Skip to content

Commit c324908

Browse files
stevebsteveb
committed
Move auth_token config to .conf, key cache directories
auth_token configuration can now be read from the conf files rather than the paste.ini files. A key cache directory has been created for each of the 3 API services under /var/cache/heat This is the devstack change relating to Heat Blueprint: keystone-middleware This is related to this committed change: https://review.openstack.org/#/c/26351/ Devstack users will find Heat to be broken until this corresponding change is approved. Change-Id: If6f77f86a3eeb08a58b516725bd806e39ccedb50
1 parent 459bdc3 commit c324908

2 files changed

Lines changed: 39 additions & 23 deletions

File tree

lib/heat

Lines changed: 38 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ set +o xtrace
2929
# set up default directories
3030
HEAT_DIR=$DEST/heat
3131
HEATCLIENT_DIR=$DEST/python-heatclient
32+
HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}
3233

3334

3435
# Functions
@@ -37,8 +38,7 @@ HEATCLIENT_DIR=$DEST/python-heatclient
3738
# cleanup_heat() - Remove residual data files, anything left over from previous
3839
# runs that a clean run would need to clean up
3940
function cleanup_heat() {
40-
# This function intentionally left blank
41-
:
41+
sudo rm -rf $HEAT_AUTH_CACHE_DIR
4242
}
4343

4444
# configure_heatclient() - Set config files, create data dirs, etc
@@ -73,18 +73,19 @@ function configure_heat() {
7373
iniset $HEAT_API_CFN_CONF DEFAULT use_syslog $SYSLOG
7474
iniset $HEAT_API_CFN_CONF DEFAULT bind_host $HEAT_API_CFN_HOST
7575
iniset $HEAT_API_CFN_CONF DEFAULT bind_port $HEAT_API_CFN_PORT
76+
iniset $HEAT_API_CFN_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
77+
iniset $HEAT_API_CFN_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
78+
iniset $HEAT_API_CFN_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
79+
iniset $HEAT_API_CFN_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
80+
iniset $HEAT_API_CFN_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
81+
iniset $HEAT_API_CFN_CONF keystone_authtoken admin_user heat
82+
iniset $HEAT_API_CFN_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
83+
iniset $HEAT_API_CFN_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR/api-cfn
7684

7785
iniset_rpc_backend heat $HEAT_API_CFN_CONF DEFAULT
7886

7987
HEAT_API_CFN_PASTE_INI=$HEAT_CONF_DIR/heat-api-cfn-paste.ini
8088
cp $HEAT_DIR/etc/heat/heat-api-cfn-paste.ini $HEAT_API_CFN_PASTE_INI
81-
iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
82-
iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
83-
iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
84-
iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
85-
iniset $HEAT_API_CFN_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
86-
iniset $HEAT_API_CFN_PASTE_INI filter:authtoken admin_user heat
87-
iniset $HEAT_API_CFN_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
8889
iniset $HEAT_API_CFN_PASTE_INI filter:ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
8990
iniset $HEAT_API_CFN_PASTE_INI filter:ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
9091

@@ -96,18 +97,19 @@ function configure_heat() {
9697
iniset $HEAT_API_CONF DEFAULT use_syslog $SYSLOG
9798
iniset $HEAT_API_CONF DEFAULT bind_host $HEAT_API_HOST
9899
iniset $HEAT_API_CONF DEFAULT bind_port $HEAT_API_PORT
100+
iniset $HEAT_API_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
101+
iniset $HEAT_API_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
102+
iniset $HEAT_API_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
103+
iniset $HEAT_API_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
104+
iniset $HEAT_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
105+
iniset $HEAT_API_CONF keystone_authtoken admin_user heat
106+
iniset $HEAT_API_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
107+
iniset $HEAT_API_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR/api
99108

100109
iniset_rpc_backend heat $HEAT_API_CONF DEFAULT
101110

102111
HEAT_API_PASTE_INI=$HEAT_CONF_DIR/heat-api-paste.ini
103112
cp $HEAT_DIR/etc/heat/heat-api-paste.ini $HEAT_API_PASTE_INI
104-
iniset $HEAT_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
105-
iniset $HEAT_API_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
106-
iniset $HEAT_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
107-
iniset $HEAT_API_PASTE_INI filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
108-
iniset $HEAT_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
109-
iniset $HEAT_API_PASTE_INI filter:authtoken admin_user heat
110-
iniset $HEAT_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
111113
iniset $HEAT_API_PASTE_INI filter:ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
112114
iniset $HEAT_API_PASTE_INI filter:ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
113115

@@ -135,18 +137,19 @@ function configure_heat() {
135137
iniset $HEAT_API_CW_CONF DEFAULT use_syslog $SYSLOG
136138
iniset $HEAT_API_CW_CONF DEFAULT bind_host $HEAT_API_CW_HOST
137139
iniset $HEAT_API_CW_CONF DEFAULT bind_port $HEAT_API_CW_PORT
140+
iniset $HEAT_API_CW_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
141+
iniset $HEAT_API_CW_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
142+
iniset $HEAT_API_CW_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
143+
iniset $HEAT_API_CW_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
144+
iniset $HEAT_API_CW_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
145+
iniset $HEAT_API_CW_CONF keystone_authtoken admin_user heat
146+
iniset $HEAT_API_CW_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
147+
iniset $HEAT_API_CW_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR/api-cloudwatch
138148

139149
iniset_rpc_backend heat $HEAT_API_CW_CONF DEFAULT
140150

141151
HEAT_API_CW_PASTE_INI=$HEAT_CONF_DIR/heat-api-cloudwatch-paste.ini
142152
cp $HEAT_DIR/etc/heat/heat-api-cloudwatch-paste.ini $HEAT_API_CW_PASTE_INI
143-
iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
144-
iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
145-
iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
146-
iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
147-
iniset $HEAT_API_CW_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
148-
iniset $HEAT_API_CW_PASTE_INI filter:authtoken admin_user heat
149-
iniset $HEAT_API_CW_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
150153
iniset $HEAT_API_CW_PASTE_INI filter:ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
151154
iniset $HEAT_API_CW_PASTE_INI filter:ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
152155
}
@@ -159,6 +162,18 @@ function init_heat() {
159162

160163
$HEAT_DIR/bin/heat-db-setup $os_PACKAGE -r $DATABASE_PASSWORD
161164
$HEAT_DIR/tools/nova_create_flavors.sh
165+
create_heat_cache_dir
166+
}
167+
168+
# create_heat_cache_dir() - Part of the init_heat() process
169+
function create_heat_cache_dir() {
170+
# Create cache dirs
171+
sudo mkdir -p $HEAT_AUTH_CACHE_DIR/api
172+
sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR/api
173+
sudo mkdir -p $HEAT_AUTH_CACHE_DIR/api-cfn
174+
sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR/api-cfn
175+
sudo mkdir -p $HEAT_AUTH_CACHE_DIR/api-cloudwatch
176+
sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR/api-cloudwatch
162177
}
163178

164179
# install_heatclient() - Collect source and prepare

stack.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -643,6 +643,7 @@ fi
643643
if is_service_enabled heat; then
644644
install_heat
645645
install_heatclient
646+
cleanup_heat
646647
configure_heat
647648
configure_heatclient
648649
fi

0 commit comments

Comments
 (0)