OpenStack Keystone Charm

[Feature request] enable support for keystone middleware plugin in charm

Bug #1856555 reported by Boggy
42
This bug affects 8 people
Affects Status Importance Assigned to Milestone
Charm Helpers
In Progress
Wishlist
Myles Penner
Gnocchi Charm
Triaged
Wishlist
Unassigned
OpenStack Ceilometer Charm
Triaged
Wishlist
Unassigned
OpenStack Cinder Charm
Fix Committed
Wishlist
Myles Penner
OpenStack Glance Charm
Triaged
Wishlist
Unassigned
OpenStack Heat Charm
Triaged
Wishlist
Unassigned
OpenStack Ironic API Charm
New
Undecided
Unassigned
OpenStack Keystone Charm
Triaged
Wishlist
Unassigned
OpenStack Neutron API Charm
Triaged
Wishlist
Unassigned
OpenStack Nova Cloud Controller Charm
In Progress
Wishlist
Unassigned
OpenStack Swift Proxy Charm
Triaged
Wishlist
Unassigned
OpenStack Trove Charm
Triaged
Wishlist
Unassigned
OpenStack panko charm
Triaged
Wishlist
Unassigned

Bug Description

One of our clients would like us to enable support for keystone middleware in charm.

Chris MacNaughton (chris.macnaughton)
Changed in charm-keystone:
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
Arif Ali (arif-ali) wrote :

keystonemiddleware is automatically already installed and what the customer wants is the auditing side of what keystonemiddleware has. Primarily [1] describes what is required for the autid middleware to be configured. It could be as part of the code python-keystonemiddleware or python3-keystonemiddleware would need to be packaged up

In the attempt to get this started, and doing stuff on this, I can point to 2 repos that I worked on [2] is the charm, and [3] is the charmhelpers update. This is my rough idea on how we can go about it.

The key things coming out this piece of work is that we need 3 files changing or adding in each of the major project charms

1. /etc/<project>/<project>.conf
2. /etc/<project>/api-paste.ini
3. /etc/<project>/api_audit_map.conf

The sense of these updates can be seen in both [2] and [3]

The api_audit_map.conf file can be taken from the repo in [4], I have not checked to see if they are identical for each of the projects, but this afaik is required for the audit middleware to work

The initial PR created for the charmhelpers also suggested that maybe the audit_middleware context may not be ideal in the IdentityServiceContext, and maybe a new AuditMiddlewareContext may be required

There may be other variables that the doc [1] specifies that may be required in api-paste.ini, that may be required for extra functionality

[1] https://docs.openstack.org/keystonemiddleware/latest/audit.html
[2] https://github.com/arif-ali/charm-nova-cloud-controller/commit/3743f00384de56efe8b0a4ee2ab2e40de68b5e7f#diff-bceb54a0fa3aac4f53f131205411c18f
[3] https://github.com/arif-ali/charm-helpers/commit/258cf87c83cca2faf601dd99285cd226e2e67b48
[4] https://github.com/openstack/pycadf/tree/master/etc/pycadf

Chris MacNaughton (chris.macnaughton)
Changed in charm-helpers:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-gnocchi:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-trove:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-ceilometer:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-cinder:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-glance:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-heat:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-neutron-api:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-nova-cloud-controller:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-panko:
importance: Undecided → Wishlist
status: New → Triaged
Changed in charm-swift-proxy:
importance: Undecided → Wishlist
status: New → Triaged
Arif Ali (arif-ali)
Changed in charm-helpers:
assignee: nobody → Arif Ali (arif-ali)
status: Triaged → In Progress
Changed in charm-nova-cloud-controller:
assignee: nobody → Arif Ali (arif-ali)
status: Triaged → In Progress
Alex Kavanagh (ajkavanagh)
Changed in charm-cinder:
assignee: nobody → Myles Penner (mylesjp)
status: Triaged → In Progress
Changed in charm-helpers:
assignee: Arif Ali (arif-ali) → Myles Penner (mylesjp)
Changed in charm-nova-cloud-controller:
assignee: Arif Ali (arif-ali) → nobody
status: In Progress → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/915502

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on charm-cinder (master)

Change abandoned by "Myles Penner <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/915502
Reason: Practice test with Gerrit and OpenDev

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/916348

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on charm-cinder (master)

Change abandoned by "Myles Penner <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/916348
Reason: Missing section

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-cinder/+/916349

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-cinder (master)

Reviewed: https://review.opendev.org/c/openstack/charm-cinder/+/916349
Committed: https://opendev.org/openstack/charm-cinder/commit/e25b5d38fbb0692e5fab6e7f562c974316d61abe
Submitter: "Zuul (22348)"
Branch: master

commit e25b5d38fbb0692e5fab6e7f562c974316d61abe
Author: Myles Penner <email address hidden>
Date: Thu Apr 18 15:19:06 2024 -0700

    Add keystone audit middleware API logging

    This commit adds Keystone audit middleware API logging to the Cinder
    charm in versions Yoga and newer to allow users to configure their
    environment for CADF compliance. This feature can be enabled/disabled
    and is set to 'disabled' by default to avoid bloat in log files.
    The logging output is configured to /var/log/apache2/cinder_error.log.
    This commit builds on previous discussions:
    https://github.com/juju/charm-helpers/pull/808.

    Related-Pr: https://github.com/juju/charm-helpers/pull/893
    func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1200
    Closes-Bug: 1856555
    Change-Id: Ia7dbd6af2305e92eaa9a65890644c4a324ab2c65

Changed in charm-cinder:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-cinder (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/charm-cinder/+/917882

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-nova-cloud-controller (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/charm-nova-cloud-controller/+/918017

Changed in charm-nova-cloud-controller:
status: Triaged → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.