Remove cache dirs from the services
PKI tokens have been actively deprecated from keystone and there are
deprecations being emitted from keystonemiddleware. Because of this we
no longer need an auth cache directory in the services where the PKI
certifcates used to be stored.
Remove the creation and use of all these AUTH_CACHE directories.
Change-Id: I5680376e70e74882e9fdb87ee1b95d5f40570ad7
diff --git a/lib/cinder b/lib/cinder
index 07f82a1..387fc1a 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -51,7 +51,6 @@
fi
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
-CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
CINDER_CONF_DIR=/etc/cinder
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
@@ -225,9 +224,8 @@
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_user
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
- inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
- configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR
+ configure_auth_token_middleware $CINDER_CONF cinder
iniset $CINDER_CONF DEFAULT auth_strategy keystone
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@@ -385,13 +383,6 @@
fi
}
-# create_cinder_cache_dir() - Part of the init_cinder() process
-function create_cinder_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $CINDER_AUTH_CACHE_DIR
- rm -f $CINDER_AUTH_CACHE_DIR/*
-}
-
# init_cinder() - Initialize database and volume group
function init_cinder {
if is_service_enabled $DATABASE_BACKENDS; then
@@ -420,7 +411,6 @@
fi
mkdir -p $CINDER_STATE_PATH/volumes
- create_cinder_cache_dir
}
# install_cinder() - Collect source and prepare
diff --git a/lib/glance b/lib/glance
index 74734c7..8241c5f 100644
--- a/lib/glance
+++ b/lib/glance
@@ -44,7 +44,6 @@
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
GLANCE_LOCK_DIR=${GLANCE_LOCK_DIR:=$DATA_DIR/glance/locks}
-GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
@@ -98,7 +97,7 @@
function cleanup_glance {
# kill instances (nova)
# delete image files (glance)
- sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR
+ sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR
}
# configure_glance() - Set config files, create data dirs, etc
@@ -115,7 +114,7 @@
iniset $GLANCE_REGISTRY_CONF database connection $dburl
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
- configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
+ configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance
iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2
iniset_rpc_backend glance $GLANCE_REGISTRY_CONF
iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
@@ -127,7 +126,7 @@
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF DEFAULT lock_path $GLANCE_LOCK_DIR
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
- configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
+ configure_auth_token_middleware $GLANCE_API_CONF glance
iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2
iniset_rpc_backend glance $GLANCE_API_CONF
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
@@ -279,13 +278,6 @@
fi
}
-# create_glance_cache_dir() - Part of the init_glance() process
-function create_glance_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search $GLANCE_AUTH_CACHE_DIR/artifact
- rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/* $GLANCE_AUTH_CACHE_DIR/artifact/*
-}
-
# init_glance() - Initialize databases, etc.
function init_glance {
# Delete existing images
@@ -306,8 +298,6 @@
# Load metadata definitions
$GLANCE_BIN_DIR/glance-manage --config-file $GLANCE_CONF_DIR/glance-api.conf db_load_metadefs
time_stop "dbsync"
-
- create_glance_cache_dir
}
# install_glanceclient() - Collect source and prepare
diff --git a/lib/keystone b/lib/keystone
index 714f089..7bd887c 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -429,7 +429,7 @@
# Configure the service to use the auth token middleware.
#
-# configure_auth_token_middleware conf_file admin_user signing_dir [section]
+# configure_auth_token_middleware conf_file admin_user [section]
#
# section defaults to keystone_authtoken, which is where auth_token looks in
# the .conf file. If the paste config file is used (api-paste.ini) then
@@ -437,8 +437,7 @@
function configure_auth_token_middleware {
local conf_file=$1
local admin_user=$2
- local signing_dir=$3
- local section=${4:-keystone_authtoken}
+ local section=${3:-keystone_authtoken}
iniset $conf_file $section auth_type password
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
@@ -449,7 +448,6 @@
iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf_file $section cafile $SSL_BUNDLE_FILE
- iniset $conf_file $section signing_dir $signing_dir
iniset $conf_file $section memcached_servers localhost:11211
}
diff --git a/lib/neutron b/lib/neutron
index 21c8d4c..359f198 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -30,7 +30,6 @@
NEUTRON_AGENT=${NEUTRON_AGENT:-openvswitch}
NEUTRON_DIR=$DEST/neutron
-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
NEUTRON_BIN_DIR=$(get_python_exec_prefix)
NEUTRON_DHCP_BINARY="neutron-dhcp-agent"
@@ -44,7 +43,6 @@
NEUTRON_AGENT_CONF=$NEUTRON_CONF_DIR/
NEUTRON_STATE_PATH=${NEUTRON_STATE_PATH:=$DATA_DIR/neutron}
-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
# By default, use the ML2 plugin
NEUTRON_CORE_PLUGIN=${NEUTRON_CORE_PLUGIN:-ml2}
@@ -175,8 +173,8 @@
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips True
iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY
- configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken
- configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova
+ configure_auth_token_middleware $NEUTRON_CONF neutron keystone_authtoken
+ configure_auth_token_middleware $NEUTRON_CONF nova nova
# Configure VXLAN
# TODO(sc68cal) not hardcode?
@@ -250,7 +248,7 @@
# TODO(dtroyer): remove the v2.0 hard code below
iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
- configure_auth_token_middleware $NEUTRON_META_CONF neutron $NEUTRON_AUTH_CACHE_DIR DEFAULT
+ configure_auth_token_middleware $NEUTRON_META_CONF neutron DEFAULT
fi
# Format logging
@@ -337,13 +335,6 @@
fi
}
-# create_neutron_cache_dir() - Part of the init_neutron() process
-function create_neutron_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR
- rm -f $NEUTRON_AUTH_CACHE_DIR/*
-}
-
# init_neutron() - Initialize databases, etc.
function init_neutron_new {
@@ -353,8 +344,6 @@
# Run Neutron db migrations
$NEUTRON_BIN_DIR/neutron-db-manage upgrade heads
time_stop "dbsync"
-
- create_neutron_cache_dir
}
# install_neutron() - Collect source and prepare
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 0ccb17c..a0e79bc 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -73,7 +73,6 @@
NEUTRON_DIR=$DEST/neutron
NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas
-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
# Support entry points installation of console scripts
if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then
@@ -815,7 +814,7 @@
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
- configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova
+ configure_auth_token_middleware $NEUTRON_CONF nova nova
# Configure plugin
neutron_plugin_configure_service
@@ -906,8 +905,7 @@
local conf_file=$1
local section=$2
- create_neutron_cache_dir
- configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
+ configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $section
}
function _neutron_setup_interface_driver {
diff --git a/lib/nova b/lib/nova
index 1112f29..dcf2a1c 100644
--- a/lib/nova
+++ b/lib/nova
@@ -46,7 +46,6 @@
NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}
# INSTANCES_PATH is the previous name for this
NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}
-NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova}
NOVA_CONF_DIR=/etc/nova
NOVA_CONF=$NOVA_CONF_DIR/nova.conf
@@ -240,7 +239,7 @@
sudo rm -rf $NOVA_INSTANCES_PATH/*
fi
- sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR
+ sudo rm -rf $NOVA_STATE_PATH
# NOTE(dtroyer): This really should be called from here but due to the way
# nova abuses the _cleanup() function we're moving it
@@ -464,7 +463,7 @@
iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT
fi
- configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR
+ configure_auth_token_middleware $NOVA_CONF nova
fi
if is_service_enabled cinder; then
@@ -658,13 +657,6 @@
fi
}
-# create_nova_cache_dir() - Part of the init_nova() process
-function create_nova_cache_dir {
- # Create cache dir
- sudo install -d -o $STACK_USER $NOVA_AUTH_CACHE_DIR
- rm -f $NOVA_AUTH_CACHE_DIR/*
-}
-
function create_nova_conf_nova_network {
local public_interface=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT}
iniset $NOVA_CONF DEFAULT network_manager "nova.network.manager.$NETWORK_MANAGER"
@@ -722,7 +714,6 @@
done
fi
- create_nova_cache_dir
create_nova_keys_dir
if [[ "$NOVA_BACKEND" == "LVM" ]]; then
diff --git a/lib/swift b/lib/swift
index 1601e2b..ab014de 100644
--- a/lib/swift
+++ b/lib/swift
@@ -48,7 +48,6 @@
SWIFT_DIR=$DEST/swift
-SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
SWIFT3_DIR=$DEST/swift3
@@ -450,7 +449,7 @@
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory
- configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken
+ configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift filter:authtoken
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False
@@ -745,10 +744,6 @@
swift-ring-builder container.builder rebalance 42
swift-ring-builder account.builder rebalance 42
} && popd >/dev/null
-
- # Create cache dir
- sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR
- rm -f $SWIFT_AUTH_CACHE_DIR/*
}
function install_swift {