Merge "Update how we set up Keystone"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
fc66da81a5
|
|
@ -1,91 +1,80 @@
|
|||
# Keystone PasteDeploy configuration file.
|
||||
|
||||
[filter:debug]
|
||||
paste.filter_factory = keystone.common.wsgi:Debug.factory
|
||||
use = egg:oslo.middleware#debug
|
||||
|
||||
[filter:request_id]
|
||||
use = egg:oslo.middleware#request_id
|
||||
|
||||
[filter:build_auth_context]
|
||||
paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory
|
||||
use = egg:keystone#build_auth_context
|
||||
|
||||
[filter:token_auth]
|
||||
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
|
||||
|
||||
[filter:admin_token_auth]
|
||||
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
|
||||
use = egg:keystone#token_auth
|
||||
|
||||
[filter:json_body]
|
||||
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
|
||||
use = egg:keystone#json_body
|
||||
|
||||
[filter:user_crud_extension]
|
||||
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
|
||||
[filter:cors]
|
||||
use = egg:oslo.middleware#cors
|
||||
oslo_config_project = keystone
|
||||
|
||||
[filter:crud_extension]
|
||||
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
|
||||
[filter:http_proxy_to_wsgi]
|
||||
use = egg:oslo.middleware#http_proxy_to_wsgi
|
||||
|
||||
[filter:healthcheck]
|
||||
use = egg:oslo.middleware#healthcheck
|
||||
|
||||
[filter:ec2_extension]
|
||||
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
|
||||
use = egg:keystone#ec2_extension
|
||||
|
||||
[filter:ec2_extension_v3]
|
||||
paste.filter_factory = keystone.contrib.ec2:Ec2ExtensionV3.factory
|
||||
|
||||
[filter:federation_extension]
|
||||
paste.filter_factory = keystone.contrib.federation.routers:FederationExtension.factory
|
||||
|
||||
[filter:oauth1_extension]
|
||||
paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory
|
||||
use = egg:keystone#ec2_extension_v3
|
||||
|
||||
[filter:s3_extension]
|
||||
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
|
||||
|
||||
[filter:endpoint_filter_extension]
|
||||
paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory
|
||||
|
||||
[filter:simple_cert_extension]
|
||||
paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory
|
||||
|
||||
[filter:revoke_extension]
|
||||
paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory
|
||||
use = egg:keystone#s3_extension
|
||||
|
||||
[filter:url_normalize]
|
||||
paste.filter_factory = keystone.middleware:NormalizingFilter.factory
|
||||
use = egg:keystone#url_normalize
|
||||
|
||||
[filter:stats_monitoring]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
|
||||
|
||||
[filter:stats_reporting]
|
||||
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
|
||||
|
||||
[filter:access_log]
|
||||
paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
|
||||
[filter:sizelimit]
|
||||
use = egg:oslo.middleware#sizelimit
|
||||
|
||||
[app:public_service]
|
||||
paste.app_factory = keystone.service:public_app_factory
|
||||
use = egg:keystone#public_service
|
||||
|
||||
[app:service_v3]
|
||||
paste.app_factory = keystone.service:v3_app_factory
|
||||
use = egg:keystone#service_v3
|
||||
|
||||
[app:admin_service]
|
||||
paste.app_factory = keystone.service:admin_app_factory
|
||||
use = egg:keystone#admin_service
|
||||
|
||||
[pipeline:public_api]
|
||||
pipeline = url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
|
||||
# The last item in this pipeline must be public_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
|
||||
|
||||
[pipeline:admin_api]
|
||||
pipeline = url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service
|
||||
# The last item in this pipeline must be admin_service or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
|
||||
|
||||
[pipeline:api_v3]
|
||||
pipeline = url_normalize build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension service_v3
|
||||
# The last item in this pipeline must be service_v3 or an equivalent
|
||||
# application. It cannot be a filter.
|
||||
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
|
||||
|
||||
[app:public_version_service]
|
||||
paste.app_factory = keystone.service:public_version_app_factory
|
||||
use = egg:keystone#public_version_service
|
||||
|
||||
[app:admin_version_service]
|
||||
paste.app_factory = keystone.service:admin_version_app_factory
|
||||
use = egg:keystone#admin_version_service
|
||||
|
||||
[pipeline:public_version_api]
|
||||
pipeline = url_normalize public_version_service
|
||||
pipeline = healthcheck cors sizelimit url_normalize public_version_service
|
||||
|
||||
[pipeline:admin_version_api]
|
||||
pipeline = url_normalize admin_version_service
|
||||
pipeline = healthcheck cors sizelimit url_normalize admin_version_service
|
||||
|
||||
[composite:main]
|
||||
use = egg:Paste#urlmap
|
||||
|
|
|
|||
|
|
@ -22,3 +22,7 @@ certfile=%TEST_DIR%/certs/signing_cert.pem
|
|||
keyfile=%TEST_DIR%/private/signing_key.pem
|
||||
ca_certs=%TEST_DIR%/certs/ca.pem
|
||||
ca_key=%TEST_DIR%/private/cakey.pem
|
||||
|
||||
[fernet_tokens]
|
||||
|
||||
key_repository=%TEST_DIR%/fernet-keys/
|
||||
|
|
|
|||
|
|
@ -15,8 +15,11 @@
|
|||
|
||||
set -e
|
||||
|
||||
export OS_TOKEN=ADMIN
|
||||
export OS_URL=http://localhost:35357/v2.0
|
||||
export OS_AUTH_URL=http://localhost:35357/
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=admin
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
_get_id()
|
||||
{
|
||||
|
|
@ -33,25 +36,28 @@ _add_user()
|
|||
|
||||
TENANT_ID=$(openstack project list | awk "/ $tenant / { print \$2 }")
|
||||
if [ "$TENANT_ID" == "" ]; then
|
||||
# create a new tenant
|
||||
TENANT_ID=$(openstack project create $tenant | _get_id)
|
||||
# create a new tenant
|
||||
TENANT_ID=$(openstack project create $tenant | _get_id)
|
||||
fi
|
||||
|
||||
USER_ID=$(openstack user create $user --password=$password \
|
||||
--project $TENANT_ID | _get_id)
|
||||
USER_ID=$(openstack user list | awk "/ $user / { print \$2 }")
|
||||
if [ "$USER_ID" == "" ]; then
|
||||
USER_ID=$(openstack user create $user --password=$password \
|
||||
--project $TENANT_ID | _get_id)
|
||||
fi
|
||||
|
||||
if [ "$role" != "" ]; then
|
||||
ROLE_ID=$(openstack role list | awk "/ $role / { print \$2 }")
|
||||
if [ "$ROLE_ID" == "" ]; then
|
||||
# create a new role
|
||||
ROLE_ID=$(openstack role create $role | _get_id)
|
||||
fi
|
||||
ROLE_ID=$(openstack role list | awk "/ $role / { print \$2 }")
|
||||
if [ "$ROLE_ID" == "" ]; then
|
||||
# create a new role
|
||||
ROLE_ID=$(openstack role create $role | _get_id)
|
||||
fi
|
||||
|
||||
openstack role add --user $USER_ID --project $TENANT_ID $ROLE_ID
|
||||
openstack role add --user $USER_ID --project $TENANT_ID $ROLE_ID
|
||||
fi
|
||||
|
||||
eval $(openstack ec2 credentials create --user $user --project $tenant \
|
||||
-f shell -c access -c secret)
|
||||
-f shell -c access -c secret)
|
||||
export ${name}_ACCESS_KEY=$access
|
||||
export ${name}_SECRET_KEY=$secret
|
||||
}
|
||||
|
|
@ -63,9 +69,9 @@ _create_swift_accounts()
|
|||
_add_user TESTER test tester testing admin
|
||||
_add_user TESTER2 test tester2 testing2 member
|
||||
|
||||
SERVICE=$(openstack service create swift --type=object-store | _get_id)
|
||||
SERVICE=$(openstack service create --name=swift object-store | _get_id)
|
||||
openstack endpoint create $SERVICE \
|
||||
--publicurl "http://localhost:8080/v1/AUTH_\$(tenant_id)s"
|
||||
public "http://localhost:8080/v1/AUTH_\$(tenant_id)s"
|
||||
}
|
||||
|
||||
_setup_keystone()
|
||||
|
|
@ -75,11 +81,20 @@ _setup_keystone()
|
|||
local log_file="${LOG_DEST:-${TEST_DIR}/log}/keystone.log"
|
||||
mkdir -p "$(dirname "${log_file}")"
|
||||
|
||||
keystone-all --config-file conf/keystone.conf --debug > "${log_file}" 2>&1 &
|
||||
export keystone_pid=$!
|
||||
|
||||
keystone-manage --config-file conf/keystone.conf --debug fernet_setup
|
||||
keystone-manage --config-file conf/keystone.conf --debug db_sync
|
||||
keystone-manage --config-file conf/keystone.conf --debug pki_setup
|
||||
keystone-manage --config-file conf/keystone.conf --debug bootstrap \
|
||||
--bootstrap-password=$OS_PASSWORD \
|
||||
--bootstrap-admin-url=$OS_AUTH_URL \
|
||||
--bootstrap-public-url=${OS_AUTH_URL/35357/5000}
|
||||
|
||||
keystone-wsgi-admin -p 35357 -- --config-file conf/keystone.conf --debug \
|
||||
> "${log_file}" 2>&1 &
|
||||
export keystone_pid=$!
|
||||
# make sure it's actually running
|
||||
sleep 1
|
||||
ps -p $keystone_pid
|
||||
|
||||
_create_swift_accounts
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue