x/surveil
Code Issues Proposed changes

Fixed keystone authentication vars

Browse Source 
Change-Id: Ic4f9ca960ffab7a32ad16c54f130773d7d4a5189
This commit is contained in:
aviau 2015-05-07 09:44:24 -04:00
parent 3949c048ba
commit 4f840627e3
4 changed files with 17 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile
View File

@ -35,9 +35,11 @@ RUN cd /opt/surveil && python setup.py develop
#Set to 'surveil' or 'keystone' #Set to 'surveil' or 'keystone'
ENV SURVEIL_AUTH_BACKEND=surveil ENV SURVEIL_AUTH_BACKEND=surveil
ENV SURVEIL_KEYSTONE_ENDPOINT=http://198.72.123.131:5000/v2.0/ ENV SURVEIL_KEYSTONE_HOST=198.72.123.131
ENV SURVEIL_KEYSTONE_USERNAME=admin ENV SURVEIL_KEYSTONE_AUTH_PROTOCOL=http
ENV SURVEIL_KEYSTONE_PASSWORD=password ENV SURVEIL_KEYSTONE_ADMIN_USER=admin
ENV SURVEIL_KEYSTONE_ADMIN_PASSWORD=password
ENV SURVEIL_KEYSTONE_ADMIN_TENANT_NAME=admin
CMD cd /opt/surveil && \ CMD cd /opt/surveil && \
./setup.sh && \ ./setup.sh && \

6
docker-compose-production.yml
View File

@ -10,7 +10,11 @@ surveil:
environment: environment:
PBR_VERSION: "PROD" PBR_VERSION: "PROD"
#SURVEIL_AUTH_BACKEND: "keystone" #SURVEIL_AUTH_BACKEND: "keystone"
#SURVEIL_KEYSTONE_ENDPOINT: "http://198.72.123.131:5000/v2.0/" #SURVEIL_KEYSTONE_HOST: "198.72.123.131"
#SURVEIL_KEYSTONE_AUTH_PROTOCOL: "http"
#SURVEIL_KEYSTONE_ADMIN_USER: "admin"
#SURVEIL_KEYSTONE_ADMIN_PASSWORD: "password"
#SURVEIL_KEYSTONE_ADMIN_TENANT_NAME: "admin"
shinken: shinken:
#build: tools/docker/shinken_container/ #build: tools/docker/shinken_container/

115
etc/surveil/api_paste.ini
View File

@ -14,120 +14,9 @@ paste.filter_factory = surveil.api.authmiddleware.auth:filter_factory
[filter:authtoken] [filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory paste.filter_factory = keystonemiddleware.auth_token:filter_factory
# Prefix to prepend at the beginning of the path (string # Keystone auth settings
# value) auth_host=198.72.123.131
#auth_admin_prefix=
# Host providing the admin Identity API endpoint (string
# value)
#auth_host=198.72.123.131
# Port of the admin Identity API endpoint (integer value)
#auth_port=5000
# Protocol of the admin Identity API endpoint(http or https)
# (string value)
auth_protocol=http auth_protocol=http
# Complete public Identity API endpoint (string value)
auth_uri=http://198.72.123.131:5000/v2.0/
# API version of the admin Identity API endpoint (string
# value)
#auth_version=<None>
# Do not handle authorization requests within the middleware,
# but delegate the authorization decision to downstream WSGI
# components (boolean value)
#delay_auth_decision=false
# Request timeout value for communicating with Identity API
# server. (boolean value)
#http_connect_timeout=<None>
# How many times are we trying to reconnect when communicating
# with Identity API Server. (integer value)
#http_request_max_retries=3
# Single shared secret with the Keystone configuration used
# for bootstrapping a Keystone installation, or otherwise
# bypassing the normal authentication process. (string value)
#admin_token=<None>
# Keystone account username (string value)
admin_user=admin admin_user=admin
# Keystone account password (string value)
admin_password=password admin_password=password
# Keystone service account tenant name to validate user tokens
# (string value)
admin_tenant_name=admin admin_tenant_name=admin
# Env key for the swift cache (string value)
#cache=<None>
# Required if Keystone server requires client certificate
# (string value)
#certfile=<None>
# Required if Keystone server requires client certificate
# (string value)
#keyfile=<None>
# A PEM encoded Certificate Authority to use when verifying
# HTTPs connections. Defaults to system CAs. (string value)
#cafile=<None>
# Verify HTTPS connections. (boolean value)
#insecure=false
# Directory used to cache files related to PKI tokens (string
# value)
#signing_dir=<None>
# If defined, the memcache server(s) to use for caching (list
# value)
# Deprecated group/name - [DEFAULT]/memcache_servers
#memcached_servers=<None>
# In order to prevent excessive requests and validations, the
# middleware uses an in-memory cache for the tokens the
# Keystone API returns. This is only valid if memcache_servers
# is defined. Set to -1 to disable caching completely.
# (integer value)
#token_cache_time=300
# Value only used for unit testing (integer value)
#revocation_cache_time=1
# (optional) if defined, indicate whether token data should be
# authenticated or authenticated and encrypted. Acceptable
# values are MAC or ENCRYPT. If MAC, token data is
# authenticated (with HMAC) in the cache. If ENCRYPT, token
# data is encrypted and authenticated in the cache. If the
# value is not one of these options or empty, auth_token will
# raise an exception on initialization. (string value)
#memcache_security_strategy=<None>
# (optional, mandatory if memcache_security_strategy is
# defined) this string is used for key derivation. (string
# value)
#memcache_secret_key=<None>
# (optional) indicate whether to set the X-Service-Catalog
# header. If False, middleware will not ask for service
# catalog on token validation and will not set the X-Service-
# Catalog header. (boolean value)
#include_service_catalog=true
# Used to control the use and type of token binding. Can be
# set to: "disabled" to not check token binding. "permissive"
# (default) to validate binding information if the bind type
# is of a form known to the server and ignore it if not.
# "strict" like "permissive" but if the bind type is unknown
# the token will be rejected. "required" any form of token
# binding is needed to be allowed. Finally the name of a
# binding method that must be present in tokens. (string
# value)
#enforce_token_bind=permissive

8
tools/docker/surveil_container/setup.sh
View File

@ -7,9 +7,11 @@ function setup_surveil_api {
else else
echo -e "=> Setting up Surveil API for keystone authentication..." echo -e "=> Setting up Surveil API for keystone authentication..."
sed -i "s|pipeline =.*|pipeline = authtoken api-server|" /etc/surveil/api_paste.ini sed -i "s|pipeline =.*|pipeline = authtoken api-server|" /etc/surveil/api_paste.ini
sed -i "s|auth_uri=.*|auth_uri=${SURVEIL_KEYSTONE_ENDPOINT}|" /etc/surveil/api_paste.ini sed -i "s|auth_protocol=.*|auth_protocol=${SURVEIL_KEYSTONE_AUTH_PROTOCOL}|" /etc/surveil/api_paste.ini
sed -i "s|admin_user=.*|admin_user=${SURVEIL_KEYSTONE_USERNAME}|" /etc/surveil/api_paste.ini sed -i "s|auth_host=.*|auth_host=${SURVEIL_KEYSTONE_HOST}|" /etc/surveil/api_paste.ini
sed -i "s|admin_password=.*|admin_password=${SURVEIL_KEYSTONE_PASSWORD}|" /etc/surveil/api_paste.ini sed -i "s|admin_user=.*|admin_user=${SURVEIL_KEYSTONE_ADMIN_USER}|" /etc/surveil/api_paste.ini
sed -i "s|admin_password=.*|admin_password=${SURVEIL_KEYSTONE_ADMIN_PASSWORD}|" /etc/surveil/api_paste.ini
sed -i "s|admin_tenant_name=.*|admin_tenant_name=${SURVEIL_KEYSTONE_ADMIN_TENANT_NAME}|" /etc/surveil/api_paste.ini
fi fi
} }