Use wsgi_scripts to create admin and public httpd files

The httpd/keystone.py file needed to be copied and then
symlinked when used by web servers to "admin" and "main".

pbr 1.4.0 added support for wsgi_scripts that creates scripts
for wsgi servers on install. Keystone will now specify
wsgi_scripts so that the admin (keystone-wsgi-admin) and
main (keystone-wsgi-public) scripts will be created on install.

See http://httpd.apache.org/docs/2.4/upgrading.html#access for
the apache docs with examples for the Allow/Deny/Require
directives.

DocImpact

Related-Bug: #1441733
Change-Id: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
This commit is contained in:
Brant Knudson 2015-06-22 18:37:55 -05:00
parent 3bac87ef2c
commit 3624c2f5ad
4 changed files with 34 additions and 9 deletions

@ -45,13 +45,6 @@ Update the file to match your system configuration. Note the following:
server logs in the ``apache2`` directory and some in the ``httpd`` directory.
* Enable TLS by supplying the correct certificates.
Create the directory ``/var/www/cgi-bin/keystone/``. You can either hardlink or
softlink the files ``main`` and ``admin`` to the file ``keystone.py`` in this
directory. For a distribution-appropriate place, it should probably be copied
to::
/usr/share/openstack/keystone/httpd/keystone.py
Keystone's primary configuration file (``etc/keystone.conf``) and the
PasteDeploy configuration file (``etc/keystone-paste.ini``) must be readable to
HTTPD in one of the default locations described in :doc:`configuration`.

@ -4,7 +4,7 @@ Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIScriptAlias / /usr/local/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
@ -12,12 +12,22 @@ Listen 35357
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/local/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIScriptAlias / /usr/local/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
@ -25,4 +35,14 @@ Listen 35357
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/local/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>

@ -50,3 +50,11 @@ def initialize_application(name):
_unused, application = common.setup_backends(
startup_application_fn=loadapp)
return application
def initialize_admin_application():
return initialize_application('admin')
def initialize_public_application():
return initialize_application('main')

@ -66,6 +66,10 @@ console_scripts =
keystone-all = keystone.cmd.all:main
keystone-manage = keystone.cmd.manage:main
wsgi_scripts =
keystone-wsgi-admin = keystone.server.wsgi:initialize_admin_application
keystone-wsgi-public = keystone.server.wsgi:initialize_public_application
keystone.assignment =
ldap = keystone.assignment.backends.ldap:Assignment
sql = keystone.assignment.backends.sql:Assignment