Bug 978853 - token_format should be configurable
token_format should be configurable
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack (Show other bugs)
Unspecified Unspecified
urgent Severity urgent
: async
: 3.0
Assigned To: Martin Magr
Nir Magnezi
: ZStream
Depends On: 975050 975153
  Show dependency treegraph
Reported: 2013-06-27 04:30 EDT by Martin Magr
Modified: 2016-04-26 16:34 EDT (History)
12 users (show)

See Also:
Fixed In Version: openstack-packstack-2013.1.1-0.23.dev642.el6ost
Doc Type: Enhancement
Doc Text:
PackStack now allows user selection of the token format to be used by the Identity service (Keystone). The new configuration key is CONFIG_KEYSTONE_TOKEN_FORMAT controls which token format is used. Valid values are UUID of PKI. The recommended value for new deployments is PKI.
Story Points: ---
Clone Of: 975153
: 984683 (view as bug list)
Last Closed: 2013-07-15 15:17:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 33410 None None None Never
OpenStack gerrit 34694 None None None Never

  None (edit)
Description Martin Magr 2013-06-27 04:30:12 EDT
+++ This bug was initially created as a clone of Bug #975153 +++

+++ This bug was initially created as a clone of Bug #975050 +++

Description of problem:
in Grizzly the default token_format changed from UUID to PKI.

While in the RHOS 3.0 release, we primarily worked with UUID, we would like to follow upstream in the future.

For RHOS 4.0, we would like to use PKI by default from packstack.

Perhaps as a 3.0.z release of packstack, it would be ideal to have the option to turn on PKI tokens but not affect existing answer files.  That is, prompt the user for a token type, and the default should be 'UUID', but allow 'PKI'.

Version-Release number of selected component (if applicable):

--- Additional comment from Adam Young on 2013-06-17 13:38:01 EDT ---

Specifically, we should not force the token format to be UUID tokens.  This was done by a puppet module chance in 3.0 but has been changed in upstream puppet to align with upstream Keystone.
Comment 1 Martin Magr 2013-06-27 04:36:36 EDT
Backported to Grizzly branch.
Comment 3 Alan Pevec 2013-07-11 14:39:26 EDT
Note that upstream packstack grizzly has "DEFAULT_VALUE"   : 'PKI'
but RHOS rpm includes additional patch which keeps default UUID:
Comment 4 Nir Magnezi 2013-07-14 05:31:23 EDT
Verified NVR: openstack-packstack-2013.1.1-0.23.dev642.el6ost.noarch
* Verified With RHOS

Verification Steps:
1. Installed packstack and generated an answer-file
2. Verified that an attribute named CONFIG_KEYSTONE_TOKEN_FORMAT was added to the file.
3. Verified that CONFIG_KEYSTONE_TOKEN_FORMAT default value is UUID
4. Installed Openstack with UUID Configured
5. Installed Openstack with PKI Configured

1. Both installations (steps 4,5) passed OK.
2. Sanity tests passed OK.
Comment 6 errata-xmlrpc 2013-07-15 15:17:02 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.