@@ -1,131 +1,13 @@

-############

-# Metadata #

-############

-[composite:metadata]

-use = egg:Paste#urlmap

-/: metaversions

-/latest: meta

-/2007-01-19: meta

-/2007-03-01: meta

-/2007-08-29: meta

-/2007-10-10: meta

-/2007-12-15: meta

-/2008-02-01: meta

-/2008-09-01: meta

-/2009-04-04: meta

-

-[pipeline:metaversions]

-pipeline = ec2faultwrap logrequest metaverapp

-

-[pipeline:meta]

-pipeline = ec2faultwrap logrequest metaapp

-

-[app:metaverapp]

-paste.app_factory = nova.api.metadata.handler:Versions.factory

-

-[app:metaapp]

-paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory

-

-#######

-# EC2 #

-#######

-

-[composite:ec2]

-use = egg:Paste#urlmap

-/services/Cloud: ec2cloud

-/services/Admin: ec2admin

-

-[pipeline:ec2cloud]

-pipeline = ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor

-

-[pipeline:ec2admin]

-pipeline = ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor

-

-[pipeline:ec2metadata]

-pipeline = ec2faultwrap logrequest ec2md

-

-[pipeline:ec2versions]

-pipeline = ec2faultwrap logrequest ec2ver

-

-[filter:ec2faultwrap]

-paste.filter_factory = nova.api.ec2:FaultWrapper.factory

-

-[filter:logrequest]

-paste.filter_factory = nova.api.ec2:RequestLogging.factory

-

-[filter:ec2lockout]

-paste.filter_factory = nova.api.ec2:Lockout.factory

-

-[filter:totoken]

-paste.filter_factory = keystone.middleware.ec2_token:EC2Token.factory

-

-[filter:ec2noauth]

-paste.filter_factory = nova.api.ec2:NoAuth.factory

-

-[filter:authenticate]

-paste.filter_factory = nova.api.ec2:Authenticate.factory

-

-[filter:cloudrequest]

-controller = nova.api.ec2.cloud.CloudController

-paste.filter_factory = nova.api.ec2:Requestify.factory

-

-[filter:adminrequest]

-controller = nova.api.ec2.admin.AdminController

-paste.filter_factory = nova.api.ec2:Requestify.factory

-

-[filter:authorizer]

-paste.filter_factory = nova.api.ec2:Authorizer.factory

-

-[app:ec2executor]

-paste.app_factory = nova.api.ec2:Executor.factory

-

-#############

-# Openstack #

-#############

-

-[composite:osapi]

-use = call:nova.api.openstack.v2.urlmap:urlmap_factory

-/: osversions

-/v1.1: openstack_api_v2

-/v2: openstack_api_v2

-

-[pipeline:openstack_api_v2]

-pipeline = faultwrap authtoken keystonecontext ratelimit serialize extensions osapi_app_v2

-

-[filter:faultwrap]

-paste.filter_factory = nova.api.openstack.v2:FaultWrapper.factory

-

-[filter:auth]

-paste.filter_factory = nova.api.openstack.v2.auth:AuthMiddleware.factory

-

-[filter:noauth]

-paste.filter_factory = nova.api.openstack.v2.auth:NoAuthMiddleware.factory

-

-[filter:ratelimit]

-paste.filter_factory = nova.api.openstack.v2.limits:RateLimitingMiddleware.factory

-

-[filter:serialize]

-paste.filter_factory = nova.api.openstack.wsgi:LazySerializationMiddleware.factory

-

-[filter:extensions]

-paste.filter_factory = nova.api.openstack.v2.extensions:ExtensionMiddleware.factory

-

-[app:osapi_app_v2]

-paste.app_factory = nova.api.openstack.v2:APIRouter.factory

-

-[pipeline:osversions]

-pipeline = faultwrap osversionapp

-

-[app:osversionapp]

-paste.app_factory = nova.api.openstack.v2.versions:Versions.factory

-

 ##########

-# Shared #

+# Extras #

 ##########

 [filter:keystonecontext]

 paste.filter_factory = keystone.middleware.nova_keystone_context:NovaKeystoneContext.factory

+[filter:totoken]

+paste.filter_factory = keystone.middleware.ec2_token:EC2Token.factory

+

 [filter:authtoken]

 paste.filter_factory = keystone.middleware.auth_token:filter_factory

 service_protocol = http

@@ -777,14 +777,26 @@ fi

 # Nova

 # ----

-

 if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then

     # We are going to use a sample http middleware configuration based on the

     # one from the keystone project to launch nova.  This paste config adds

-    # the configuration required for nova to validate keystone tokens. We add

-    # our own service token to the configuration.

-    cp $FILES/nova-api-paste.ini $NOVA_DIR/bin

+    # the configuration required for nova to validate keystone tokens.

+

+    # First we add a some extra data to the default paste config from nova

+    cat $NOVA_DIR/etc/nova/api-paste.ini $FILES/nova-api-paste.ini > $NOVA_DIR/bin/nova-api-paste.ini

+

+    # Then we add our own service token to the configuration

     sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $NOVA_DIR/bin/nova-api-paste.ini

+

+    # Finally, we change the pipelines in nova to use keystone

+    function replace_pipeline() {

+        sed "/\[pipeline:$1\]/,/\[/s/^pipeline = .*/pipeline = $2/" -i $NOVA_DIR/bin/nova-api-paste.ini

+    }

+    replace_pipeline "ec2cloud" "ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor"

+    replace_pipeline "ec2admin" "ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor"

+    replace_pipeline "openstack_api_v2" "faultwrap authtoken keystonecontext ratelimit serialize extensions osapi_app_v2"

+    replace_pipeline "openstack_compute_api_v2" "faultwrap authtoken keystonecontext ratelimit serialize compute_extensions osapi_compute_app_v2"

+    replace_pipeline "openstack_volume_api_v1" "faultwrap authtoken keystonecontext ratelimit serialize volume_extensions osapi_volume_app_v1"

 fi

 # Helper to clean iptables rules

@@ -998,7 +1010,7 @@ if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then

    sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \

        tee /etc/rsyslog.d/10-swift.conf

    sudo restart rsyslog

-   

+

    # We create two helper scripts :

    #

    # - swift-remakerings