...
|
...
|
@@ -1528,7 +1528,7 @@ if is_service_enabled swift; then
|
1528
|
1528
|
# which has some default username and password if you have
|
1529
|
1529
|
# configured keystone it will checkout the directory.
|
1530
|
1530
|
if is_service_enabled key; then
|
1531
|
|
- swift_auth_server+="authtoken keystone"
|
|
1531
|
+ swift_auth_server+="authtoken keystoneauth"
|
1532
|
1532
|
else
|
1533
|
1533
|
swift_auth_server=tempauth
|
1534
|
1534
|
fi
|
...
|
...
|
@@ -1558,23 +1558,20 @@ if is_service_enabled swift; then
|
1558
|
1558
|
|
1559
|
1559
|
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server account_autocreate true
|
1560
|
1560
|
|
1561
|
|
- cat <<EOF>>${SWIFT_CONFIG_PROXY_SERVER}
|
|
1561
|
+ # Configure Keystone
|
|
1562
|
+ sed -i '/^# \[filter:authtoken\]/,/^# \[filter:keystoneauth\]$/ s/^#[ \t]*//' ${SWIFT_CONFIG_PROXY_SERVER}
|
|
1563
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_host $KEYSTONE_AUTH_HOST
|
|
1564
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_port $KEYSTONE_AUTH_PORT
|
|
1565
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
|
1566
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/
|
|
1567
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
|
1568
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_user swift
|
|
1569
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:authtoken admin_password $SERVICE_PASSWORD
|
1562
|
1570
|
|
1563
|
|
-[filter:keystone]
|
1564
|
|
-paste.filter_factory = keystone.middleware.swift_auth:filter_factory
|
1565
|
|
-operator_roles = Member,admin
|
|
1571
|
+ iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth use
|
|
1572
|
+ iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles
|
|
1573
|
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:keystoneauth operator_roles "Member, admin"
|
1566
|
1574
|
|
1567
|
|
-[filter:authtoken]
|
1568
|
|
-paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
1569
|
|
-auth_host = ${KEYSTONE_AUTH_HOST}
|
1570
|
|
-auth_port = ${KEYSTONE_AUTH_PORT}
|
1571
|
|
-auth_protocol = ${KEYSTONE_AUTH_PROTOCOL}
|
1572
|
|
-auth_uri = ${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/
|
1573
|
|
-admin_tenant_name = ${SERVICE_TENANT_NAME}
|
1574
|
|
-admin_user = swift
|
1575
|
|
-admin_password = ${SERVICE_PASSWORD}
|
1576
|
|
-delay_auth_decision = 1
|
1577
|
|
-EOF
|
1578
|
1575
|
if is_service_enabled swift3;then
|
1579
|
1576
|
cat <<EOF>>${SWIFT_CONFIG_PROXY_SERVER}
|
1580
|
1577
|
# NOTE(chmou): s3token middleware is not updated yet to use only
|