Document accept requests on base paths rather than separate ports
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Brant Knudson |
Bug Description
The identity service is expected to be on ports 5000 and 35357 for historical reasons. It's been a dream for some time to have the identity service, along with the rest of the OpenStack services, available on a path on the normal HTTP port so that we're not polluting the port space so much, and also port 35357 has problems on Linux since it's in the default ephemeral port range (see bug 1253482).
With keystone switching to being served by Apache Httpd or some other full-featured web server (as opposed to eventlet) this is actually pretty easy to accomplish. Httpd (and other web servers) allows you to route multiple paths / ports to the wsgi process, so you can have :5000 and :443/identity going to the same place (same with :35357 and :443/identity_
Keystone ships a sample config file in httpd/wsgi-
If we agree on this we can get some tests going to ensure the rest of the OpenStack ecosystem is ready by changing devstack to use the new config.
Eventually we can "deprecate" running identity service on 5000 and 35357 and instead use :443/identity and /identity_admin.
Changed in keystone: | |
status: | New → In Progress |
description: | updated |
Changed in keystone: | |
milestone: | none → mitaka-1 |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Reviewed: https:/ /review. openstack. org/195766 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=4a034326ff9 c2ee61e7f6d755e 0211192a83bc22
Committed: https:/
Submitter: Jenkins
Branch: master
commit 4a034326ff9c2ee 61e7f6d755e0211 192a83bc22
Author: Brant Knudson <email address hidden>
Date: Thu Jun 25 17:35:47 2015 -0500
Document httpd for accept on /identity, /identity_admin
Apache Httpd can be configured to accept keystone requests on all
sorts of interfaces. The sample config file is updated to show
how to configure Apache Httpd to also send requests on /identity
and /identity_admin to keystone.
Closes-Bug: 1496041 839f8dd1e4ecef7 fdc06c3f561
Change-Id: Ie7b829eff16c0e