openstack/octavia
Code Issues Proposed changes

Change auth_strategy default to keystone

Browse Source 
The current default for auth_strategy is noauth, which is not how it is
expected to be set in production environments.

Note: Functional tests should be good with noauth.

Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: Ifc80fff06a1d793d7cee0b207af10061784e48db
This commit is contained in:
Nir Magnezi 2017-04-25 15:10:42 +03:00 committed by Adam Harwell
parent a669d7e4f1
commit 75c1c5f22a
6 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
devstack/files/wsgi/octavia-api.template
View File

@ -18,7 +18,7 @@ Listen %OCTAVIA_SERVICE_PORT%
<VirtualHost *:%OCTAVIA_SERVICE_PORT%> <VirtualHost *:%OCTAVIA_SERVICE_PORT%>
WSGIDaemonProcess octavia-wsgi processes=%APIWORKERS% threads=1 display-name=%{GROUP} %VIRTUALENV% WSGIDaemonProcess octavia-wsgi processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup octavia-wsgi WSGIProcessGroup octavia-wsgi
WSGIScriptAlias / /usr/local/bin/octavia-wsgi WSGIScriptAlias / /usr/local/bin/octavia-wsgi
WSGIApplicationGroup %{GLOBAL} WSGIApplicationGroup %{GLOBAL}

6
devstack/plugin.sh
View File

@ -112,6 +112,7 @@ function _configure_octavia_apache_wsgi {
sudo cp ${OCTAVIA_DIR}/devstack/files/wsgi/octavia-api.template $octavia_apache_conf sudo cp ${OCTAVIA_DIR}/devstack/files/wsgi/octavia-api.template $octavia_apache_conf
sudo sed -e " sudo sed -e "
s|%OCTAVIA_SERVICE_PORT%|$octavia_api_port|g; s|%OCTAVIA_SERVICE_PORT%|$octavia_api_port|g;
s|%USER%|$APACHE_USER|g;
s|%APACHE_NAME%|$APACHE_NAME|g; s|%APACHE_NAME%|$APACHE_NAME|g;
s|%SSLENGINE%|$octavia_ssl|g; s|%SSLENGINE%|$octavia_ssl|g;
s|%SSLCERTFILE%|$octavia_certfile|g; s|%SSLCERTFILE%|$octavia_certfile|g;
@ -138,7 +139,7 @@ function _stop_octavia_apache_wsgi {
} }
function create_octavia_accounts { function create_octavia_accounts {
create_service_user "octavia" create_service_user $OCTAVIA
local octavia_service=$(get_or_create_service "octavia" \ local octavia_service=$(get_or_create_service "octavia" \
"load-balancer" "Octavia Load Balancing Service") "load-balancer" "Octavia Load Balancing Service")
@ -177,7 +178,6 @@ function octavia_configure {
iniset $OCTAVIA_CONF service_auth project_name $OCTAVIA_PROJECT_NAME iniset $OCTAVIA_CONF service_auth project_name $OCTAVIA_PROJECT_NAME
iniset $OCTAVIA_CONF service_auth project_domain_name $OCTAVIA_PROJECT_DOMAIN_NAME iniset $OCTAVIA_CONF service_auth project_domain_name $OCTAVIA_PROJECT_DOMAIN_NAME
iniset $OCTAVIA_CONF service_auth cafile $SSL_BUNDLE_FILE iniset $OCTAVIA_CONF service_auth cafile $SSL_BUNDLE_FILE
iniset $OCTAVIA_CONF service_auth signing_dir $signing_dir
iniset $OCTAVIA_CONF service_auth memcached_servers $SERVICE_HOST:11211 iniset $OCTAVIA_CONF service_auth memcached_servers $SERVICE_HOST:11211
# Setting other required default options # Setting other required default options
@ -516,7 +516,7 @@ function octavia_cleanup {
# create_octavia_cache_dir() - Part of the configure_octavia() process # create_octavia_cache_dir() - Part of the configure_octavia() process
function create_octavia_cache_dir { function create_octavia_cache_dir {
# Create cache dir # Create cache dir
sudo install -d -o $STACK_USER $OCTAVIA_AUTH_CACHE_DIR sudo install -d -o $APACHE_USER $OCTAVIA_AUTH_CACHE_DIR
rm -f $OCTAVIA_AUTH_CACHE_DIR/* rm -f $OCTAVIA_AUTH_CACHE_DIR/*
} }

2
etc/octavia.conf
View File

@ -6,7 +6,7 @@
# api_handler = queue_producer # api_handler = queue_producer
# #
# How should authentication be handled (keystone, noauth) # How should authentication be handled (keystone, noauth)
# auth_strategy = noauth # auth_strategy = keystone
# #
# Plugin options are hot_plug_plugin (Hot-pluggable controller plugin) # Plugin options are hot_plug_plugin (Hot-pluggable controller plugin)
# #

2
octavia/common/config.py
View File

@ -35,7 +35,7 @@ core_opts = [
help=_("The host IP to bind to")), help=_("The host IP to bind to")),
cfg.PortOpt('bind_port', default=9876, cfg.PortOpt('bind_port', default=9876,
help=_("The port to bind to")), help=_("The port to bind to")),
cfg.StrOpt('auth_strategy', default=constants.NOAUTH, cfg.StrOpt('auth_strategy', default=constants.KEYSTONE,
choices=[constants.NOAUTH, choices=[constants.NOAUTH,
constants.KEYSTONE, constants.KEYSTONE,
constants.TESTING], constants.TESTING],

2
octavia/tests/functional/api/v1/base.py
View File

@ -60,7 +60,7 @@ class BaseAPITest(base_db_test.OctaviaDBTestBase):
conf.config(api_handler='simulated_handler') conf.config(api_handler='simulated_handler')
conf.config(group="controller_worker", conf.config(group="controller_worker",
network_driver='network_noop_driver') network_driver='network_noop_driver')
conf.config(auth_strategy='noauth') conf.config(auth_strategy=constants.NOAUTH)
self.lb_repo = repositories.LoadBalancerRepository() self.lb_repo = repositories.LoadBalancerRepository()
self.listener_repo = repositories.ListenerRepository() self.listener_repo = repositories.ListenerRepository()
self.listener_stats_repo = repositories.ListenerStatisticsRepository() self.listener_stats_repo = repositories.ListenerStatisticsRepository()

1
octavia/tests/functional/api/v2/base.py
View File

@ -69,6 +69,7 @@ class BaseAPITest(base_db_test.OctaviaDBTestBase):
self.conf.config(api_handler='simulated_handler') self.conf.config(api_handler='simulated_handler')
self.conf.config(group="controller_worker", self.conf.config(group="controller_worker",
network_driver='network_noop_driver') network_driver='network_noop_driver')
self.conf.config(auth_strategy=constants.NOAUTH)
self.lb_repo = repositories.LoadBalancerRepository() self.lb_repo = repositories.LoadBalancerRepository()
self.listener_repo = repositories.ListenerRepository() self.listener_repo = repositories.ListenerRepository()
self.listener_stats_repo = repositories.ListenerStatisticsRepository() self.listener_stats_repo = repositories.ListenerStatisticsRepository()