From 0d51d9d0a76d31bdf5e246dcb98ed5a731a9b71b Mon Sep 17 00:00:00 2001
From: Jay Pipes <jaypipes@gmail.com>
Date: Fri, 11 Jan 2013 10:53:59 -0500
Subject: [PATCH] Final changes related to PKI

---
 attributes/default.rb               | 6 +++---
 metadata.rb                         | 2 +-
 recipes/api.rb                      | 9 +++++++++
 templates/default/api-paste.ini.erb | 2 +-
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/attributes/default.rb b/attributes/default.rb
index ccddf28..edacd56 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -46,9 +46,9 @@ default["cinder"]["keystone_service_chef_role"] = "keystone"
 # This is the name of the Chef role that will install the Glance API
 default["cinder"]["glance_api_chef_role"] = "glance-api"
 
-# Controls for the PKI options in the auth_token middleware
-# that is in the paste INI files.
-default["cinder"]["pki"]["signing_dir"] = "/tmp/cinder-signing-dir"
+# Keystone PKI signing directory. Only written to the filter:authtoken section
+# of the api-paste.ini when node["openstack"]["auth"]["strategy"] == "pki"
+default["cinder"]["api"]["auth"]["cache_dir"] = "/var/cache/cinder/api"
 
 # operating system group name
 default["cinder"]["group"] = "cinder"
diff --git a/metadata.rb b/metadata.rb
index 0ef7fcb..3187ff0 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -21,7 +21,7 @@ depends          "glance"
 depends          "keystone"
 depends          "mysql"
 depends          "openssh"
-depends          "openstack-common", ">= 0.1.5"
+depends          "openstack-common", ">= 0.1.6"
 depends          "openstack-utils"
 depends          "rabbitmq"
 depends          "selinux"
diff --git a/recipes/api.rb b/recipes/api.rb
index 9eac46b..53212b3 100644
--- a/recipes/api.rb
+++ b/recipes/api.rb
@@ -34,6 +34,15 @@ platform_options["cinder_api_packages"].each do |pkg|
   end
 end
 
+directory node["cinder"]["api"]["auth"]["cache_dir"] do
+  owner node["cinder"]["user"]
+  group node["cinder"]["group"]
+  mode 00700
+
+  action :create
+  only_if { node["openstack"]["auth"]["strategy"] == "pki" }
+end
+
 service "cinder-api" do
   service_name platform_options["cinder_api_service"]
   supports :status => true, :restart => true
diff --git a/templates/default/api-paste.ini.erb b/templates/default/api-paste.ini.erb
index 4ba6f54..90b7bfd 100644
--- a/templates/default/api-paste.ini.erb
+++ b/templates/default/api-paste.ini.erb
@@ -52,5 +52,5 @@ admin_tenant_name = <%= node["cinder"]["service_tenant_name"] %>
 admin_user = <%= node["cinder"]["service_user"] %>
 admin_password = <%= @service_pass %>
 <% if node["openstack"]["auth"]["strategy"] == "pki" -%>
-signing_dir = <%= node["cinder"]["pki"]["signing_dir"] %>
+signing_dir = <%= node["cinder"]["api"]["auth"]["cache_dir"] %>
 <% end -%>