Description of problem:
We provide documentation on setting up RH-SSO with OSP12/Keystone. The setup requires an apache module that is not available in the current keystone container (mod_auth_mellon).
To make RH-SSO work you need to add that package to the container. That addition would get blown away in the event of an undercloud update, unless the customer starts maintaining their own custom keystone image.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Attempt to follow instructions on integrating w/ RH-SSO
2. Hit step where a yum install is required
3. Cringe when you need to install a package in a container
Require modification of the keystone image for proper integration
All requirements met in the keystone image to RH-SSO
Documentation on setup/install module step: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html-single/federate_with_identity_service/#install_mod_auth_mellon_on_each_controller_node
(The doc itself has some issues since installing the package on the controller node itself serves no purpose.)
This is not an RFE but a BUG! SSO is coughing errors in RHOSP-12.
I'm reopening this BZ. BZ 1572154 is targeting RHOSP-13. This is for RHOSP-12.
RHOSP-12 is still well-alive and supported.
Can we, please, have those containers updated?
Created attachment 1470327 [details]
hotfix-tarball with Dockerfile for local build
Tarball with Dockerfile plus RPMs. See instructions in BZ for details.
See the attachment 1470327 [details] which contains a tarball with the Dockerfile along with the required RPMs.
To build a new container layer/hotfix for this issue please do the following on your Undercloud.
1) Download tarball.
2) Extract to a directory named hotfix-bz1573316.
3) Run command: 'docker build hotfix-bz1573316'
4) Run command: 'docker tag <layer ID> 172.16.10.16:8787/rhosp12/openstack-keystone:12.0-20180529.1-hotfix-BZ1573316'. NOTE: use output from command #3 above as the <layer ID>
5) Run command: 'docker push 172.16.10.16:8787/rhosp12/openstack-keystone:12.0-20180529.1-hotfix-BZ1573316'
The hotfix should now be deployed to the local registry.
At this point you can update your Heat environment to use the new Keystone container hotfix as noted in the comment above (see the docker_registry.yaml file). Once you have done this re-deploy/update per normal.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.