commit 5e3deb678e95737e05f43832d07a37d74c4e8aca
author Akihiro MOTOKI <motoki@da.jp.nec.com> Tue Dec 11 17:09:02 2012 +0900
committer Akihiro MOTOKI <motoki@da.jp.nec.com> Tue Dec 11 18:16:05 2012 +0900
tree 5edc28b3c23f00cf5ef20df8ac495c7a8f092ace
parent c50a86e917a4bbc9f9f6affeaae94ff4e80b556a

Always create signing_dir regardless of token format

Fixes bug 1088801

devstack does not create signing_dir when keystone token format is UUID.
If the default value of signing_dir is read-only, OpenStack services
such as Quantum server failed to start due to permission denied.

On the keystone client cannot know which token_format is used in keystone
in advance, so signing_dir should be created regardless of the token format.

Change-Id: I1b0d25c1ac4d22d9fb2c5443d15b96fdaa5a4c81

lib/cinder

diff --git a/lib/cinder b/lib/cinder
index 9b9d50d..0dc86ca 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -105,10 +105,7 @@
     iniset $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
     iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder
     iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
-
-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
-        iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
-    fi
+    iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
 
     cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
     iniset $CINDER_CONF DEFAULT auth_strategy keystone
@@ -212,11 +209,9 @@
         fi
     fi
 
-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
-        # Create cache dir
-        sudo mkdir -p $CINDER_AUTH_CACHE_DIR
-        sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
-    fi
+    # Create cache dir
+    sudo mkdir -p $CINDER_AUTH_CACHE_DIR
+    sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
 }
 
 # install_cinder() - Collect source and prepare

lib/glance

diff --git a/lib/glance b/lib/glance
index b02a4b6..4f631b2 100644
--- a/lib/glance
+++ b/lib/glance
@@ -95,9 +95,7 @@
     iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
     iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
     iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
-        iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
-    fi
+    iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
 
     cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
     iniset $GLANCE_API_CONF DEFAULT debug True
@@ -121,9 +119,7 @@
         iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST
         iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
     fi
-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
-        iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
-    fi
+    iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
 
     cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI
 
@@ -163,13 +159,11 @@
 
     $GLANCE_BIN_DIR/glance-manage db_sync
 
-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
-        # Create cache dir
-        sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
-        sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
-        sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
-        sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
-    fi
+    # Create cache dir
+    sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
+    sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
+    sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
+    sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
 }
 
 # install_glanceclient() - Collect source and prepare

lib/nova

diff --git a/lib/nova b/lib/nova
index 3a4d34d..f059576 100644
--- a/lib/nova
+++ b/lib/nova
@@ -172,9 +172,7 @@
         " -i $NOVA_API_PASTE_INI
     fi
 
-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
-        iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
-    fi
+    iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
 
     if is_service_enabled n-cpu; then
         # Force IP forwarding on, just on case
@@ -378,11 +376,9 @@
         $NOVA_BIN_DIR/nova-manage db sync
     fi
 
-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
-        # Create cache dir
-        sudo mkdir -p $NOVA_AUTH_CACHE_DIR
-        sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
-    fi
+    # Create cache dir
+    sudo mkdir -p $NOVA_AUTH_CACHE_DIR
+    sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
 }
 
 # install_novaclient() - Collect source and prepare

lib/quantum

diff --git a/lib/quantum b/lib/quantum
index cb68339..f7fe90a 100644
--- a/lib/quantum
+++ b/lib/quantum
@@ -68,12 +68,10 @@
     iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
     iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
     iniset $conf_file $section admin_password $SERVICE_PASSWORD
-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
-        iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
-        # Create cache dir
-        sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
-        sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
-    fi
+    iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
+    # Create cache dir
+    sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
+    sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
 }
 
 function quantum_setup_ovs_bridge() {