Remove cache dirs from the services

PKI tokens have been actively deprecated from keystone and there are deprecations being emitted from keystonemiddleware. Because of this we no longer need an auth cache directory in the services where the PKI certifcates used to be stored. Remove the creation and use of all these AUTH_CACHE directories. Change-Id: I5680376e70e74882e9fdb87ee1b95d5f40570ad7
2017-09-25 09:38:38 +10:00 · 2017-09-25 09:38:38 +10:00 · ef5ebed6c9
commit ef5ebed6c9
parent e8190c414e
7 changed files with 14 additions and 63 deletions
--- a/lib/cinder
+++ b/lib/cinder
@ -51,7 +51,6 @@ else
 fi
 CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
 CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
 CINDER_CONF_DIR=/etc/cinder
 CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
@ -225,9 +224,8 @@ function configure_cinder {
    inicomment $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name
    inicomment $CINDER_API_PASTE_INI filter:authtoken admin_user
    inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
    inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
-    configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR
+    configure_auth_token_middleware $CINDER_CONF cinder
    iniset $CINDER_CONF DEFAULT auth_strategy keystone
    iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@ -385,13 +383,6 @@ function create_cinder_accounts {
    fi
 }
 # create_cinder_cache_dir() - Part of the init_cinder() process
 function create_cinder_cache_dir {
    # Create cache dir
    sudo install -d -o $STACK_USER $CINDER_AUTH_CACHE_DIR
    rm -f $CINDER_AUTH_CACHE_DIR/*
 }
 # init_cinder() - Initialize database and volume group
 function init_cinder {
    if is_service_enabled $DATABASE_BACKENDS; then
@ -420,7 +411,6 @@ function init_cinder {
    fi
    mkdir -p $CINDER_STATE_PATH/volumes
    create_cinder_cache_dir
 }
 # install_cinder() - Collect source and prepare
--- a/lib/glance
+++ b/lib/glance
@ -44,7 +44,6 @@ fi
 GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
 GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
 GLANCE_LOCK_DIR=${GLANCE_LOCK_DIR:=$DATA_DIR/glance/locks}
 GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
 GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
 GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
@ -98,7 +97,7 @@ function is_glance_enabled {
 function cleanup_glance {
    # kill instances (nova)
    # delete image files (glance)
-    sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR
+    sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR
 }
 # configure_glance() - Set config files, create data dirs, etc
@ -115,7 +114,7 @@ function configure_glance {
    iniset $GLANCE_REGISTRY_CONF database connection $dburl
    iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
    iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
-    configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
+    configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance
    iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2
    iniset_rpc_backend glance $GLANCE_REGISTRY_CONF
    iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
@ -127,7 +126,7 @@ function configure_glance {
    iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
    iniset $GLANCE_API_CONF DEFAULT lock_path $GLANCE_LOCK_DIR
    iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
-    configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
+    configure_auth_token_middleware $GLANCE_API_CONF glance
    iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2
    iniset_rpc_backend glance $GLANCE_API_CONF
    if [ "$VIRT_DRIVER" = 'xenserver' ]; then
@ -279,13 +278,6 @@ function create_glance_accounts {
    fi
 }
 # create_glance_cache_dir() - Part of the init_glance() process
 function create_glance_cache_dir {
    # Create cache dir
    sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search $GLANCE_AUTH_CACHE_DIR/artifact
    rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/* $GLANCE_AUTH_CACHE_DIR/artifact/*
 }
 # init_glance() - Initialize databases, etc.
 function init_glance {
    # Delete existing images
@ -306,8 +298,6 @@ function init_glance {
    # Load metadata definitions
    $GLANCE_BIN_DIR/glance-manage --config-file $GLANCE_CONF_DIR/glance-api.conf db_load_metadefs
    time_stop "dbsync"
    create_glance_cache_dir
 }
 # install_glanceclient() - Collect source and prepare
--- a/lib/keystone
+++ b/lib/keystone
@ -429,7 +429,7 @@ function create_service_user {
 # Configure the service to use the auth token middleware.
 #
-# configure_auth_token_middleware conf_file admin_user signing_dir [section]
+# configure_auth_token_middleware conf_file admin_user [section]
 #
 # section defaults to keystone_authtoken, which is where auth_token looks in
 # the .conf file. If the paste config file is used (api-paste.ini) then
@ -437,8 +437,7 @@ function create_service_user {
 function configure_auth_token_middleware {
    local conf_file=$1
    local admin_user=$2
-    local signing_dir=$3
+    local section=${3:-keystone_authtoken}
    local section=${4:-keystone_authtoken}
    iniset $conf_file $section auth_type password
    iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
@ -449,7 +448,6 @@ function configure_auth_token_middleware {
    iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
    iniset $conf_file $section cafile $SSL_BUNDLE_FILE
    iniset $conf_file $section signing_dir $signing_dir
    iniset $conf_file $section memcached_servers localhost:11211
 }
--- a/lib/neutron
+++ b/lib/neutron
@ -30,7 +30,6 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient
 NEUTRON_AGENT=${NEUTRON_AGENT:-openvswitch}
 NEUTRON_DIR=$DEST/neutron
 NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
 NEUTRON_BIN_DIR=$(get_python_exec_prefix)
 NEUTRON_DHCP_BINARY="neutron-dhcp-agent"
@ -44,7 +43,6 @@ NEUTRON_L3_CONF=$NEUTRON_CONF_DIR/l3_agent.ini
 NEUTRON_AGENT_CONF=$NEUTRON_CONF_DIR/
 NEUTRON_STATE_PATH=${NEUTRON_STATE_PATH:=$DATA_DIR/neutron}
 NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
 # By default, use the ML2 plugin
 NEUTRON_CORE_PLUGIN=${NEUTRON_CORE_PLUGIN:-ml2}
@ -175,8 +173,8 @@ function configure_neutron_new {
        iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips True
        iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY
-        configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken
+        configure_auth_token_middleware $NEUTRON_CONF neutron keystone_authtoken
-        configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova
+        configure_auth_token_middleware $NEUTRON_CONF nova nova
        # Configure VXLAN
        # TODO(sc68cal) not hardcode?
@ -250,7 +248,7 @@ function configure_neutron_new {
        # TODO(dtroyer): remove the v2.0 hard code below
        iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
-        configure_auth_token_middleware $NEUTRON_META_CONF neutron $NEUTRON_AUTH_CACHE_DIR DEFAULT
+        configure_auth_token_middleware $NEUTRON_META_CONF neutron DEFAULT
    fi
    # Format logging
@ -337,13 +335,6 @@ function create_neutron_accounts_new {
    fi
 }
 # create_neutron_cache_dir() - Part of the init_neutron() process
 function create_neutron_cache_dir {
    # Create cache dir
    sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR
    rm -f $NEUTRON_AUTH_CACHE_DIR/*
 }
 # init_neutron() - Initialize databases, etc.
 function init_neutron_new {
@ -353,8 +344,6 @@ function init_neutron_new {
    # Run Neutron db migrations
    $NEUTRON_BIN_DIR/neutron-db-manage upgrade heads
    time_stop "dbsync"
    create_neutron_cache_dir
 }
 # install_neutron() - Collect source and prepare
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@ -73,7 +73,6 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient
 NEUTRON_DIR=$DEST/neutron
 NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
 NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
 # Support entry points installation of console scripts
 if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then
@ -815,7 +814,7 @@ function _configure_neutron_service {
    iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
    iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
-    configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova
+    configure_auth_token_middleware $NEUTRON_CONF nova nova
    # Configure plugin
    neutron_plugin_configure_service
@ -906,8 +905,7 @@ function _neutron_setup_keystone {
    local conf_file=$1
    local section=$2
-    create_neutron_cache_dir
+    configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $section
    configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
 }
 function _neutron_setup_interface_driver {
--- a/lib/nova
+++ b/lib/nova
@ -46,7 +46,6 @@ fi
 NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}
 # INSTANCES_PATH is the previous name for this
 NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}
 NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova}
 NOVA_CONF_DIR=/etc/nova
 NOVA_CONF=$NOVA_CONF_DIR/nova.conf
@ -240,7 +239,7 @@ function cleanup_nova {
        sudo rm -rf $NOVA_INSTANCES_PATH/*
    fi
-    sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR
+    sudo rm -rf $NOVA_STATE_PATH
    # NOTE(dtroyer): This really should be called from here but due to the way
    #                nova abuses the _cleanup() function we're moving it
@ -464,7 +463,7 @@ function create_nova_conf {
            iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT
        fi
-        configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR
+        configure_auth_token_middleware $NOVA_CONF nova
    fi
    if is_service_enabled cinder; then
@ -658,13 +657,6 @@ function init_nova_cells {
    fi
 }
 # create_nova_cache_dir() - Part of the init_nova() process
 function create_nova_cache_dir {
    # Create cache dir
    sudo install -d -o $STACK_USER $NOVA_AUTH_CACHE_DIR
    rm -f $NOVA_AUTH_CACHE_DIR/*
 }
 function create_nova_conf_nova_network {
    local public_interface=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT}
    iniset $NOVA_CONF DEFAULT network_manager "nova.network.manager.$NETWORK_MANAGER"
@ -722,7 +714,6 @@ function init_nova {
        done
    fi
    create_nova_cache_dir
    create_nova_keys_dir
    if [[ "$NOVA_BACKEND" == "LVM" ]]; then
--- a/lib/swift
+++ b/lib/swift
@ -48,7 +48,6 @@ fi
 SWIFT_DIR=$DEST/swift
 SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
 SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
 SWIFT3_DIR=$DEST/swift3
@ -450,7 +449,7 @@ function configure_swift {
    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
-    configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
+    configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift filter:authtoken
    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
    iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False
@ -745,10 +744,6 @@ function init_swift {
        swift-ring-builder container.builder rebalance 42
        swift-ring-builder account.builder rebalance 42
    } && popd >/dev/null
    # Create cache dir
    sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR
    rm -f $SWIFT_AUTH_CACHE_DIR/*
 }
 function install_swift {