Browse code
Merge "Heat - revise keystone/trusts config to avoid deprecated options"
Jenkins authored on 2015/12/24 09:06:55Showing 1 changed files
| ... | ... |
@@ -56,6 +56,10 @@ HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d |
| 56 | 56 |
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates |
| 57 | 57 |
HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
|
| 58 | 58 |
HEAT_API_PORT=${HEAT_API_PORT:-8004}
|
| 59 |
+HEAT_SERVICE_USER=${HEAT_SERVICE_USER:-heat}
|
|
| 60 |
+HEAT_TRUSTEE_USER=${HEAT_TRUSTEE_USER:-$HEAT_SERVICE_USER}
|
|
| 61 |
+HEAT_TRUSTEE_PASSWORD=${HEAT_TRUSTEE_PASSWORD:-$SERVICE_PASSWORD}
|
|
| 62 |
+HEAT_TRUSTEE_DOMAIN=${HEAT_TRUSTEE_DOMAIN:-default}
|
|
| 59 | 63 |
|
| 60 | 64 |
# Support entry points installation of console scripts |
| 61 | 65 |
HEAT_BIN_DIR=$(get_python_exec_prefix) |
| ... | ... |
@@ -73,7 +77,7 @@ if [[ "$HEAT_STANDALONE" = "True" ]]; then |
| 73 | 73 |
fi |
| 74 | 74 |
else |
| 75 | 75 |
HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN) |
| 76 |
- HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
|
|
| 76 |
+ HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-}
|
|
| 77 | 77 |
fi |
| 78 | 78 |
HEAT_PLUGIN_DIR=${HEAT_PLUGIN_DIR:-$DATA_DIR/heat/plugins}
|
| 79 | 79 |
ENABLE_HEAT_PLUGINS=${ENABLE_HEAT_PLUGINS:-}
|
| ... | ... |
@@ -134,30 +138,39 @@ function configure_heat {
|
| 134 | 134 |
setup_colorized_logging $HEAT_CONF DEFAULT tenant user |
| 135 | 135 |
fi |
| 136 | 136 |
|
| 137 |
- iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH |
|
| 137 |
+ if [ ! -z "$HEAT_DEFERRED_AUTH" ]; then |
|
| 138 |
+ iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH |
|
| 139 |
+ fi |
|
| 138 | 140 |
|
| 139 | 141 |
if [ "$HEAT_USE_MOD_WSGI" == "True" ]; then |
| 140 | 142 |
_config_heat_apache_wsgi |
| 141 | 143 |
fi |
| 142 | 144 |
|
| 143 |
- # NOTE(jamielennox): heat re-uses specific values from the |
|
| 144 |
- # keystone_authtoken middleware group and so currently fails when using the |
|
| 145 |
- # auth plugin setup. This should be fixed in heat. Heat is also the only |
|
| 146 |
- # service that requires the auth_uri to include a /v2.0. Remove this custom |
|
| 147 |
- # setup when bug #1300246 is resolved. |
|
| 148 |
- iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 |
|
| 149 | 145 |
if [[ "$HEAT_STANDALONE" = "True" ]]; then |
| 150 | 146 |
iniset $HEAT_CONF paste_deploy flavor standalone |
| 151 | 147 |
iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s" |
| 152 | 148 |
else |
| 153 | 149 |
iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI |
| 154 |
- iniset $HEAT_CONF keystone_authtoken admin_user heat |
|
| 150 |
+ iniset $HEAT_CONF keystone_authtoken admin_user $HEAT_SERVICE_USER |
|
| 155 | 151 |
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD |
| 156 | 152 |
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
| 157 | 153 |
iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE |
| 158 | 154 |
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR |
| 159 | 155 |
fi |
| 160 | 156 |
|
| 157 |
+ # If HEAT_DEFERRED_AUTH is unset or explicitly set to trusts, configure |
|
| 158 |
+ # the section for the client plugin associated with the trustee |
|
| 159 |
+ if [ -z "$HEAT_DEFERRED_AUTH" -o "trusts" == "$HEAT_DEFERRED_AUTH" ]; then |
|
| 160 |
+ iniset $HEAT_CONF trustee auth_plugin password |
|
| 161 |
+ iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI |
|
| 162 |
+ iniset $HEAT_CONF trustee username $HEAT_TRUSTEE_USER |
|
| 163 |
+ iniset $HEAT_CONF trustee password $HEAT_TRUSTEE_PASSWORD |
|
| 164 |
+ iniset $HEAT_CONF trustee user_domain_id $HEAT_TRUSTEE_DOMAIN |
|
| 165 |
+ fi |
|
| 166 |
+ |
|
| 167 |
+ # clients_keystone |
|
| 168 |
+ iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI |
|
| 169 |
+ |
|
| 161 | 170 |
# ec2authtoken |
| 162 | 171 |
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 |
| 163 | 172 |
|