+++ This bug was initially created as a clone of Bug #1123117 +++
+++ This bug was initially created as a clone of Bug #1122764 +++
Keystone's preferred deployment has changed to running within Apache httpd/mod_wsgi upstream. This offers better performance, stronger authentication mechanisms, and federation capabilities over using eventlet (keystone-all).
We should deploy Keystone in httpd/mod_wsgi for RHEL OSP 6.0 via all supported installation methods.
This bug will serve as a tracker for the various sub-tasks that are needed to complete this work across components.
Would really like to get this into 7.0 if at all possible.
*** Bug 1227044 has been marked as a duplicate of this bug. ***
tripleo upstream patch: https://review.openstack.org/#/c/213175/
This will not make OSP 8 at this point but it will land for Mitaka. Have updated the bug accordingly.
*** Bug 1285346 has been marked as a duplicate of this bug. ***
Verified on: openstack-keystone-9.0.0-1.el7ost.noarch
httpd is holding the keystone wsgi configs:
[root@overcloud-controller-0 conf.d]# ls -ltrh
-rw-r--r--. 1 root root 707 Jul 18 06:07 15-default.conf
-rw-r--r--. 1 root root 154 Jul 18 06:07 openstack-dashboard.conf
-rw-r--r--. 1 root root 876 Jul 18 06:07 10-gnocchi_wsgi.conf
-rw-r--r--. 1 root root 846 Jul 18 06:07 10-aodh_wsgi.conf
-rw-r--r--. 1 root root 1.1K Jul 18 06:07 10-horizon_vhost.conf
-rw-r--r--. 1 root root 972 Jul 18 06:07 10-keystone_wsgi_main.conf
-rw-r--r--. 1 root root 976 Jul 18 06:09 10-keystone_wsgi_admin.conf
httpd is holding the keystone port 5000 :
[root@overcloud-controller-0 conf.d]# netstat -natp | grep 5000
tcp 0 0 172.17.0.12:5000 0.0.0.0:* LISTEN 9279/httpd
pacemaker do not have a keystone resource:
[root@overcloud-controller-0 conf.d]# pcs status | grep -i keystone
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.