use separate wsgi scripts for admin and public keystone endpoints

keystone.wsgi is deprecated in Mitaka. Separate generated scripts for public and admin endpoints should be used instead as per [1]. Both scripts are bundled in MOS and RDO keystone package and default location is used: /usr/bin/keystone-wsgi-admin|public. [1] https://bugs.launchpad.net/puppet-keystone/+bug/1558290 Closes-Bug: #1636834 Change-Id: I262a18a539ab8f05d18f6ecd412bf0eb5b7de6b7 Signed-off-by: Pavel Glushchak <pglushchak@virtuozzo.com>
2016-10-03 17:46:39 +03:00 · 2016-10-03 17:46:39 +03:00 · ab73b5726e
parent dc8d33cc66
commit ab73b5726e
2 changed files with 25 additions and 13 deletions
--- a/deployment/puppet/openstack_tasks/manifests/keystone/keystone.pp
+++ b/deployment/puppet/openstack_tasks/manifests/keystone/keystone.pp
@ -162,17 +162,7 @@ class openstack_tasks::keystone::keystone {
    admin_port            => $admin_port,
    bind_host             => $local_address_for_bind,

-    wsgi_script_ensure    => $::osfamily ? {
-      'RedHat' => 'link',
-      default  => 'file',
-    },
-    wsgi_script_source    => $::osfamily ? {
-    # TODO: (adidenko) use file from package for Debian, when
-    # https://bugs.launchpad.net/fuel/+bug/1476688 is fixed.
-    # 'Debian'      => '/usr/share/keystone/wsgi.py',
-      'RedHat' => '/usr/share/keystone/keystone.wsgi',
-      default  => undef,
-    },
+    wsgi_script_ensure    => 'link',
  }

  include ::tweaks::apache_wrappers
--- a/tests/noop/spec/hosts/keystone/keystone_spec.rb
+++ b/tests/noop/spec/hosts/keystone/keystone_spec.rb
@ -244,8 +244,30 @@ describe manifest do
     end

     it 'keystone::wsgi::apache should configure keystone_wsgi_admin and keystone_wsgi_main files' do
-       should contain_file('keystone_wsgi_admin')
-       should contain_file('keystone_wsgi_main')
+       case facts[:operatingsystem]
+       when 'Ubuntu'
+         should contain_file('keystone_wsgi_admin').with(
+           'ensure'  => 'link',
+           'path'    => '/usr/lib/cgi-bin/keystone/keystone-admin',
+           'target'  => '/usr/bin/keystone-wsgi-admin',
+         )
+         should contain_file('keystone_wsgi_main').with(
+           'ensure'  => 'link',
+           'path'    => '/usr/lib/cgi-bin/keystone/keystone-public',
+           'target'  => '/usr/bin/keystone-wsgi-public',
+         )
+       when 'CentOS'
+         should contain_file('keystone_wsgi_admin').with(
+           'ensure'  => 'link',
+           'path'    => '/var/www/cgi-bin/keystone/keystone-admin',
+           'target'  => '/usr/bin/keystone-wsgi-admin',
+         )
+         should contain_file('keystone_wsgi_main').with(
+           'ensure'  => 'link',
+           'path'    => '/var/www/cgi-bin/keystone/keystone-public',
+           'target'  => '/usr/bin/keystone-wsgi-public',
+         )
+       end
     end

     it 'should not run keystone service' do