Bug 1572154 - Keystone container image missing mod_auth_mellon
Summary: Keystone container image missing mod_auth_mellon
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-containers
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
Target Milestone: z3
: 13.0 (Queens)
Assignee: Dan Prince
QA Contact: Pavan
Andrew Burden
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-26 09:40 UTC by Andrew Austin
Modified: 2019-01-16 22:10 UTC (History)
15 users (show)

Fixed In Version: openstack-keystone-base-container-13.0-54
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2019-01-16 22:10:23 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
OpenStack gerrit 575165 0 None MERGED add support for keystone federation 2020-05-18 01:15:13 UTC
Red Hat Product Errata RHEA-2019:0072 0 None None None 2019-01-16 22:10:26 UTC

Description Andrew Austin 2018-04-26 09:40:48 UTC
Description of problem:

Customers wanting to do SAML federation using the methodology Red Hat documents need to have the mod_auth_mellon package available in the Keystone container. Today, integration can be done with a customized image, but it would be nice to have this in the stock container image.

Version-Release number of selected component (if applicable):
Image tag 12.0-20180405.1 

Do we want to force customers to build custom images for procedures like SAML federation that we have documented? My preference is to have the package in the stock image, but this could also be a documentation item instead.

Comment 1 Jiri Stransky 2018-04-27 13:56:30 UTC
Just for additional context: we hit this during FFWD upgrade testing with non-default keystone configs.

Comment 2 Harry Rybacki 2018-05-11 19:11:07 UTC
*** Bug 1573316 has been marked as a duplicate of this bug. ***

Comment 4 Red Hat Bugzilla Rules Engine 2018-05-11 19:12:59 UTC
This bugzilla has been removed from the release since it has not been triaged, and needs to be reviewed for targeting another release.

Comment 10 John Dennis 2018-09-24 16:04:08 UTC
Ozz, didn't you add mod_auth_mellon to the package set a while ago?

Comment 11 Juan Antonio Osorio 2018-09-25 05:25:38 UTC
I did add them to the kolla templates, however, I am unsure if we're carrying this package in the downstream dockerfile. Apparently we don't directly use kolla downstream, but instead we carry dockerfiles based on what was generated by kolla (at some point)... so we need to double check if that package was added to our downstream file (I don't know where that is).

Comment 14 Andrew Austin 2018-09-26 14:25:01 UTC
I see the package in the 13.0-54 tag of the OSP13 Keystone container image.

Comment 15 Harry Rybacki 2018-10-02 16:08:17 UTC
Adding FIV per comment #14 and moving bug to MODIFIED.

Comment 16 Shelley Dunne 2018-10-08 15:23:20 UTC
Currently released build in NVR openstack-keystone-base-container-13.0-60

Comment 20 errata-xmlrpc 2019-01-16 22:10:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.