From 3624c2f5ad20fb3795576b35fd07ceedcc2642ba Mon Sep 17 00:00:00 2001 From: Brant Knudson Date: Mon, 22 Jun 2015 18:37:55 -0500 Subject: [PATCH] Use wsgi_scripts to create admin and public httpd files The httpd/keystone.py file needed to be copied and then symlinked when used by web servers to "admin" and "main". pbr 1.4.0 added support for wsgi_scripts that creates scripts for wsgi servers on install. Keystone will now specify wsgi_scripts so that the admin (keystone-wsgi-admin) and main (keystone-wsgi-public) scripts will be created on install. See http://httpd.apache.org/docs/2.4/upgrading.html#access for the apache docs with examples for the Allow/Deny/Require directives. DocImpact Related-Bug: #1441733 Change-Id: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace --- doc/source/apache-httpd.rst | 7 ------- httpd/wsgi-keystone.conf | 24 ++++++++++++++++++++++-- keystone/server/wsgi.py | 8 ++++++++ setup.cfg | 4 ++++ 4 files changed, 34 insertions(+), 9 deletions(-) diff --git a/doc/source/apache-httpd.rst b/doc/source/apache-httpd.rst index 97ae36bcf9..948bd280b3 100644 --- a/doc/source/apache-httpd.rst +++ b/doc/source/apache-httpd.rst @@ -45,13 +45,6 @@ Update the file to match your system configuration. Note the following: server logs in the ``apache2`` directory and some in the ``httpd`` directory. * Enable TLS by supplying the correct certificates. -Create the directory ``/var/www/cgi-bin/keystone/``. You can either hardlink or -softlink the files ``main`` and ``admin`` to the file ``keystone.py`` in this -directory. For a distribution-appropriate place, it should probably be copied -to:: - - /usr/share/openstack/keystone/httpd/keystone.py - Keystone's primary configuration file (``etc/keystone.conf``) and the PasteDeploy configuration file (``etc/keystone-paste.ini``) must be readable to HTTPD in one of the default locations described in :doc:`configuration`. diff --git a/httpd/wsgi-keystone.conf b/httpd/wsgi-keystone.conf index 314d737ae8..c2224d4247 100644 --- a/httpd/wsgi-keystone.conf +++ b/httpd/wsgi-keystone.conf @@ -4,7 +4,7 @@ Listen 35357 WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public - WSGIScriptAlias / /var/www/cgi-bin/keystone/main + WSGIScriptAlias / /usr/local/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On = 2.4> @@ -12,12 +12,22 @@ Listen 35357 ErrorLog /var/log/apache2/keystone.log CustomLog /var/log/apache2/keystone_access.log combined + + + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin - WSGIScriptAlias / /var/www/cgi-bin/keystone/admin + WSGIScriptAlias / /usr/local/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On = 2.4> @@ -25,4 +35,14 @@ Listen 35357 ErrorLog /var/log/apache2/keystone.log CustomLog /var/log/apache2/keystone_access.log combined + + + = 2.4> + Require all granted + + + Order allow,deny + Allow from all + + diff --git a/keystone/server/wsgi.py b/keystone/server/wsgi.py index 863f13bcee..dbdad32644 100644 --- a/keystone/server/wsgi.py +++ b/keystone/server/wsgi.py @@ -50,3 +50,11 @@ def initialize_application(name): _unused, application = common.setup_backends( startup_application_fn=loadapp) return application + + +def initialize_admin_application(): + return initialize_application('admin') + + +def initialize_public_application(): + return initialize_application('main') diff --git a/setup.cfg b/setup.cfg index 17d348ebfe..b2236ae6c8 100644 --- a/setup.cfg +++ b/setup.cfg @@ -66,6 +66,10 @@ console_scripts = keystone-all = keystone.cmd.all:main keystone-manage = keystone.cmd.manage:main +wsgi_scripts = + keystone-wsgi-admin = keystone.server.wsgi:initialize_admin_application + keystone-wsgi-public = keystone.server.wsgi:initialize_public_application + keystone.assignment = ldap = keystone.assignment.backends.ldap:Assignment sql = keystone.assignment.backends.sql:Assignment