Bug 1172305
| Summary: | [RFE] Support Keystone read-only LDAP configuration with domain-specific identity backends | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Nathan Kinder <nkinder> |
| Component: | openstack-puppet-modules | Assignee: | Ivan Chavero <ichavero> |
| Status: | CLOSED ERRATA | QA Contact: | Mike Abrams <mabrams> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.0 (Kilo) | CC: | aberezin, ajeain, dnavale, ichavero, jpena, lbezdick, mburns, rharwood, rmeggins, sclewis, yeylon |
| Target Milestone: | ga | Keywords: | FutureFeature, ZStream |
| Target Release: | 7.0 (Kilo) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-puppet-modules-2014.2.12-1.el7ost | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-04-07 15:10:10 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1172308, 1194779, 1194780, 1195977, 1195978 | ||
| Bug Blocks: | 1163445, 1194810 | ||
|
Description
Nathan Kinder
2014-12-09 19:50:13 UTC
Additional work will be required for using domain specific backends. Keystone API v3 support will be required. Work is underway upstream to add this support to the puppet-openstacklib component - https://review.openstack.org/116754 (using aviator REST - requires aviator support in opm https://bugzilla.redhat.com/show_bug.cgi?id=1171352) which will be followed by https://review.openstack.org/134843 (use openstackclient instead of aviator, which requires upgrading to python-openstackclient 1.0.0 https://bugzilla.redhat.com/show_bug.cgi?id=1171191). This is just for the upstream common puppet-keystone module. We also need the ability to use the keystone::ldap puppet class from the installer. For example, we need the ability to set and configure LDAP parameters in packstack - https://review.openstack.org/129989 What installer should we target? Note that StayPuft/ofi/astapor has no support for Keystone LDAP - is that required? The functionality appears to be ready on the keystone side, after checking with Rich we agreed that adding this stuff to the OPM modules and the instsallers might be too risky for A1, Could this be targeted to A2? This bug requires Keystone v3 support, due to the support for multiple domains. Since complete Keystone v3 support will not be feasible until Kilo, I think we should postpone this bug to a later release. (In reply to Javier Peña from comment #6) > This bug requires Keystone v3 support, due to the support for multiple > domains. Since complete Keystone v3 support will not be feasible until Kilo, > I think we should postpone this bug to a later release. Agreed. This will need to be pushed out. Adjusting flags. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0789.html |