Use identity_uri instead of auth fragments
auth_token middleware now accepts a standard URL string as the parameter
identity_uri instead of specifying protocol etc individually. Change the
services over to use this.
Also changes over some other places in which the auth fragments are used
individually to the new variables and fixes up some misconfigurations of
auth_token.
identity_uri option was release in keystoneclient 0.8.0
Change-Id: Iac13bc3d08c524a6a0f39cdfbc1009e2f5c45c2a
diff --git a/lib/ceilometer b/lib/ceilometer
index a4be7af..286f199 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -164,9 +164,7 @@
iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD
iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME
- iniset $CEILOMETER_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $CEILOMETER_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $CEILOMETER_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $CEILOMETER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $CEILOMETER_CONF keystone_authtoken admin_user ceilometer
iniset $CEILOMETER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $CEILOMETER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
diff --git a/lib/cinder b/lib/cinder
index d5ee17e..4183676 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -233,9 +233,7 @@
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
- iniset $CINDER_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $CINDER_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $CINDER_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $CINDER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $CINDER_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $CINDER_CONF keystone_authtoken admin_user cinder
diff --git a/lib/glance b/lib/glance
index 51e4399..4eb0ada 100644
--- a/lib/glance
+++ b/lib/glance
@@ -89,9 +89,7 @@
iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $GLANCE_REGISTRY_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
configure_API_version $GLANCE_REGISTRY_CONF $IDENTITY_API_VERSION
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
@@ -107,9 +105,7 @@
iniset $GLANCE_API_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
- iniset $GLANCE_API_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $GLANCE_API_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $GLANCE_API_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $GLANCE_API_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
configure_API_version $GLANCE_API_CONF $IDENTITY_API_VERSION
iniset $GLANCE_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
@@ -128,7 +124,7 @@
# Store the images in swift if enabled.
if is_service_enabled s-proxy; then
iniset $GLANCE_API_CONF DEFAULT default_store swift
- iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/
+ iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_URI/v2.0/
iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance-swift
iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD
iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True
@@ -147,7 +143,7 @@
iniset $GLANCE_CACHE_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v2.0
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_TENANT_NAME
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
diff --git a/lib/heat b/lib/heat
index fe75ec9..e27943a 100644
--- a/lib/heat
+++ b/lib/heat
@@ -107,9 +107,7 @@
fi
# keystone authtoken
- iniset $HEAT_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $HEAT_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $HEAT_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
configure_API_version $HEAT_CONF $IDENTITY_API_VERSION
iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
@@ -118,7 +116,7 @@
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
# ec2authtoken
- iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
+ iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
# paste_deploy
[[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone
@@ -269,7 +267,7 @@
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
# Note we have to pass token/endpoint here because the current endpoint and
# version negotiation in OSC means just --os-identity-api-version=3 won't work
- KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"
+ KS_ENDPOINT_V3="$KEYSTONE_SERVICE_URI/v3"
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
--os-identity-api-version=3 domain create heat \
--description "Owns users and projects created by heat" \
diff --git a/lib/ironic b/lib/ironic
index 0656980..d53e1ad 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -162,11 +162,9 @@
function configure_ironic_api {
iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone
iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $IRONIC_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
+ iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI
iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic
iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
diff --git a/lib/keystone b/lib/keystone
index 6b8863e..e021b8b 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -87,6 +87,10 @@
KEYSTONE_SERVICE_PROTOCOL="https"
fi
+# complete URIs
+KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}:${KEYSTONE_AUTH_PORT}
+KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}
+
# Functions
# ---------
# cleanup_keystone() - Remove residual data files, anything left over from previous
diff --git a/lib/neutron b/lib/neutron
index e918286..6c0ca06 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -726,7 +726,7 @@
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
- _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True True
+ _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True
}
@@ -868,18 +868,9 @@
local section=$2
local use_auth_url=$3
local skip_auth_cache=$4
- local use_service_port=$5
- local keystone_port=$KEYSTONE_AUTH_PORT
- if [[ -n $use_service_port ]]; then
- keystone_port=$KEYSTONE_SERVICE_PORT
- fi
- if [[ -n $use_auth_url ]]; then
- iniset $conf_file $section auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$keystone_port/v2.0"
- else
- iniset $conf_file $section auth_host $KEYSTONE_SERVICE_HOST
- iniset $conf_file $section auth_port $keystone_port
- iniset $conf_file $section auth_protocol $KEYSTONE_SERVICE_PROTOCOL
- fi
+
+ iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
+ iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
iniset $conf_file $section admin_password $SERVICE_PASSWORD
diff --git a/lib/nova b/lib/nova
index 76929b1..9dd6bb0 100644
--- a/lib/nova
+++ b/lib/nova
@@ -456,9 +456,7 @@
# Add keystone authtoken configuration
- iniset $NOVA_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $NOVA_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $NOVA_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $NOVA_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $NOVA_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $NOVA_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
iniset $NOVA_CONF keystone_authtoken admin_user nova
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index e72f7c1..c068c74 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -48,7 +48,7 @@
# ironic section
iniset $NOVA_CONF ironic admin_username admin
iniset $NOVA_CONF ironic admin_password $ADMIN_PASSWORD
- iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0
+ iniset $NOVA_CONF ironic admin_url $KEYSTONE_AUTH_URI/v2.0
iniset $NOVA_CONF ironic admin_tenant_name demo
iniset $NOVA_CONF ironic api_endpoint http://$SERVICE_HOST:6385/v1
iniset $NOVA_CONF ironic sql_connection `database_connection_url nova_bm`
diff --git a/lib/trove b/lib/trove
index 82c8c96..e467c90 100644
--- a/lib/trove
+++ b/lib/trove
@@ -133,9 +133,8 @@
# Copy api-paste file over to the trove conf dir and configure it
cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini
TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
- iniset $TROVE_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $TROVE_API_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $TROVE_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+
+ iniset $TROVE_API_PASTE_INI filter:authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $TROVE_API_PASTE_INI filter:authtoken cafile $KEYSTONE_SSL_CA
iniset $TROVE_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $TROVE_API_PASTE_INI filter:authtoken admin_user trove
@@ -158,7 +157,7 @@
# (Re)create trove taskmanager conf file if needed
if is_service_enabled tr-tmgr; then
- TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT//v$IDENTITY_API_VERSION
+ TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`