Browse code
Merge "Try to remove /identity_admin"
Jenkins authored on 2017/05/02 08:05:39Showing 2 changed files
| ... | ... |
@@ -113,8 +113,9 @@ if is_service_enabled tls-proxy; then |
| 113 | 113 |
KEYSTONE_SERVICE_PROTOCOL="https" |
| 114 | 114 |
fi |
| 115 | 115 |
|
| 116 |
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_admin
|
|
| 117 | 116 |
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
|
| 117 |
+# for compat |
|
| 118 |
+KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI |
|
| 118 | 119 |
|
| 119 | 120 |
# V3 URIs |
| 120 | 121 |
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3 |
| ... | ... |
@@ -141,6 +142,7 @@ function is_keystone_enabled {
|
| 141 | 141 |
# runs that a clean run would need to clean up |
| 142 | 142 |
function cleanup_keystone {
|
| 143 | 143 |
if [[ "$WSGI_MODE" == "uwsgi" ]]; then |
| 144 |
+ # TODO: remove admin at pike-2 |
|
| 144 | 145 |
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" |
| 145 | 146 |
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" |
| 146 | 147 |
sudo rm -f $(apache_site_config_for keystone-wsgi-public) |
| ... | ... |
@@ -543,11 +545,7 @@ function start_keystone {
|
| 543 | 543 |
tail_log key /var/log/$APACHE_NAME/keystone.log |
| 544 | 544 |
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log |
| 545 | 545 |
else # uwsgi |
| 546 |
- # TODO(sdague): we should really get down to a single keystone here |
|
| 547 |
- enable_service key-p |
|
| 548 |
- enable_service key-a |
|
| 549 |
- run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" "" |
|
| 550 |
- run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" "" |
|
| 546 |
+ run_process keystone "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" "" |
|
| 551 | 547 |
fi |
| 552 | 548 |
|
| 553 | 549 |
echo "Waiting for keystone to start..." |
| ... | ... |
@@ -578,9 +576,9 @@ function stop_keystone {
|
| 578 | 578 |
disable_apache_site keystone |
| 579 | 579 |
restart_apache_server |
| 580 | 580 |
else |
| 581 |
- stop_process key-p |
|
| 582 |
- stop_process key-a |
|
| 581 |
+ stop_process keystone |
|
| 583 | 582 |
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" |
| 583 |
+ # TODO(remove in at pike-2) |
|
| 584 | 584 |
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" |
| 585 | 585 |
fi |
| 586 | 586 |
# Kill the Keystone screen window |
| ... | ... |
@@ -279,6 +279,10 @@ function configure_tempest {
|
| 279 | 279 |
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False |
| 280 | 280 |
fi |
| 281 | 281 |
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
|
| 282 |
+ if [[ "$TEMPEST_AUTH_VERSION" != "v2.0" ]]; then |
|
| 283 |
+ # we're going to disable v2 admin unless we're using v2.0 by default. |
|
| 284 |
+ iniset $TEMPEST_CONFIG identity-feature-enabled api_v2_admin False |
|
| 285 |
+ fi |
|
| 282 | 286 |
|
| 283 | 287 |
if is_service_enabled tls-proxy; then |
| 284 | 288 |
iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE |