| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to interact with the openstack CLI commands it is common
practice to source *openrc files which populate the environment with a
base set of values. See
https://docs.openstack.org/keystone/pike/install/keystone-openrc-obs.html
We used to do this as part of nova but it makes more sense to create
these as part of keystone. This makes them available early in the
setup process and also maps with the keystone bootstrapping.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we need to ensure the setup is run after postgresql is setup and
running we can't use a postinst as it runs too early in the boot
process. Instead we have a simple service which will run after
postgresql-init to complete the setup. On completion the service
disables itself, avoiding being run again on subsequent boots.
Update configuration data to match keystone setup as described on the
upstream project pages.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
psycopg2 will be selected by default but this will avoid warnings in
the log.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
The keystone-all has been removed upstream and all indication seem to
show that using uwsgi is the new approach to launching this service.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Attempting to get the status of various daemons which are part of the
compute image results in an error:
ps: write error: Bad file descriptor
Switch to using the more standard io redirection techniques to avoid
this error.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Attempting to use commands such as 'glance image-list' or 'keystone
tenant-list' was resulting in various errors including 'error
500'. Examining the logs it was found that keystone was throwing the
following warning:
WARNING oslo_config.cfg [-] Option "connection" from group "sql" is
deprecated. Use option "connection" from group "database".
Examining the database I found that the keystone database existed but
was empty. This indicates that some of the install scripts were
failing, possibly due to issues connecting to the database due to a
bad configuration. So taking the WARNING to heed I swapped the 'sql'
section header for 'database' and now the database is properly created
and keystone commands can be successfully executed.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
syncing the core components to the latest juno hashes. We also introduce
new packages and update others to meet the juno requirements.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have three changes in a single commit:
- A runtime substition fix controller IP values
- When the substitions were moved for chef integration, the chef
disabled path wasn't tested. This meant that %CONTROLLER_IP% remained
in the final config files, and broke keystone startup.
- The addition of oathlib to keystone depedencies
- oauthlib is a juno dependency
- A temporary patch to the apache httpd front end modules
- At times keystone would fail to load via apache due to the inability to
load localcontext from oslo. To work around these sporadic failures, an
explicit import was added to the http front end module. This will be
removed in the future.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
This patch set configures an apache vhost server on port 8081 which will
serve as the main authentication method and documents the change in
README.keystone.
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
| |
|
|
|
|
|
| |
This patch removes the openrc file from the keystone package and
references to openrc in the python-kystone_git.bb file.
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of creating tenant/user/role and service/endpoint for all
openstack services in keystone postinstall, now each of the services
creates keystone identities by itself in its own postinstall.
The existing identity.sh has been re-written to be a utility that takes
parameters, and the service postinstall calls identity.sh to create its
own keystone identities. The identity.sh can also be used as a tool to
manually create keystone identities at run time.
Signed-off-by: Andy Ning <andy.ning@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Adding /etc/keystone/hybrid-backend-setup and
convert_keystone_backend.py to set the backend
for keystone to hybrid and starts openldap and
restarts keystone.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
| |
|
|
|
|
|
|
| |
Some of the openstack data is associated with external resources
(ie glance may have external files), we explicitly invoke the delete commands on those
in additional to dropping and recreating the databases.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Updating keystone to the juno release candidate. Also adding new
dependencies.
Note: also ensure that the new keystoneclient and keystonemiddleware
are used.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When running the keystone tests, the tests ensures that
keystone is being tested against the latest version of
keystone-client available by downloading keystone-client from
source using git. However, on the target system
keystone-client is installed as a separate package and it is
undesirable to download a newer version to test against. This
fix comments out the portion of the testing code that attempts
to retrieve keystone-client from source code using git.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Keystone tests define the location of certificate files
as the location of the files in the source tree. However,
when installed on the system files are put in different
locations. This change patches the configuration file
for some tests to contain the full path to the tests
directories.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keystone tests are designed to run on the source tree.
However, Keystone is installed on a system with files
in various directories. This fix patches the testing
source files to be able to find the files on the
distribution. This fix incorporates the changes of
a previous patch file into a new patch file that is
generated, since the previous patch are related and
close to eachother in the source and it is easier to
maintain less patch files.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To support tempest, modify keystone identity.sh
script to:
* add user with username=alt_demo, tenant=alt_demo,
and password=password into keystone.
* add user "admin" into tenant "demo".
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since Grizzly release Keystone defaults to storing tokens in PKI
format. Some software works better with keystone if tokens
are in the older UUID format. This change allows a simple way
to set the storage format within the bitbake receipes. The default
is to use the newer PKI format.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Modify Keystone identity.sh to add Swift user, service,
and service endpoints into Keystone.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
| |
|
|
|
|
|
| |
Explicitly enable --log-dir to enable logging where available
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Add status/reload to sysvinit scripts
Modify tgtd to make start/stop work better (borrowed from Debian's
implementation)
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Tests in keystone/tests are failed because they
looks for some config files at wrong location.
Currently all the keystone config files are at
/etc/keystone.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Explicitly update the default keystone configuration file to indicate
the sql token backend, and set the default timeout value to 3600 seconds.
This both improves performance and ages out tokens sooner, keeping the
token list and database smaller.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Updating the ceilometer component to the latest havana stable updates.
Of note in the update is the removel of the old global statistics table
for ceilometer.
To properly display metering statistics after this update the keystone
credentials need to be udpated in keystone (add ceilometer with an
admin role) and ceilometer to use the proper username/password to
authenticate.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
To support the execution of the chkconfig and service scripts, we need
to ensure a consistent header on the initscripts, and a consistent
environment that allows scratch files to be written.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Introducing the OpenStack Havana heat component. This initial integration
covers the basic integration with keystone and horizon, but does not
fully enable stack management. Subsequent updates will enable the full
functionality.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Create the metering service and endpoints required to interact with the
ceilometer component.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Update the default system identities to include the roles and users required
to support ceilometer.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Updating the OpenStack networking component to the havana release version.
As part of this switch, we rename the components from quantum to neutron
and switch to a git based build for the client and servers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
To make keystone work properly in a node with "real" IP addresses,
both the configuration and identity setup script should use the
external address and not localhost.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Sometimes it is desirable to double check the identities, roles and
ids in the system. To re-intialize the database, we can allow identity.sh
to be re run.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
| |
Create the default openrc file for the keystone python install.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
The keystone package is only installed on a controller node.
This way the credentials can be loaded on both types of nodes.
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
| |
|
|
|
|
|
| |
The user and password for postgresql are defined in the
identity class and are loaded by the recipes from this class.
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
| |
|
|
| |
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
| |
|
|
| |
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The identity.sh script creates all the users and other
configurations for the openstack services. The openrc
file contains some environment variables that are used
by the openstack CLI commands.
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
| |
|
|
| |
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
|
|
The configuration file contains default options.
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
