Bug 1187706
| Summary: | problems with puppet-keystone LDAP support | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Rich Megginson <rmeggins> | ||||
| Component: | openstack-puppet-modules | Assignee: | Ivan Chavero <ichavero> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Mike Abrams <mabrams> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 6.0 (Juno) | CC: | aberezin, ajeain, dnavale, ichavero, jguiditt, mabrams, nkinder, sclewis, yeylon | ||||
| Target Milestone: | z2 | Keywords: | ZStream | ||||
| Target Release: | 6.0 (Juno) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | openstack-puppet-modules-2014.2.12-1.el7ost | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | 1185960 | Environment: | |||||
| Last Closed: | 2015-04-07 15:10:23 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1172310, 1172315, 1194810 | ||||||
| Attachments: |
|
||||||
|
Description
Rich Megginson
2015-01-30 17:45:05 UTC
This patch has been added to the OPM repo https://github.com/stackforge/puppet-keystone/tree/stable/juno Can i have acks in order to build the package? (In reply to Ivan Chavero from comment #3) > This patch has been added to the OPM repo > https://github.com/stackforge/puppet-keystone/tree/stable/juno > > Can i have acks in order to build the package? Looks like you have the acks - can you build the package now? Ivan we need this to test Rich's patch for ofi, is there a build we can use at this time? Thanks Nathan, any meaningful way to test this without an AD/IPA server? (In reply to Mike Abrams from comment #7) > Nathan, any meaningful way to test this without an AD/IPA server? Do you mean, as opposed to some other LDAP server? You need some sort of LDAP server. I did my testing with "plain" 389: * yum install 389-ds-base * setup-ds.pl - use dc=example,dc=com as the suffix I did my installer testing using packstack. See http://richmegginson.livejournal.com/25156.html Created attachment 1003267 [details]
script to set up ldap server and run packstack
I copied and pasted excerpts of a script I use (in a cloud-init) to set up a VM to test puppet code using packstack. This will set up an LDAP server (389) and configure packstack to set up Keystone with an LDAP identity backend. If you uncomment PRECREATE_USERS this will set up Keystone with a read-only LDAP backend, otherwise, it will use read-write.
sanity against the latest puddle connected to an IPA ldap server yields successes across the board. One caveat is that the negative token test for the user portion now fails on 500 and not on 401; see this bug for more information: https://bugzilla.redhat.com/show_bug.cgi?id=1204460 Final result: VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0789.html |