This reverts commit ef5ebed6c9ca3d9d47fd2a732a1542555a0f65ba.
The problem here is a backwards-incompatible change to
configure_auth_token_middleware. Plugins are still passing a
"signing_dir" which is interpreted now as the "section" argument
... this leads to an interesting red-herring issue; because "v" is a
gnu sed command for checking the version, a signing_dir of "/var/..."
(as done in most plugins) gives the weird error:
sed: -e expression #1, char 32: expected newer version of sed
I think we'll either need a new function, or dummy arguments to get
this back in.
Change-Id: I2098d4eb2747282622cf486fa7dbf216f932f58b
... | ... |
@@ -51,6 +51,7 @@ else |
51 | 51 |
fi |
52 | 52 |
|
53 | 53 |
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder} |
54 |
+CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder} |
|
54 | 55 |
|
55 | 56 |
CINDER_CONF_DIR=/etc/cinder |
56 | 57 |
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf |
... | ... |
@@ -224,8 +225,9 @@ function configure_cinder { |
224 | 224 |
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name |
225 | 225 |
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_user |
226 | 226 |
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password |
227 |
+ inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir |
|
227 | 228 |
|
228 |
- configure_auth_token_middleware $CINDER_CONF cinder |
|
229 |
+ configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR |
|
229 | 230 |
|
230 | 231 |
iniset $CINDER_CONF DEFAULT auth_strategy keystone |
231 | 232 |
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL |
... | ... |
@@ -383,6 +385,13 @@ function create_cinder_accounts { |
383 | 383 |
fi |
384 | 384 |
} |
385 | 385 |
|
386 |
+# create_cinder_cache_dir() - Part of the init_cinder() process |
|
387 |
+function create_cinder_cache_dir { |
|
388 |
+ # Create cache dir |
|
389 |
+ sudo install -d -o $STACK_USER $CINDER_AUTH_CACHE_DIR |
|
390 |
+ rm -f $CINDER_AUTH_CACHE_DIR/* |
|
391 |
+} |
|
392 |
+ |
|
386 | 393 |
# init_cinder() - Initialize database and volume group |
387 | 394 |
function init_cinder { |
388 | 395 |
if is_service_enabled $DATABASE_BACKENDS; then |
... | ... |
@@ -411,6 +420,7 @@ function init_cinder { |
411 | 411 |
fi |
412 | 412 |
|
413 | 413 |
mkdir -p $CINDER_STATE_PATH/volumes |
414 |
+ create_cinder_cache_dir |
|
414 | 415 |
} |
415 | 416 |
|
416 | 417 |
# install_cinder() - Collect source and prepare |
... | ... |
@@ -44,6 +44,7 @@ fi |
44 | 44 |
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache} |
45 | 45 |
GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images} |
46 | 46 |
GLANCE_LOCK_DIR=${GLANCE_LOCK_DIR:=$DATA_DIR/glance/locks} |
47 |
+GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance} |
|
47 | 48 |
|
48 | 49 |
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance} |
49 | 50 |
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs |
... | ... |
@@ -97,7 +98,7 @@ function is_glance_enabled { |
97 | 97 |
function cleanup_glance { |
98 | 98 |
# kill instances (nova) |
99 | 99 |
# delete image files (glance) |
100 |
- sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR |
|
100 |
+ sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR |
|
101 | 101 |
} |
102 | 102 |
|
103 | 103 |
# configure_glance() - Set config files, create data dirs, etc |
... | ... |
@@ -114,7 +115,7 @@ function configure_glance { |
114 | 114 |
iniset $GLANCE_REGISTRY_CONF database connection $dburl |
115 | 115 |
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG |
116 | 116 |
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone |
117 |
- configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance |
|
117 |
+ configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry |
|
118 | 118 |
iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2 |
119 | 119 |
iniset_rpc_backend glance $GLANCE_REGISTRY_CONF |
120 | 120 |
iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT" |
... | ... |
@@ -126,7 +127,7 @@ function configure_glance { |
126 | 126 |
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ |
127 | 127 |
iniset $GLANCE_API_CONF DEFAULT lock_path $GLANCE_LOCK_DIR |
128 | 128 |
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement |
129 |
- configure_auth_token_middleware $GLANCE_API_CONF glance |
|
129 |
+ configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api |
|
130 | 130 |
iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2 |
131 | 131 |
iniset_rpc_backend glance $GLANCE_API_CONF |
132 | 132 |
if [ "$VIRT_DRIVER" = 'xenserver' ]; then |
... | ... |
@@ -278,6 +279,13 @@ function create_glance_accounts { |
278 | 278 |
fi |
279 | 279 |
} |
280 | 280 |
|
281 |
+# create_glance_cache_dir() - Part of the init_glance() process |
|
282 |
+function create_glance_cache_dir { |
|
283 |
+ # Create cache dir |
|
284 |
+ sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search $GLANCE_AUTH_CACHE_DIR/artifact |
|
285 |
+ rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/* $GLANCE_AUTH_CACHE_DIR/artifact/* |
|
286 |
+} |
|
287 |
+ |
|
281 | 288 |
# init_glance() - Initialize databases, etc. |
282 | 289 |
function init_glance { |
283 | 290 |
# Delete existing images |
... | ... |
@@ -298,6 +306,8 @@ function init_glance { |
298 | 298 |
# Load metadata definitions |
299 | 299 |
$GLANCE_BIN_DIR/glance-manage --config-file $GLANCE_CONF_DIR/glance-api.conf db_load_metadefs |
300 | 300 |
time_stop "dbsync" |
301 |
+ |
|
302 |
+ create_glance_cache_dir |
|
301 | 303 |
} |
302 | 304 |
|
303 | 305 |
# install_glanceclient() - Collect source and prepare |
... | ... |
@@ -429,7 +429,7 @@ function create_service_user { |
429 | 429 |
|
430 | 430 |
# Configure the service to use the auth token middleware. |
431 | 431 |
# |
432 |
-# configure_auth_token_middleware conf_file admin_user [section] |
|
432 |
+# configure_auth_token_middleware conf_file admin_user signing_dir [section] |
|
433 | 433 |
# |
434 | 434 |
# section defaults to keystone_authtoken, which is where auth_token looks in |
435 | 435 |
# the .conf file. If the paste config file is used (api-paste.ini) then |
... | ... |
@@ -437,7 +437,8 @@ function create_service_user { |
437 | 437 |
function configure_auth_token_middleware { |
438 | 438 |
local conf_file=$1 |
439 | 439 |
local admin_user=$2 |
440 |
- local section=${3:-keystone_authtoken} |
|
440 |
+ local signing_dir=$3 |
|
441 |
+ local section=${4:-keystone_authtoken} |
|
441 | 442 |
|
442 | 443 |
iniset $conf_file $section auth_type password |
443 | 444 |
iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI |
... | ... |
@@ -448,6 +449,7 @@ function configure_auth_token_middleware { |
448 | 448 |
iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME" |
449 | 449 |
|
450 | 450 |
iniset $conf_file $section cafile $SSL_BUNDLE_FILE |
451 |
+ iniset $conf_file $section signing_dir $signing_dir |
|
451 | 452 |
iniset $conf_file $section memcached_servers localhost:11211 |
452 | 453 |
} |
453 | 454 |
|
... | ... |
@@ -30,6 +30,7 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient |
30 | 30 |
|
31 | 31 |
NEUTRON_AGENT=${NEUTRON_AGENT:-openvswitch} |
32 | 32 |
NEUTRON_DIR=$DEST/neutron |
33 |
+NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron} |
|
33 | 34 |
|
34 | 35 |
NEUTRON_BIN_DIR=$(get_python_exec_prefix) |
35 | 36 |
NEUTRON_DHCP_BINARY="neutron-dhcp-agent" |
... | ... |
@@ -43,6 +44,7 @@ NEUTRON_L3_CONF=$NEUTRON_CONF_DIR/l3_agent.ini |
43 | 43 |
NEUTRON_AGENT_CONF=$NEUTRON_CONF_DIR/ |
44 | 44 |
|
45 | 45 |
NEUTRON_STATE_PATH=${NEUTRON_STATE_PATH:=$DATA_DIR/neutron} |
46 |
+NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron} |
|
46 | 47 |
|
47 | 48 |
# By default, use the ML2 plugin |
48 | 49 |
NEUTRON_CORE_PLUGIN=${NEUTRON_CORE_PLUGIN:-ml2} |
... | ... |
@@ -173,8 +175,8 @@ function configure_neutron_new { |
173 | 173 |
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips True |
174 | 174 |
|
175 | 175 |
iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY |
176 |
- configure_auth_token_middleware $NEUTRON_CONF neutron keystone_authtoken |
|
177 |
- configure_auth_token_middleware $NEUTRON_CONF nova nova |
|
176 |
+ configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken |
|
177 |
+ configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova |
|
178 | 178 |
|
179 | 179 |
# Configure VXLAN |
180 | 180 |
# TODO(sc68cal) not hardcode? |
... | ... |
@@ -248,7 +250,7 @@ function configure_neutron_new { |
248 | 248 |
|
249 | 249 |
# TODO(dtroyer): remove the v2.0 hard code below |
250 | 250 |
iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI |
251 |
- configure_auth_token_middleware $NEUTRON_META_CONF neutron DEFAULT |
|
251 |
+ configure_auth_token_middleware $NEUTRON_META_CONF neutron $NEUTRON_AUTH_CACHE_DIR DEFAULT |
|
252 | 252 |
fi |
253 | 253 |
|
254 | 254 |
# Format logging |
... | ... |
@@ -335,6 +337,13 @@ function create_neutron_accounts_new { |
335 | 335 |
fi |
336 | 336 |
} |
337 | 337 |
|
338 |
+# create_neutron_cache_dir() - Part of the init_neutron() process |
|
339 |
+function create_neutron_cache_dir { |
|
340 |
+ # Create cache dir |
|
341 |
+ sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR |
|
342 |
+ rm -f $NEUTRON_AUTH_CACHE_DIR/* |
|
343 |
+} |
|
344 |
+ |
|
338 | 345 |
# init_neutron() - Initialize databases, etc. |
339 | 346 |
function init_neutron_new { |
340 | 347 |
|
... | ... |
@@ -344,6 +353,8 @@ function init_neutron_new { |
344 | 344 |
# Run Neutron db migrations |
345 | 345 |
$NEUTRON_BIN_DIR/neutron-db-manage upgrade heads |
346 | 346 |
time_stop "dbsync" |
347 |
+ |
|
348 |
+ create_neutron_cache_dir |
|
347 | 349 |
} |
348 | 350 |
|
349 | 351 |
# install_neutron() - Collect source and prepare |
... | ... |
@@ -73,6 +73,7 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient |
73 | 73 |
|
74 | 74 |
NEUTRON_DIR=$DEST/neutron |
75 | 75 |
NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas |
76 |
+NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron} |
|
76 | 77 |
|
77 | 78 |
# Support entry points installation of console scripts |
78 | 79 |
if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then |
... | ... |
@@ -814,7 +815,7 @@ function _configure_neutron_service { |
814 | 814 |
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES |
815 | 815 |
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES |
816 | 816 |
|
817 |
- configure_auth_token_middleware $NEUTRON_CONF nova nova |
|
817 |
+ configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova |
|
818 | 818 |
|
819 | 819 |
# Configure plugin |
820 | 820 |
neutron_plugin_configure_service |
... | ... |
@@ -905,7 +906,8 @@ function _neutron_setup_keystone { |
905 | 905 |
local conf_file=$1 |
906 | 906 |
local section=$2 |
907 | 907 |
|
908 |
- configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $section |
|
908 |
+ create_neutron_cache_dir |
|
909 |
+ configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section |
|
909 | 910 |
} |
910 | 911 |
|
911 | 912 |
function _neutron_setup_interface_driver { |
... | ... |
@@ -46,6 +46,7 @@ fi |
46 | 46 |
NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova} |
47 | 47 |
# INSTANCES_PATH is the previous name for this |
48 | 48 |
NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}} |
49 |
+NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova} |
|
49 | 50 |
|
50 | 51 |
NOVA_CONF_DIR=/etc/nova |
51 | 52 |
NOVA_CONF=$NOVA_CONF_DIR/nova.conf |
... | ... |
@@ -239,7 +240,7 @@ function cleanup_nova { |
239 | 239 |
sudo rm -rf $NOVA_INSTANCES_PATH/* |
240 | 240 |
fi |
241 | 241 |
|
242 |
- sudo rm -rf $NOVA_STATE_PATH |
|
242 |
+ sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR |
|
243 | 243 |
|
244 | 244 |
# NOTE(dtroyer): This really should be called from here but due to the way |
245 | 245 |
# nova abuses the _cleanup() function we're moving it |
... | ... |
@@ -463,7 +464,7 @@ function create_nova_conf { |
463 | 463 |
iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT |
464 | 464 |
fi |
465 | 465 |
|
466 |
- configure_auth_token_middleware $NOVA_CONF nova |
|
466 |
+ configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR |
|
467 | 467 |
fi |
468 | 468 |
|
469 | 469 |
if is_service_enabled cinder; then |
... | ... |
@@ -657,6 +658,13 @@ function init_nova_cells { |
657 | 657 |
fi |
658 | 658 |
} |
659 | 659 |
|
660 |
+# create_nova_cache_dir() - Part of the init_nova() process |
|
661 |
+function create_nova_cache_dir { |
|
662 |
+ # Create cache dir |
|
663 |
+ sudo install -d -o $STACK_USER $NOVA_AUTH_CACHE_DIR |
|
664 |
+ rm -f $NOVA_AUTH_CACHE_DIR/* |
|
665 |
+} |
|
666 |
+ |
|
660 | 667 |
function create_nova_conf_nova_network { |
661 | 668 |
local public_interface=${PUBLIC_INTERFACE:-$PUBLIC_INTERFACE_DEFAULT} |
662 | 669 |
iniset $NOVA_CONF DEFAULT network_manager "nova.network.manager.$NETWORK_MANAGER" |
... | ... |
@@ -714,6 +722,7 @@ function init_nova { |
714 | 714 |
done |
715 | 715 |
fi |
716 | 716 |
|
717 |
+ create_nova_cache_dir |
|
717 | 718 |
create_nova_keys_dir |
718 | 719 |
|
719 | 720 |
if [[ "$NOVA_BACKEND" == "LVM" ]]; then |
... | ... |
@@ -48,6 +48,7 @@ fi |
48 | 48 |
|
49 | 49 |
|
50 | 50 |
SWIFT_DIR=$DEST/swift |
51 |
+SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift} |
|
51 | 52 |
SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift} |
52 | 53 |
SWIFT3_DIR=$DEST/swift3 |
53 | 54 |
|
... | ... |
@@ -449,7 +450,7 @@ function configure_swift { |
449 | 449 |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift |
450 | 450 |
|
451 | 451 |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory |
452 |
- configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift filter:authtoken |
|
452 |
+ configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken |
|
453 | 453 |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1 |
454 | 454 |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache |
455 | 455 |
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False |
... | ... |
@@ -744,6 +745,10 @@ function init_swift { |
744 | 744 |
swift-ring-builder container.builder rebalance 42 |
745 | 745 |
swift-ring-builder account.builder rebalance 42 |
746 | 746 |
} && popd >/dev/null |
747 |
+ |
|
748 |
+ # Create cache dir |
|
749 |
+ sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR |
|
750 |
+ rm -f $SWIFT_AUTH_CACHE_DIR/* |
|
747 | 751 |
} |
748 | 752 |
|
749 | 753 |
function install_swift { |