Enable PKI token signing
Bug #1309667 reported by
Jorge Niedbalski
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ceilometer (Juju Charms Collection) |
Fix Released
|
Medium
|
Edward Hope-Morley | ||
cinder (Juju Charms Collection) |
Fix Released
|
Medium
|
Edward Hope-Morley | ||
glance (Juju Charms Collection) |
Fix Released
|
Medium
|
Edward Hope-Morley | ||
keystone (Juju Charms Collection) |
Fix Released
|
Medium
|
Edward Hope-Morley | ||
neutron-api (Juju Charms Collection) |
Fix Released
|
Medium
|
Edward Hope-Morley | ||
nova-cloud-controller (Juju Charms Collection) |
Fix Released
|
Medium
|
Edward Hope-Morley | ||
swift-proxy (Juju Charms Collection) |
Fix Released
|
Medium
|
Edward Hope-Morley |
Bug Description
This is a feature request.
OpenStack’s Grizzly release offers a PKI token authentication mechanism.
Current config.yml exposes a `enable-pki` option, but only UUID tokens
are being accepted and generated.
As some customers and users are requesting, please expose this
options into the charm.
[1] http://
Related branches
lp:~hopem/charms/trusty/keystone/fix-pki-token-support
- Liam Young (community): Approve
-
Diff: 1010 lines (+382/-126)8 files modifiedhooks/keystone_context.py (+28/-3)
hooks/keystone_hooks.py (+66/-21)
hooks/keystone_ssl.py (+76/-43)
hooks/keystone_utils.py (+98/-31)
templates/icehouse/keystone.conf (+9/-3)
templates/parts/section-signing (+13/-0)
unit_tests/test_keystone_hooks.py (+77/-14)
unit_tests/test_keystone_utils.py (+15/-11)
lp:~hopem/charms/trusty/cinder/pki-token-support
- Liam Young (community): Approve
-
Diff: 123 lines (+48/-11)5 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+28/-9)
hooks/charmhelpers/contrib/openstack/templates/zeromq (+14/-0)
hooks/cinder_hooks.py (+1/-0)
hooks/cinder_utils.py (+3/-1)
templates/icehouse/cinder.conf (+2/-1)
lp:~hopem/charms/trusty/glance/pki-token-support
- Liam Young (community): Approve
-
Diff: 121 lines (+49/-11)4 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+28/-9)
hooks/charmhelpers/contrib/openstack/templates/zeromq (+14/-0)
hooks/glance_utils.py (+6/-2)
templates/parts/keystone (+1/-0)
lp:~hopem/charm-helpers/pki
- Liam Young (community): Approve
- OpenStack Charmers: Pending requested
-
Diff: 90 lines (+50/-9)2 files modifiedcharmhelpers/contrib/openstack/context.py (+26/-9)
tests/contrib/openstack/test_os_contexts.py (+24/-0)
lp:~hopem/charms/trusty/neutron-api/pki-token-support
- Liam Young (community): Approve
-
Diff: 465 lines (+244/-24)14 files modifiedhooks/charmhelpers/contrib/charmsupport/nrpe.py (+41/-7)
hooks/charmhelpers/contrib/hahelpers/cluster.py (+5/-1)
hooks/charmhelpers/contrib/openstack/amulet/deployment.py (+5/-2)
hooks/charmhelpers/contrib/openstack/context.py (+26/-9)
hooks/charmhelpers/contrib/openstack/files/__init__.py (+18/-0)
hooks/charmhelpers/contrib/openstack/files/check_haproxy.sh (+32/-0)
hooks/charmhelpers/contrib/openstack/files/check_haproxy_queue_depth.sh (+30/-0)
hooks/charmhelpers/contrib/openstack/ip.py (+37/-0)
hooks/charmhelpers/contrib/openstack/utils.py (+1/-0)
hooks/charmhelpers/core/fstab.py (+2/-2)
hooks/charmhelpers/core/strutils.py (+42/-0)
hooks/neutron_api_utils.py (+3/-1)
templates/icehouse/neutron.conf (+1/-1)
templates/kilo/neutron.conf (+1/-1)
lp:~hopem/charms/trusty/nova-cloud-controller/pki-token-support
- Liam Young (community): Approve
-
Diff: 145 lines (+53/-13)5 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+28/-9)
hooks/charmhelpers/contrib/openstack/templates/zeromq (+14/-0)
hooks/nova_cc_utils.py (+9/-3)
templates/icehouse/neutron.conf (+1/-1)
templates/kilo/nova.conf (+1/-0)
lp:~hopem/charms/trusty/swift-proxy/pki-token-support
- Liam Young (community): Approve
-
Diff: 1404 lines (+55/-612)10 files modifiedhooks/charmhelpers/contrib/openstack/context.py (+28/-9)
hooks/charmhelpers/contrib/openstack/files/__init__.py (+0/-18)
hooks/charmhelpers/contrib/openstack/files/check_haproxy.sh (+0/-32)
hooks/charmhelpers/contrib/openstack/files/check_haproxy_queue_depth.sh (+0/-30)
hooks/charmhelpers/contrib/openstack/templates/zeromq (+14/-0)
hooks/charmhelpers/core/strutils.py (+0/-42)
hooks/charmhelpers/core/unitdata.py (+0/-477)
hooks/swift_context.py (+9/-0)
templates/icehouse/proxy-server.conf (+1/-1)
tests/basic_deployment.py (+3/-3)
lp:~hopem/charms/trusty/ceilometer/pki-token-support
- Liam Young (community): Approve
-
Diff: 204 lines (+61/-14) (has conflicts)6 files modifiedhooks/ceilometer_contexts.py (+4/-4)
hooks/ceilometer_hooks.py (+29/-4)
hooks/ceilometer_utils.py (+4/-3)
hooks/charmhelpers/contrib/openstack/templates/zeromq (+14/-0)
templates/icehouse/ceilometer.conf (+9/-3)
unit_tests/test_ceilometer_hooks.py (+1/-0)
description: | updated |
summary: |
- Enable PKI token signing in keystone charm + Enable PKI token signing in keystone charm HA |
Changed in keystone (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
status: | Triaged → In Progress |
tags: |
added: openstack removed: keystone |
tags: | added: cts |
Changed in keystone (Juju Charms Collection): | |
status: | In Progress → Triaged |
summary: |
- Enable PKI token signing in keystone charm (including HA) + Enable PKI token signing |
Changed in ceilometer (Juju Charms Collection): | |
status: | New → In Progress |
Changed in cinder (Juju Charms Collection): | |
status: | New → In Progress |
Changed in glance (Juju Charms Collection): | |
status: | New → In Progress |
Changed in neutron-api (Juju Charms Collection): | |
status: | New → In Progress |
Changed in nova-cloud-controller (Juju Charms Collection): | |
status: | New → In Progress |
Changed in swift-proxy (Juju Charms Collection): | |
status: | New → In Progress |
Changed in ceilometer (Juju Charms Collection): | |
importance: | Undecided → Medium |
Changed in cinder (Juju Charms Collection): | |
importance: | Undecided → Medium |
Changed in glance (Juju Charms Collection): | |
importance: | Undecided → Medium |
Changed in nova-cloud-controller (Juju Charms Collection): | |
importance: | Undecided → Medium |
Changed in neutron-api (Juju Charms Collection): | |
importance: | Undecided → Medium |
Changed in swift-proxy (Juju Charms Collection): | |
importance: | Undecided → Medium |
Changed in ceilometer (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in cinder (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in glance (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in neutron-api (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in swift-proxy (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in cinder (Juju Charms Collection): | |
milestone: | none → 15.04 |
Changed in nova-cloud-controller (Juju Charms Collection): | |
assignee: | nobody → Edward Hope-Morley (hopem) |
Changed in swift-proxy (Juju Charms Collection): | |
milestone: | none → 15.04 |
Changed in ceilometer (Juju Charms Collection): | |
milestone: | none → 15.04 |
Changed in glance (Juju Charms Collection): | |
milestone: | none → 15.04 |
Changed in nova-cloud-controller (Juju Charms Collection): | |
milestone: | none → 15.04 |
Changed in neutron-api (Juju Charms Collection): | |
milestone: | none → 15.04 |
tags: | removed: pki |
Changed in ceilometer (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in cinder (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in glance (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in keystone (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in neutron-api (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in nova-cloud-controller (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in swift-proxy (Juju Charms Collection): | |
status: | In Progress → Fix Committed |
Changed in keystone (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in cinder (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in glance (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in nova-cloud-controller (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in swift-proxy (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in ceilometer (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
Changed in neutron-api (Juju Charms Collection): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Enabling for single instance keystone is fairly trivial; however for scale-out certs and keys need to be replicated so needs some design consideration.