@@ -51,7 +51,6 @@ else

 fi

 CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}

-CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}

 CINDER_CONF_DIR=/etc/cinder

 CINDER_CONF=$CINDER_CONF_DIR/cinder.conf

@@ -217,7 +216,7 @@ function configure_cinder {

     inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password

     inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir

-    configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR

+    configure_keystone_authtoken_middleware $CINDER_CONF cinder

     iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL

@@ -314,7 +313,7 @@ function configure_cinder {

     fi

     # Set nova credentials (used for os-assisted-snapshots)

-    configure_auth_token_middleware $CINDER_CONF nova $CINDER_AUTH_CACHE_DIR nova

+    configure_keystone_authtoken_middleware $CINDER_CONF nova nova

     iniset $CINDER_CONF nova region_name "$REGION_NAME"

     iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"

@@ -380,13 +379,6 @@ function create_cinder_accounts {

     fi

 }

-# create_cinder_cache_dir() - Part of the init_cinder() process

-function create_cinder_cache_dir {

-    # Create cache dir

-    sudo install -d -o $STACK_USER $CINDER_AUTH_CACHE_DIR

-    rm -f $CINDER_AUTH_CACHE_DIR/*

-}

-

 # init_cinder() - Initialize database and volume group

 function init_cinder {

     if is_service_enabled $DATABASE_BACKENDS; then

@@ -415,7 +407,6 @@ function init_cinder {

     fi

     mkdir -p $CINDER_STATE_PATH/volumes

-    create_cinder_cache_dir

 }

 # install_cinder() - Collect source and prepare

@@ -44,7 +44,6 @@ fi

 GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}

 GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}

 GLANCE_LOCK_DIR=${GLANCE_LOCK_DIR:=$DATA_DIR/glance/locks}

-GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}

 GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}

 GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs

@@ -97,20 +96,14 @@ function is_glance_enabled {

 # cleanup_glance() - Remove residual data files, anything left over from previous

 # runs that a clean run would need to clean up

 function cleanup_glance {

-    # kill instances (nova)

     # delete image files (glance)

-    sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR $GLANCE_AUTH_CACHE_DIR

+    sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR

 }

 # configure_glance() - Set config files, create data dirs, etc

 function configure_glance {

     sudo install -d -o $STACK_USER $GLANCE_CONF_DIR $GLANCE_METADEF_DIR

-    # We run this here as this configures cache dirs for the auth middleware

-    # which is used in the api server and not in the registry. The api

-    # Server is configured through this function and not init_glance.

-    create_glance_cache_dir

-

     # Set non-default configuration options for registry

     iniset $GLANCE_REGISTRY_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL

     iniset $GLANCE_REGISTRY_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS

@@ -120,7 +113,7 @@ function configure_glance {

     iniset $GLANCE_REGISTRY_CONF database connection $dburl

     iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG

     iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone

-    configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry

+    configure_keystone_authtoken_middleware $GLANCE_REGISTRY_CONF glance

     iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2

     iniset_rpc_backend glance $GLANCE_REGISTRY_CONF

     iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"

@@ -132,7 +125,7 @@ function configure_glance {

     iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/

     iniset $GLANCE_API_CONF oslo_concurrency lock_path $GLANCE_LOCK_DIR

     iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement

-    configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api

+    configure_keystone_authtoken_middleware $GLANCE_API_CONF glance

     iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2

     iniset_rpc_backend glance $GLANCE_API_CONF

     if [ "$VIRT_DRIVER" = 'xenserver' ]; then

@@ -279,23 +272,12 @@ function create_glance_accounts {

     fi

 }

-# create_glance_cache_dir() - Part of the configure_glance() process

-function create_glance_cache_dir {

-    # Create cache dir

-    sudo install -d -o $STACK_USER $GLANCE_AUTH_CACHE_DIR/api $GLANCE_AUTH_CACHE_DIR/registry $GLANCE_AUTH_CACHE_DIR/search $GLANCE_AUTH_CACHE_DIR/artifact

-    rm -f $GLANCE_AUTH_CACHE_DIR/api/* $GLANCE_AUTH_CACHE_DIR/registry/* $GLANCE_AUTH_CACHE_DIR/search/* $GLANCE_AUTH_CACHE_DIR/artifact/*

-}

-

 # init_glance() - Initialize databases, etc.

 function init_glance {

     # Delete existing images

     rm -rf $GLANCE_IMAGE_DIR

     mkdir -p $GLANCE_IMAGE_DIR

-    # Delete existing cache

-    rm -rf $GLANCE_CACHE_DIR

-    mkdir -p $GLANCE_CACHE_DIR

-

     # (Re)create glance database

     recreate_database glance

@@ -397,18 +397,17 @@ function create_service_user {

     fi

 }

-# Configure the service to use the auth token middleware.

+# Configure a service to use the auth token middleware.

 #

-# configure_auth_token_middleware conf_file admin_user signing_dir [section]

+# configure_keystone_authtoken_middleware conf_file admin_user IGNORED [section]

 #

 # section defaults to keystone_authtoken, which is where auth_token looks in

 # the .conf file. If the paste config file is used (api-paste.ini) then

 # provide the section name for the auth_token filter.

-function configure_auth_token_middleware {

+function configure_keystone_authtoken_middleware {

     local conf_file=$1

     local admin_user=$2

-    local signing_dir=$3

-    local section=${4:-keystone_authtoken}

+    local section=${3:-keystone_authtoken}

     iniset $conf_file $section auth_type password

     iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI

@@ -419,10 +418,16 @@ function configure_auth_token_middleware {

     iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"

     iniset $conf_file $section cafile $SSL_BUNDLE_FILE

-    iniset $conf_file $section signing_dir $signing_dir

     iniset $conf_file $section memcached_servers localhost:11211

 }

+# configure_auth_token_middleware conf_file admin_user IGNORED [section]

+# TODO(frickler): old function for backwards compatibility, remove in U cycle

+function configure_auth_token_middleware {

+    echo "WARNING: configure_auth_token_middleware is deprecated, use configure_keystone_authtoken_middleware instead"

+    configure_keystone_authtoken_middleware $1 $2 $4

+}

+

 # init_keystone() - Initialize databases, etc.

 function init_keystone {

     if is_service_enabled ldap; then

@@ -36,7 +36,6 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient

 NEUTRON_DEPLOY_MOD_WSGI=$(trueorfalse False NEUTRON_DEPLOY_MOD_WSGI)

 NEUTRON_AGENT=${NEUTRON_AGENT:-openvswitch}

 NEUTRON_DIR=$DEST/neutron

-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}

 NEUTRON_DISTRIBUTED_ROUTING=$(trueorfalse False NEUTRON_DISTRIBUTED_ROUTING)

 # Distributed Virtual Router (DVR) configuration

@@ -62,7 +61,6 @@ NEUTRON_AGENT_CONF=$NEUTRON_CONF_DIR/

 NEUTRON_CREATE_INITIAL_NETWORKS=${NEUTRON_CREATE_INITIAL_NETWORKS:-True}

 NEUTRON_STATE_PATH=${NEUTRON_STATE_PATH:=$DATA_DIR/neutron}

-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}

 NEUTRON_UWSGI_CONF=$NEUTRON_CONF_DIR/neutron-api-uwsgi.ini

@@ -200,8 +198,8 @@ function configure_neutron_new {

         iniset $NEUTRON_CONF DEFAULT router_distributed $NEUTRON_DISTRIBUTED_ROUTING

         iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY

-        configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken

-        configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova

+        configure_keystone_authtoken_middleware $NEUTRON_CONF neutron

+        configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova

         # Configure VXLAN

         # TODO(sc68cal) not hardcode?

@@ -292,7 +290,7 @@ function configure_neutron_new {

         # TODO(dtroyer): remove the v2.0 hard code below

         iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI

-        configure_auth_token_middleware $NEUTRON_META_CONF neutron $NEUTRON_AUTH_CACHE_DIR DEFAULT

+        configure_keystone_authtoken_middleware $NEUTRON_META_CONF neutron DEFAULT

     fi

     # Format logging

@@ -389,13 +387,6 @@ function create_neutron_accounts_new {

     fi

 }

-# create_neutron_cache_dir() - Part of the init_neutron() process

-function create_neutron_cache_dir {

-    # Create cache dir

-    sudo install -d -o $STACK_USER $NEUTRON_AUTH_CACHE_DIR

-    rm -f $NEUTRON_AUTH_CACHE_DIR/*

-}

-

 # init_neutron() - Initialize databases, etc.

 function init_neutron_new {

@@ -405,8 +396,6 @@ function init_neutron_new {

     # Run Neutron db migrations

     $NEUTRON_BIN_DIR/neutron-db-manage upgrade heads

     time_stop "dbsync"

-

-    create_neutron_cache_dir

 }

 # install_neutron() - Collect source and prepare

@@ -71,7 +71,6 @@ GITDIR["python-neutronclient"]=$DEST/python-neutronclient

 NEUTRON_DIR=$DEST/neutron

 NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas

-NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}

 # Support entry points installation of console scripts

 if [[ -d $NEUTRON_DIR/bin/neutron-server ]]; then

@@ -841,13 +840,13 @@ function _configure_neutron_service {

     iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP

     iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY

-    _neutron_setup_keystone $NEUTRON_CONF keystone_authtoken

+    configure_keystone_authtoken_middleware $NEUTRON_CONF $Q_ADMIN_USERNAME

     # Configuration for neutron notifications to nova.

     iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES

     iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES

-    configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova

+    configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova

     # Configure plugin

     neutron_plugin_configure_service

@@ -933,15 +932,6 @@ function _neutron_setup_rootwrap {

     fi

 }

-# Configures keystone integration for neutron service

-function _neutron_setup_keystone {

-    local conf_file=$1

-    local section=$2

-

-    create_neutron_cache_dir

-    configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section

-}

-

 function _neutron_setup_interface_driver {

     # ovs_use_veth needs to be set before the plugin configuration

@@ -46,7 +46,6 @@ fi

 NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}

 # INSTANCES_PATH is the previous name for this

 NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}

-NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova}

 NOVA_CONF_DIR=/etc/nova

 NOVA_CONF=$NOVA_CONF_DIR/nova.conf

@@ -215,7 +214,7 @@ function cleanup_nova {

         sudo rm -rf $NOVA_INSTANCES_PATH/*

     fi

-    sudo rm -rf $NOVA_STATE_PATH $NOVA_AUTH_CACHE_DIR

+    sudo rm -rf $NOVA_STATE_PATH

     # NOTE(dtroyer): This really should be called from here but due to the way

     #                nova abuses the _cleanup() function we're moving it

@@ -443,7 +442,7 @@ function create_nova_conf {

             iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT

         fi

-        configure_auth_token_middleware $NOVA_CONF nova $NOVA_AUTH_CACHE_DIR

+        configure_keystone_authtoken_middleware $NOVA_CONF nova

     fi

     if is_service_enabled cinder; then

@@ -690,13 +689,6 @@ function conductor_conf {

     echo "${NOVA_CONF_DIR}/nova_cell${cell}.conf"

 }

-# create_nova_cache_dir() - Part of the init_nova() process

-function create_nova_cache_dir {

-    # Create cache dir

-    sudo install -d -o $STACK_USER $NOVA_AUTH_CACHE_DIR

-    rm -f $NOVA_AUTH_CACHE_DIR/*

-}

-

 # create_nova_keys_dir() - Part of the init_nova() process

 function create_nova_keys_dir {

     # Create keys dir

@@ -738,7 +730,6 @@ function init_nova {

         done

     fi

-    create_nova_cache_dir

     create_nova_keys_dir

     if [[ "$NOVA_BACKEND" == "LVM" ]]; then

@@ -29,7 +29,6 @@ set +o xtrace

 PLACEMENT_DIR=$DEST/placement

 PLACEMENT_CONF_DIR=/etc/placement

 PLACEMENT_CONF=$PLACEMENT_CONF_DIR/placement.conf

-PLACEMENT_AUTH_CACHE_DIR=${PLACEMENT_AUTH_CACHE_DIR:-/var/cache/placement}

 PLACEMENT_AUTH_STRATEGY=${PLACEMENT_AUTH_STRATEGY:-keystone}

 # Placement virtual environment

 if [[ ${USE_VENV} = True ]]; then

@@ -64,7 +63,6 @@ function is_placement_enabled {

 function cleanup_placement {

     sudo rm -f $(apache_site_config_for placement-api)

     remove_uwsgi_config "$PLACEMENT_UWSGI_CONF" "$PLACEMENT_UWSGI"

-    sudo rm -f $PLACEMENT_AUTH_CACHE_DIR/*

 }

 # _config_placement_apache_wsgi() - Set WSGI config files

@@ -99,7 +97,7 @@ function create_placement_conf {

     iniset $PLACEMENT_CONF placement_database connection `database_connection_url placement`

     iniset $PLACEMENT_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"

     iniset $PLACEMENT_CONF api auth_strategy $PLACEMENT_AUTH_STRATEGY

-    configure_auth_token_middleware $PLACEMENT_CONF placement $PLACEMENT_AUTH_CACHE_DIR

+    configure_keystone_authtoken_middleware $PLACEMENT_CONF placement

     setup_logging $PLACEMENT_CONF

 }

@@ -127,19 +125,11 @@ function create_placement_accounts {

         "$placement_api_url"

 }

-# create_placement_cache_dir() - Create directories for keystone cache

-function create_placement_cache_dir {

-    # Create cache dir

-    sudo install -d -o $STACK_USER $PLACEMENT_AUTH_CACHE_DIR

-    rm -f $PLACEMENT_AUTH_CACHE_DIR/*

-}

-

 # init_placement() - Create service user and endpoints

 function init_placement {

     recreate_database placement

     $PLACEMENT_BIN_DIR/placement-manage db sync

     create_placement_accounts

-    create_placement_cache_dir

 }

 # install_placement() - Collect source and prepare

@@ -47,7 +47,6 @@ else

     SWIFT_BIN_DIR=$(get_python_exec_prefix)

 fi

-SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}

 SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}

 SWIFT_SERVICE_PROTOCOL=${SWIFT_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}

@@ -452,7 +451,7 @@ function configure_swift {

     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken log_name swift

     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken paste.filter_factory keystonemiddleware.auth_token:filter_factory

-    configure_auth_token_middleware $SWIFT_CONFIG_PROXY_SERVER swift $SWIFT_AUTH_CACHE_DIR filter:authtoken

+    configure_keystone_authtoken_middleware $SWIFT_CONFIG_PROXY_SERVER swift filter:authtoken

     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken delay_auth_decision 1

     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken cache swift.cache

     iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken include_service_catalog False

@@ -735,10 +734,6 @@ function init_swift {

         $SWIFT_BIN_DIR/swift-ring-builder container.builder rebalance 42

         $SWIFT_BIN_DIR/swift-ring-builder account.builder rebalance 42

     } && popd >/dev/null

-

-    # Create cache dir

-    sudo install -d -o ${STACK_USER} $SWIFT_AUTH_CACHE_DIR

-    rm -f $SWIFT_AUTH_CACHE_DIR/*

 }

 function install_swift {