Final changes related to PKI

attributes/default.rb

@@ -46,9 +46,9 @@ default["cinder"]["keystone_service_chef_role"] = "keystone"
 # This is the name of the Chef role that will install the Glance API
 default["cinder"]["glance_api_chef_role"] = "glance-api"
 
-# Controls for the PKI options in the auth_token middleware
-# that is in the paste INI files.
-default["cinder"]["pki"]["signing_dir"] = "/tmp/cinder-signing-dir"
+# Keystone PKI signing directory. Only written to the filter:authtoken section
+# of the api-paste.ini when node["openstack"]["auth"]["strategy"] == "pki"
+default["cinder"]["api"]["auth"]["cache_dir"] = "/var/cache/cinder/api"
 
 # operating system group name
 default["cinder"]["group"] = "cinder"

metadata.rb

@@ -21,7 +21,7 @@ depends          "glance"
 depends          "keystone"
 depends          "mysql"
 depends          "openssh"
-depends          "openstack-common", ">= 0.1.5"
+depends          "openstack-common", ">= 0.1.6"
 depends          "openstack-utils"
 depends          "rabbitmq"
 depends          "selinux"

recipes/api.rb

@@ -34,6 +34,15 @@ platform_options["cinder_api_packages"].each do |pkg|
   end
 end
 
+directory node["cinder"]["api"]["auth"]["cache_dir"] do
+  owner node["cinder"]["user"]
+  group node["cinder"]["group"]
+  mode 00700
+
+  action :create
+  only_if { node["openstack"]["auth"]["strategy"] == "pki" }
+end
+
 service "cinder-api" do
   service_name platform_options["cinder_api_service"]
   supports :status => true, :restart => true

templates/default/api-paste.ini.erb

@@ -52,5 +52,5 @@ admin_tenant_name = <%= node["cinder"]["service_tenant_name"] %>
 admin_user = <%= node["cinder"]["service_user"] %>
 admin_password = <%= @service_pass %>
 <% if node["openstack"]["auth"]["strategy"] == "pki" -%>
-signing_dir = <%= node["cinder"]["pki"]["signing_dir"] %>
+signing_dir = <%= node["cinder"]["api"]["auth"]["cache_dir"] %>
 <% end -%>