openstack/devstack
Code Issues Proposed changes

Try to remove /identity_admin

Browse Source 
We should be able to operate without the identity admin endpoint,
given that in v3 it's all the same. This floats that out there to see
if we can or not.

Change-Id: Ic233f6b43dd1e3cfdadff0f18aba4ea78825a996
This commit is contained in:
Sean Dague 2017-04-19 16:22:42 -04:00
parent 38d4782c9f
commit bb4431126b
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/keystone
View File

@ -113,8 +113,9 @@ if is_service_enabled tls-proxy; then
KEYSTONE_SERVICE_PROTOCOL="https" KEYSTONE_SERVICE_PROTOCOL="https"
fi fi
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_admin
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
# for compat
KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI
# V3 URIs # V3 URIs
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3 KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
@ -141,6 +142,7 @@ function is_keystone_enabled {
# runs that a clean run would need to clean up # runs that a clean run would need to clean up
function cleanup_keystone { function cleanup_keystone {
if [[ "$WSGI_MODE" == "uwsgi" ]]; then if [[ "$WSGI_MODE" == "uwsgi" ]]; then
# TODO: remove admin at pike-2
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
sudo rm -f $(apache_site_config_for keystone-wsgi-public) sudo rm -f $(apache_site_config_for keystone-wsgi-public)
@ -543,11 +545,7 @@ function start_keystone {
tail_log key /var/log/$APACHE_NAME/keystone.log tail_log key /var/log/$APACHE_NAME/keystone.log
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
else # uwsgi else # uwsgi
# TODO(sdague): we should really get down to a single keystone here run_process keystone "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
enable_service key-p
enable_service key-a
run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" ""
fi fi
echo "Waiting for keystone to start..." echo "Waiting for keystone to start..."
@ -578,9 +576,9 @@ function stop_keystone {
disable_apache_site keystone disable_apache_site keystone
restart_apache_server restart_apache_server
else else
stop_process key-p stop_process keystone
stop_process key-a
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
# TODO(remove in at pike-2)
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
fi fi
# Kill the Keystone screen window # Kill the Keystone screen window

4
lib/tempest
View File

@ -278,6 +278,10 @@ function configure_tempest {
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
fi fi
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3} iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
if [[ "$TEMPEST_AUTH_VERSION" != "v2.0" ]]; then
# we're going to disable v2 admin unless we're using v2.0 by default.
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2_admin False
fi
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE