Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1123117

Summary: Deploy Keystone in Apache httpd
Product: Red Hat OpenStack Reporter: Rich Megginson <rmeggins>
Component: openstack-packstackAssignee: Martin Magr <mmagr>
Status: CLOSED ERRATA QA Contact: Mike Abrams <mabrams>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0 (Juno)CC: aberezin, ajeain, aortega, derekh, dnavale, gchamoul, ichavero, markmc, nkinder, rmeggins, ukalifon, yeylon
Target Milestone: z2Keywords: Tracking, ZStream
Target Release: 6.0 (Juno)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-packstack-2014.2-0.17.dev1462.gbb05296.el7ost Doc Type: Enhancement
Doc Text:
With this update, a new feature has been added that enables to install OpenStack Identity service to run via Apache httpd processes. A new parameter 'CONFIG_KEYSTONE_SERVICE_NAME' has been added. Value 'httpd' will switch on Apache support while value 'keystone' allows Identity service run in it's own process as was implemented in the previous versions.
 Story Points: ---
Clone Of: 1122764
: 1170370 1170372 (view as bug list) Environment:
Last Closed: 2015-04-07 15:09:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1111274, 1122764, 1122767, 1138424, 1170218, 1170223, 1170224, 1170225, 1180230    
Bug Blocks: 1170370, 1170372    

Description Rich Megginson 2014-07-24 22:37:19 UTC 
+++ This bug was initially created as a clone of Bug #1122764 +++

Keystone's preferred deployment has changed to running within Apache httpd/mod_wsgi upstream.  This offers better performance, stronger authentication mechanisms, and federation capabilities over using eventlet (keystone-all).

We should deploy Keystone in httpd/mod_wsgi for RHEL OSP 6.0 via all supported installation methods.

This bug will serve as a tracker for the various sub-tasks that are needed to complete this work across components.
Comment 1 Nathan Kinder 2015-01-11 17:16:08 UTC 
The changes for this have been merged upstream:

  http://git.openstack.org/cgit/stackforge/packstack/commit/?id=df3acf2f47920b77d5e7c1680418185777128140
Comment 3 Mike Abrams 2015-02-09 08:00:03 UTC 
Nathan can you point me to the install docs for each of the supported methods for deploying keystone in httpd?  thx.
Comment 4 Rich Megginson 2015-02-09 15:25:39 UTC 
(In reply to Mike Abrams from comment #3)
> Nathan can you point me to the install docs for each of the supported
> methods for deploying keystone in httpd?  thx.

1) use packstack --keystone-service-name httpd .... other args ....
2) with a packstack answerfile, use the parameter CONFIG_KEYSTONE_SERVICE_NAME=httpd
Comment 5 Gaƫl Chamoulaud 2015-03-03 13:12:41 UTC 
The fix for that has been merged into the packstack juno branch with the change https://review.openstack.org/#/c/159121/

https://github.com/stackforge/packstack/blob/juno/packstack/plugins/keystone_100.py#L132-L145
Comment 7 Mike Abrams 2015-03-15 10:56:29 UTC 
PASSED

answer file:
CONFIG_KEYSTONE_SERVICE_NAME=httpd

processes query:
[root@opens-vdsb ~(keystone_admin)]# ps -ef | grep keystone
keystone 11446 11445  0 12:46 ?        00:00:03 /usr/sbin/httpd -DFOREGROUND
keystone 11447 11445  0 12:46 ?        00:00:02 /usr/sbin/httpd -DFOREGROUND
root     14906 12054  0 12:54 pts/0    00:00:00 grep --color=auto keystone
[root@opens-vdsb ~(keystone_admin)]# 

command:
[root@opens-vdsb ~(keystone_admin)]# keystone user-list
+----------------------------------+------------+---------+----------------------+
|                id                |    name    | enabled |        email         |
+----------------------------------+------------+---------+----------------------+
| b3186b5b9ed84c6f976284fc2159c1a2 |   admin    |   True  |    root@localhost    |
| 62f8ce31ba9d4ea283b52065ec3f57a5 | ceilometer |   True  | ceilometer@localhost |
| 56de96a8c5d6451b825178a1a8ec160f |   cinder   |   True  |   cinder@localhost   |
| 101666c5181b4ff9829aaace027d9be2 |    demo    |   True  |                      |
| 77b3d981172d40eb943a546de2bb9600 |   glance   |   True  |   glance@localhost   |
| 41b80fbeff6745d4aa33e98091fe5499 |  neutron   |   True  |  neutron@localhost   |
| df91058373cc419a86e8ba61d775968b |    nova    |   True  |    nova@localhost    |
| 0667de90ee44400880a7b4867e6fc36c |   swift    |   True  |   swift@localhost    |
+----------------------------------+------------+---------+----------------------+
[root@opens-vdsb ~(keystone_admin)]# 

sanity check:

[root@opens-vdsb meter(keystone_admin)]# ./run-ts.sh -run keystone-sanity
TESTID         TEST                          STATUS              LOGS                
-------        -------                       -------             -------             
10011000       setup-env                     DONE                --                  
10011001       create-user-in-domain         PASS                /tmp/meter.create-user-in-domain.031515-125221.log
10011002       def-domain-exists?            PASS                /tmp/meter.def-domain-exists?.031515-125222.log
10011003       lst-supported-api             PASS                /tmp/meter.lst-supported-api.031515-125222.log
10011004       del-default-dom               PASS                /tmp/meter.del-default-dom.031515-125222.log
10011005       v2-v3-proj-access             PASS                /tmp/meter.v2-v3-proj-access.031515-125223.log
10011006       neg-token-test                PASS                /tmp/meter.neg-token-test.031515-125223.log
10011007       gen-token-test                PASS                /tmp/meter.gen-token-test.031515-125224.log
10011008       cron-exists?                  PASS                /tmp/meter.cron-exists?.031515-125224.log
10011009       token_expiration?             PASS                /tmp/meter.token_expiration?.031515-125224.log
10012000       clean-env                     DONE                /tmp/meter.clean-env.031515-125225.log
-------        -------                       -------             -------             
               aggregate score               PASS                /tmp/meter.031515-125221.logs.tar.gz
[root@opens-vdsb meter(keystone_admin)]#
Comment 9 errata-xmlrpc 2015-04-07 15:09:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0789.html