auth_token configuration can now be read from the conf files
rather than the paste.ini files.
A key cache directory has been created for each of the 3 API services
under /var/cache/heat
This is the devstack change relating to
Heat Blueprint: keystone-middleware
This is related to this committed change:
https://review.openstack.org/#/c/26351/
Devstack users will find Heat to be broken until this corresponding change
is approved.
Change-Id: If6f77f86a3eeb08a58b516725bd806e39ccedb50
... | ... |
@@ -29,6 +29,7 @@ set +o xtrace |
29 | 29 |
# set up default directories |
30 | 30 |
HEAT_DIR=$DEST/heat |
31 | 31 |
HEATCLIENT_DIR=$DEST/python-heatclient |
32 |
+HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat} |
|
32 | 33 |
|
33 | 34 |
|
34 | 35 |
# Functions |
... | ... |
@@ -37,8 +38,7 @@ HEATCLIENT_DIR=$DEST/python-heatclient |
37 | 37 |
# cleanup_heat() - Remove residual data files, anything left over from previous |
38 | 38 |
# runs that a clean run would need to clean up |
39 | 39 |
function cleanup_heat() { |
40 |
- # This function intentionally left blank |
|
41 |
- : |
|
40 |
+ sudo rm -rf $HEAT_AUTH_CACHE_DIR |
|
42 | 41 |
} |
43 | 42 |
|
44 | 43 |
# configure_heatclient() - Set config files, create data dirs, etc |
... | ... |
@@ -73,18 +73,19 @@ function configure_heat() { |
73 | 73 |
iniset $HEAT_API_CFN_CONF DEFAULT use_syslog $SYSLOG |
74 | 74 |
iniset $HEAT_API_CFN_CONF DEFAULT bind_host $HEAT_API_CFN_HOST |
75 | 75 |
iniset $HEAT_API_CFN_CONF DEFAULT bind_port $HEAT_API_CFN_PORT |
76 |
+ iniset $HEAT_API_CFN_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
77 |
+ iniset $HEAT_API_CFN_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
78 |
+ iniset $HEAT_API_CFN_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
79 |
+ iniset $HEAT_API_CFN_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
|
80 |
+ iniset $HEAT_API_CFN_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
81 |
+ iniset $HEAT_API_CFN_CONF keystone_authtoken admin_user heat |
|
82 |
+ iniset $HEAT_API_CFN_CONF keystone_authtoken admin_password $SERVICE_PASSWORD |
|
83 |
+ iniset $HEAT_API_CFN_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR/api-cfn |
|
76 | 84 |
|
77 | 85 |
iniset_rpc_backend heat $HEAT_API_CFN_CONF DEFAULT |
78 | 86 |
|
79 | 87 |
HEAT_API_CFN_PASTE_INI=$HEAT_CONF_DIR/heat-api-cfn-paste.ini |
80 | 88 |
cp $HEAT_DIR/etc/heat/heat-api-cfn-paste.ini $HEAT_API_CFN_PASTE_INI |
81 |
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST |
|
82 |
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT |
|
83 |
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
84 |
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
|
85 |
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
86 |
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken admin_user heat |
|
87 |
- iniset $HEAT_API_CFN_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD |
|
88 | 89 |
iniset $HEAT_API_CFN_PASTE_INI filter:ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
89 | 90 |
iniset $HEAT_API_CFN_PASTE_INI filter:ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens |
90 | 91 |
|
... | ... |
@@ -96,18 +97,19 @@ function configure_heat() { |
96 | 96 |
iniset $HEAT_API_CONF DEFAULT use_syslog $SYSLOG |
97 | 97 |
iniset $HEAT_API_CONF DEFAULT bind_host $HEAT_API_HOST |
98 | 98 |
iniset $HEAT_API_CONF DEFAULT bind_port $HEAT_API_PORT |
99 |
+ iniset $HEAT_API_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
100 |
+ iniset $HEAT_API_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
101 |
+ iniset $HEAT_API_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
102 |
+ iniset $HEAT_API_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
|
103 |
+ iniset $HEAT_API_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
104 |
+ iniset $HEAT_API_CONF keystone_authtoken admin_user heat |
|
105 |
+ iniset $HEAT_API_CONF keystone_authtoken admin_password $SERVICE_PASSWORD |
|
106 |
+ iniset $HEAT_API_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR/api |
|
99 | 107 |
|
100 | 108 |
iniset_rpc_backend heat $HEAT_API_CONF DEFAULT |
101 | 109 |
|
102 | 110 |
HEAT_API_PASTE_INI=$HEAT_CONF_DIR/heat-api-paste.ini |
103 | 111 |
cp $HEAT_DIR/etc/heat/heat-api-paste.ini $HEAT_API_PASTE_INI |
104 |
- iniset $HEAT_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST |
|
105 |
- iniset $HEAT_API_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT |
|
106 |
- iniset $HEAT_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
107 |
- iniset $HEAT_API_PASTE_INI filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
|
108 |
- iniset $HEAT_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
109 |
- iniset $HEAT_API_PASTE_INI filter:authtoken admin_user heat |
|
110 |
- iniset $HEAT_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD |
|
111 | 112 |
iniset $HEAT_API_PASTE_INI filter:ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
112 | 113 |
iniset $HEAT_API_PASTE_INI filter:ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens |
113 | 114 |
|
... | ... |
@@ -135,18 +137,19 @@ function configure_heat() { |
135 | 135 |
iniset $HEAT_API_CW_CONF DEFAULT use_syslog $SYSLOG |
136 | 136 |
iniset $HEAT_API_CW_CONF DEFAULT bind_host $HEAT_API_CW_HOST |
137 | 137 |
iniset $HEAT_API_CW_CONF DEFAULT bind_port $HEAT_API_CW_PORT |
138 |
+ iniset $HEAT_API_CW_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST |
|
139 |
+ iniset $HEAT_API_CW_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT |
|
140 |
+ iniset $HEAT_API_CW_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
141 |
+ iniset $HEAT_API_CW_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
|
142 |
+ iniset $HEAT_API_CW_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
143 |
+ iniset $HEAT_API_CW_CONF keystone_authtoken admin_user heat |
|
144 |
+ iniset $HEAT_API_CW_CONF keystone_authtoken admin_password $SERVICE_PASSWORD |
|
145 |
+ iniset $HEAT_API_CW_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR/api-cloudwatch |
|
138 | 146 |
|
139 | 147 |
iniset_rpc_backend heat $HEAT_API_CW_CONF DEFAULT |
140 | 148 |
|
141 | 149 |
HEAT_API_CW_PASTE_INI=$HEAT_CONF_DIR/heat-api-cloudwatch-paste.ini |
142 | 150 |
cp $HEAT_DIR/etc/heat/heat-api-cloudwatch-paste.ini $HEAT_API_CW_PASTE_INI |
143 |
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST |
|
144 |
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT |
|
145 |
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL |
|
146 |
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
|
147 |
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME |
|
148 |
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken admin_user heat |
|
149 |
- iniset $HEAT_API_CW_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD |
|
150 | 151 |
iniset $HEAT_API_CW_PASTE_INI filter:ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0 |
151 | 152 |
iniset $HEAT_API_CW_PASTE_INI filter:ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens |
152 | 153 |
} |
... | ... |
@@ -159,6 +162,18 @@ function init_heat() { |
159 | 159 |
|
160 | 160 |
$HEAT_DIR/bin/heat-db-setup $os_PACKAGE -r $DATABASE_PASSWORD |
161 | 161 |
$HEAT_DIR/tools/nova_create_flavors.sh |
162 |
+ create_heat_cache_dir |
|
163 |
+} |
|
164 |
+ |
|
165 |
+# create_heat_cache_dir() - Part of the init_heat() process |
|
166 |
+function create_heat_cache_dir() { |
|
167 |
+ # Create cache dirs |
|
168 |
+ sudo mkdir -p $HEAT_AUTH_CACHE_DIR/api |
|
169 |
+ sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR/api |
|
170 |
+ sudo mkdir -p $HEAT_AUTH_CACHE_DIR/api-cfn |
|
171 |
+ sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR/api-cfn |
|
172 |
+ sudo mkdir -p $HEAT_AUTH_CACHE_DIR/api-cloudwatch |
|
173 |
+ sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR/api-cloudwatch |
|
162 | 174 |
} |
163 | 175 |
|
164 | 176 |
# install_heatclient() - Collect source and prepare |