Browse code
Try to remove /identity_admin
We should be able to operate without the identity admin endpoint,
given that in v3 it's all the same. This floats that out there to see
if we can or not.
Change-Id: Ic233f6b43dd1e3cfdadff0f18aba4ea78825a996
Sean Dague authored on 2017/04/20 05:22:42Showing 2 changed files
| ... | ... |
@@ -113,8 +113,9 @@ if is_service_enabled tls-proxy; then |
| 113 | 113 |
KEYSTONE_SERVICE_PROTOCOL="https" |
| 114 | 114 |
fi |
| 115 | 115 |
|
| 116 |
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_admin
|
|
| 117 | 116 |
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
|
| 117 |
+# for compat |
|
| 118 |
+KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI |
|
| 118 | 119 |
|
| 119 | 120 |
# V3 URIs |
| 120 | 121 |
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3 |
| ... | ... |
@@ -141,6 +142,7 @@ function is_keystone_enabled {
|
| 141 | 141 |
# runs that a clean run would need to clean up |
| 142 | 142 |
function cleanup_keystone {
|
| 143 | 143 |
if [[ "$WSGI_MODE" == "uwsgi" ]]; then |
| 144 |
+ # TODO: remove admin at pike-2 |
|
| 144 | 145 |
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" |
| 145 | 146 |
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" |
| 146 | 147 |
sudo rm -f $(apache_site_config_for keystone-wsgi-public) |
| ... | ... |
@@ -543,11 +545,7 @@ function start_keystone {
|
| 543 | 543 |
tail_log key /var/log/$APACHE_NAME/keystone.log |
| 544 | 544 |
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log |
| 545 | 545 |
else # uwsgi |
| 546 |
- # TODO(sdague): we should really get down to a single keystone here |
|
| 547 |
- enable_service key-p |
|
| 548 |
- enable_service key-a |
|
| 549 |
- run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" "" |
|
| 550 |
- run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" "" |
|
| 546 |
+ run_process keystone "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" "" |
|
| 551 | 547 |
fi |
| 552 | 548 |
|
| 553 | 549 |
echo "Waiting for keystone to start..." |
| ... | ... |
@@ -578,9 +576,9 @@ function stop_keystone {
|
| 578 | 578 |
disable_apache_site keystone |
| 579 | 579 |
restart_apache_server |
| 580 | 580 |
else |
| 581 |
- stop_process key-p |
|
| 582 |
- stop_process key-a |
|
| 581 |
+ stop_process keystone |
|
| 583 | 582 |
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" |
| 583 |
+ # TODO(remove in at pike-2) |
|
| 584 | 584 |
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" |
| 585 | 585 |
fi |
| 586 | 586 |
# Kill the Keystone screen window |
| ... | ... |
@@ -278,6 +278,10 @@ function configure_tempest {
|
| 278 | 278 |
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False |
| 279 | 279 |
fi |
| 280 | 280 |
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
|
| 281 |
+ if [[ "$TEMPEST_AUTH_VERSION" != "v2.0" ]]; then |
|
| 282 |
+ # we're going to disable v2 admin unless we're using v2.0 by default. |
|
| 283 |
+ iniset $TEMPEST_CONFIG identity-feature-enabled api_v2_admin False |
|
| 284 |
+ fi |
|
| 281 | 285 |
|
| 282 | 286 |
if is_service_enabled tls-proxy; then |
| 283 | 287 |
iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE |