documentation should advice against using pki_setup and ssl_setup
Bug #1291366 reported by
Adam Young
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Lance Bragstad |
Bug Description
Both of these tools generate Self-signed CA certificates. As such, they are only appropriate for development deployments, and should be treated as such. While sites with mature PKI policies would recognize this, that majority of people new to Open Stack are not PKI experts, and are using the provided tools. The http://
Changed in keystone: | |
assignee: | nobody → Adam Young (ayoung) |
Changed in keystone: | |
milestone: | none → juno-2 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | juno-2 → 2014.2 |
To post a comment you must log in.
There should also be a description of both commands in --help to that effect:
$ keystone-manage pki_setup --help db_version| pki_setup| ssl_setup| token_flush] pki_setup
usage: keystone-manage [db_sync|
[-h] [--keystone-user KEYSTONE_USER] [--keystone-group KEYSTONE_GROUP]
optional arguments:
-h, --help show this help message and exit
--keystone-user KEYSTONE_USER
--keystone-group KEYSTONE_GROUP
$ keystone-manage ssl_setup --help db_version| pki_setup| ssl_setup| token_flush] ssl_setup
usage: keystone-manage [db_sync|
[-h] [--keystone-user KEYSTONE_USER] [--keystone-group KEYSTONE_GROUP]
optional arguments:
-h, --help show this help message and exit
--keystone-user KEYSTONE_USER
--keystone-group KEYSTONE_GROUP