From ef5ebed6c9ca3d9d47fd2a732a1542555a0f65ba Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Mon, 25 Sep 2017 09:38:38 +1000 Subject: [PATCH] Remove cache dirs from the services PKI tokens have been actively deprecated from keystone and there are deprecations being emitted from keystonemiddleware. Because of this we no longer need an auth cache directory in the services where the PKI certifcates used to be stored. Remove the creation and use of all these AUTH_CACHE directories. Change-Id: I5680376e70e74882e9fdb87ee1b95d5f40570ad7 --- lib/cinder | 12 +----------- lib/glance | 16 +++------------- lib/keystone | 6 ++---- lib/neutron | 17 +++-------------- lib/neutron-legacy | 6 ++---- lib/nova | 13 ++----------- lib/swift | 7 +------ 7 files changed, 14 insertions(+), 63 deletions(-) diff --git a/lib/cinder b/lib/cinder index 07f82a1580..387fc1ac2c 100644 --- a/lib/cinder +++ b/lib/cinder @@ -51,7 +51,6 @@ else fi CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder} -CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder} CINDER_CONF_DIR=/etc/cinder CINDER_CONF=$CINDER_CONF_DIR/cinder.conf @@ -225,9 +224,8 @@ function configure_cinder { inicomment $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name inicomment $CINDER_API_PASTE_INI filter:authtoken admin_user inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password - inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir - configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR + configure_auth_token_middleware $CINDER_CONF cinder iniset $CINDER_CONF DEFAULT auth_strategy keystone iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL @@ -385,13 +383,6 @@ function create_cinder_accounts { fi } -# create_cinder_cache_dir() - Part of the init_cinder() process -function create_cinder_cache_dir { - # Create cache dir - sudo install -d -o $STACK_USER $CINDER_AUTH_CACHE_DIR - rm -f $CINDER_AUTH_CACHE_DIR/* -} - # init_cinder() - Initialize database and volume group function init_cinder { if is_service_enabled $DATABASE_BACKENDS; then @@ -420,7 +411,6 @@ function init_cinder { fi mkdir -p $CINDER_STATE_PATH/volumes - create_cinder_cache_dir } # install_cinder() - Collect source and prepare diff --git a/lib/glance b/lib/glance index 74734c7516..8241c5f9d7 100644 --- a/lib/glance +++ b/lib/glance @@ -44,7 +44,6 @@ fi GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache} GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images} GLANCE_LOCK_DIR=${GLANCE_LOCK_DIR:=$DATA_DIR/glance/locks} -GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance} GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance} GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs @@ -98,7 +97,7 @@ function is_glance_enabled { function cleanup_glance { # kill instances (nova) # delete image files (glance) - sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR + sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR } # configure_glance() - Set config files, create data dirs, etc @@ -115,7 +114,7 @@ function configure_glance { iniset $GLANCE_REGISTRY_CONF database connection $dburl iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone - configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry + configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2 iniset_rpc_backend glance $GLANCE_REGISTRY_CONF iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT" @@ -127,7 +126,7 @@ function configure_glance { iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ iniset $GLANCE_API_CONF DEFAULT lock_path $GLANCE_LOCK_DIR iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement - configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api + configure_auth_token_middleware $GLANCE_API_CONF glance iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2 iniset_rpc_backend glance $GLANCE_API_CONF if [ "$VIRT_DRIVER" = 'xenserver' ]; then @@ -279,13 +278,6 @@ function create_glance_accounts { fi } -# create_glance_cache_dir() - Part of the init_glance() process -function create_glance_cache_dir { - # Create cache dir - sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search $GLANCE_AUTH_CACHE_DIR/artifact - rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/* $GLANCE_AUTH_CACHE_DIR/artifact/* -} - # init_glance() - Initialize databases, etc. function init_glance { # Delete existing images @@ -306,8 +298,6 @@ function init_glance { # Load metadata definitions $GLANCE_BIN_DIR/glance-manage --config-file $GLANCE_CONF_DIR/glance-api.conf db_load_metadefs time_stop "dbsync" - - create_glance_cache_dir } # install_glanceclient() - Collect source and prepare diff --git a/lib/keystone b/lib/keystone index 714f089cca..7bd887ca2d 100644 --- a/lib/keystone +++ b/lib/keystone @@ -429,7 +429,7 @@ function create_service_user { # Configure the service to use the auth token middleware. # -# configure_auth_token_middleware conf_file admin_user signing_dir [section] +# configure_auth_token_middleware conf_file admin_user [section] # # section defaults to keystone_authtoken, which is where auth_token looks in # the .conf file. If the paste config file is used (api-paste.ini) then @@ -437,8 +437,7 @@ function create_service_user { function configure_auth_token_middleware { local conf_file=$1 local admin_user=$2 - local signing_dir=$3 - local section=${4:-keystone_authtoken} + local section=${3:-keystone_authtoken} iniset $conf_file $section auth_type password iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI @@ -449,7 +448,6 @@ function configure_auth_token_middleware { iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME" iniset $conf_file $section cafile $SSL_BUNDLE_FILE - iniset $conf_file $section signing_dir $signing_dir iniset $conf_file $section memcached_servers localhost:11211 } diff --git a/lib/neutron b/lib/neutron index 21c8d4c735..359f19820d 100644 --- a/lib/neutron +++ b/lib/neutron @@ -30,7 +30,6 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient NEUTRON_AGENT=${NEUTRON_AGENT:-openvswitch} NEUTRON_DIR=$DEST/neutron -NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron} NEUTRON_BIN_DIR=$(get_python_exec_prefix) NEUTRON_DHCP_BINARY="neutron-dhcp-agent" @@ -44,7 +43,6 @@ NEUTRON_L3_CONF=$NEUTRON_CONF_DIR/l3_agent.ini NEUTRON_AGENT_CONF=$NEUTRON_CONF_DIR/ NEUTRON_STATE_PATH=${NEUTRON_STATE_PATH:=$DATA_DIR/neutron} -NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron} # By default, use the ML2 plugin NEUTRON_CORE_PLUGIN=${NEUTRON_CORE_PLUGIN:-ml2} @@ -175,8 +173,8 @@ function configure_neutron_new { iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips True iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY - configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken - configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova + configure_auth_token_middleware $NEUTRON_CONF neutron keystone_authtoken + configure_auth_token_middleware $NEUTRON_CONF nova nova # Configure VXLAN # TODO(sc68cal) not hardcode? @@ -250,7 +248,7 @@ function configure_neutron_new { # TODO(dtroyer): remove the v2.0 hard code below iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI - configure_auth_token_middleware $NEUTRON_META_CONF neutron $NEUTRON_AUTH_CACHE_DIR DEFAULT + configure_auth_token_middleware $NEUTRON_META_CONF neutron DEFAULT fi # Format logging @@ -337,13 +335,6 @@ function create_neutron_accounts_new { fi } -# create_neutron_cache_dir() - Part of the init_neutron() process -function create_neutron_cache_dir { - # Create cache dir - sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR - rm -f $NEUTRON_AUTH_CACHE_DIR/* -} - # init_neutron() - Initialize databases, etc. function init_neutron_new { @@ -353,8 +344,6 @@ function init_neutron_new { # Run Neutron db migrations $NEUTRON_BIN_DIR/neutron-db-manage upgrade heads time_stop "dbsync" - - create_neutron_cache_dir } # install_neutron() - Collect source and prepare diff --git a/lib/neutron-legacy b/lib/neutron-legacy index 0ccb17c084..a0e79bc684 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -73,7 +73,6 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient NEUTRON_DIR=$DEST/neutron NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas -NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron} # Support entry points installation of console scripts if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then @@ -815,7 +814,7 @@ function _configure_neutron_service { iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES - configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova + configure_auth_token_middleware $NEUTRON_CONF nova nova # Configure plugin neutron_plugin_configure_service @@ -906,8 +905,7 @@ function _neutron_setup_keystone { local conf_file=$1 local section=$2 - create_neutron_cache_dir - configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section + configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $section } function _neutron_setup_interface_driver { diff --git a/lib/nova b/lib/nova index 1112f29bd3..dcf2a1c376 100644 --- a/lib/nova +++ b/lib/nova @@ -46,7 +46,6 @@ fi NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova} # INSTANCES_PATH is the previous name for this NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}} -NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova} NOVA_CONF_DIR=/etc/nova NOVA_CONF=$NOVA_CONF_DIR/nova.conf @@ -240,7 +239,7 @@ function cleanup_nova { sudo rm -rf $NOVA_INSTANCES_PATH/* fi - sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR + sudo rm -rf $NOVA_STATE_PATH # NOTE(dtroyer): This really should be called from here but due to the way # nova abuses the _cleanup() function we're moving it @@ -464,7 +463,7 @@ function create_nova_conf { iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT fi - configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR + configure_auth_token_middleware $NOVA_CONF nova fi if is_service_enabled cinder; then @@ -658,13 +657,6 @@ function init_nova_cells { fi } -# create_nova_cache_dir() - Part of the init_nova() process -function create_nova_cache_dir { - # Create cache dir - sudo install -d -o $STACK_USER $NOVA_AUTH_CACHE_DIR - rm -f $NOVA_AUTH_CACHE_DIR/* -} - function create_nova_conf_nova_network { local public_interface=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT} iniset $NOVA_CONF DEFAULT network_manager "nova.network.manager.$NETWORK_MANAGER" @@ -722,7 +714,6 @@ function init_nova { done fi - create_nova_cache_dir create_nova_keys_dir if [[ "$NOVA_BACKEND" == "LVM" ]]; then diff --git a/lib/swift b/lib/swift index 1601e2b1f8..ab014de909 100644 --- a/lib/swift +++ b/lib/swift @@ -48,7 +48,6 @@ fi SWIFT_DIR=$DEST/swift -SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift} SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift} SWIFT3_DIR=$DEST/swift3 @@ -450,7 +449,7 @@ function configure_swift { iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory - configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken + configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift filter:authtoken iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1 iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False @@ -745,10 +744,6 @@ function init_swift { swift-ring-builder container.builder rebalance 42 swift-ring-builder account.builder rebalance 42 } && popd >/dev/null - - # Create cache dir - sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR - rm -f $SWIFT_AUTH_CACHE_DIR/* } function install_swift {