Fixup identity backend handling
Instead of creating an artificial, non-functional identity-internal endpoint use the identity-main backend that is provided via the default config for both public and internal endpoints. Change-Id: Ia7d7f11108f0945ccd944d7e4a5c7f7ef68bc654
This commit is contained in:
parent
0271eb1711
commit
52d8000c1a
|
@ -34,15 +34,15 @@ default['openstack']['identity']['custom_template_banner'] = "
|
|||
default['openstack']['endpoints'][ep_type]['identity']['host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints'][ep_type]['identity']['scheme'] = 'http'
|
||||
default['openstack']['endpoints'][ep_type]['identity']['path'] = '/v2.0'
|
||||
# web-service (e.g. apache) listen address (can be different from openstack
|
||||
# identity endpoints)
|
||||
default['openstack']['bind_service'][ep_type]['identity']['host'] = '127.0.0.1'
|
||||
end
|
||||
%w(endpoints bind_service).each do |type|
|
||||
default['openstack'][type]['public']['identity']['port'] = 5000
|
||||
default['openstack'][type]['internal']['identity']['port'] = 5001
|
||||
default['openstack'][type]['admin']['identity']['port'] = 35357
|
||||
end
|
||||
default['openstack']['endpoints']['public']['identity']['port'] = 5000
|
||||
default['openstack']['endpoints']['internal']['identity']['port'] = 5000
|
||||
default['openstack']['endpoints']['admin']['identity']['port'] = 35357
|
||||
|
||||
default['openstack']['bind_service']['main']['identity']['host'] = '127.0.0.1'
|
||||
default['openstack']['bind_service']['main']['identity']['port'] = 5000
|
||||
default['openstack']['bind_service']['admin']['identity']['host'] = '127.0.0.1'
|
||||
default['openstack']['bind_service']['admin']['identity']['port'] = 35357
|
||||
|
||||
default['openstack']['identity']['catalog']['backend'] = 'sql'
|
||||
default['openstack']['identity']['token']['backend'] = 'sql'
|
||||
|
|
|
@ -87,10 +87,8 @@ when 'fernet'
|
|||
include_recipe 'openstack-identity::_fernet_tokens'
|
||||
end
|
||||
|
||||
public_bind_service = node['openstack']['bind_service']['public']['identity']
|
||||
public_bind_address = bind_address public_bind_service
|
||||
internal_bind_service = node['openstack']['bind_service']['internal']['identity']
|
||||
internal_bind_address = bind_address internal_bind_service
|
||||
main_bind_service = node['openstack']['bind_service']['main']['identity']
|
||||
main_bind_address = bind_address main_bind_service
|
||||
admin_bind_service = node['openstack']['bind_service']['admin']['identity']
|
||||
admin_bind_address = bind_address admin_bind_service
|
||||
|
||||
|
@ -240,9 +238,8 @@ end
|
|||
#### Start of Apache specific work
|
||||
|
||||
apache_listen = Array(node['apache']['listen']) # include already defined listen attributes
|
||||
apache_listen += ["#{public_bind_service.host}:#{public_bind_service.port}"]
|
||||
apache_listen += ["#{internal_bind_service.host}:#{internal_bind_service.port}"]
|
||||
apache_listen += ["#{admin_bind_service.host}:#{admin_bind_service.port}"]
|
||||
apache_listen += ["#{main_bind_address}:#{main_bind_service.port}"]
|
||||
apache_listen += ["#{admin_bind_address}:#{admin_bind_service.port}"]
|
||||
|
||||
node.normal['apache']['listen'] = apache_listen.uniq
|
||||
|
||||
|
@ -257,13 +254,12 @@ directory keystone_apache_dir do
|
|||
mode 00755
|
||||
end
|
||||
|
||||
server_entry_public = "#{keystone_apache_dir}/main"
|
||||
server_entry_internal = "#{keystone_apache_dir}/internal"
|
||||
server_entry_main = "#{keystone_apache_dir}/main"
|
||||
server_entry_admin = "#{keystone_apache_dir}/admin"
|
||||
|
||||
# Note: Using lazy here as the wsgi file is not available until after
|
||||
# the keystone package is installed during execution phase.
|
||||
[server_entry_public, server_entry_internal, server_entry_admin].each do |server_entry|
|
||||
[server_entry_main, server_entry_admin].each do |server_entry|
|
||||
file server_entry do
|
||||
content lazy { IO.read(platform_options['keystone_wsgi_file']) }
|
||||
owner 'root'
|
||||
|
@ -273,15 +269,10 @@ server_entry_admin = "#{keystone_apache_dir}/admin"
|
|||
end
|
||||
|
||||
wsgi_apps = {
|
||||
'public' => {
|
||||
server_host: public_bind_address,
|
||||
server_port: public_bind_service.port,
|
||||
server_entry: server_entry_public
|
||||
},
|
||||
'internal' => {
|
||||
server_host: internal_bind_address,
|
||||
server_port: internal_bind_service.port,
|
||||
server_entry: server_entry_internal
|
||||
'main' => {
|
||||
server_host: main_bind_address,
|
||||
server_port: main_bind_service.port,
|
||||
server_entry: server_entry_main
|
||||
},
|
||||
'admin' => {
|
||||
server_host: admin_bind_address,
|
||||
|
|
|
@ -239,7 +239,7 @@ describe 'openstack-identity::registration' do
|
|||
service_type: 'identity',
|
||||
endpoint_region: 'RegionOne',
|
||||
endpoint_adminurl: 'http://127.0.0.1:35357/v2.0',
|
||||
endpoint_internalurl: 'http://127.0.0.1:5001/v2.0',
|
||||
endpoint_internalurl: 'http://127.0.0.1:5000/v2.0',
|
||||
endpoint_publicurl: 'http://127.0.0.1:5000/v2.0'
|
||||
)
|
||||
end
|
||||
|
|
|
@ -363,7 +363,7 @@ describe 'openstack-identity::server-apache' do
|
|||
|
||||
it 'set apache addresses and ports' do
|
||||
expect(chef_run.node['apache']['listen']).to eq(
|
||||
%w(*:80 127.0.0.1:5000 127.0.0.1:5001 127.0.0.1:35357)
|
||||
%w(*:80 127.0.0.1:5000 127.0.0.1:35357)
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -399,7 +399,7 @@ describe 'openstack-identity::server-apache' do
|
|||
end
|
||||
|
||||
describe 'apache wsgi' do
|
||||
['/etc/apache2/sites-available/keystone-public.conf',
|
||||
['/etc/apache2/sites-available/keystone-main.conf',
|
||||
'/etc/apache2/sites-available/keystone-admin.conf'].each do |file|
|
||||
it "creates #{file}" do
|
||||
expect(chef_run).to create_template(file).with(
|
||||
|
@ -428,13 +428,13 @@ describe 'openstack-identity::server-apache' do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'keystone-public.conf' do
|
||||
describe 'keystone-main.conf' do
|
||||
it 'configures required lines' do
|
||||
[/^<VirtualHost 127.0.0.1:5000>$/,
|
||||
/^ WSGIDaemonProcess keystone-public/,
|
||||
/^ WSGIProcessGroup keystone-public$/,
|
||||
/^ WSGIDaemonProcess keystone-main/,
|
||||
/^ WSGIProcessGroup keystone-main$/,
|
||||
%r{^ WSGIScriptAlias / /var/www/html/keystone/main$}].each do |line|
|
||||
expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-public.conf').with_content(line)
|
||||
expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-main.conf').with_content(line)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue