
||||
* Enable TLS by supplying the correct certificates.
|
||||
|
||||
Create the directory ``/var/www/cgi-bin/keystone/``. You can either hardlink or
|
||||
softlink the files ``main`` and ``admin`` to the file ``keystone.py`` in this
|
||||
directory. For a distribution-appropriate place, it should probably be copied
|
||||
to::
|
||||
|
||||
/usr/share/openstack/keystone/httpd/keystone.py
|
||||
|
||||
Keystone's primary configuration file (``etc/keystone.conf``) and the
|
||||
PasteDeploy configuration file (``etc/keystone-paste.ini``) must be readable to
|
||||
HTTPD in one of the default locations described in :doc:`configuration`.
|
||||
|
@ -4,7 +4,7 @@ Listen 35357
|
||||
<VirtualHost *:5000>
|
||||
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
|
||||
WSGIProcessGroup keystone-public
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
|
||||
WSGIScriptAlias / /usr/local/bin/keystone-wsgi-public
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
WSGIPassAuthorization On
|
||||
<IfVersion >= 2.4>
|
||||
@ -12,12 +12,22 @@ Listen 35357
|
||||
</IfVersion>
|
||||
ErrorLog /var/log/apache2/keystone.log
|
||||
CustomLog /var/log/apache2/keystone_access.log combined
|
||||
|
||||
<Directory /usr/local/bin>
|
||||
<IfVersion >= 2.4>
|
||||
Require all granted
|
||||
</IfVersion>
|
||||
<IfVersion < 2.4>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:35357>
|
||||
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
|
||||
WSGIProcessGroup keystone-admin
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
|
||||
WSGIScriptAlias / /usr/local/bin/keystone-wsgi-admin
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
WSGIPassAuthorization On
|
||||
<IfVersion >= 2.4>
|
||||
@ -25,4 +35,14 @@ Listen 35357
|
||||
</IfVersion>
|
||||
ErrorLog /var/log/apache2/keystone.log
|
||||
CustomLog /var/log/apache2/keystone_access.log combined
|
||||
|
||||
<Directory /usr/local/bin>
|
||||
<IfVersion >= 2.4>
|
||||
Require all granted
|
||||
</IfVersion>
|
||||
<IfVersion < 2.4>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
|
@ -50,3 +50,11 @@ def initialize_application(name):
|
||||
_unused, application = common.setup_backends(
|
||||
startup_application_fn=loadapp)
|
||||
return application
|
||||
|
||||
|
||||
def initialize_admin_application():
|
||||
return initialize_application('admin')
|
||||
|
||||
|
||||
def initialize_public_application():
|
||||
return initialize_application('main')
|
||||
|
@ -66,6 +66,10 @@ console_scripts =
|
||||
keystone-all = keystone.cmd.all:main
|
||||
keystone-manage = keystone.cmd.manage:main
|
||||
|
||||
wsgi_scripts =
|
||||
keystone-wsgi-admin = keystone.server.wsgi:initialize_admin_application
|
||||
keystone-wsgi-public = keystone.server.wsgi:initialize_public_application
|
||||
|
||||
keystone.assignment =
|
||||
ldap = keystone.assignment.backends.ldap:Assignment
|
||||
sql = keystone.assignment.backends.sql:Assignment
|
||||
|
Loading…
x
Reference in New Issue
Block a user