Updated repository for minimum viable kilo install
* Updated Keystone wsgi and paste files from upstream. * Updated all clients in the openstack_client.yml file. * Kilo services are tracking the head of master. * Removed pinned middleware because they're pinned else where. * Added additional service references for neutron vpnaas, fwaas, and lbaas which have now been moved into their own repos and no longer exist within the core neutron repository. * The neutron vpnaas, fwaas, and lbaas have been removed from the basic plugins being loaded and a comment has been added to describe how one might add them back in. * Updated rootwrap filters for neutron dhcp and l3. * Updated heat policy.json * Added the `python-libguestfs` to the nova-compute installation packages. * Updates all services to point to the latest kilo tag Services updated due to deprecated configs: * Keystone * Glance * Nova * Neutron (is still using the deprecated nova auth plugin) * Heat * Tempest Items for future work post initial release: * roles/os_neutron/files/post-up-checksum-rules:25: TODO(cloudnull) remove this script once the bug is fixed. * roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml:17: TODO(someone): implement a more robust way of checking Implements: blueprint minimal-kilo Closes-Bug: 1428421 Closes-Bug: 1428431 Closes-Bug: 1428437 Closes-Bug: 1428445 Closes-Bug: 1428451 Closes-Bug: 1428469 Closes-Bug: 1428639 Change-Id: I28a305d9e40a9cf70148ef7d7b00d467a65ca076
This commit is contained in:
Kevin Carter
parent
f10cc7a338
commit
149cde6e17
|
|
@ -37,16 +37,36 @@ keystone_identity_driver: "keystone.identity.backends.sql.Identity"
|
|||
# For a sql backed token storage use: "keystone.token.backends.sql.Token"
|
||||
keystone_token_driver: "keystone.token.persistence.backends.memcache.Token"
|
||||
keystone_token_provider: "keystone.token.providers.uuid.Provider"
|
||||
keystone_token_expiration: 43200
|
||||
keystone_token_cache_time: 3600
|
||||
|
||||
# Set the revocation driver used within keystone.
|
||||
keystone_revocation_driver: keystone.contrib.revoke.backends.sql.Revoke
|
||||
keystone_revocation_cache_time: 3600
|
||||
keystone_revocation_expiration_buffer: 1800
|
||||
|
||||
keystone_cache_expiration_time: 5400
|
||||
|
||||
keystone_assignment_driver: keystone.assignment.backends.sql.Assignment
|
||||
|
||||
keystone_resource_cache_time: 3600
|
||||
keystone_resource_driver: keystone.resource.backends.sql.Resource
|
||||
|
||||
keystone_bind_address: 0.0.0.0
|
||||
|
||||
## Memcached servers used within keystone.
|
||||
# String or Comma separated list of servers.
|
||||
keystone_memcached_servers: 127.0.0.1
|
||||
keystone_memcached_max_compare_and_set_retry: 16
|
||||
|
||||
## DB info
|
||||
keystone_galera_user: keystone
|
||||
keystone_galera_database: keystone
|
||||
# Database tuning
|
||||
keystone_database_idle_timeout: 200
|
||||
keystone_database_min_pool_size: 5
|
||||
keystone_database_max_pool_size: 10
|
||||
keystone_database_pool_timeout: 200
|
||||
|
||||
## Role info
|
||||
keystone_role_name: admin
|
||||
|
|
@ -131,8 +151,10 @@ keystone_pip_packages:
|
|||
- ldappool
|
||||
- lxml
|
||||
- MySQL-python
|
||||
- oslo.middleware
|
||||
- pbr
|
||||
- pycrypto
|
||||
- pysaml2
|
||||
- python-keystoneclient
|
||||
- python-memcached
|
||||
- repoze.lru
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@
|
|||
[filter:debug]
|
||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
||||
|
||||
[filter:request_id]
|
||||
paste.filter_factory = oslo_middleware:RequestId.factory
|
||||
|
||||
[filter:build_auth_context]
|
||||
paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory
|
||||
|
||||
|
|
@ -39,6 +42,9 @@ paste.filter_factory = keystone.contrib.s3:S3Extension.factory
|
|||
[filter:endpoint_filter_extension]
|
||||
paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory
|
||||
|
||||
[filter:endpoint_policy_extension]
|
||||
paste.filter_factory = keystone.contrib.endpoint_policy.routers:EndpointPolicyExtension.factory
|
||||
|
||||
[filter:simple_cert_extension]
|
||||
paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory
|
||||
|
||||
|
|
@ -49,16 +55,7 @@ paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory
|
|||
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
|
||||
|
||||
[filter:sizelimit]
|
||||
paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
|
||||
|
||||
[filter:stats_monitoring]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
|
||||
|
||||
[filter:stats_reporting]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
|
||||
|
||||
[filter:access_log]
|
||||
paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
|
||||
paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
|
||||
|
||||
[app:public_service]
|
||||
paste.app_factory = keystone.service:public_app_factory
|
||||
|
|
@ -70,13 +67,19 @@ paste.app_factory = keystone.service:v3_app_factory
|
|||
paste.app_factory = keystone.service:admin_app_factory
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
|
||||
# The last item in this pipeline must be public_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
|
||||
|
||||
[pipeline:admin_api]
|
||||
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service
|
||||
# The last item in this pipeline must be admin_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service
|
||||
|
||||
[pipeline:api_v3]
|
||||
pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3
|
||||
# The last item in this pipeline must be service_v3 or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension endpoint_policy_extension service_v3
|
||||
|
||||
[app:public_version_service]
|
||||
paste.app_factory = keystone.service:public_version_app_factory
|
||||
|
|
|
|||
|
|
@ -12,49 +12,14 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import logging
|
||||
import os
|
||||
|
||||
from oslo import i18n
|
||||
from keystone.server import wsgi as wsgi_server
|
||||
|
||||
|
||||
# NOTE(dstanek): i18n.enable_lazy() must be called before
|
||||
# keystone.i18n._() is called to ensure it has the desired lazy lookup
|
||||
# behavior. This includes cases, like keystone.exceptions, where
|
||||
# keystone.i18n._() is called at import time.
|
||||
i18n.enable_lazy()
|
||||
|
||||
|
||||
from keystone import backends
|
||||
from keystone.common import dependency
|
||||
from keystone.common import environment
|
||||
from keystone.common import sql
|
||||
from keystone import config
|
||||
from keystone.openstack.common import log
|
||||
from keystone import service
|
||||
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
config.configure()
|
||||
sql.initialize()
|
||||
config.set_default_for_default_log_levels()
|
||||
|
||||
CONF(project='keystone')
|
||||
config.setup_logging()
|
||||
|
||||
environment.use_stdlib()
|
||||
name = os.path.basename(__file__)
|
||||
|
||||
if CONF.debug:
|
||||
CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)
|
||||
|
||||
|
||||
drivers = backends.load_backends()
|
||||
|
||||
# NOTE(ldbragst): 'application' is required in this context by WSGI spec.
|
||||
# The following is a reference to Python Paste Deploy documentation
|
||||
# http://pythonpaste.org/deploy/
|
||||
application = service.loadapp('config:%s' % config.find_paste_config(), name)
|
||||
|
||||
dependency.resolve_future_dependencies()
|
||||
application = wsgi_server.initialize_application(name)
|
||||
|
|
|
|||
|
|
@ -4,12 +4,9 @@
|
|||
verbose = {{ verbose }}
|
||||
debug = {{ debug }}
|
||||
admin_token = {{ keystone_auth_admin_token }}
|
||||
bind_host = {{ keystone_bind_address }}
|
||||
public_port = {{ keystone_service_port }}
|
||||
{% if keystone_public_endpoint is defined %}
|
||||
public_endpoint = {{ keystone_public_endpoint }}
|
||||
{% endif %}
|
||||
admin_port = {{ keystone_admin_port }}
|
||||
admin_endpoint = {{ keystone_service_adminuri }}
|
||||
fatal_deprecations = {{ keystone_fatal_deprecations }}
|
||||
|
||||
|
|
@ -23,40 +20,52 @@ rpc_backend = {{ keystone_rpc_backend }}
|
|||
|
||||
[memcache]
|
||||
servers = {{ keystone_memcached_servers }}
|
||||
max_compare_and_set_retry = {{ keystone_memcached_max_compare_and_set_retry }}
|
||||
|
||||
|
||||
max_compare_and_set_retry = 16
|
||||
|
||||
{% if keystone_cache_backend_argument is defined %}
|
||||
[cache]
|
||||
backend = dogpile.cache.memcached
|
||||
backend_argument = {{ keystone_cache_backend_argument }}
|
||||
config_prefix = cache.keystone
|
||||
distributed_lock = True
|
||||
expiration_time = 5400
|
||||
expiration_time = {{ keystone_cache_expiration_time }}
|
||||
enabled = true
|
||||
{% endif %}
|
||||
|
||||
|
||||
[revoke]
|
||||
expiration_buffer = 1800
|
||||
caching = true
|
||||
driver = {{ keystone_revocation_driver }}
|
||||
expiration_buffer = {{ keystone_revocation_expiration_buffer }}
|
||||
cache_time = {{ keystone_revocation_cache_time }}
|
||||
|
||||
|
||||
[auth]
|
||||
methods = {{ keystone_auth_methods }}
|
||||
|
||||
|
||||
[database]
|
||||
connection = mysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ galera_address }}/{{ keystone_galera_database }}?charset=utf8
|
||||
idle_timeout = 200
|
||||
min_pool_size = 5
|
||||
max_pool_size = 10
|
||||
pool_timeout = 200
|
||||
idle_timeout = {{ keystone_database_idle_timeout }}
|
||||
min_pool_size = {{ keystone_database_min_pool_size }}
|
||||
max_pool_size = {{ keystone_database_max_pool_size }}
|
||||
pool_timeout = {{ keystone_database_pool_timeout }}
|
||||
|
||||
|
||||
[identity]
|
||||
driver = {{ keystone_identity_driver }}
|
||||
|
||||
|
||||
[assignment]
|
||||
driver = keystone.assignment.backends.sql.Assignment
|
||||
driver = {{ keystone_assignment_driver }}
|
||||
|
||||
|
||||
[resource]
|
||||
cache_time = {{ keystone_resource_cache_time }}
|
||||
caching = true
|
||||
driver = {{ keystone_resource_driver }}
|
||||
|
||||
|
||||
{% if keystone_ldap is defined %}
|
||||
{% for section in keystone_ldap|dictsort %}
|
||||
|
|
@ -70,9 +79,14 @@ caching = true
|
|||
|
||||
[token]
|
||||
enforce_token_bind = permissive
|
||||
revocation_cache_time = 3600
|
||||
expiration = 43200
|
||||
expiration = {{ keystone_token_expiration }}
|
||||
caching = true
|
||||
cache_time = 5400
|
||||
cache_time = {{ keystone_token_cache_time }}
|
||||
provider = {{ keystone_token_provider }}
|
||||
driver = {{ keystone_token_driver }}
|
||||
|
||||
|
||||
[eventlet_server]
|
||||
admin_bind_host = {{ keystone_bind_address }}
|
||||
admin_port = {{ keystone_admin_port }}
|
||||
public_port = {{ keystone_service_port }}
|
||||
|
|
|
|||
Loading…
Reference in New Issue