+++ This bug was initially created as a clone of Bug #1122764 +++ Keystone's preferred deployment has changed to running within Apache httpd/mod_wsgi upstream. This offers better performance, stronger authentication mechanisms, and federation capabilities over using eventlet (keystone-all). We should deploy Keystone in httpd/mod_wsgi for RHEL OSP 6.0 via all supported installation methods. This bug will serve as a tracker for the various sub-tasks that are needed to complete this work across components.
The changes for this have been merged upstream: http://git.openstack.org/cgit/stackforge/packstack/commit/?id=df3acf2f47920b77d5e7c1680418185777128140
Nathan can you point me to the install docs for each of the supported methods for deploying keystone in httpd? thx.
(In reply to Mike Abrams from comment #3) > Nathan can you point me to the install docs for each of the supported > methods for deploying keystone in httpd? thx. 1) use packstack --keystone-service-name httpd .... other args .... 2) with a packstack answerfile, use the parameter CONFIG_KEYSTONE_SERVICE_NAME=httpd
The fix for that has been merged into the packstack juno branch with the change https://review.openstack.org/#/c/159121/ https://github.com/stackforge/packstack/blob/juno/packstack/plugins/keystone_100.py#L132-L145
PASSED answer file: CONFIG_KEYSTONE_SERVICE_NAME=httpd processes query: [root@opens-vdsb ~(keystone_admin)]# ps -ef | grep keystone keystone 11446 11445 0 12:46 ? 00:00:03 /usr/sbin/httpd -DFOREGROUND keystone 11447 11445 0 12:46 ? 00:00:02 /usr/sbin/httpd -DFOREGROUND root 14906 12054 0 12:54 pts/0 00:00:00 grep --color=auto keystone [root@opens-vdsb ~(keystone_admin)]# command: [root@opens-vdsb ~(keystone_admin)]# keystone user-list +----------------------------------+------------+---------+----------------------+ | id | name | enabled | email | +----------------------------------+------------+---------+----------------------+ | b3186b5b9ed84c6f976284fc2159c1a2 | admin | True | root@localhost | | 62f8ce31ba9d4ea283b52065ec3f57a5 | ceilometer | True | ceilometer@localhost | | 56de96a8c5d6451b825178a1a8ec160f | cinder | True | cinder@localhost | | 101666c5181b4ff9829aaace027d9be2 | demo | True | | | 77b3d981172d40eb943a546de2bb9600 | glance | True | glance@localhost | | 41b80fbeff6745d4aa33e98091fe5499 | neutron | True | neutron@localhost | | df91058373cc419a86e8ba61d775968b | nova | True | nova@localhost | | 0667de90ee44400880a7b4867e6fc36c | swift | True | swift@localhost | +----------------------------------+------------+---------+----------------------+ [root@opens-vdsb ~(keystone_admin)]# sanity check: [root@opens-vdsb meter(keystone_admin)]# ./run-ts.sh -run keystone-sanity TESTID TEST STATUS LOGS ------- ------- ------- ------- 10011000 setup-env DONE -- 10011001 create-user-in-domain PASS /tmp/meter.create-user-in-domain.031515-125221.log 10011002 def-domain-exists? PASS /tmp/meter.def-domain-exists?.031515-125222.log 10011003 lst-supported-api PASS /tmp/meter.lst-supported-api.031515-125222.log 10011004 del-default-dom PASS /tmp/meter.del-default-dom.031515-125222.log 10011005 v2-v3-proj-access PASS /tmp/meter.v2-v3-proj-access.031515-125223.log 10011006 neg-token-test PASS /tmp/meter.neg-token-test.031515-125223.log 10011007 gen-token-test PASS /tmp/meter.gen-token-test.031515-125224.log 10011008 cron-exists? PASS /tmp/meter.cron-exists?.031515-125224.log 10011009 token_expiration? PASS /tmp/meter.token_expiration?.031515-125224.log 10012000 clean-env DONE /tmp/meter.clean-env.031515-125225.log ------- ------- ------- ------- aggregate score PASS /tmp/meter.031515-125221.logs.tar.gz [root@opens-vdsb meter(keystone_admin)]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0789.html