From de2057290a368e339cb66a8a61d483c90f964089 Mon Sep 17 00:00:00 2001 From: Sergey Lukjanov Date: Wed, 19 Feb 2014 14:00:42 +0400 Subject: [PATCH] Improve savanna keystone auth configuration We're doing to use common keystone configuration approach - section keystone_authtoken with config opts from the python-keystoneclient auth_token middleware. Change-Id: Ibbe0c76ee3b00045f5cb5134bd7661e9cef6ccdd --- extras.d/70-savanna.sh | 5 +++++ lib/savanna | 29 +++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/extras.d/70-savanna.sh b/extras.d/70-savanna.sh index 6bbe113fa7..edc1376deb 100644 --- a/extras.d/70-savanna.sh +++ b/extras.d/70-savanna.sh @@ -8,6 +8,7 @@ if is_service_enabled savanna; then elif [[ "$1" == "stack" && "$2" == "install" ]]; then echo_summary "Installing Savanna" install_savanna + cleanup_savanna if is_service_enabled horizon; then install_savanna_dashboard fi @@ -29,4 +30,8 @@ if is_service_enabled savanna; then cleanup_savanna_dashboard fi fi + + if [[ "$1" == "clean" ]]; then + cleanup_savanna + fi fi diff --git a/lib/savanna b/lib/savanna index 43c5e386fe..954f0e711e 100644 --- a/lib/savanna +++ b/lib/savanna @@ -10,6 +10,7 @@ # configure_savanna # start_savanna # stop_savanna +# cleanup_savanna # Save trace setting XTRACE=$(set +o | grep xtrace) @@ -33,6 +34,8 @@ SAVANNA_SERVICE_HOST=${SAVANNA_SERVICE_HOST:-$SERVICE_HOST} SAVANNA_SERVICE_PORT=${SAVANNA_SERVICE_PORT:-8386} SAVANNA_SERVICE_PROTOCOL=${SAVANNA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} +SAVANNA_AUTH_CACHE_DIR=${SAVANNA_AUTH_CACHE_DIR:-/var/cache/savanna} + # Support entry points installation of console scripts if [[ -d $SAVANNA_DIR/bin ]]; then SAVANNA_BIN_DIR=$SAVANNA_DIR/bin @@ -83,6 +86,14 @@ function create_savanna_accounts() { fi } +# cleanup_savanna() - Remove residual data files, anything left over from +# previous runs that would need to clean up. +function cleanup_savanna() { + + # Cleanup auth cache dir + sudo rm -rf $SAVANNA_AUTH_CACHE_DIR +} + # configure_savanna() - Set config files, create data dirs, etc function configure_savanna() { @@ -94,9 +105,27 @@ function configure_savanna() { # Copy over savanna configuration file and configure common parameters. cp $SAVANNA_DIR/etc/savanna/savanna.conf.sample $SAVANNA_CONF_FILE + # Create auth cache dir + sudo mkdir -p $SAVANNA_AUTH_CACHE_DIR + sudo chown $STACK_USER $SAVANNA_AUTH_CACHE_DIR + rm -rf $SAVANNA_AUTH_CACHE_DIR/* + + # Set obsolete keystone auth configs for backward compatibility + iniset $SAVANNA_CONF_FILE DEFAULT os_auth_host $KEYSTONE_SERVICE_HOST + iniset $SAVANNA_CONF_FILE DEFAULT os_auth_port $KEYSTONE_SERVICE_PORT + iniset $SAVANNA_CONF_FILE DEFAULT os_auth_protocol $KEYSTONE_SERVICE_PROTOCOL iniset $SAVANNA_CONF_FILE DEFAULT os_admin_password $SERVICE_PASSWORD iniset $SAVANNA_CONF_FILE DEFAULT os_admin_username savanna iniset $SAVANNA_CONF_FILE DEFAULT os_admin_tenant_name $SERVICE_TENANT_NAME + + # Set actual keystone auth configs + iniset $SAVANNA_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/ + iniset $SAVANNA_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME + iniset $SAVANNA_CONF_FILE keystone_authtoken admin_user savanna + iniset $SAVANNA_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD + iniset $SAVANNA_CONF_FILE keystone_authtoken signing_dir $SAVANNA_AUTH_CACHE_DIR + iniset $SAVANNA_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA + iniset $SAVANNA_CONF_FILE DEFAULT debug $SAVANNA_DEBUG iniset $SAVANNA_CONF_FILE database connection `database_connection_url savanna`