Fixup identity backend handling

Instead of creating an artificial, non-functional identity-internal
endpoint use the identity-main backend that is provided via the default
config for both public and internal endpoints.

Change-Id: Ia7d7f11108f0945ccd944d7e4a5c7f7ef68bc654
This commit is contained in:
Jens Rosenboom 2016-03-01 15:18:34 +01:00
parent 0271eb1711
commit 52d8000c1a
4 changed files with 25 additions and 34 deletions

View File

@ -34,15 +34,15 @@ default['openstack']['identity']['custom_template_banner'] = "
default['openstack']['endpoints'][ep_type]['identity']['host'] = '127.0.0.1'
default['openstack']['endpoints'][ep_type]['identity']['scheme'] = 'http'
default['openstack']['endpoints'][ep_type]['identity']['path'] = '/v2.0'
# web-service (e.g. apache) listen address (can be different from openstack
# identity endpoints)
default['openstack']['bind_service'][ep_type]['identity']['host'] = '127.0.0.1'
end
%w(endpoints bind_service).each do |type|
default['openstack'][type]['public']['identity']['port'] = 5000
default['openstack'][type]['internal']['identity']['port'] = 5001
default['openstack'][type]['admin']['identity']['port'] = 35357
end
default['openstack']['endpoints']['public']['identity']['port'] = 5000
default['openstack']['endpoints']['internal']['identity']['port'] = 5000
default['openstack']['endpoints']['admin']['identity']['port'] = 35357
default['openstack']['bind_service']['main']['identity']['host'] = '127.0.0.1'
default['openstack']['bind_service']['main']['identity']['port'] = 5000
default['openstack']['bind_service']['admin']['identity']['host'] = '127.0.0.1'
default['openstack']['bind_service']['admin']['identity']['port'] = 35357
default['openstack']['identity']['catalog']['backend'] = 'sql'
default['openstack']['identity']['token']['backend'] = 'sql'

View File

@ -87,10 +87,8 @@ when 'fernet'
include_recipe 'openstack-identity::_fernet_tokens'
end
public_bind_service = node['openstack']['bind_service']['public']['identity']
public_bind_address = bind_address public_bind_service
internal_bind_service = node['openstack']['bind_service']['internal']['identity']
internal_bind_address = bind_address internal_bind_service
main_bind_service = node['openstack']['bind_service']['main']['identity']
main_bind_address = bind_address main_bind_service
admin_bind_service = node['openstack']['bind_service']['admin']['identity']
admin_bind_address = bind_address admin_bind_service
@ -240,9 +238,8 @@ end
#### Start of Apache specific work
apache_listen = Array(node['apache']['listen']) # include already defined listen attributes
apache_listen += ["#{public_bind_service.host}:#{public_bind_service.port}"]
apache_listen += ["#{internal_bind_service.host}:#{internal_bind_service.port}"]
apache_listen += ["#{admin_bind_service.host}:#{admin_bind_service.port}"]
apache_listen += ["#{main_bind_address}:#{main_bind_service.port}"]
apache_listen += ["#{admin_bind_address}:#{admin_bind_service.port}"]
node.normal['apache']['listen'] = apache_listen.uniq
@ -257,13 +254,12 @@ directory keystone_apache_dir do
mode 00755
end
server_entry_public = "#{keystone_apache_dir}/main"
server_entry_internal = "#{keystone_apache_dir}/internal"
server_entry_main = "#{keystone_apache_dir}/main"
server_entry_admin = "#{keystone_apache_dir}/admin"
# Note: Using lazy here as the wsgi file is not available until after
# the keystone package is installed during execution phase.
[server_entry_public, server_entry_internal, server_entry_admin].each do |server_entry|
[server_entry_main, server_entry_admin].each do |server_entry|
file server_entry do
content lazy { IO.read(platform_options['keystone_wsgi_file']) }
owner 'root'
@ -273,15 +269,10 @@ server_entry_admin = "#{keystone_apache_dir}/admin"
end
wsgi_apps = {
'public' => {
server_host: public_bind_address,
server_port: public_bind_service.port,
server_entry: server_entry_public
},
'internal' => {
server_host: internal_bind_address,
server_port: internal_bind_service.port,
server_entry: server_entry_internal
'main' => {
server_host: main_bind_address,
server_port: main_bind_service.port,
server_entry: server_entry_main
},
'admin' => {
server_host: admin_bind_address,

View File

@ -239,7 +239,7 @@ describe 'openstack-identity::registration' do
service_type: 'identity',
endpoint_region: 'RegionOne',
endpoint_adminurl: 'http://127.0.0.1:35357/v2.0',
endpoint_internalurl: 'http://127.0.0.1:5001/v2.0',
endpoint_internalurl: 'http://127.0.0.1:5000/v2.0',
endpoint_publicurl: 'http://127.0.0.1:5000/v2.0'
)
end

View File

@ -363,7 +363,7 @@ describe 'openstack-identity::server-apache' do
it 'set apache addresses and ports' do
expect(chef_run.node['apache']['listen']).to eq(
%w(*:80 127.0.0.1:5000 127.0.0.1:5001 127.0.0.1:35357)
%w(*:80 127.0.0.1:5000 127.0.0.1:35357)
)
end
@ -399,7 +399,7 @@ describe 'openstack-identity::server-apache' do
end
describe 'apache wsgi' do
['/etc/apache2/sites-available/keystone-public.conf',
['/etc/apache2/sites-available/keystone-main.conf',
'/etc/apache2/sites-available/keystone-admin.conf'].each do |file|
it "creates #{file}" do
expect(chef_run).to create_template(file).with(
@ -428,13 +428,13 @@ describe 'openstack-identity::server-apache' do
end
end
describe 'keystone-public.conf' do
describe 'keystone-main.conf' do
it 'configures required lines' do
[/^<VirtualHost 127.0.0.1:5000>$/,
/^ WSGIDaemonProcess keystone-public/,
/^ WSGIProcessGroup keystone-public$/,
/^ WSGIDaemonProcess keystone-main/,
/^ WSGIProcessGroup keystone-main$/,
%r{^ WSGIScriptAlias / /var/www/html/keystone/main$}].each do |line|
expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-public.conf').with_content(line)
expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-main.conf').with_content(line)
end
end
end