keystone-saml2-federation devstack plugin only works on Ubuntu

Bug #1757000 reported by Guang Yee on 2018-03-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Unassigned

Bug Description

Steps to reproduce:

1. clone devstack, latest branch
2. Create a local.conf with these lines at the end

disable_all_services

enable_plugin keystone git://git.openstack.org/openstack/keystone.git
enable_service rabbitmq, mysql, keystone, keystone-saml2-federation

This should only enable Keystone and its dependents, plus the keystone-saml2-federation plugin.

3. then run stack.sh and let it rip. It will died at some point when Apache2 failed to start.
4. run 'journalctl -xe --no-pager' and you'll see something like this

Mar 19 21:11:13 vagrant-openSUSE-Leap systemd[1]: apache2.service: Main process exited, code=exited, status=1/FAILURE
Mar 19 21:11:13 vagrant-openSUSE-Leap start_apache2[4395]: [Mon Mar 19 21:11:13.960371 2018] [proxy:warn] [pid 4395] AH01146: Ignoring parameter 'retry=0' for worker 'unix:/var/run/uwsgi/keystone-wsgi-admin.socket|uwsgi://uwsgi-uds-keystone-wsgi-admin/' because of worker sharing
Mar 19 21:11:13 vagrant-openSUSE-Leap start_apache2[4395]: AH00526: Syntax error on line 9 of /etc/apache2/vhosts.d/keystone-wsgi-public.conf:
Mar 19 21:11:13 vagrant-openSUSE-Leap start_apache2[4395]: Invalid command 'ShibRequestSetting', perhaps misspelled or defined by a module not included in the server configuration
Mar 19 21:11:13 vagrant-openSUSE-Leap systemd[1]: apache2.service: Control process exited, code=exited status=1
Mar 19 21:11:13 vagrant-openSUSE-Leap systemd[1]: Failed to start The Apache Webserver.

This is due to the fact that the 'shibboleth-sp' package is missing. Notice that manually running 'a2enmod mod_shib' does not help either, till that package is installed. I would expect the devstack plugin to install all the required packages.

Colleen Murphy (krinkle) wrote :

It really only works on Ubuntu, even CentOS isn't properly supported: http://git.openstack.org/cgit/openstack/keystone/tree/devstack/lib/federation.sh#n71

Devstack itself does work on Ubuntu/CentOS/openSUSE so we should try to get this plugin in shape.

Changed in keystone:
status: New → Confirmed
summary: - keystone-saml2-federation devstack plugin does not work on openSUSE Leap
- (12.3)
+ keystone-saml2-federation devstack plugin only works on Ubuntu
Changed in keystone:
importance: Undecided → Medium
Colleen Murphy (krinkle) on 2018-09-26
tags: added: federation
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers