Merge "Use correct WSGI dir on SUSE distros"
diff --git a/files/apache-horizon.template b/files/apache-horizon.template
index c1dd693..bca1251 100644
--- a/files/apache-horizon.template
+++ b/files/apache-horizon.template
@@ -17,10 +17,16 @@
<Directory %HORIZON_DIR%/>
Options Indexes FollowSymLinks MultiViews
- %HORIZON_REQUIRE%
AllowOverride None
- Order allow,deny
- allow from all
+ # Apache 2.4 uses mod_authz_host for access control now (instead of
+ # "Allow")
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
</Directory>
ErrorLog /var/log/%APACHE_NAME%/horizon_error.log
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 1bdb84c..0a286b9 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -6,7 +6,9 @@
WSGIProcessGroup keystone-public
WSGIScriptAlias / %PUBLICWSGI%
WSGIApplicationGroup %{GLOBAL}
- %ERRORLOGFORMAT%
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log combined
</VirtualHost>
@@ -16,7 +18,9 @@
WSGIProcessGroup keystone-admin
WSGIScriptAlias / %ADMINWSGI%
WSGIApplicationGroup %{GLOBAL}
- %ERRORLOGFORMAT%
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log combined
</VirtualHost>
diff --git a/functions b/functions
index 76f7047..0194acf 100644
--- a/functions
+++ b/functions
@@ -21,18 +21,6 @@
declare -f -F $1 > /dev/null
}
-# Checks if installed Apache is <= given version
-# $1 = x.y.z (version string of Apache)
-function check_apache_version {
- local cmd="apachectl"
- if ! [[ -x $(which apachectl 2>/dev/null) ]]; then
- cmd="/usr/sbin/apachectl"
- fi
-
- local version=$($cmd -v | grep version | grep -Po 'Apache/\K[^ ]*')
- expr "$version" '>=' $1 > /dev/null
-}
-
# Cleanup anything from /tmp on unstack
# clean_tmp
diff --git a/lib/apache b/lib/apache
index 6d22290..2c43681 100644
--- a/lib/apache
+++ b/lib/apache
@@ -59,6 +59,11 @@
else
exit_distro_not_supported "apache installation"
fi
+
+ # ensure mod_version enabled for <IfVersion ...>. This is
+ # built-in statically on anything recent, but precise (2.2)
+ # doesn't have it enabled
+ sudo a2enmod version || true
}
# get_apache_version() - return the version of Apache installed
diff --git a/lib/ceilometer b/lib/ceilometer
index 242ff6c..00fc0d3 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -146,11 +146,7 @@
iniset $CEILOMETER_CONF service_credentials os_password $SERVICE_PASSWORD
iniset $CEILOMETER_CONF service_credentials os_tenant_name $SERVICE_TENANT_NAME
- iniset $CEILOMETER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
- iniset $CEILOMETER_CONF keystone_authtoken admin_user ceilometer
- iniset $CEILOMETER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
- iniset $CEILOMETER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $CEILOMETER_CONF keystone_authtoken signing_dir $CEILOMETER_AUTH_CACHE_DIR
+ configure_auth_token_middleware $CEILOMETER_CONF ceilometer $CEILOMETER_AUTH_CACHE_DIR
if [ "$CEILOMETER_BACKEND" = 'mysql' ] || [ "$CEILOMETER_BACKEND" = 'postgresql' ] ; then
iniset $CEILOMETER_CONF database connection `database_connection_url ceilometer`
diff --git a/lib/cinder b/lib/cinder
index e767fa8..cbca9c0 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -212,12 +212,7 @@
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
- iniset $CINDER_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
- iniset $CINDER_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
- iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $CINDER_CONF keystone_authtoken admin_user cinder
- iniset $CINDER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
- iniset $CINDER_CONF keystone_authtoken signing_dir $CINDER_AUTH_CACHE_DIR
+ configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR
iniset $CINDER_CONF DEFAULT auth_strategy keystone
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@@ -302,10 +297,6 @@
-e 's/snapshot_autoextend_percent =.*/snapshot_autoextend_percent = 20/' \
/etc/lvm/lvm.conf
fi
- configure_API_version $CINDER_CONF $IDENTITY_API_VERSION
- iniset $CINDER_CONF keystone_authtoken admin_user cinder
- iniset $CINDER_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $CINDER_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS"
}
diff --git a/lib/glance b/lib/glance
index 054a7af..6ca2fb5 100644
--- a/lib/glance
+++ b/lib/glance
@@ -96,13 +96,7 @@
iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
- configure_API_version $GLANCE_REGISTRY_CONF $IDENTITY_API_VERSION
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
- iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
+ configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
iniset $GLANCE_REGISTRY_CONF DEFAULT notification_driver messaging
fi
@@ -115,17 +109,11 @@
iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
- iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
- iniset $GLANCE_API_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
- configure_API_version $GLANCE_API_CONF $IDENTITY_API_VERSION
- iniset $GLANCE_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $GLANCE_API_CONF keystone_authtoken admin_user glance
- iniset $GLANCE_API_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+ configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
if is_service_enabled qpid || [ -n "$RABBIT_HOST" ] && [ -n "$RABBIT_PASSWORD" ]; then
iniset $GLANCE_API_CONF DEFAULT notification_driver messaging
fi
iniset_rpc_backend glance $GLANCE_API_CONF DEFAULT
- iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz"
iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,raw,iso"
diff --git a/lib/heat b/lib/heat
index a74d7b5..f64cc90 100644
--- a/lib/heat
+++ b/lib/heat
@@ -110,14 +110,7 @@
setup_colorized_logging $HEAT_CONF DEFAULT tenant user
fi
- # keystone authtoken
- iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
- configure_API_version $HEAT_CONF $IDENTITY_API_VERSION
- iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
- iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $HEAT_CONF keystone_authtoken admin_user heat
- iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
- iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
+ configure_auth_token_middleware $HEAT_CONF heat $HEAT_AUTH_CACHE_DIR
if is_ssl_enabled_service "key"; then
iniset $HEAT_CONF clients_keystone ca_file $KEYSTONE_SSL_CA
diff --git a/lib/horizon b/lib/horizon
index a422529..4dd12da 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -112,6 +112,9 @@
_horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
_horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\""
+ if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
+ _horizon_config_set $local_settings "" OPENSTACK_TOKEN_HASH_ALGORITHM \""$KEYSTONE_TOKEN_HASH_ALGORITHM"\"
+ fi
if [ -f $SSL_BUNDLE_FILE ]; then
_horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"
@@ -120,12 +123,6 @@
# Create an empty directory that apache uses as docroot
sudo mkdir -p $HORIZON_DIR/.blackhole
- # Apache 2.4 uses mod_authz_host for access control now (instead of "Allow")
- local horizon_require=''
- if check_apache_version "2.4" ; then
- horizon_require='Require all granted'
- fi
-
local horizon_conf=$(apache_site_config_for horizon)
# Configure apache to run horizon
@@ -135,7 +132,6 @@
s,%HORIZON_DIR%,$HORIZON_DIR,g;
s,%APACHE_NAME%,$APACHE_NAME,g;
s,%DEST%,$DEST,g;
- s,%HORIZON_REQUIRE%,$horizon_require,g;
\" $FILES/apache-horizon.template >$horizon_conf"
if is_ubuntu; then
diff --git a/lib/ironic b/lib/ironic
index 47cc7dc..5f3ebcd 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -243,14 +243,8 @@
function configure_ironic_api {
iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone
iniset $IRONIC_CONF_FILE DEFAULT policy_file $IRONIC_POLICY_JSON
- iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
- iniset $IRONIC_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
- iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI
- iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic
- iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
+ configure_auth_token_middleware $IRONIC_CONF_FILE ironic $IRONIC_AUTH_CACHE_DIR/api
iniset_rpc_backend ironic $IRONIC_CONF_FILE DEFAULT
- iniset $IRONIC_CONF_FILE keystone_authtoken signing_dir $IRONIC_AUTH_CACHE_DIR/api
cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON
}
diff --git a/lib/keystone b/lib/keystone
index 3998be9..9eca80a 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -125,12 +125,6 @@
local keystone_apache_conf=$(apache_site_config_for keystone)
local apache_version=$(get_apache_version)
- if [[ ${apache_version#*\.} -ge 4 ]]; then
- # Apache 2.4 supports custom error log formats
- # this should mirror the original log formatting.
- local errorlogformat='ErrorLogFormat "%{cu}t %M"'
- fi
-
# copy proxy vhost and wsgi file
sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin
@@ -143,7 +137,6 @@
s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g;
s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g;
s|%USER%|$STACK_USER|g
- s|%ERRORLOGFORMAT%|$errorlogformat|g;
" -i $keystone_apache_conf
}
@@ -300,6 +293,10 @@
iniset $KEYSTONE_CONF DEFAULT admin_workers "$API_WORKERS"
# Public workers will use the server default, typically number of CPU.
+
+ if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
+ iniset $KEYSTONE_CONF token hash_algorithm "$KEYSTONE_TOKEN_HASH_ALGORITHM"
+ fi
}
function configure_keystone_extensions {
@@ -390,11 +387,40 @@
}
# Configure the API version for the OpenStack projects.
-# configure_API_version conf_file version
+# configure_API_version conf_file version [section]
function configure_API_version {
local conf_file=$1
local api_version=$2
- iniset $conf_file keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$api_version
+ local section=${3:-keystone_authtoken}
+ iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v$api_version
+}
+
+# Configure the service to use the auth token middleware.
+#
+# configure_auth_token_middleware conf_file admin_user signing_dir [section]
+#
+# section defaults to keystone_authtoken, which is where auth_token looks in
+# the .conf file. If the paste config file is used (api-paste.ini) then
+# provide the section name for the auth_token filter.
+function configure_auth_token_middleware {
+ local conf_file=$1
+ local admin_user=$2
+ local signing_dir=$3
+ local section=${4:-keystone_authtoken}
+
+ iniset $conf_file $section auth_host $KEYSTONE_AUTH_HOST
+ iniset $conf_file $section auth_port $KEYSTONE_AUTH_PORT
+ iniset $conf_file $section auth_protocol $KEYSTONE_AUTH_PROTOCOL
+ iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
+ iniset $conf_file $section cafile $KEYSTONE_SSL_CA
+ configure_API_version $conf_file $IDENTITY_API_VERSION $section
+ iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
+ iniset $conf_file $section admin_user $admin_user
+ iniset $conf_file $section admin_password $SERVICE_PASSWORD
+ iniset $conf_file $section signing_dir $signing_dir
+ if [[ -n "$KEYSTONE_TOKEN_HASH_ALGORITHM" ]]; then
+ iniset $conf_file keystone_authtoken hash_algorithms "$KEYSTONE_TOKEN_HASH_ALGORITHM"
+ fi
}
# init_keystone() - Initialize databases, etc.
diff --git a/lib/neutron b/lib/neutron
index 6985bbe..96cd47b 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -794,7 +794,7 @@
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
- _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True True
+ _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT
}
@@ -936,23 +936,9 @@
function _neutron_setup_keystone {
local conf_file=$1
local section=$2
- local use_auth_url=$3
- local skip_auth_cache=$4
- if [[ -n $use_auth_url ]]; then
- iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
- else
- iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
- iniset $conf_file $section identity_uri $KEYSTONE_AUTH_URI
- fi
- iniset $conf_file $section admin_tenant_name $SERVICE_TENANT_NAME
- iniset $conf_file $section admin_user $Q_ADMIN_USERNAME
- iniset $conf_file $section admin_password $SERVICE_PASSWORD
- if [[ -z $skip_auth_cache ]]; then
- iniset $conf_file $section signing_dir $NEUTRON_AUTH_CACHE_DIR
- # Create cache dir
- create_neutron_cache_dir
- fi
+ create_neutron_cache_dir
+ configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
}
function _neutron_setup_interface_driver {
diff --git a/lib/nova b/lib/nova
index 0fed00d..2a3aae1 100644
--- a/lib/nova
+++ b/lib/nova
@@ -438,17 +438,9 @@
iniset $NOVA_CONF DEFAULT osapi_compute_listen_port "$NOVA_SERVICE_PORT_INT"
fi
- # Add keystone authtoken configuration
-
- iniset $NOVA_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
- iniset $NOVA_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $NOVA_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
- iniset $NOVA_CONF keystone_authtoken admin_user nova
- iniset $NOVA_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+ configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR
fi
- iniset $NOVA_CONF keystone_authtoken signing_dir $NOVA_AUTH_CACHE_DIR
-
if [ -n "$NOVA_STATE_PATH" ]; then
iniset $NOVA_CONF DEFAULT state_path "$NOVA_STATE_PATH"
iniset $NOVA_CONF DEFAULT lock_path "$NOVA_STATE_PATH"
diff --git a/lib/sahara b/lib/sahara
index b50ccde..5c7c253 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -106,16 +106,7 @@
sudo chown $STACK_USER $SAHARA_AUTH_CACHE_DIR
rm -rf $SAHARA_AUTH_CACHE_DIR/*
- # Set actual keystone auth configs
- iniset $SAHARA_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
- iniset $SAHARA_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset $SAHARA_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset $SAHARA_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
- iniset $SAHARA_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $SAHARA_CONF_FILE keystone_authtoken admin_user sahara
- iniset $SAHARA_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
- iniset $SAHARA_CONF_FILE keystone_authtoken signing_dir $SAHARA_AUTH_CACHE_DIR
- iniset $SAHARA_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
+ configure_auth_token_middleware $SAHARA_CONF_FILE sahara $SAHARA_AUTH_CACHE_DIR
# Set configuration to send notifications
diff --git a/lib/swift b/lib/swift
index a8dfe77..3c31dd2 100644
--- a/lib/swift
+++ b/lib/swift
@@ -382,15 +382,7 @@
# Configure Keystone
sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
- iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_host $KEYSTONE_AUTH_HOST
- iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_port $KEYSTONE_AUTH_PORT
- iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
- iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cafile $KEYSTONE_SSL_CA
- iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
- iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
- iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
- iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken signing_dir $SWIFT_AUTH_CACHE_DIR
+ configure_auth_token_middleware ${SWIFT_CONFIG_PROXY_SERVER} swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
# This causes the authtoken middleware to use the same python logging
# adapter provided by the swift proxy-server, so that request transaction
# IDs will included in all of its log messages.
diff --git a/lib/trove b/lib/trove
index cd2bcb0..1d1b5f4 100644
--- a/lib/trove
+++ b/lib/trove
@@ -128,12 +128,7 @@
cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini
TROVE_API_PASTE_INI=$TROVE_CONF_DIR/api-paste.ini
- iniset $TROVE_API_PASTE_INI filter:authtoken identity_uri $KEYSTONE_AUTH_URI
- iniset $TROVE_API_PASTE_INI filter:authtoken cafile $KEYSTONE_SSL_CA
- iniset $TROVE_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $TROVE_API_PASTE_INI filter:authtoken admin_user trove
- iniset $TROVE_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
- iniset $TROVE_API_PASTE_INI filter:authtoken signing_dir $TROVE_AUTH_CACHE_DIR
+ configure_auth_token_middleware $TROVE_API_PASTE_INI trove $TROVE_AUTH_CACHE_DIR filter:authtoken
# (Re)create trove conf files
rm -f $TROVE_CONF_DIR/trove.conf
diff --git a/lib/zaqar b/lib/zaqar
index f5e42e3..93b727e 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -107,11 +107,7 @@
iniset $ZAQAR_CONF DEFAULT log_file $ZAQAR_API_LOG_FILE
iniset $ZAQAR_CONF 'drivers:transport:wsgi' bind $ZAQAR_SERVICE_HOST
- iniset $ZAQAR_CONF keystone_authtoken auth_protocol http
- iniset $ZAQAR_CONF keystone_authtoken admin_user zaqar
- iniset $ZAQAR_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
- iniset $ZAQAR_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
- iniset $ZAQAR_CONF keystone_authtoken signing_dir $ZAQAR_AUTH_CACHE_DIR
+ configure_auth_token_middleware $ZAQAR_CONF zaqar $ZAQAR_AUTH_CACHE_DIR
if [ "$ZAQAR_BACKEND" = 'mysql' ] || [ "$ZAQAR_BACKEND" = 'postgresql' ] ; then
iniset $ZAQAR_CONF drivers storage sqlalchemy