When rbac is configured (aaa_mode is rbac), setup neutron pipeline

to pass user token to API server Change-Id: I0d9e9b6559423ae74ba042333e1a5b54f0e91c84 Closes-Bug: #1583241
Juniper · Aug 3, 2016 · da76c6c · da76c6c
1 parent 7bcffef
commit da76c6c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/contrail_provisioning/config/openstack.py b/contrail_provisioning/config/openstack.py
@@ -141,6 +141,7 @@ def build_ctrl_details(self):
         else:
             ctrl_infos.append('QUANTUM=%s' % self.cfgm_ip)
         ctrl_infos.append('QUANTUM_PORT=%s' % self._args.quantum_port)
+        ctrl_infos.append('AAA_MODE=%s' % (self._args.aaa_mode or ''))
 
         self.update_vips_in_ctrl_details(ctrl_infos)
 

diff --git a/contrail_provisioning/config/scripts/quantum-server-setup.sh b/contrail_provisioning/config/scripts/quantum-server-setup.sh
@@ -145,6 +145,14 @@ if [ -d /etc/neutron ]; then
 
     openstack-config --del /etc/neutron/neutron.conf service_providers service_provider
     openstack-config --set /etc/neutron/neutron.conf service_providers service_provider LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default
+
+    ret_val=`grep "keystone = user_token" /etc/neutron/api-paste.ini > /dev/null;echo $?`
+    if [ "$AAA_MODE" == "rbac" ] && [ $ret_val == 1 ]; then
+        sed -i 's/keystone =/keystone = user_token/' /etc/neutron/api-paste.ini
+        openstack-config --set /etc/neutron/api-paste.ini filter:user_token paste.filter_factory neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory
+    elif [ "$AAA_MODE" != "rbac" ] && [ $ret_val != 1 ]; then
+        sed -i 's/keystone = user_token/keystone =/' /etc/neutron/api-paste.ini
+    fi
 else
     openstack-config --set /etc/quantum/quantum.conf DEFAULT core_plugin quantum.plugins.contrail.ContrailPlugin.ContrailPlugin