Age | Commit message (Collapse) | Author |
|
syncing the core components to the latest juno hashes. We also introduce
new packages and update others to meet the juno requirements.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
We have three changes in a single commit:
- A runtime substition fix controller IP values
- When the substitions were moved for chef integration, the chef
disabled path wasn't tested. This meant that %CONTROLLER_IP% remained
in the final config files, and broke keystone startup.
- The addition of oathlib to keystone depedencies
- oauthlib is a juno dependency
- A temporary patch to the apache httpd front end modules
- At times keystone would fail to load via apache due to the inability to
load localcontext from oslo. To work around these sporadic failures, an
explicit import was added to the http front end module. This will be
removed in the future.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
This patch set configures an apache vhost server on port 8081 which will
serve as the main authentication method and documents the change in
README.keystone.
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
|
This patch removes the openrc file from the keystone package and
references to openrc in the python-kystone_git.bb file.
Signed-off-by: Liam R. Howlett <Liam.Howlett@WindRiver.com>
|
|
Instead of creating tenant/user/role and service/endpoint for all
openstack services in keystone postinstall, now each of the services
creates keystone identities by itself in its own postinstall.
The existing identity.sh has been re-written to be a utility that takes
parameters, and the service postinstall calls identity.sh to create its
own keystone identities. The identity.sh can also be used as a tool to
manually create keystone identities at run time.
Signed-off-by: Andy Ning <andy.ning@windriver.com>
|
|
Adding /etc/keystone/hybrid-backend-setup and
convert_keystone_backend.py to set the backend
for keystone to hybrid and starts openldap and
restarts keystone.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
Some of the openstack data is associated with external resources
(ie glance may have external files), we explicitly invoke the delete commands on those
in additional to dropping and recreating the databases.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
|
Updating keystone to the juno release candidate. Also adding new
dependencies.
Note: also ensure that the new keystoneclient and keystonemiddleware
are used.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
When running the keystone tests, the tests ensures that
keystone is being tested against the latest version of
keystone-client available by downloading keystone-client from
source using git. However, on the target system
keystone-client is installed as a separate package and it is
undesirable to download a newer version to test against. This
fix comments out the portion of the testing code that attempts
to retrieve keystone-client from source code using git.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Keystone tests define the location of certificate files
as the location of the files in the source tree. However,
when installed on the system files are put in different
locations. This change patches the configuration file
for some tests to contain the full path to the tests
directories.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Keystone tests are designed to run on the source tree.
However, Keystone is installed on a system with files
in various directories. This fix patches the testing
source files to be able to find the files on the
distribution. This fix incorporates the changes of
a previous patch file into a new patch file that is
generated, since the previous patch are related and
close to eachother in the source and it is easier to
maintain less patch files.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
To support tempest, modify keystone identity.sh
script to:
* add user with username=alt_demo, tenant=alt_demo,
and password=password into keystone.
* add user "admin" into tenant "demo".
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
|
Since Grizzly release Keystone defaults to storing tokens in PKI
format. Some software works better with keystone if tokens
are in the older UUID format. This change allows a simple way
to set the storage format within the bitbake receipes. The default
is to use the newer PKI format.
Signed-off-by: Keith Holman <Keith.Holman@windriver.com>
|
|
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Modify Keystone identity.sh to add Swift user, service,
and service endpoints into Keystone.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
|
|
Explicitly enable --log-dir to enable logging where available
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Add status/reload to sysvinit scripts
Modify tgtd to make start/stop work better (borrowed from Debian's
implementation)
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Tests in keystone/tests are failed because they
looks for some config files at wrong location.
Currently all the keystone config files are at
/etc/keystone.
Signed-off-by: Vu Tran <vu.tran@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Explicitly update the default keystone configuration file to indicate
the sql token backend, and set the default timeout value to 3600 seconds.
This both improves performance and ages out tokens sooner, keeping the
token list and database smaller.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Updating the ceilometer component to the latest havana stable updates.
Of note in the update is the removel of the old global statistics table
for ceilometer.
To properly display metering statistics after this update the keystone
credentials need to be udpated in keystone (add ceilometer with an
admin role) and ceilometer to use the proper username/password to
authenticate.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
To support the execution of the chkconfig and service scripts, we need
to ensure a consistent header on the initscripts, and a consistent
environment that allows scratch files to be written.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Introducing the OpenStack Havana heat component. This initial integration
covers the basic integration with keystone and horizon, but does not
fully enable stack management. Subsequent updates will enable the full
functionality.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Create the metering service and endpoints required to interact with the
ceilometer component.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Update the default system identities to include the roles and users required
to support ceilometer.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Updating the OpenStack networking component to the havana release version.
As part of this switch, we rename the components from quantum to neutron
and switch to a git based build for the client and servers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
To make keystone work properly in a node with "real" IP addresses,
both the configuration and identity setup script should use the
external address and not localhost.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Sometimes it is desirable to double check the identities, roles and
ids in the system. To re-intialize the database, we can allow identity.sh
to be re run.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
Create the default openrc file for the keystone python install.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
The keystone package is only installed on a controller node.
This way the credentials can be loaded on both types of nodes.
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
|
The user and password for postgresql are defined in the
identity class and are loaded by the recipes from this class.
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
|
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
|
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
|
The identity.sh script creates all the users and other
configurations for the openstack services. The openrc
file contains some environment variables that are used
by the openstack CLI commands.
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
|
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|
|
The configuration file contains default options.
Signed-off-by: Mihai Prica <prica.mihai@gmail.com>
|