Bug 1123117 - Deploy Keystone in Apache httpd
Summary: Deploy Keystone in Apache httpd
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack
Version: 6.0 (Juno)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: z2
: 6.0 (Juno)
Assignee: Martin Magr
QA Contact: Mike Abrams
URL:
Whiteboard:
Depends On: 1111274 1122764 1122767 1138424 1170218 1170223 1170224 1170225 1180230
Blocks: 1170370 1170372
TreeView+ depends on / blocked
 
Reported: 2014-07-24 22:37 UTC by Rich Megginson
Modified: 2016-04-27 02:43 UTC (History)
12 users (show)

Fixed In Version: openstack-packstack-2014.2-0.17.dev1462.gbb05296.el7ost
Doc Type: Enhancement
Doc Text:
With this update, a new feature has been added that enables to install OpenStack Identity service to run via Apache httpd processes. A new parameter 'CONFIG_KEYSTONE_SERVICE_NAME' has been added. Value 'httpd' will switch on Apache support while value 'keystone' allows Identity service run in it's own process as was implemented in the previous versions.
Clone Of: 1122764
: 1170370 1170372 (view as bug list)
Environment:
Last Closed: 2015-04-07 15:09:57 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Launchpad 1348729 None None None Never
Launchpad 1348732 None None None Never
OpenStack gerrit 138553 None None None Never
Red Hat Product Errata RHSA-2015:0789 normal SHIPPED_LIVE Important: openstack-packstack and openstack-puppet-modules security and bug fix update 2015-04-07 19:08:02 UTC

Description Rich Megginson 2014-07-24 22:37:19 UTC
+++ This bug was initially created as a clone of Bug #1122764 +++

Keystone's preferred deployment has changed to running within Apache httpd/mod_wsgi upstream.  This offers better performance, stronger authentication mechanisms, and federation capabilities over using eventlet (keystone-all).

We should deploy Keystone in httpd/mod_wsgi for RHEL OSP 6.0 via all supported installation methods.

This bug will serve as a tracker for the various sub-tasks that are needed to complete this work across components.

Comment 1 Nathan Kinder 2015-01-11 17:16:08 UTC
The changes for this have been merged upstream:

  http://git.openstack.org/cgit/stackforge/packstack/commit/?id=df3acf2f47920b77d5e7c1680418185777128140

Comment 3 Mike Abrams 2015-02-09 08:00:03 UTC
Nathan can you point me to the install docs for each of the supported methods for deploying keystone in httpd?  thx.

Comment 4 Rich Megginson 2015-02-09 15:25:39 UTC
(In reply to Mike Abrams from comment #3)
> Nathan can you point me to the install docs for each of the supported
> methods for deploying keystone in httpd?  thx.

1) use packstack --keystone-service-name httpd .... other args ....
2) with a packstack answerfile, use the parameter CONFIG_KEYSTONE_SERVICE_NAME=httpd

Comment 5 Gaël Chamoulaud 2015-03-03 13:12:41 UTC
The fix for that has been merged into the packstack juno branch with the change https://review.openstack.org/#/c/159121/

https://github.com/stackforge/packstack/blob/juno/packstack/plugins/keystone_100.py#L132-L145

Comment 7 Mike Abrams 2015-03-15 10:56:29 UTC
PASSED

answer file:
CONFIG_KEYSTONE_SERVICE_NAME=httpd

processes query:
[root@opens-vdsb ~(keystone_admin)]# ps -ef | grep keystone
keystone 11446 11445  0 12:46 ?        00:00:03 /usr/sbin/httpd -DFOREGROUND
keystone 11447 11445  0 12:46 ?        00:00:02 /usr/sbin/httpd -DFOREGROUND
root     14906 12054  0 12:54 pts/0    00:00:00 grep --color=auto keystone
[root@opens-vdsb ~(keystone_admin)]# 

command:
[root@opens-vdsb ~(keystone_admin)]# keystone user-list
+----------------------------------+------------+---------+----------------------+
|                id                |    name    | enabled |        email         |
+----------------------------------+------------+---------+----------------------+
| b3186b5b9ed84c6f976284fc2159c1a2 |   admin    |   True  |    root@localhost    |
| 62f8ce31ba9d4ea283b52065ec3f57a5 | ceilometer |   True  | ceilometer@localhost |
| 56de96a8c5d6451b825178a1a8ec160f |   cinder   |   True  |   cinder@localhost   |
| 101666c5181b4ff9829aaace027d9be2 |    demo    |   True  |                      |
| 77b3d981172d40eb943a546de2bb9600 |   glance   |   True  |   glance@localhost   |
| 41b80fbeff6745d4aa33e98091fe5499 |  neutron   |   True  |  neutron@localhost   |
| df91058373cc419a86e8ba61d775968b |    nova    |   True  |    nova@localhost    |
| 0667de90ee44400880a7b4867e6fc36c |   swift    |   True  |   swift@localhost    |
+----------------------------------+------------+---------+----------------------+
[root@opens-vdsb ~(keystone_admin)]# 

sanity check:

[root@opens-vdsb meter(keystone_admin)]# ./run-ts.sh -run keystone-sanity
TESTID         TEST                          STATUS              LOGS                
-------        -------                       -------             -------             
10011000       setup-env                     DONE                --                  
10011001       create-user-in-domain         PASS                /tmp/meter.create-user-in-domain.031515-125221.log
10011002       def-domain-exists?            PASS                /tmp/meter.def-domain-exists?.031515-125222.log
10011003       lst-supported-api             PASS                /tmp/meter.lst-supported-api.031515-125222.log
10011004       del-default-dom               PASS                /tmp/meter.del-default-dom.031515-125222.log
10011005       v2-v3-proj-access             PASS                /tmp/meter.v2-v3-proj-access.031515-125223.log
10011006       neg-token-test                PASS                /tmp/meter.neg-token-test.031515-125223.log
10011007       gen-token-test                PASS                /tmp/meter.gen-token-test.031515-125224.log
10011008       cron-exists?                  PASS                /tmp/meter.cron-exists?.031515-125224.log
10011009       token_expiration?             PASS                /tmp/meter.token_expiration?.031515-125224.log
10012000       clean-env                     DONE                /tmp/meter.clean-env.031515-125225.log
-------        -------                       -------             -------             
               aggregate score               PASS                /tmp/meter.031515-125221.logs.tar.gz
[root@opens-vdsb meter(keystone_admin)]#

Comment 9 errata-xmlrpc 2015-04-07 15:09:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0789.html


Note You need to log in before you can comment on or make changes to this bug.