Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Improve savanna keystone auth configuration

We're doing to use common keystone configuration approach - section
keystone_authtoken with config opts from the python-keystoneclient
auth_token middleware.

Change-Id: Ibbe0c76ee3b00045f5cb5134bd7661e9cef6ccdd
  • Loading branch information...
commit de2057290a368e339cb66a8a61d483c90f964089 1 parent 2dcc774
@Frostman Frostman authored
Showing with 34 additions and 0 deletions.
  1. +5 −0 extras.d/70-savanna.sh
  2. +29 −0 lib/savanna
View
5 extras.d/70-savanna.sh
@@ -8,6 +8,7 @@ if is_service_enabled savanna; then
elif [[ "$1" == "stack" && "$2" == "install" ]]; then
echo_summary "Installing Savanna"
install_savanna
+ cleanup_savanna
if is_service_enabled horizon; then
install_savanna_dashboard
fi
@@ -29,4 +30,8 @@ if is_service_enabled savanna; then
cleanup_savanna_dashboard
fi
fi
+
+ if [[ "$1" == "clean" ]]; then
+ cleanup_savanna
+ fi
fi
View
29 lib/savanna
@@ -10,6 +10,7 @@
# configure_savanna
# start_savanna
# stop_savanna
+# cleanup_savanna
# Save trace setting
XTRACE=$(set +o | grep xtrace)
@@ -33,6 +34,8 @@ SAVANNA_SERVICE_HOST=${SAVANNA_SERVICE_HOST:-$SERVICE_HOST}
SAVANNA_SERVICE_PORT=${SAVANNA_SERVICE_PORT:-8386}
SAVANNA_SERVICE_PROTOCOL=${SAVANNA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
+SAVANNA_AUTH_CACHE_DIR=${SAVANNA_AUTH_CACHE_DIR:-/var/cache/savanna}
+
# Support entry points installation of console scripts
if [[ -d $SAVANNA_DIR/bin ]]; then
SAVANNA_BIN_DIR=$SAVANNA_DIR/bin
@@ -83,6 +86,14 @@ function create_savanna_accounts() {
fi
}
+# cleanup_savanna() - Remove residual data files, anything left over from
+# previous runs that would need to clean up.
+function cleanup_savanna() {
+
+ # Cleanup auth cache dir
+ sudo rm -rf $SAVANNA_AUTH_CACHE_DIR
+}
+
# configure_savanna() - Set config files, create data dirs, etc
function configure_savanna() {
@@ -94,9 +105,27 @@ function configure_savanna() {
# Copy over savanna configuration file and configure common parameters.
cp $SAVANNA_DIR/etc/savanna/savanna.conf.sample $SAVANNA_CONF_FILE
+ # Create auth cache dir
+ sudo mkdir -p $SAVANNA_AUTH_CACHE_DIR
+ sudo chown $STACK_USER $SAVANNA_AUTH_CACHE_DIR
+ rm -rf $SAVANNA_AUTH_CACHE_DIR/*
+
+ # Set obsolete keystone auth configs for backward compatibility
+ iniset $SAVANNA_CONF_FILE DEFAULT os_auth_host $KEYSTONE_SERVICE_HOST
+ iniset $SAVANNA_CONF_FILE DEFAULT os_auth_port $KEYSTONE_SERVICE_PORT
+ iniset $SAVANNA_CONF_FILE DEFAULT os_auth_protocol $KEYSTONE_SERVICE_PROTOCOL
iniset $SAVANNA_CONF_FILE DEFAULT os_admin_password $SERVICE_PASSWORD
iniset $SAVANNA_CONF_FILE DEFAULT os_admin_username savanna
iniset $SAVANNA_CONF_FILE DEFAULT os_admin_tenant_name $SERVICE_TENANT_NAME
+
+ # Set actual keystone auth configs
+ iniset $SAVANNA_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
+ iniset $SAVANNA_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+ iniset $SAVANNA_CONF_FILE keystone_authtoken admin_user savanna
+ iniset $SAVANNA_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
+ iniset $SAVANNA_CONF_FILE keystone_authtoken signing_dir $SAVANNA_AUTH_CACHE_DIR
+ iniset $SAVANNA_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
+
iniset $SAVANNA_CONF_FILE DEFAULT debug $SAVANNA_DEBUG
iniset $SAVANNA_CONF_FILE database connection `database_connection_url savanna`
Please sign in to comment.
Something went wrong with that request. Please try again.