Try to remove /identity_admin We should be able to operate without the identity admin endpoint, given that in v3 it's all the same. This floats that out there to see if we can or not. Change-Id: Ic233f6b43dd1e3cfdadff0f18aba4ea78825a996

commit: bb4431126b80be4805f1072442676797e6019576 [log] [tgz]
author: Sean Dague <sean@dague.net> Wed Apr 19 16:22:42 2017 -0400
committer: Sean Dague <sean@dague.net> Mon May 01 09:12:18 2017 -0400
tree: df0cfee5b58ba9c5e36e523e743ae2ae394addb6
parent: 38d4782c9f6b8558fea2c5268b9bf5de5070a0fe [diff]
diff --git a/lib/keystone b/lib/keystone
index 75a0679..fd1e29c 100644
--- a/lib/keystone
+++ b/lib/keystone

@@ -113,8 +113,9 @@
     KEYSTONE_SERVICE_PROTOCOL="https"
 fi
 
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_admin
 KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
+# for compat
+KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI
 
 # V3 URIs
 KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
@@ -141,6 +142,7 @@
 # runs that a clean run would need to clean up
 function cleanup_keystone {
     if [[ "$WSGI_MODE" == "uwsgi" ]]; then
+        # TODO: remove admin at pike-2
         remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
         remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
         sudo rm -f $(apache_site_config_for keystone-wsgi-public)
@@ -543,11 +545,7 @@
         tail_log key /var/log/$APACHE_NAME/keystone.log
         tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
     else # uwsgi
-        # TODO(sdague): we should really get down to a single keystone here
-        enable_service key-p
-        enable_service key-a
-        run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
-        run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" ""
+        run_process keystone "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
     fi
 
     echo "Waiting for keystone to start..."
@@ -578,9 +576,9 @@
         disable_apache_site keystone
         restart_apache_server
     else
-        stop_process key-p
-        stop_process key-a
+        stop_process keystone
         remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
+        # TODO(remove in at pike-2)
         remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
     fi
     # Kill the Keystone screen window

diff --git a/lib/tempest b/lib/tempest
index f19686a..c5853c9 100644
--- a/lib/tempest
+++ b/lib/tempest

@@ -278,6 +278,10 @@
         iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
     fi
     iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
+    if [[ "$TEMPEST_AUTH_VERSION" != "v2.0" ]]; then
+        # we're going to disable v2 admin unless we're using v2.0 by default.
+        iniset $TEMPEST_CONFIG identity-feature-enabled api_v2_admin False
+    fi
 
     if is_service_enabled tls-proxy; then
         iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
commit	bb4431126b80be4805f1072442676797e6019576	[log] [tgz]
author	Sean Dague <sean@dague.net>	Wed Apr 19 16:22:42 2017 -0400
committer	Sean Dague <sean@dague.net>	Mon May 01 09:12:18 2017 -0400
tree	df0cfee5b58ba9c5e36e523e743ae2ae394addb6
parent	38d4782c9f6b8558fea2c5268b9bf5de5070a0fe [diff]