Improve savanna keystone auth configuration

We're doing to use common keystone configuration approach - section
keystone_authtoken with config opts from the python-keystoneclient
auth_token middleware.

Change-Id: Ibbe0c76ee3b00045f5cb5134bd7661e9cef6ccdd

extras.d/70-savanna.sh

@@ -8,6 +8,7 @@ if is_service_enabled savanna; then
     elif [[ "$1" == "stack" && "$2" == "install" ]]; then
         echo_summary "Installing Savanna"
         install_savanna
+        cleanup_savanna
         if is_service_enabled horizon; then
             install_savanna_dashboard
         fi
@@ -29,4 +30,8 @@ if is_service_enabled savanna; then
             cleanup_savanna_dashboard
         fi
     fi
+
+    if [[ "$1" == "clean" ]]; then
+        cleanup_savanna
+    fi
 fi

lib/savanna

@@ -10,6 +10,7 @@
 # configure_savanna
 # start_savanna
 # stop_savanna
+# cleanup_savanna
 
 # Save trace setting
 XTRACE=$(set +o | grep xtrace)
@@ -33,6 +34,8 @@ SAVANNA_SERVICE_HOST=${SAVANNA_SERVICE_HOST:-$SERVICE_HOST}
 SAVANNA_SERVICE_PORT=${SAVANNA_SERVICE_PORT:-8386}
 SAVANNA_SERVICE_PROTOCOL=${SAVANNA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 
+SAVANNA_AUTH_CACHE_DIR=${SAVANNA_AUTH_CACHE_DIR:-/var/cache/savanna}
+
 # Support entry points installation of console scripts
 if [[ -d $SAVANNA_DIR/bin ]]; then
     SAVANNA_BIN_DIR=$SAVANNA_DIR/bin
@@ -83,6 +86,14 @@ function create_savanna_accounts() {
     fi
 }
 
+# cleanup_savanna() - Remove residual data files, anything left over from
+# previous runs that would need to clean up.
+function cleanup_savanna() {
+
+    # Cleanup auth cache dir
+    sudo rm -rf $SAVANNA_AUTH_CACHE_DIR
+}
+
 # configure_savanna() - Set config files, create data dirs, etc
 function configure_savanna() {
 
@@ -94,9 +105,27 @@ function configure_savanna() {
     # Copy over savanna configuration file and configure common parameters.
     cp $SAVANNA_DIR/etc/savanna/savanna.conf.sample $SAVANNA_CONF_FILE
 
+    # Create auth cache dir
+    sudo mkdir -p $SAVANNA_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $SAVANNA_AUTH_CACHE_DIR
+    rm -rf $SAVANNA_AUTH_CACHE_DIR/*
+
+    # Set obsolete keystone auth configs for backward compatibility
+    iniset $SAVANNA_CONF_FILE DEFAULT os_auth_host $KEYSTONE_SERVICE_HOST
+    iniset $SAVANNA_CONF_FILE DEFAULT os_auth_port $KEYSTONE_SERVICE_PORT
+    iniset $SAVANNA_CONF_FILE DEFAULT os_auth_protocol $KEYSTONE_SERVICE_PROTOCOL
     iniset $SAVANNA_CONF_FILE DEFAULT os_admin_password $SERVICE_PASSWORD
     iniset $SAVANNA_CONF_FILE DEFAULT os_admin_username savanna
     iniset $SAVANNA_CONF_FILE DEFAULT os_admin_tenant_name $SERVICE_TENANT_NAME
+
+    # Set actual keystone auth configs
+    iniset $SAVANNA_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
+    iniset $SAVANNA_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+    iniset $SAVANNA_CONF_FILE keystone_authtoken admin_user savanna
+    iniset $SAVANNA_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
+    iniset $SAVANNA_CONF_FILE keystone_authtoken signing_dir $SAVANNA_AUTH_CACHE_DIR
+    iniset $SAVANNA_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
+
     iniset $SAVANNA_CONF_FILE DEFAULT debug $SAVANNA_DEBUG
 
     iniset $SAVANNA_CONF_FILE database connection `database_connection_url savanna`