Configure PKI cache dirs
* Configure Cinder, Glance, Keystone, Nova to put cached credentials
from keystone.auth_token into /var/cache/<service>
It is not obvious to me that having each of these service share a
credentials cache is a good idea. It does appear to work but this
patch takes the conservative approach of putting each service's cache
in a distinct directory.
More importantly it gets them out of $HOME!
Change-Id: If88088fc287a2f2f4f3e34f6d9be9de3da7ee00d
diff --git a/lib/cinder b/lib/cinder
index 08c840e..578e2ad 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -4,8 +4,8 @@
# Dependencies:
# - functions
# - DEST, DATA_DIR must be defined
-# - KEYSTONE_AUTH_* must be defined
# SERVICE_{TENANT_NAME|PASSWORD} must be defined
+# ``KEYSTONE_TOKEN_FORMAT`` must be defined
# stack.sh
# ---------
@@ -30,6 +30,7 @@
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
CINDER_CONF_DIR=/etc/cinder
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
+CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
# Support entry points installation of console scripts
if [[ -d $CINDER_DIR/bin ]]; then
@@ -106,6 +107,10 @@
iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder
iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
+ fi
+
cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
iniset $CINDER_CONF DEFAULT auth_strategy keystone
iniset $CINDER_CONF DEFAULT verbose True
@@ -186,6 +191,12 @@
done
fi
fi
+
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ # Create cache dir
+ sudo mkdir -p $CINDER_AUTH_CACHE_DIR
+ sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
+ fi
}
# install_cinder() - Collect source and prepare