Bug 1123117 - Deploy Keystone in Apache httpd
Summary: Deploy Keystone in Apache httpd
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack
Version: 6.0 (Juno)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: z2
: 6.0 (Juno)
Assignee: Martin Magr
QA Contact: Mike Abrams
URL:
Whiteboard:
Depends On: 1111274 1122764 1122767 1138424 1170218 1170223 1170224 1170225 1180230
Blocks: 1170370 1170372
TreeView+ depends on / blocked
 
Reported: 2014-07-24 22:37 UTC by Rich Megginson
Modified: 2016-04-27 02:43 UTC (History)
12 users (show)

Fixed In Version: openstack-packstack-2014.2-0.17.dev1462.gbb05296.el7ost
Doc Type: Enhancement
Doc Text:
With this update, a new feature has been added that enables to install OpenStack Identity service to run via Apache httpd processes. A new parameter 'CONFIG_KEYSTONE_SERVICE_NAME' has been added. Value 'httpd' will switch on Apache support while value 'keystone' allows Identity service run in it's own process as was implemented in the previous versions.
Clone Of: 1122764
: 1170370 1170372 (view as bug list)
Environment:
Last Closed: 2015-04-07 15:09:57 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0789 normal SHIPPED_LIVE Important: openstack-packstack and openstack-puppet-modules security and bug fix update 2015-04-07 19:08:02 UTC
OpenStack gerrit 138553 None None None Never
Launchpad 1348729 None None None Never
Launchpad 1348732 None None None Never

Description Rich Megginson 2014-07-24 22:37:19 UTC
+++ This bug was initially created as a clone of Bug #1122764 +++

Keystone's preferred deployment has changed to running within Apache httpd/mod_wsgi upstream.  This offers better performance, stronger authentication mechanisms, and federation capabilities over using eventlet (keystone-all).

We should deploy Keystone in httpd/mod_wsgi for RHEL OSP 6.0 via all supported installation methods.

This bug will serve as a tracker for the various sub-tasks that are needed to complete this work across components.

Comment 1 Nathan Kinder 2015-01-11 17:16:08 UTC
The changes for this have been merged upstream:

  http://git.openstack.org/cgit/stackforge/packstack/commit/?id=df3acf2f47920b77d5e7c1680418185777128140

Comment 3 Mike Abrams 2015-02-09 08:00:03 UTC
Nathan can you point me to the install docs for each of the supported methods for deploying keystone in httpd?  thx.

Comment 4 Rich Megginson 2015-02-09 15:25:39 UTC
(In reply to Mike Abrams from comment #3)
> Nathan can you point me to the install docs for each of the supported
> methods for deploying keystone in httpd?  thx.

1) use packstack --keystone-service-name httpd .... other args ....
2) with a packstack answerfile, use the parameter CONFIG_KEYSTONE_SERVICE_NAME=httpd

Comment 5 Gaël Chamoulaud 2015-03-03 13:12:41 UTC
The fix for that has been merged into the packstack juno branch with the change https://review.openstack.org/#/c/159121/

https://github.com/stackforge/packstack/blob/juno/packstack/plugins/keystone_100.py#L132-L145

Comment 7 Mike Abrams 2015-03-15 10:56:29 UTC
PASSED

answer file:
CONFIG_KEYSTONE_SERVICE_NAME=httpd

processes query:
[root@opens-vdsb ~(keystone_admin)]# ps -ef | grep keystone
keystone 11446 11445  0 12:46 ?        00:00:03 /usr/sbin/httpd -DFOREGROUND
keystone 11447 11445  0 12:46 ?        00:00:02 /usr/sbin/httpd -DFOREGROUND
root     14906 12054  0 12:54 pts/0    00:00:00 grep --color=auto keystone
[root@opens-vdsb ~(keystone_admin)]# 

command:
[root@opens-vdsb ~(keystone_admin)]# keystone user-list
+----------------------------------+------------+---------+----------------------+
|                id                |    name    | enabled |        email         |
+----------------------------------+------------+---------+----------------------+
| b3186b5b9ed84c6f976284fc2159c1a2 |   admin    |   True  |    root@localhost    |
| 62f8ce31ba9d4ea283b52065ec3f57a5 | ceilometer |   True  | ceilometer@localhost |
| 56de96a8c5d6451b825178a1a8ec160f |   cinder   |   True  |   cinder@localhost   |
| 101666c5181b4ff9829aaace027d9be2 |    demo    |   True  |                      |
| 77b3d981172d40eb943a546de2bb9600 |   glance   |   True  |   glance@localhost   |
| 41b80fbeff6745d4aa33e98091fe5499 |  neutron   |   True  |  neutron@localhost   |
| df91058373cc419a86e8ba61d775968b |    nova    |   True  |    nova@localhost    |
| 0667de90ee44400880a7b4867e6fc36c |   swift    |   True  |   swift@localhost    |
+----------------------------------+------------+---------+----------------------+
[root@opens-vdsb ~(keystone_admin)]# 

sanity check:

[root@opens-vdsb meter(keystone_admin)]# ./run-ts.sh -run keystone-sanity
TESTID         TEST                          STATUS              LOGS                
-------        -------                       -------             -------             
10011000       setup-env                     DONE                --                  
10011001       create-user-in-domain         PASS                /tmp/meter.create-user-in-domain.031515-125221.log
10011002       def-domain-exists?            PASS                /tmp/meter.def-domain-exists?.031515-125222.log
10011003       lst-supported-api             PASS                /tmp/meter.lst-supported-api.031515-125222.log
10011004       del-default-dom               PASS                /tmp/meter.del-default-dom.031515-125222.log
10011005       v2-v3-proj-access             PASS                /tmp/meter.v2-v3-proj-access.031515-125223.log
10011006       neg-token-test                PASS                /tmp/meter.neg-token-test.031515-125223.log
10011007       gen-token-test                PASS                /tmp/meter.gen-token-test.031515-125224.log
10011008       cron-exists?                  PASS                /tmp/meter.cron-exists?.031515-125224.log
10011009       token_expiration?             PASS                /tmp/meter.token_expiration?.031515-125224.log
10012000       clean-env                     DONE                /tmp/meter.clean-env.031515-125225.log
-------        -------                       -------             -------             
               aggregate score               PASS                /tmp/meter.031515-125221.logs.tar.gz
[root@opens-vdsb meter(keystone_admin)]#

Comment 9 errata-xmlrpc 2015-04-07 15:09:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0789.html


Note You need to log in before you can comment on or make changes to this bug.