Token provider needs to be set to uuid.Provider when the token format is
UUID. PKI is the default.
Change-Id: I967289524a50f650cdf2476d5067d263dbf55b03
Fixes: bug #1201639
The URLs advertised in the data returned by keystone's '/' route default
to localhost and is not usable from off-host. Not that anything in
DevStack uses it (yet).
Change-Id: I049789f568eff48c1abb0678c3ac0ae8a8960c64
* Default IDENTITY_API_VERSION to '2.0' in stackrc
Note: the value of these *_API_VERSION variables will NOT include
the leading 'v' as the CLI tools do not allow it.
Change-Id: Ic6473833be35625282e7442f3c88fc1c4d0cc134
This is the semi-irregular comment and docs cleanup.
No functional changes should be here although some code is moved in a
small attempt to sort functions and get things where they need to be.
Change-Id: Ib4a3e2590c6fbd016c391acc7aef6421e91c0dca
make it so setup_develop happens in install instead of configure
to ensure that we can handle config file generation by itself.
Change-Id: I4801d7a0bc6642de2db5b78df1750666895f0aa3
for files that don't start with a #! or end in .sh, the added tags
are nice for emacs users to automatically switch to the right mode.
Change-Id: If4b93e106191bc744ccad8420cef20e751cdf902
* Clean up interactive configuration
* Complete moving initialization of service-specific varialbes into the
service lib/* files.
* Cosmetic cleanups
Change-Id: Iea14359bd224dd5533201d4c7cb1437d5382c4d1
Support for Keystone change https://review.openstack.org/24126
while keeping the backward compatiblity with mixed cfg/paste.deploy
configuration file.
Also remove insertion of s3 extension which was merged in
b2aa620bc9
Change-Id: Ib7e2913ebb507f882dcd71b1142bcdb4b040ae6b
- Set by default SWIFT_REPLICAS to 1 since this is the most common use
case when using it in devstack.
- If we have swift_replicas to 1 launch the object container account and
proxy servers in foreground in screen.
- Allow any s- services if we have just 'swift' in service enabled
instead of having to specify all s- services to enable swift. This will be
removed in the future.
- Set object server starting at 6013 instead of 6010 to not conflict
with remote ssh x11 forwarding.
Change-Id: I890b6953b70283bfa0927fff0cf5e92f3c08455b
This reverts commit 5a5cbf7274a6a50bb766ec590cf885430ed5c5d0.
This breaks on a default openstack install on Ubuntu 12.10,
revert for now until this can be cleaned up to work out of the
box.
Change-Id: I185509cc30bd28e920cdab60fc92129949bd6b0d
It is hard to grep errors in current log. so in this patch,
I'm updating die function which also writes log for
screen_log_dir/error.log.
In future, we may categolize negative fault by using
this error.log.
Change-Id: I70a8cfe67ed408284f5c88c762c6bb8acb8ecdb2
Addressed reviewers comments and added some extra properties
needed by latest version of keystone.
This fix sets some needed values in keystone.conf to ensure
that keystone can add entries to LDAP and remain schema
compliant. It creates a new special role (_member_) that
is needed by the latest version of keystone and also
fixes tenant_id to be tenantId.
Change-Id: Ia2a1ebb7cbedb0af106c74aa9181843cc9739f5d
- Set by default SWIFT_REPLICAS to 1 since this is the most common use
case when using it in devstack.
- If we have swift_replicas to 1 launch the object container account and
proxy servers in foreground in screen.
- Allow any s- services if we have just 'swift' in service enabled
instead of having to specify all s- services to enable swift. This will be
removed in the future.
Change-Id: I496f79e14f99bd7e9f2c7deee12a4b6e935c3a5b
On many systems the requiretty sudoers option is turned on by default.
With "requiretty" option the sudo ensures the user have real tty access.
Just several "su" variant has an option for skipping the new session creation step.
Only one session can posses a tty, so after a "su -c" the sudo will not
work.
We will use sudo instead of su, when we create the stack account.
This change adds new variable the STACK_USER for
service username.
Change-Id: I1b3fbd903686884e74a5a22d82c0c0890e1be03c
This prevents old invalid tokens from working after a rerun of stack.sh
and potentially providing users and tenants that don't exist.
Fixes bug 1089700
Change-Id: Icfc22978e41e459d51b50bc7ad2e6d98d766e402
If the directory exists but is owned by another user, then this will
cause failures.
Note that we already do this for other components (glance, for
instance).
Change-Id: Ic7d2a2dd179f721636afc9ea9c3fe6bb314c9b33
* Adds lib/tls to create test CA/certs
* Start proxy if 'tls-proxy' is enabled
* Configure keystone service catalog for TLS
* Tear down proxy in unstack.sh
* Set auth protocol and ca-cert chain in openrc
* Add DATA_DIR to stackrc
This is the first in a series of patches to enable TLS support
for the service API endpoints.
Change-Id: Ia1c91dc8f1aaf94fbec9dc71da322559a83d14b6
keystone_data.sh is getting unwieldly and increasingly needs
configuration information for services. Also need the ability
to manipulate HOST/IP information for hosts to handle service
HA/proxy configurations.
Begin moving the creation of service account information into
the service lib files, starting with the common accounts and
keystone itself.
Change-Id: Ie259f7b71983c4f4a2e33ab9c8a8e2b00238ba38
This patch adds an interface for supporting multiple database backend
types and implemnts support for PostgreSQL. It also adds a function,
use_exclusive_service, which serves as a base for enabling a service
that conflicts with other services. The use_database function uses it,
and it might also be useful for selecting messaging backends.
MySQL is still selected by default. Tested on Fedora 17 and Ubuntu
12.04 with MySQL and PostgreSQL. Implements blueprint postgresql-support
Change-Id: I4b1373e25676fd9a9809fe70cb4a6450a2479174
* Configure Cinder, Glance, Keystone, Nova to put cached credentials
from keystone.auth_token into /var/cache/<service>
It is not obvious to me that having each of these service share a
credentials cache is a good idea. It does appear to work but this
patch takes the conservative approach of putting each service's cache
in a distinct directory.
More importantly it gets them out of $HOME!
Change-Id: If88088fc287a2f2f4f3e34f6d9be9de3da7ee00d
This change lets the developer running devstack
control the token format used by keystone through
setting KEYSTONE_TOKEN_FORMAT in their localrc
file.
Change-Id: Ic1265fcb10b8de112891f61d5e07312322148ec2
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>
Set VERBOSE=False to turn off the noise of stack.sh output. All
output still is written to the logfile if LOGFILE is set.
Rebased
Change-Id: I316bc4d68c997ec907a48e720e2f7778428d935b
The templated backend for Keystone is limited and does not support the
CRUD operations so does not fully exercise the Identity API. Change
the default to SQL but leave the templated back-end in place for now.
Set KEYSTONE_CATALOG_BACKEND=template in localrc to restore the old
behaviour.
Change-Id: Id4490194d49b8004583016a9666cb9439cd4700a
The next in a line of changes to break down stack.sh and make
it a bit more manageable.
Part of blueprint devstack-modular
Change-Id: I40405af07b776f045d6bf801f7e4f1ad863139ae
