[PKG-Openstack-devel] [PATCH] Allow using https OR http as authentication protocol.
Turbo Fredriksson
turbo at bayour.com
Mon Jul 4 13:48:35 UTC 2016
It would be really nice if we can setup https right at
the beginning.
I'm not entirely sure about the steps, but this patch
should be a beginning. There's many packages (apache is
one of them I think) that can setup SSL/TLS.
---
pkgos_func | 66 +++++++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 47 insertions(+), 19 deletions(-)
diff --git a/pkgos_func b/pkgos_func
index ff87ee0..76f7744 100644
--- a/pkgos_func
+++ b/pkgos_func
@@ -463,7 +463,7 @@ pkgos_read_admin_creds () {
if grep -q auth_url ${READ_ADMIN_CRED_CONF_FNAME} ; then
pkgos_inifile get ${READ_ADMIN_CRED_CONF_FNAME} ${READ_ADMIN_CRED_SEARCH_SECTION} auth_url
if [ -n "${RET}" ] && [ ! "${RET}" = "NOT_FOUND" ] ; then
- NO_PROTO=${RET#http://}
+ NO_PROTO=${RET#http*://}
BEFORE_PORT=$(echo ${NO_PROTO} | cut -d":" -f1)
if [ -z "${BEFORE_PORT}" ] ; then
db_set ${READ_ADMIN_CRED_PKG_NAME}/auth-host ${BEFORE_PORT}
@@ -491,15 +491,22 @@ pkgos_write_admin_creds () {
db_get ${WRITE_CRED_PKG_NAME}/auth-host
WRITE_CRED_AUTH_HOST=${RET}
+ db_get ${PKG_NAME}/auth_protocol
+ PKG_NAME_AUTH_PROTOCOL=${RET}
+ if [ -z "${PKG_NAME_AUTH_PROTOCOL}" ]; then
+ PKG_NAME_AUTH_PROTOCOL=http
+ fi
+
if grep -q auth_host ${WRITE_CRED_CONF_FNAME} ; then
- pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION} auth_host ${RET}
+ pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION} auth_host ${WRITE_CRED_AUTH_HOST}
+ pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION} auth_protocol ${PKG_NAME_AUTH_PROTOCOL}
else
# This is needed for l3_agent.ini
if grep -q auth_url ${WRITE_CRED_CONF_FNAME} ; then
pkgos_inifile get ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION} auth_url
- NO_PROTO=${RET#http://}
+ NO_PROTO=${RET#http*://}
AFTER_PORT=$(echo ${NO_PROTO} | cut -d":" -f2)
- WRITE_CRED_URL="http://${WRITE_CRED_AUTH_HOST}:${AFTER_PORT}"
+ WRITE_CRED_URL="${PKG_NAME_AUTH_PROTOCOL}://${WRITE_CRED_AUTH_HOST}:${AFTER_PORT}"
pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION} auth_url ${WRITE_CRED_URL}
else
echo "Couldn't find either auth_host or auth_url :("
@@ -597,7 +604,18 @@ pkgos_init () {
}
pkgos_get_id () {
- SERVICE_ENDPOINT=${SERVICE_ENDPOINT:-http://127.0.0.1:35357/v2.0/} SERVICE_TOKEN=${AUTH_TOKEN} "$@" | awk '/ id / { print $4 }'
+ if [ -z "${SERVICE_ENDPOINT}" ]; then
+ db_get ${WRITE_CRED_PKG_NAME}/auth-host
+ WRITE_CRED_AUTH_HOST=${RET}
+ db_get ${PKG_NAME}/auth_protocol
+ PKG_NAME_AUTH_PROTOCOL=${RET}
+ if [ -z "${PKG_NAME_AUTH_PROTOCOL}" ]; then
+ PKG_NAME_AUTH_PROTOCOL=http
+ fi
+ SERVICE_ENDPOINT="${PKG_NAME_AUTH_PROTOCOL}://${WRITE_CRED_AUTH_HOST}:35357/v2.0/"
+ fi
+
+ SERVICE_TOKEN=${AUTH_TOKEN} "$@" | awk '/ id / { print $4 }'
}
# Asks the debconf questions for registering a service and its endpoint in keystone
@@ -665,27 +683,32 @@ pkgos_register_endpoint_postinst () {
PKG_ENDPOINT_IP=`echo ${RET} | egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'`
db_get ${PKG_NAME}/region-name
REGION_NAME=${RET}
+ db_get ${PKG_NAME}/auth_protocol
+ PKG_NAME_AUTH_PROTOCOL=${RET}
+ if [ -z "${PKG_NAME_AUTH_PROTOCOL}" ]; then
+ PKG_NAME_AUTH_PROTOCOL=http
+ fi
if db_get ${PKG_NAME}/keystone-auth-token ; then
AUTH_TOKEN=${RET}
if [ -n "${KEYSTONE_ENDPOINT_IP}" ] && [ -n "${PKG_ENDPOINT_IP}" ] && [ -n "${REGION_NAME}" ] && [ -n "${AUTH_TOKEN}" ] ; then
- echo "Registering service and endpoints for ${SERVICE_NAME} with type ${SERVICE_TYPE} at http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}"
- NUM_LINES=$(openstack --os-token ${AUTH_TOKEN} --os-url=http://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 service list --format=csv | q -d , -H 'SELECT ID FROM - WHERE `Type`="'${SERVICE_TYPE}'"' | wc -l)
+ echo "Registering service and endpoints for ${SERVICE_NAME} with type ${SERVICE_TYPE} at ${PKG_NAME_AUTH_PROTOCOL}://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}"
+ NUM_LINES=$(openstack --os-token ${AUTH_TOKEN} --os-url=${PKG_NAME_AUTH_PROTOCOL}://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 service list --format=csv | q -d , -H 'SELECT ID FROM - WHERE `Type`="'${SERVICE_TYPE}'"' | wc -l)
if [ "${NUM_LINES}" = "0" ] ; then
- openstack --os-token ${AUTH_TOKEN} --os-url=http://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 service create \
+ openstack --os-token ${AUTH_TOKEN} --os-url=${PKG_NAME_AUTH_PROTOCOL}://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 service create \
--name=${SERVICE_NAME} --description="${SERVICE_DESC}" ${SERVICE_TYPE}
- openstack --os-token ${AUTH_TOKEN} --os-url=http://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 endpoint create \
+ openstack --os-token ${AUTH_TOKEN} --os-url=${PKG_NAME_AUTH_PROTOCOL}://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 endpoint create \
--region "${REGION_NAME}" \
- ${SERVICE_NAME} public http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
+ ${SERVICE_NAME} public ${PKG_NAME_AUTH_PROTOCOL}://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
- openstack --os-token ${AUTH_TOKEN} --os-url=http://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 endpoint create \
+ openstack --os-token ${AUTH_TOKEN} --os-url=${PKG_NAME_AUTH_PROTOCOL}://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 endpoint create \
--region "${REGION_NAME}" \
- ${SERVICE_NAME} internal http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
+ ${SERVICE_NAME} internal ${PKG_NAME_AUTH_PROTOCOL}://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
- openstack --os-token ${AUTH_TOKEN} --os-url=http://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 endpoint create \
+ openstack --os-token ${AUTH_TOKEN} --os-url=${PKG_NAME_AUTH_PROTOCOL}://${KEYSTONE_ENDPOINT_IP}:35357/v3/ --os-domain-name default --os-identity-api-version=3 endpoint create \
--region "${REGION_NAME}" \
- ${SERVICE_NAME} admin http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
+ ${SERVICE_NAME} admin ${PKG_NAME_AUTH_PROTOCOL}://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
else
echo "Service already registered: skipping service endpoint creation. Will skip service endpoint creation."
fi
@@ -699,16 +722,21 @@ pkgos_register_endpoint_postinst () {
KEYSTONE_ADMIN_NAME=${RET}
db_get ${PKG_NAME}/keystone-admin-password
KEYSTONE_ADMIN_PASSWORD=${RET}
+ db_get ${PKG_NAME}/auth_protocol
+ PKG_NAME_AUTH_PROTOCOL=${RET}
+ if [ -z "${PKG_NAME_AUTH_PROTOCOL}" ]; then
+ PKG_NAME_AUTH_PROTOCOL=http
+ fi
if [ -n "${KEYSTONE_ENDPOINT_IP}" ] && [ -n "${PKG_ENDPOINT_IP}" ] && [ -n "${REGION_NAME}" ] && [ -n "${KEYSTONE_PROJECT_NAME}" ] && [ -n "${KEYSTONE_ADMIN_NAME}" ] && [ -n "${KEYSTONE_ADMIN_PASSWORD}" ]; then
- echo "Registering service and endpoints for ${SERVICE_NAME} with type ${SERVICE_TYPE} at http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}"
+ echo "Registering service and endpoints for ${SERVICE_NAME} with type ${SERVICE_TYPE} at ${PKG_NAME_AUTH_PROTOCOL}://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}"
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_TENANT_NAME=${KEYSTONE_PROJECT_NAME}
export OS_PROJECT_NAME=${KEYSTONE_PROJECT_NAME}
export OS_USERNAME=${KEYSTONE_ADMIN_NAME}
export OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD}
- export OS_AUTH_URL=http://${KEYSTONE_ENDPOINT_IP}:35357/v3/
+ export OS_AUTH_URL=${PKG_NAME_AUTH_PROTOCOL}://${KEYSTONE_ENDPOINT_IP}:35357/v3/
export OS_IDENTITY_API_VERSION=3
export OS_AUTH_VERSION=3
export OS_PROJECT_DOMAIN_ID=default
@@ -717,9 +745,9 @@ pkgos_register_endpoint_postinst () {
NUM_LINES=$(OS_PASSWORD=${KEYSTONE_ADMIN_PASSWORD} openstack service list --format=csv | q -d , -H 'SELECT ID FROM - WHERE `Type`="'${SERVICE_TYPE}'"' | wc -l)
if [ "${NUM_LINES}" = "0" ] ; then
openstack service create --name=${SERVICE_NAME} --description="${SERVICE_DESC}" ${SERVICE_TYPE}
- openstack endpoint create --region "${REGION_NAME}" ${SERVICE_NAME} public http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
- openstack endpoint create --region "${REGION_NAME}" ${SERVICE_NAME} internal http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
- openstack endpoint create --region "${REGION_NAME}" ${SERVICE_NAME} admin http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
+ openstack endpoint create --region "${REGION_NAME}" ${SERVICE_NAME} public ${PKG_NAME_AUTH_PROTOCOL}://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
+ openstack endpoint create --region "${REGION_NAME}" ${SERVICE_NAME} internal ${PKG_NAME_AUTH_PROTOCOL}://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
+ openstack endpoint create --region "${REGION_NAME}" ${SERVICE_NAME} admin ${PKG_NAME_AUTH_PROTOCOL}://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
else
echo "Service already registered: skipping service endpoint creation."
fi
--
1.7.10.4
More information about the Openstack-devel
mailing list