Juju Charms Collection
cinder package

Enable PKI token signing

Bug #1309667 reported by Jorge Niedbalski on 2014-04-18

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
ceilometer (Juju Charms Collection)	Fix Released	Medium	Edward Hope-Morley	Juju Charms Collection 15.04
cinder (Juju Charms Collection)	Fix Released	Medium	Edward Hope-Morley	Juju Charms Collection 15.04
glance (Juju Charms Collection)	Fix Released	Medium	Edward Hope-Morley	Juju Charms Collection 15.04
keystone (Juju Charms Collection)	Fix Released	Medium	Edward Hope-Morley	Juju Charms Collection 15.04
neutron-api (Juju Charms Collection)	Fix Released	Medium	Edward Hope-Morley	Juju Charms Collection 15.04
nova-cloud-controller (Juju Charms Collection)	Fix Released	Medium	Edward Hope-Morley	Juju Charms Collection 15.04
swift-proxy (Juju Charms Collection)	Fix Released	Medium	Edward Hope-Morley	Juju Charms Collection 15.04

Bug Description

This is a feature request.

OpenStack’s Grizzly release offers a PKI token authentication mechanism.

Current config.yml exposes a `enable-pki` option, but only UUID tokens
are being accepted and generated.

As some customers and users are requesting, please expose this
options into the charm.

[1] http://docs.openstack.org/developer/keystone/configuration.html#pki-or-uuid

See original description

Tags:

Related branches

lp:~hopem/charms/trusty/keystone/fix-pki-token-support

Merged into lp:~openstack-charmers-archive/charms/trusty/keystone/next at revision 129

Liam Young (community): Approve on 2015-03-11

lp:~hopem/charms/trusty/cinder/pki-token-support

Merged into lp:~openstack-charmers-archive/charms/trusty/cinder/next at revision 77

Liam Young (community): Approve on 2015-03-11

lp:~hopem/charms/trusty/glance/pki-token-support

Merged into lp:~openstack-charmers-archive/charms/trusty/glance/next at revision 101

Liam Young (community): Approve on 2015-03-11

lp:~hopem/charm-helpers/pki

Merged into lp:charm-helpers at revision 321

Liam Young (community): Approve on 2015-02-24

OpenStack Charmers: Pending requested 2015-02-20

lp:~hopem/charms/trusty/neutron-api/pki-token-support

Merged into lp:~openstack-charmers-archive/charms/trusty/neutron-api/next at revision 84

Liam Young (community): Approve on 2015-03-11

lp:~hopem/charms/trusty/nova-cloud-controller/pki-token-support

Merged into lp:~openstack-charmers-archive/charms/trusty/nova-cloud-controller/next at revision 144

Liam Young (community): Approve on 2015-03-12

lp:~hopem/charms/trusty/swift-proxy/pki-token-support

Merged into lp:~openstack-charmers-archive/charms/trusty/swift-proxy/next at revision 84

Liam Young (community): Approve on 2015-03-11

lp:~hopem/charms/trusty/ceilometer/pki-token-support

Merged into lp:~openstack-charmers-archive/charms/trusty/ceilometer/next at revision 72

Liam Young (community): Approve on 2015-03-11

Jorge Niedbalski (niedbalski) on 2014-04-18

description:

updated

Revision history for this message

James Page (james-page) wrote on 2014-04-19:

Enabling for single instance keystone is fairly trivial; however for scale-out certs and keys need to be replicated so needs some design consideration.

Changed in keystone (Juju Charms Collection):
status:	New → Triaged
importance:	Undecided → High

Edward Hope-Morley (hopem) on 2014-09-17

summary:

- Enable PKI token signing in keystone charm
+ Enable PKI token signing in keystone charm HA

Revision history for this message

James Page (james-page) wrote on 2014-09-22: Re: Enable PKI token signing in keystone charm HA

AFAICT PKI signing is also non-functional in non-HA as well - the templates are hard-coded to use UUID.

summary:	- Enable PKI token signing in keystone charm HA + Enable PKI token signing in keystone charm (including HA)
Changed in keystone (Juju Charms Collection):
importance:	High → Medium

Edward Hope-Morley (hopem) on 2014-09-23

Changed in keystone (Juju Charms Collection):
assignee:	nobody → Edward Hope-Morley (hopem)
status:	Triaged → In Progress

Edward Hope-Morley (hopem) on 2014-10-06

tags:

added: openstack
removed: keystone

Edward Hope-Morley (hopem) on 2014-10-08

tags:

added: cts

Edward Hope-Morley (hopem) on 2014-10-17

Changed in keystone (Juju Charms Collection):
status:	In Progress → Triaged

Revision history for this message

Edward Hope-Morley (hopem) wrote on 2014-11-16: Re: Enable PKI token signing in keystone charm (including HA)

Cert syncing across units needs fixing first and this is being done here - https://bugs.launchpad.net/charms/+source/keystone/+bug/1317782

Changed in keystone (Juju Charms Collection):
assignee:	Edward Hope-Morley (hopem) → nobody
status:	Triaged → Confirmed

Revision history for this message

Edward Hope-Morley (hopem) wrote on 2015-01-23:

Cert syncing is now fixed and landed to /next , to be released as part of 15.01 so I will now work on getting PKI working.

Changed in keystone (Juju Charms Collection):
milestone:	none → 15.04
status:	Confirmed → In Progress
assignee:	nobody → Edward Hope-Morley (hopem)

Edward Hope-Morley (hopem) on 2015-02-05

summary:	- Enable PKI token signing in keystone charm (including HA) + Enable PKI token signing
Changed in ceilometer (Juju Charms Collection):
status:	New → In Progress
Changed in cinder (Juju Charms Collection):
status:	New → In Progress
Changed in glance (Juju Charms Collection):
status:	New → In Progress
Changed in neutron-api (Juju Charms Collection):
status:	New → In Progress
Changed in nova-cloud-controller (Juju Charms Collection):
status:	New → In Progress
Changed in swift-proxy (Juju Charms Collection):
status:	New → In Progress
Changed in ceilometer (Juju Charms Collection):
importance:	Undecided → Medium
Changed in cinder (Juju Charms Collection):
importance:	Undecided → Medium
Changed in glance (Juju Charms Collection):
importance:	Undecided → Medium
Changed in nova-cloud-controller (Juju Charms Collection):
importance:	Undecided → Medium
Changed in neutron-api (Juju Charms Collection):
importance:	Undecided → Medium
Changed in swift-proxy (Juju Charms Collection):
importance:	Undecided → Medium
Changed in ceilometer (Juju Charms Collection):
assignee:	nobody → Edward Hope-Morley (hopem)
Changed in cinder (Juju Charms Collection):
assignee:	nobody → Edward Hope-Morley (hopem)
Changed in glance (Juju Charms Collection):
assignee:	nobody → Edward Hope-Morley (hopem)
Changed in neutron-api (Juju Charms Collection):
assignee:	nobody → Edward Hope-Morley (hopem)
Changed in swift-proxy (Juju Charms Collection):
assignee:	nobody → Edward Hope-Morley (hopem)
Changed in cinder (Juju Charms Collection):
milestone:	none → 15.04
Changed in nova-cloud-controller (Juju Charms Collection):
assignee:	nobody → Edward Hope-Morley (hopem)
Changed in swift-proxy (Juju Charms Collection):
milestone:	none → 15.04
Changed in ceilometer (Juju Charms Collection):
milestone:	none → 15.04
Changed in glance (Juju Charms Collection):
milestone:	none → 15.04
Changed in nova-cloud-controller (Juju Charms Collection):
milestone:	none → 15.04
Changed in neutron-api (Juju Charms Collection):
milestone:	none → 15.04
tags:	removed: pki

Edward Hope-Morley (hopem) on 2015-03-13

Changed in ceilometer (Juju Charms Collection):
status:	In Progress → Fix Committed
Changed in cinder (Juju Charms Collection):
status:	In Progress → Fix Committed
Changed in glance (Juju Charms Collection):
status:	In Progress → Fix Committed
Changed in keystone (Juju Charms Collection):
status:	In Progress → Fix Committed
Changed in neutron-api (Juju Charms Collection):
status:	In Progress → Fix Committed
Changed in nova-cloud-controller (Juju Charms Collection):
status:	In Progress → Fix Committed
Changed in swift-proxy (Juju Charms Collection):
status:	In Progress → Fix Committed

James Page (james-page) on 2015-04-23

Changed in keystone (Juju Charms Collection):
status:	Fix Committed → Fix Released
Changed in cinder (Juju Charms Collection):
status:	Fix Committed → Fix Released
Changed in glance (Juju Charms Collection):
status:	Fix Committed → Fix Released
Changed in nova-cloud-controller (Juju Charms Collection):
status:	Fix Committed → Fix Released
Changed in swift-proxy (Juju Charms Collection):
status:	Fix Committed → Fix Released
Changed in ceilometer (Juju Charms Collection):
status:	Fix Committed → Fix Released
Changed in neutron-api (Juju Charms Collection):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

OpenStack Charm work for Vivid

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Juju Charms Collectioncinder package

Enable PKI token signing

Bug Description

Related branches

Other bug subscribers

Related blueprints

Remote bug watches

Juju Charms Collection
cinder package