openstack/openstack-helm
Code Issues Proposed changes

Keystone: Disable v2 api

Browse Source 
This PS disables the v2 keystone API, and finishes the migration to
full v3 support.

Change-Id: I3021ebe0bee668db9f28e7fb18e2d4b26172f209
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Pete Birley 2018-08-02 23:21:09 -05:00 committed by Pete Birley
parent fe8c56e778
commit 5f349ae653
22 changed files with 2 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
barbican/values.yaml
View File

@ -546,8 +546,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
ceilometer/values.yaml
View File

@ -1707,8 +1707,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: 'http'
port:

2
ceph-client/values.yaml
View File

@ -451,8 +451,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
cinder/values.yaml
View File

@ -1070,8 +1070,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
congress/values.yaml
View File

@ -245,8 +245,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
glance/values.yaml
View File

@ -575,8 +575,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
gnocchi/values.yaml
View File

@ -486,8 +486,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: 'http'
port:

2
heat/values.yaml
View File

@ -812,8 +812,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: 'http'
port:

2
ironic/values.yaml
View File

@ -400,8 +400,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
keystone/templates/bin/_keystone-api.sh.tpl
View File

@ -22,7 +22,7 @@ COMMAND="${@:-start}"
function start () {
for KEYSTONE_WSGI_SCRIPT in keystone-wsgi-public keystone-wsgi-admin; do
for KEYSTONE_WSGI_SCRIPT in keystone-wsgi-public; do
cp -a $(type -p ${KEYSTONE_WSGI_SCRIPT}) /var/www/cgi-bin/keystone/
done

5
keystone/templates/deployment-api.yaml
View File

@ -66,13 +66,8 @@ spec:
- stop
ports:
{{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $portAdm := tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: ks-pub
containerPort: {{ $portInt }}
{{- if not ( eq $portInt $portAdm ) }}
- name: ks-adm
containerPort: {{ $portAdm }}
{{- end }}
readinessProbe:
httpGet:
scheme: HTTP

56
keystone/templates/etc/_wsgi-keystone.conf.tpl
View File

@ -15,12 +15,8 @@ limitations under the License.
*/}}
{{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $portAdm := tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen 0.0.0.0:{{ $portInt }}
{{- if not ( eq $portInt $portAdm ) }}
Listen 0.0.0.0:{{ $portAdm }}
{{- end }}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
@ -44,55 +40,3 @@ CustomLog /dev/stdout proxy env=forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
</VirtualHost>
{{- if not ( eq $portInt $portAdm ) }}
<VirtualHost *:{{ $portAdm }}>
WSGIDaemonProcess keystone-admin processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /dev/stderr
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
</VirtualHost>
{{- else }}
WSGIDaemonProcess keystone-admin processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /dev/stderr
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
{{- end }}
Alias /identity /var/www/cgi-bin/keystone/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
Alias /identity_admin /var/www/cgi-bin/keystone/keystone-wsgi-admin
<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>

8
keystone/templates/service-api.yaml
View File

@ -24,19 +24,11 @@ metadata:
spec:
ports:
{{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $portAdm := tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: ks-pub
port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}
{{- if not ( eq $portInt $portAdm ) }}
- name: ks-adm
port: {{ tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.admin.node_port.enabled }}
nodePort: {{ .Values.network.admin.node_port.port }}
{{ end }}
{{- end }}
selector:
{{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if or (.Values.network.api.node_port.enabled) (.Values.network.admin.node_port.enabled) }}

8
keystone/values.yaml
View File

@ -402,10 +402,6 @@ conf:
use: egg:keystone#service_v3
app:admin_service:
use: egg:keystone#admin_service
pipeline:public_api:
pipeline: cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
pipeline:admin_api:
pipeline: cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
pipeline:api_v3:
pipeline: cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
app:public_version_service:
@ -418,12 +414,10 @@ conf:
pipeline: cors sizelimit osprofiler url_normalize admin_version_service
composite:main:
use: egg:Paste#urlmap
/v2.0: public_api
/v3: api_v3
/: public_version_api
composite:admin:
use: egg:Paste#urlmap
/v2.0: admin_api
/v3: api_v3
/: admin_version_api
policy:
@ -927,8 +921,6 @@ endpoints:
# key: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
magnum/values.yaml
View File

@ -358,8 +358,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
mistral/values.yaml
View File

@ -242,8 +242,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
neutron/values.yaml
View File

@ -1776,8 +1776,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
nova/values.yaml
View File

@ -1786,8 +1786,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
rally/values.yaml
View File

@ -255,8 +255,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
senlin/values.yaml
View File

@ -407,8 +407,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
tempest/values.yaml
View File

@ -250,8 +250,6 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:

2
tools/deployment/common/setup-client.sh
View File

@ -32,7 +32,7 @@ clouds:
project_name: 'admin'
project_domain_name: 'default'
user_domain_name: 'default'
auth_url: 'http://keystone.openstack.svc.cluster.local/identity/v3'
auth_url: 'http://keystone.openstack.svc.cluster.local/v3'
EOF
#NOTE: Build charts