Drop signing_dir option from configure_auth_token_middleware
This is no longer being used due to Keystone PKI tokens no longer
being implemented.
In order to not break backward compatibility we create a new function
that is to be used instead and deprecate the old one. Modify the old
function to ignore the 3rd argument and display a deprecation warning.
Adjust callers to no longer create and set that directory, calling the
new function instead.
Change-Id: Id0dec1ba72467cce5cacfcfdb2bc0af2bd3a3610
diff --git a/lib/cinder b/lib/cinder
index ed8349a..32e38c4 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -51,7 +51,6 @@
fi
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
-CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
CINDER_CONF_DIR=/etc/cinder
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
@@ -217,7 +216,7 @@
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
- configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR
+ configure_keystone_authtoken_middleware $CINDER_CONF cinder
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@@ -314,7 +313,7 @@
fi
# Set nova credentials (used for os-assisted-snapshots)
- configure_auth_token_middleware $CINDER_CONF nova $CINDER_AUTH_CACHE_DIR nova
+ configure_keystone_authtoken_middleware $CINDER_CONF nova nova
iniset $CINDER_CONF nova region_name "$REGION_NAME"
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
@@ -380,13 +379,6 @@
fi
}
-# create_cinder_cache_dir() - Part of the init_cinder() process
-function create_cinder_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $CINDER_AUTH_CACHE_DIR
- rm -f $CINDER_AUTH_CACHE_DIR/*
-}
-
# init_cinder() - Initialize database and volume group
function init_cinder {
if is_service_enabled $DATABASE_BACKENDS; then
@@ -415,7 +407,6 @@
fi
mkdir -p $CINDER_STATE_PATH/volumes
- create_cinder_cache_dir
}
# install_cinder() - Collect source and prepare
diff --git a/lib/glance b/lib/glance
index d630c9a..54d3276 100644
--- a/lib/glance
+++ b/lib/glance
@@ -44,7 +44,6 @@
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
GLANCE_LOCK_DIR=${GLANCE_LOCK_DIR:=$DATA_DIR/glance/locks}
-GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
@@ -97,20 +96,14 @@
# cleanup_glance() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_glance {
- # kill instances (nova)
# delete image files (glance)
- sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR
+ sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR
}
# configure_glance() - Set config files, create data dirs, etc
function configure_glance {
sudo install -d -o $STACK_USER $GLANCE_CONF_DIR $GLANCE_METADEF_DIR
- # We run this here as this configures cache dirs for the auth middleware
- # which is used in the api server and not in the registry. The api
- # Server is configured through this function and not init_glance.
- create_glance_cache_dir
-
# Set non-default configuration options for registry
iniset $GLANCE_REGISTRY_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $GLANCE_REGISTRY_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
@@ -120,7 +113,7 @@
iniset $GLANCE_REGISTRY_CONF database connection $dburl
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
- configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
+ configure_keystone_authtoken_middleware $GLANCE_REGISTRY_CONF glance
iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2
iniset_rpc_backend glance $GLANCE_REGISTRY_CONF
iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
@@ -132,7 +125,7 @@
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF oslo_concurrency lock_path $GLANCE_LOCK_DIR
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
- configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
+ configure_keystone_authtoken_middleware $GLANCE_API_CONF glance
iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2
iniset_rpc_backend glance $GLANCE_API_CONF
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
@@ -279,23 +272,12 @@
fi
}
-# create_glance_cache_dir() - Part of the configure_glance() process
-function create_glance_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search $GLANCE_AUTH_CACHE_DIR/artifact
- rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/* $GLANCE_AUTH_CACHE_DIR/artifact/*
-}
-
# init_glance() - Initialize databases, etc.
function init_glance {
# Delete existing images
rm -rf $GLANCE_IMAGE_DIR
mkdir -p $GLANCE_IMAGE_DIR
- # Delete existing cache
- rm -rf $GLANCE_CACHE_DIR
- mkdir -p $GLANCE_CACHE_DIR
-
# (Re)create glance database
recreate_database glance
diff --git a/lib/keystone b/lib/keystone
index 02e2822..5bd552f 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -397,18 +397,17 @@
fi
}
-# Configure the service to use the auth token middleware.
+# Configure a service to use the auth token middleware.
#
-# configure_auth_token_middleware conf_file admin_user signing_dir [section]
+# configure_keystone_authtoken_middleware conf_file admin_user IGNORED [section]
#
# section defaults to keystone_authtoken, which is where auth_token looks in
# the .conf file. If the paste config file is used (api-paste.ini) then
# provide the section name for the auth_token filter.
-function configure_auth_token_middleware {
+function configure_keystone_authtoken_middleware {
local conf_file=$1
local admin_user=$2
- local signing_dir=$3
- local section=${4:-keystone_authtoken}
+ local section=${3:-keystone_authtoken}
iniset $conf_file $section auth_type password
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
@@ -419,10 +418,16 @@
iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf_file $section cafile $SSL_BUNDLE_FILE
- iniset $conf_file $section signing_dir $signing_dir
iniset $conf_file $section memcached_servers localhost:11211
}
+# configure_auth_token_middleware conf_file admin_user IGNORED [section]
+# TODO(frickler): old function for backwards compatibility, remove in U cycle
+function configure_auth_token_middleware {
+ echo "WARNING: configure_auth_token_middleware is deprecated, use configure_keystone_authtoken_middleware instead"
+ configure_keystone_authtoken_middleware $1 $2 $4
+}
+
# init_keystone() - Initialize databases, etc.
function init_keystone {
if is_service_enabled ldap; then
diff --git a/lib/neutron b/lib/neutron
index 947c491..e1fd10c 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -36,7 +36,6 @@
NEUTRON_DEPLOY_MOD_WSGI=$(trueorfalse False NEUTRON_DEPLOY_MOD_WSGI)
NEUTRON_AGENT=${NEUTRON_AGENT:-openvswitch}
NEUTRON_DIR=$DEST/neutron
-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
NEUTRON_DISTRIBUTED_ROUTING=$(trueorfalse False NEUTRON_DISTRIBUTED_ROUTING)
# Distributed Virtual Router (DVR) configuration
@@ -62,7 +61,6 @@
NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}
NEUTRON_STATE_PATH=${NEUTRON_STATE_PATH:=$DATA_DIR/neutron}
-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
NEUTRON_UWSGI_CONF=$NEUTRON_CONF_DIR/neutron-api-uwsgi.ini
@@ -200,8 +198,8 @@
iniset $NEUTRON_CONF DEFAULT router_distributed $NEUTRON_DISTRIBUTED_ROUTING
iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY
- configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken
- configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova
+ configure_keystone_authtoken_middleware $NEUTRON_CONF neutron
+ configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova
# Configure VXLAN
# TODO(sc68cal) not hardcode?
@@ -292,7 +290,7 @@
# TODO(dtroyer): remove the v2.0 hard code below
iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
- configure_auth_token_middleware $NEUTRON_META_CONF neutron $NEUTRON_AUTH_CACHE_DIR DEFAULT
+ configure_keystone_authtoken_middleware $NEUTRON_META_CONF neutron DEFAULT
fi
# Format logging
@@ -389,13 +387,6 @@
fi
}
-# create_neutron_cache_dir() - Part of the init_neutron() process
-function create_neutron_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR
- rm -f $NEUTRON_AUTH_CACHE_DIR/*
-}
-
# init_neutron() - Initialize databases, etc.
function init_neutron_new {
@@ -405,8 +396,6 @@
# Run Neutron db migrations
$NEUTRON_BIN_DIR/neutron-db-manage upgrade heads
time_stop "dbsync"
-
- create_neutron_cache_dir
}
# install_neutron() - Collect source and prepare
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 87edc5a..dbd6e2c 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -71,7 +71,6 @@
NEUTRON_DIR=$DEST/neutron
NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
# Support entry points installation of console scripts
if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then
@@ -841,13 +840,13 @@
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
- _neutron_setup_keystone $NEUTRON_CONF keystone_authtoken
+ configure_keystone_authtoken_middleware $NEUTRON_CONF $Q_ADMIN_USERNAME
# Configuration for neutron notifications to nova.
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
- configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova
+ configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova
# Configure plugin
neutron_plugin_configure_service
@@ -933,15 +932,6 @@
fi
}
-# Configures keystone integration for neutron service
-function _neutron_setup_keystone {
- local conf_file=$1
- local section=$2
-
- create_neutron_cache_dir
- configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
-}
-
function _neutron_setup_interface_driver {
# ovs_use_veth needs to be set before the plugin configuration
diff --git a/lib/nova b/lib/nova
index 8220e0f..a394a64 100644
--- a/lib/nova
+++ b/lib/nova
@@ -46,7 +46,6 @@
NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}
# INSTANCES_PATH is the previous name for this
NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}
-NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova}
NOVA_CONF_DIR=/etc/nova
NOVA_CONF=$NOVA_CONF_DIR/nova.conf
@@ -215,7 +214,7 @@
sudo rm -rf $NOVA_INSTANCES_PATH/*
fi
- sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR
+ sudo rm -rf $NOVA_STATE_PATH
# NOTE(dtroyer): This really should be called from here but due to the way
# nova abuses the _cleanup() function we're moving it
@@ -443,7 +442,7 @@
iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT
fi
- configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR
+ configure_keystone_authtoken_middleware $NOVA_CONF nova
fi
if is_service_enabled cinder; then
@@ -690,13 +689,6 @@
echo "${NOVA_CONF_DIR}/nova_cell${cell}.conf"
}
-# create_nova_cache_dir() - Part of the init_nova() process
-function create_nova_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $NOVA_AUTH_CACHE_DIR
- rm -f $NOVA_AUTH_CACHE_DIR/*
-}
-
# create_nova_keys_dir() - Part of the init_nova() process
function create_nova_keys_dir {
# Create keys dir
@@ -738,7 +730,6 @@
done
fi
- create_nova_cache_dir
create_nova_keys_dir
if [[ "$NOVA_BACKEND" == "LVM" ]]; then
diff --git a/lib/placement b/lib/placement
index a89cd26..785b0dd 100644
--- a/lib/placement
+++ b/lib/placement
@@ -29,7 +29,6 @@
PLACEMENT_DIR=$DEST/placement
PLACEMENT_CONF_DIR=/etc/placement
PLACEMENT_CONF=$PLACEMENT_CONF_DIR/placement.conf
-PLACEMENT_AUTH_CACHE_DIR=${PLACEMENT_AUTH_CACHE_DIR:-/var/cache/placement}
PLACEMENT_AUTH_STRATEGY=${PLACEMENT_AUTH_STRATEGY:-keystone}
# Placement virtual environment
if [[ ${USE_VENV} = True ]]; then
@@ -64,7 +63,6 @@
function cleanup_placement {
sudo rm -f $(apache_site_config_for placement-api)
remove_uwsgi_config "$PLACEMENT_UWSGI_CONF" "$PLACEMENT_UWSGI"
- sudo rm -f $PLACEMENT_AUTH_CACHE_DIR/*
}
# _config_placement_apache_wsgi() - Set WSGI config files
@@ -99,7 +97,7 @@
iniset $PLACEMENT_CONF placement_database connection `database_connection_url placement`
iniset $PLACEMENT_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
iniset $PLACEMENT_CONF api auth_strategy $PLACEMENT_AUTH_STRATEGY
- configure_auth_token_middleware $PLACEMENT_CONF placement $PLACEMENT_AUTH_CACHE_DIR
+ configure_keystone_authtoken_middleware $PLACEMENT_CONF placement
setup_logging $PLACEMENT_CONF
}
@@ -127,19 +125,11 @@
"$placement_api_url"
}
-# create_placement_cache_dir() - Create directories for keystone cache
-function create_placement_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $PLACEMENT_AUTH_CACHE_DIR
- rm -f $PLACEMENT_AUTH_CACHE_DIR/*
-}
-
# init_placement() - Create service user and endpoints
function init_placement {
recreate_database placement
$PLACEMENT_BIN_DIR/placement-manage db sync
create_placement_accounts
- create_placement_cache_dir
}
# install_placement() - Collect source and prepare
diff --git a/lib/swift b/lib/swift
index d9a7878..5be9e35 100644
--- a/lib/swift
+++ b/lib/swift
@@ -47,7 +47,6 @@
SWIFT_BIN_DIR=$(get_python_exec_prefix)
fi
-SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
@@ -452,7 +451,7 @@
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
- configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
+ configure_keystone_authtoken_middleware $SWIFT_CONFIG_PROXY_SERVER swift filter:authtoken
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False
@@ -735,10 +734,6 @@
$SWIFT_BIN_DIR/swift-ring-builder container.builder rebalance 42
$SWIFT_BIN_DIR/swift-ring-builder account.builder rebalance 42
} && popd >/dev/null
-
- # Create cache dir
- sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR
- rm -f $SWIFT_AUTH_CACHE_DIR/*
}
function install_swift {