Enable PKI token signing

Bug #1309667 reported by Jorge Niedbalski on 2014-04-18
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ceilometer (Juju Charms Collection)
Medium
Edward Hope-Morley
cinder (Juju Charms Collection)
Medium
Edward Hope-Morley
glance (Juju Charms Collection)
Medium
Edward Hope-Morley
keystone (Juju Charms Collection)
Medium
Edward Hope-Morley
neutron-api (Juju Charms Collection)
Medium
Edward Hope-Morley
nova-cloud-controller (Juju Charms Collection)
Medium
Edward Hope-Morley
swift-proxy (Juju Charms Collection)
Medium
Edward Hope-Morley

Bug Description

This is a feature request.

OpenStack’s Grizzly release offers a PKI token authentication mechanism.

Current config.yml exposes a `enable-pki` option, but only UUID tokens
are being accepted and generated.

As some customers and users are requesting, please expose this
options into the charm.

[1] http://docs.openstack.org/developer/keystone/configuration.html#pki-or-uuid

Related branches

description: updated
James Page (james-page) wrote :

Enabling for single instance keystone is fairly trivial; however for scale-out certs and keys need to be replicated so needs some design consideration.

Changed in keystone (Juju Charms Collection):
status: New → Triaged
importance: Undecided → High
summary: - Enable PKI token signing in keystone charm
+ Enable PKI token signing in keystone charm HA

AFAICT PKI signing is also non-functional in non-HA as well - the templates are hard-coded to use UUID.

summary: - Enable PKI token signing in keystone charm HA
+ Enable PKI token signing in keystone charm (including HA)
Changed in keystone (Juju Charms Collection):
importance: High → Medium
Changed in keystone (Juju Charms Collection):
assignee: nobody → Edward Hope-Morley (hopem)
status: Triaged → In Progress
tags: added: openstack
removed: keystone
tags: added: cts
Changed in keystone (Juju Charms Collection):
status: In Progress → Triaged

Cert syncing across units needs fixing first and this is being done here - https://bugs.launchpad.net/charms/+source/keystone/+bug/1317782

Changed in keystone (Juju Charms Collection):
assignee: Edward Hope-Morley (hopem) → nobody
status: Triaged → Confirmed
Edward Hope-Morley (hopem) wrote :

Cert syncing is now fixed and landed to /next , to be released as part of 15.01 so I will now work on getting PKI working.

Changed in keystone (Juju Charms Collection):
milestone: none → 15.04
status: Confirmed → In Progress
assignee: nobody → Edward Hope-Morley (hopem)
summary: - Enable PKI token signing in keystone charm (including HA)
+ Enable PKI token signing
Changed in ceilometer (Juju Charms Collection):
status: New → In Progress
Changed in cinder (Juju Charms Collection):
status: New → In Progress
Changed in glance (Juju Charms Collection):
status: New → In Progress
Changed in neutron-api (Juju Charms Collection):
status: New → In Progress
Changed in nova-cloud-controller (Juju Charms Collection):
status: New → In Progress
Changed in swift-proxy (Juju Charms Collection):
status: New → In Progress
Changed in ceilometer (Juju Charms Collection):
importance: Undecided → Medium
Changed in cinder (Juju Charms Collection):
importance: Undecided → Medium
Changed in glance (Juju Charms Collection):
importance: Undecided → Medium
Changed in nova-cloud-controller (Juju Charms Collection):
importance: Undecided → Medium
Changed in neutron-api (Juju Charms Collection):
importance: Undecided → Medium
Changed in swift-proxy (Juju Charms Collection):
importance: Undecided → Medium
Changed in ceilometer (Juju Charms Collection):
assignee: nobody → Edward Hope-Morley (hopem)
Changed in cinder (Juju Charms Collection):
assignee: nobody → Edward Hope-Morley (hopem)
Changed in glance (Juju Charms Collection):
assignee: nobody → Edward Hope-Morley (hopem)
Changed in neutron-api (Juju Charms Collection):
assignee: nobody → Edward Hope-Morley (hopem)
Changed in swift-proxy (Juju Charms Collection):
assignee: nobody → Edward Hope-Morley (hopem)
Changed in cinder (Juju Charms Collection):
milestone: none → 15.04
Changed in nova-cloud-controller (Juju Charms Collection):
assignee: nobody → Edward Hope-Morley (hopem)
Changed in swift-proxy (Juju Charms Collection):
milestone: none → 15.04
Changed in ceilometer (Juju Charms Collection):
milestone: none → 15.04
Changed in glance (Juju Charms Collection):
milestone: none → 15.04
Changed in nova-cloud-controller (Juju Charms Collection):
milestone: none → 15.04
Changed in neutron-api (Juju Charms Collection):
milestone: none → 15.04
tags: removed: pki
Changed in ceilometer (Juju Charms Collection):
status: In Progress → Fix Committed
Changed in cinder (Juju Charms Collection):
status: In Progress → Fix Committed
Changed in glance (Juju Charms Collection):
status: In Progress → Fix Committed
Changed in keystone (Juju Charms Collection):
status: In Progress → Fix Committed
Changed in neutron-api (Juju Charms Collection):
status: In Progress → Fix Committed
Changed in nova-cloud-controller (Juju Charms Collection):
status: In Progress → Fix Committed
Changed in swift-proxy (Juju Charms Collection):
status: In Progress → Fix Committed
James Page (james-page) on 2015-04-23
Changed in keystone (Juju Charms Collection):
status: Fix Committed → Fix Released
Changed in cinder (Juju Charms Collection):
status: Fix Committed → Fix Released
Changed in glance (Juju Charms Collection):
status: Fix Committed → Fix Released
Changed in nova-cloud-controller (Juju Charms Collection):
status: Fix Committed → Fix Released
Changed in swift-proxy (Juju Charms Collection):
status: Fix Committed → Fix Released
Changed in ceilometer (Juju Charms Collection):
status: Fix Committed → Fix Released
Changed in neutron-api (Juju Charms Collection):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints