Use keystone wsgi_scripts
Devstack was setting up a separate directory and copying
http/keystone.py into it for the admin and public endpoints.
Keystone now defines wsgi_scripts entrypoints so that
keystone-wsgi-admin and keystone-wsgi-public are created on
install so devstack can reference these files instead.
See http://httpd.apache.org/docs/2.4/upgrading.html#access for
the apache docs with examples for the Allow|Deny/Require
directives.
Depends-On: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
Change-Id: Ided688be62b64066d90776313c963ec5016363f2
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 6dd1ad9..4d3d2d6 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -5,7 +5,7 @@
<VirtualHost *:%PUBLICPORT%>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup keystone-public
- WSGIScriptAlias / %PUBLICWSGI%
+ WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
@@ -16,12 +16,22 @@
%SSLENGINE%
%SSLCERTFILE%
%SSLKEYFILE%
+
+ <Directory %KEYSTONE_BIN%>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
</VirtualHost>
<VirtualHost *:%ADMINPORT%>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup keystone-admin
- WSGIScriptAlias / %ADMINWSGI%
+ WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
@@ -32,6 +42,16 @@
%SSLENGINE%
%SSLCERTFILE%
%SSLKEYFILE%
+
+ <Directory %KEYSTONE_BIN%>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
</VirtualHost>
Alias /identity %PUBLICWSGI%