Browse code
Use nova.conf for auth_token configs.
Updates lib/nova so that we use the application config file (nova.conf)
instead of the Nova api-paste.ini config file.
Related-Bug #1240753
Change-Id: I393a67f1f005e775928130c9241aa7e25c391ae3
Dan Prince authored on 2013/10/17 06:48:16Showing 1 changed files
| ... | ... |
@@ -212,26 +212,24 @@ function configure_nova() {
|
| 212 | 212 |
configure_nova_rootwrap |
| 213 | 213 |
|
| 214 | 214 |
if is_service_enabled n-api; then |
| 215 |
- # Use the sample http middleware configuration supplied in the |
|
| 216 |
- # Nova sources. This paste config adds the configuration required |
|
| 217 |
- # for Nova to validate Keystone tokens. |
|
| 218 |
- |
|
| 219 | 215 |
# Remove legacy paste config if present |
| 220 | 216 |
rm -f $NOVA_DIR/bin/nova-api-paste.ini |
| 221 | 217 |
|
| 222 | 218 |
# Get the sample configuration file in place |
| 223 | 219 |
cp $NOVA_DIR/etc/nova/api-paste.ini $NOVA_CONF_DIR |
| 224 | 220 |
|
| 225 |
- iniset $NOVA_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 221 |
+ # Comment out the keystone configs in Nova's api-paste.ini. |
|
| 222 |
+ # We are using nova.conf to configure this instead. |
|
| 223 |
+ inicomment $NOVA_API_PASTE_INI filter:authtoken auth_host |
|
| 226 | 224 |
if is_service_enabled tls-proxy; then |
| 227 |
- iniset $NOVA_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 225 |
+ inicomment $NOVA_API_PASTE_INI filter:authtoken auth_protocol |
|
| 228 | 226 |
fi |
| 229 |
- iniset $NOVA_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
| 230 |
- iniset $NOVA_API_PASTE_INI filter:authtoken admin_user nova |
|
| 231 |
- iniset $NOVA_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD |
|
| 227 |
+ inicomment $NOVA_API_PASTE_INI filter:authtoken admin_tenant_name |
|
| 228 |
+ inicomment $NOVA_API_PASTE_INI filter:authtoken admin_user |
|
| 229 |
+ inicomment $NOVA_API_PASTE_INI filter:authtoken admin_password |
|
| 232 | 230 |
fi |
| 233 | 231 |
|
| 234 |
- iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR |
|
| 232 |
+ inicomment $NOVA_API_PASTE_INI filter:authtoken signing_dir |
|
| 235 | 233 |
|
| 236 | 234 |
if is_service_enabled n-cpu; then |
| 237 | 235 |
# Force IP forwarding on, just on case |
| ... | ... |
@@ -394,7 +392,20 @@ function create_nova_conf() {
|
| 394 | 394 |
# Set the service port for a proxy to take the original |
| 395 | 395 |
iniset $NOVA_CONF DEFAULT osapi_compute_listen_port "$NOVA_SERVICE_PORT_INT" |
| 396 | 396 |
fi |
| 397 |
+ |
|
| 398 |
+ # Add keystone authtoken configuration |
|
| 399 |
+ |
|
| 400 |
+ iniset $NOVA_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
| 401 |
+ if is_service_enabled tls-proxy; then |
|
| 402 |
+ iniset $NOVA_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
| 403 |
+ fi |
|
| 404 |
+ iniset $NOVA_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
| 405 |
+ iniset $NOVA_CONF keystone_authtoken admin_user nova |
|
| 406 |
+ iniset $NOVA_CONF keystone_authtoken admin_password $SERVICE_PASSWORD |
|
| 397 | 407 |
fi |
| 408 |
+ |
|
| 409 |
+ iniset $NOVA_CONF keystone_authtoken signing_dir $NOVA_AUTH_CACHE_DIR |
|
| 410 |
+ |
|
| 398 | 411 |
if is_service_enabled cinder; then |
| 399 | 412 |
iniset $NOVA_CONF DEFAULT volume_api_class "nova.volume.cinder.API" |
| 400 | 413 |
fi |