Browse code
Use keystone wsgi_scripts
Devstack was setting up a separate directory and copying
http/keystone.py into it for the admin and public endpoints.
Keystone now defines wsgi_scripts entrypoints so that
keystone-wsgi-admin and keystone-wsgi-public are created on
install so devstack can reference these files instead.
See http://httpd.apache.org/docs/2.4/upgrading.html#access for
the apache docs with examples for the Allow|Deny/Require
directives.
Depends-On: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
Change-Id: Ided688be62b64066d90776313c963ec5016363f2
Brant Knudson authored on 2015/06/24 00:53:50Showing 2 changed files
| ... | ... |
@@ -5,7 +5,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
|
| 5 | 5 |
<VirtualHost *:%PUBLICPORT%> |
| 6 | 6 |
WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
|
| 7 | 7 |
WSGIProcessGroup keystone-public |
| 8 |
- WSGIScriptAlias / %PUBLICWSGI% |
|
| 8 |
+ WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public |
|
| 9 | 9 |
WSGIApplicationGroup %{GLOBAL}
|
| 10 | 10 |
WSGIPassAuthorization On |
| 11 | 11 |
<IfVersion >= 2.4> |
| ... | ... |
@@ -16,12 +16,22 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
|
| 16 | 16 |
%SSLENGINE% |
| 17 | 17 |
%SSLCERTFILE% |
| 18 | 18 |
%SSLKEYFILE% |
| 19 |
+ |
|
| 20 |
+ <Directory %KEYSTONE_BIN%> |
|
| 21 |
+ <IfVersion >= 2.4> |
|
| 22 |
+ Require all granted |
|
| 23 |
+ </IfVersion> |
|
| 24 |
+ <IfVersion < 2.4> |
|
| 25 |
+ Order allow,deny |
|
| 26 |
+ Allow from all |
|
| 27 |
+ </IfVersion> |
|
| 28 |
+ </Directory> |
|
| 19 | 29 |
</VirtualHost> |
| 20 | 30 |
|
| 21 | 31 |
<VirtualHost *:%ADMINPORT%> |
| 22 | 32 |
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
|
| 23 | 33 |
WSGIProcessGroup keystone-admin |
| 24 |
- WSGIScriptAlias / %ADMINWSGI% |
|
| 34 |
+ WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin |
|
| 25 | 35 |
WSGIApplicationGroup %{GLOBAL}
|
| 26 | 36 |
WSGIPassAuthorization On |
| 27 | 37 |
<IfVersion >= 2.4> |
| ... | ... |
@@ -32,6 +42,16 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
|
| 32 | 32 |
%SSLENGINE% |
| 33 | 33 |
%SSLCERTFILE% |
| 34 | 34 |
%SSLKEYFILE% |
| 35 |
+ |
|
| 36 |
+ <Directory %KEYSTONE_BIN%> |
|
| 37 |
+ <IfVersion >= 2.4> |
|
| 38 |
+ Require all granted |
|
| 39 |
+ </IfVersion> |
|
| 40 |
+ <IfVersion < 2.4> |
|
| 41 |
+ Order allow,deny |
|
| 42 |
+ Allow from all |
|
| 43 |
+ </IfVersion> |
|
| 44 |
+ </Directory> |
|
| 35 | 45 |
</VirtualHost> |
| 36 | 46 |
|
| 37 | 47 |
Alias /identity %PUBLICWSGI% |
| ... | ... |
@@ -51,11 +51,6 @@ fi |
| 51 | 51 |
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
|
| 52 | 52 |
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf |
| 53 | 53 |
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
|
| 54 |
-if is_suse; then |
|
| 55 |
- KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/srv/www/htdocs/keystone}
|
|
| 56 |
-else |
|
| 57 |
- KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone}
|
|
| 58 |
-fi |
|
| 59 | 54 |
|
| 60 | 55 |
# Set up additional extensions, such as oauth1, federation |
| 61 | 56 |
# Example of KEYSTONE_EXTENSIONS=oauth1,federation |
| ... | ... |
@@ -132,14 +127,11 @@ function cleanup_keystone {
|
| 132 | 132 |
|
| 133 | 133 |
# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file |
| 134 | 134 |
function _cleanup_keystone_apache_wsgi {
|
| 135 |
- sudo rm -f $KEYSTONE_WSGI_DIR/* |
|
| 136 | 135 |
sudo rm -f $(apache_site_config_for keystone) |
| 137 | 136 |
} |
| 138 | 137 |
|
| 139 | 138 |
# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone |
| 140 | 139 |
function _config_keystone_apache_wsgi {
|
| 141 |
- sudo mkdir -p $KEYSTONE_WSGI_DIR |
|
| 142 |
- |
|
| 143 | 140 |
local keystone_apache_conf=$(apache_site_config_for keystone) |
| 144 | 141 |
local keystone_ssl="" |
| 145 | 142 |
local keystone_certfile="" |
| ... | ... |
@@ -161,22 +153,17 @@ function _config_keystone_apache_wsgi {
|
| 161 | 161 |
venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages"
|
| 162 | 162 |
fi |
| 163 | 163 |
|
| 164 |
- # copy proxy vhost and wsgi file |
|
| 165 |
- sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main |
|
| 166 |
- sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin |
|
| 167 |
- |
|
| 168 | 164 |
sudo cp $FILES/apache-keystone.template $keystone_apache_conf |
| 169 | 165 |
sudo sed -e " |
| 170 | 166 |
s|%PUBLICPORT%|$keystone_service_port|g; |
| 171 | 167 |
s|%ADMINPORT%|$keystone_auth_port|g; |
| 172 | 168 |
s|%APACHE_NAME%|$APACHE_NAME|g; |
| 173 |
- s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g; |
|
| 174 |
- s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g; |
|
| 175 | 169 |
s|%SSLENGINE%|$keystone_ssl|g; |
| 176 | 170 |
s|%SSLCERTFILE%|$keystone_certfile|g; |
| 177 | 171 |
s|%SSLKEYFILE%|$keystone_keyfile|g; |
| 178 | 172 |
s|%USER%|$STACK_USER|g; |
| 179 | 173 |
s|%VIRTUALENV%|$venv_path|g |
| 174 |
+ s|%KEYSTONE_BIN%|$KEYSTONE_BIN_DIR|g |
|
| 180 | 175 |
" -i $keystone_apache_conf |
| 181 | 176 |
} |
| 182 | 177 |
|