Devstack was setting up a separate directory and copying
http/keystone.py into it for the admin and public endpoints.
Keystone now defines wsgi_scripts entrypoints so that
keystone-wsgi-admin and keystone-wsgi-public are created on
install so devstack can reference these files instead.
See http://httpd.apache.org/docs/2.4/upgrading.html#access for
the apache docs with examples for the Allow|Deny/Require
directives.
Depends-On: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
Change-Id: Ided688be62b64066d90776313c963ec5016363f2
... | ... |
@@ -5,7 +5,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" |
5 | 5 |
<VirtualHost *:%PUBLICPORT%> |
6 | 6 |
WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV% |
7 | 7 |
WSGIProcessGroup keystone-public |
8 |
- WSGIScriptAlias / %PUBLICWSGI% |
|
8 |
+ WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public |
|
9 | 9 |
WSGIApplicationGroup %{GLOBAL} |
10 | 10 |
WSGIPassAuthorization On |
11 | 11 |
<IfVersion >= 2.4> |
... | ... |
@@ -16,12 +16,22 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" |
16 | 16 |
%SSLENGINE% |
17 | 17 |
%SSLCERTFILE% |
18 | 18 |
%SSLKEYFILE% |
19 |
+ |
|
20 |
+ <Directory %KEYSTONE_BIN%> |
|
21 |
+ <IfVersion >= 2.4> |
|
22 |
+ Require all granted |
|
23 |
+ </IfVersion> |
|
24 |
+ <IfVersion < 2.4> |
|
25 |
+ Order allow,deny |
|
26 |
+ Allow from all |
|
27 |
+ </IfVersion> |
|
28 |
+ </Directory> |
|
19 | 29 |
</VirtualHost> |
20 | 30 |
|
21 | 31 |
<VirtualHost *:%ADMINPORT%> |
22 | 32 |
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV% |
23 | 33 |
WSGIProcessGroup keystone-admin |
24 |
- WSGIScriptAlias / %ADMINWSGI% |
|
34 |
+ WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin |
|
25 | 35 |
WSGIApplicationGroup %{GLOBAL} |
26 | 36 |
WSGIPassAuthorization On |
27 | 37 |
<IfVersion >= 2.4> |
... | ... |
@@ -32,6 +42,16 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" |
32 | 32 |
%SSLENGINE% |
33 | 33 |
%SSLCERTFILE% |
34 | 34 |
%SSLKEYFILE% |
35 |
+ |
|
36 |
+ <Directory %KEYSTONE_BIN%> |
|
37 |
+ <IfVersion >= 2.4> |
|
38 |
+ Require all granted |
|
39 |
+ </IfVersion> |
|
40 |
+ <IfVersion < 2.4> |
|
41 |
+ Order allow,deny |
|
42 |
+ Allow from all |
|
43 |
+ </IfVersion> |
|
44 |
+ </Directory> |
|
35 | 45 |
</VirtualHost> |
36 | 46 |
|
37 | 47 |
Alias /identity %PUBLICWSGI% |
... | ... |
@@ -51,11 +51,6 @@ fi |
51 | 51 |
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone} |
52 | 52 |
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf |
53 | 53 |
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini} |
54 |
-if is_suse; then |
|
55 |
- KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/srv/www/htdocs/keystone} |
|
56 |
-else |
|
57 |
- KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone} |
|
58 |
-fi |
|
59 | 54 |
|
60 | 55 |
# Set up additional extensions, such as oauth1, federation |
61 | 56 |
# Example of KEYSTONE_EXTENSIONS=oauth1,federation |
... | ... |
@@ -132,14 +127,11 @@ function cleanup_keystone { |
132 | 132 |
|
133 | 133 |
# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file |
134 | 134 |
function _cleanup_keystone_apache_wsgi { |
135 |
- sudo rm -f $KEYSTONE_WSGI_DIR/* |
|
136 | 135 |
sudo rm -f $(apache_site_config_for keystone) |
137 | 136 |
} |
138 | 137 |
|
139 | 138 |
# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone |
140 | 139 |
function _config_keystone_apache_wsgi { |
141 |
- sudo mkdir -p $KEYSTONE_WSGI_DIR |
|
142 |
- |
|
143 | 140 |
local keystone_apache_conf=$(apache_site_config_for keystone) |
144 | 141 |
local keystone_ssl="" |
145 | 142 |
local keystone_certfile="" |
... | ... |
@@ -161,22 +153,17 @@ function _config_keystone_apache_wsgi { |
161 | 161 |
venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages" |
162 | 162 |
fi |
163 | 163 |
|
164 |
- # copy proxy vhost and wsgi file |
|
165 |
- sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main |
|
166 |
- sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin |
|
167 |
- |
|
168 | 164 |
sudo cp $FILES/apache-keystone.template $keystone_apache_conf |
169 | 165 |
sudo sed -e " |
170 | 166 |
s|%PUBLICPORT%|$keystone_service_port|g; |
171 | 167 |
s|%ADMINPORT%|$keystone_auth_port|g; |
172 | 168 |
s|%APACHE_NAME%|$APACHE_NAME|g; |
173 |
- s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g; |
|
174 |
- s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g; |
|
175 | 169 |
s|%SSLENGINE%|$keystone_ssl|g; |
176 | 170 |
s|%SSLCERTFILE%|$keystone_certfile|g; |
177 | 171 |
s|%SSLKEYFILE%|$keystone_keyfile|g; |
178 | 172 |
s|%USER%|$STACK_USER|g; |
179 | 173 |
s|%VIRTUALENV%|$venv_path|g |
174 |
+ s|%KEYSTONE_BIN%|$KEYSTONE_BIN_DIR|g |
|
180 | 175 |
" -i $keystone_apache_conf |
181 | 176 |
} |
182 | 177 |
|