Move auth_token config to .conf, key cache directories
auth_token configuration can now be read from the conf files
rather than the paste.ini files.
A key cache directory has been created for each of the 3 API services
under /var/cache/heat
This is the devstack change relating to
Heat Blueprint: keystone-middleware
This is related to this committed change:
https://review.openstack.org/#/c/26351/
Devstack users will find Heat to be broken until this corresponding change
is approved.
Change-Id: If6f77f86a3eeb08a58b516725bd806e39ccedb50
diff --git a/lib/heat b/lib/heat
index 32c0182..c6e936f 100644
--- a/lib/heat
+++ b/lib/heat
@@ -29,6 +29,7 @@
# set up default directories
HEAT_DIR=$DEST/heat
HEATCLIENT_DIR=$DEST/python-heatclient
+HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}
# Functions
@@ -37,8 +38,7 @@
# cleanup_heat() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_heat() {
- # This function intentionally left blank
- :
+ sudo rm -rf $HEAT_AUTH_CACHE_DIR
}
# configure_heatclient() - Set config files, create data dirs, etc
@@ -73,18 +73,19 @@
iniset $HEAT_API_CFN_CONF DEFAULT use_syslog $SYSLOG
iniset $HEAT_API_CFN_CONF DEFAULT bind_host $HEAT_API_CFN_HOST
iniset $HEAT_API_CFN_CONF DEFAULT bind_port $HEAT_API_CFN_PORT
+ iniset $HEAT_API_CFN_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
+ iniset $HEAT_API_CFN_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
+ iniset $HEAT_API_CFN_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $HEAT_API_CFN_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
+ iniset $HEAT_API_CFN_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+ iniset $HEAT_API_CFN_CONF keystone_authtoken admin_user heat
+ iniset $HEAT_API_CFN_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+ iniset $HEAT_API_CFN_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR/api-cfn
iniset_rpc_backend heat $HEAT_API_CFN_CONF DEFAULT
HEAT_API_CFN_PASTE_INI=$HEAT_CONF_DIR/heat-api-cfn-paste.ini
cp $HEAT_DIR/etc/heat/heat-api-cfn-paste.ini $HEAT_API_CFN_PASTE_INI
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken admin_user heat
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
iniset $HEAT_API_CFN_PASTE_INI filter:ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
iniset $HEAT_API_CFN_PASTE_INI filter:ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
@@ -96,18 +97,19 @@
iniset $HEAT_API_CONF DEFAULT use_syslog $SYSLOG
iniset $HEAT_API_CONF DEFAULT bind_host $HEAT_API_HOST
iniset $HEAT_API_CONF DEFAULT bind_port $HEAT_API_PORT
+ iniset $HEAT_API_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
+ iniset $HEAT_API_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
+ iniset $HEAT_API_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $HEAT_API_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
+ iniset $HEAT_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+ iniset $HEAT_API_CONF keystone_authtoken admin_user heat
+ iniset $HEAT_API_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+ iniset $HEAT_API_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR/api
iniset_rpc_backend heat $HEAT_API_CONF DEFAULT
HEAT_API_PASTE_INI=$HEAT_CONF_DIR/heat-api-paste.ini
cp $HEAT_DIR/etc/heat/heat-api-paste.ini $HEAT_API_PASTE_INI
- iniset $HEAT_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $HEAT_API_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $HEAT_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
- iniset $HEAT_API_PASTE_INI filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
- iniset $HEAT_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $HEAT_API_PASTE_INI filter:authtoken admin_user heat
- iniset $HEAT_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
iniset $HEAT_API_PASTE_INI filter:ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
iniset $HEAT_API_PASTE_INI filter:ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
@@ -135,18 +137,19 @@
iniset $HEAT_API_CW_CONF DEFAULT use_syslog $SYSLOG
iniset $HEAT_API_CW_CONF DEFAULT bind_host $HEAT_API_CW_HOST
iniset $HEAT_API_CW_CONF DEFAULT bind_port $HEAT_API_CW_PORT
+ iniset $HEAT_API_CW_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
+ iniset $HEAT_API_CW_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
+ iniset $HEAT_API_CW_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $HEAT_API_CW_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
+ iniset $HEAT_API_CW_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
+ iniset $HEAT_API_CW_CONF keystone_authtoken admin_user heat
+ iniset $HEAT_API_CW_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+ iniset $HEAT_API_CW_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR/api-cloudwatch
iniset_rpc_backend heat $HEAT_API_CW_CONF DEFAULT
HEAT_API_CW_PASTE_INI=$HEAT_CONF_DIR/heat-api-cloudwatch-paste.ini
cp $HEAT_DIR/etc/heat/heat-api-cloudwatch-paste.ini $HEAT_API_CW_PASTE_INI
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken admin_user heat
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
iniset $HEAT_API_CW_PASTE_INI filter:ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
iniset $HEAT_API_CW_PASTE_INI filter:ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
}
@@ -159,6 +162,18 @@
$HEAT_DIR/bin/heat-db-setup $os_PACKAGE -r $DATABASE_PASSWORD
$HEAT_DIR/tools/nova_create_flavors.sh
+ create_heat_cache_dir
+}
+
+# create_heat_cache_dir() - Part of the init_heat() process
+function create_heat_cache_dir() {
+ # Create cache dirs
+ sudo mkdir -p $HEAT_AUTH_CACHE_DIR/api
+ sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR/api
+ sudo mkdir -p $HEAT_AUTH_CACHE_DIR/api-cfn
+ sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR/api-cfn
+ sudo mkdir -p $HEAT_AUTH_CACHE_DIR/api-cloudwatch
+ sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR/api-cloudwatch
}
# install_heatclient() - Collect source and prepare