kolla-ansible

Keystone URL when SSO is enabled does not add /v3 to match mod_oidc locations. SSO for Skyline is not enabled in kolla-ansible.

Bug #2028921 reported by Lukas M
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Low
Unassigned
Antelope
Fix Released
Low
Unassigned
Bobcat
Fix Released
Low
Unassigned
Zed
Fix Released
Low
Unassigned

Bug Description

Keystone URL `{{ keystone_public_url }}` when SSO is enabled does not add `/v3` path to match mod_oidc locations:

https://github.com/openstack/kolla-
ansible/blob/master/ansible/roles/keystone/templates/wsgi-keystone.conf.j2#L90
https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/keystone/templates/wsgi-keystone.conf.j2#L97
https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/keystone/templates/wsgi-keystone.conf.j2#L108

Also is not possible to override skyline.yaml ( to enable SSO via custom config ), and kolla-ansible does not implement SSO for Skyline. This PR is enabling support for SSO in kolla https://review.opendev.org/c/openstack/kolla-ansible/+/888496

EDIT:
https://review.opendev.org/c/openstack/skyline-apiserver/+/879465 is also required for generating the correct trusted dashboard URL

See original description
Maksim Malchuk (mmalchuk)
Changed in kolla-ansible:
status: New → Confirmed
importance: Undecided → Low
Lukas M (muhaha)
summary: - Horizon URL when SSO is enabled does not add /v3 to match mod_oidc
+ Keystone URL when SSO is enabled does not add /v3 to match mod_oidc
locations
Revision history for this message
Maksim Malchuk (mmalchuk) wrote : Re: Keystone URL when SSO is enabled does not add /v3 to match mod_oidc locations

the old related changes:
1. https://review.opendev.org/c/openstack/kolla-ansible/+/888494
2. https://review.opendev.org/c/openstack/kolla-ansible/+/888496

Lukas M (muhaha)
description: updated
description: updated
summary: Keystone URL when SSO is enabled does not add /v3 to match mod_oidc
- locations
+ locations. SSO for Skyline is not enabled in kolla-ansible.
description: updated
OpenStack Infra (hudson-openstack)
Changed in kolla-ansible:
status: Confirmed → In Progress
Revision history for this message
Maksim Malchuk (mmalchuk) wrote :

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/891923

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/891923
Committed: https://opendev.org/openstack/kolla-ansible/commit/59204b2fee66d8985a151dc1441aecb88c705a9f
Submitter: "Zuul (22348)"
Branch: master

commit 59204b2fee66d8985a151dc1441aecb88c705a9f
Author: Rodolfo Díaz <email address hidden>
Date: Thu Aug 10 20:24:43 2023 +0000

    Fixes WEBSSO_KEYSTONE_URL Value

    Change I60162b54bc06e158534d29311d4474b34750c64d
    removed the `/v3` prefix from the WEBSSO_KEYSTONE_URL
    variable. However, keystone endpoints do in fact
    have the `/v3` prefix, and Horizon expects the
    WEBSSO_KEYSTONE_URL variable to already contain
    the prefix.

    This patch adds the prefix again so that SSO
    works with Horizon again.

    Closes-Bug: #2028921
    Change-Id: I5799f7a6fa4f52c2904b14fc02ed18443f4194bd
    Signed-off-by: Juan Pablo Suazo <email address hidden>

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/893212

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/893213

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/893213
Committed: https://opendev.org/openstack/kolla-ansible/commit/309aebc9793ac57d1b1080070cc67df88e2541f1
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 309aebc9793ac57d1b1080070cc67df88e2541f1
Author: Rodolfo Díaz <email address hidden>
Date: Thu Aug 10 20:24:43 2023 +0000

    Fixes WEBSSO_KEYSTONE_URL Value

    Change I60162b54bc06e158534d29311d4474b34750c64d
    removed the `/v3` prefix from the WEBSSO_KEYSTONE_URL
    variable. However, keystone endpoints do in fact
    have the `/v3` prefix, and Horizon expects the
    WEBSSO_KEYSTONE_URL variable to already contain
    the prefix.

    This patch adds the prefix again so that SSO
    works with Horizon again.

    Closes-Bug: #2028921
    Change-Id: I5799f7a6fa4f52c2904b14fc02ed18443f4194bd
    Signed-off-by: Juan Pablo Suazo <email address hidden>
    (cherry picked from commit 59204b2fee66d8985a151dc1441aecb88c705a9f)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/893212
Committed: https://opendev.org/openstack/kolla-ansible/commit/13b8f90bebda9fac3ac47e3b613b87606ff51918
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 13b8f90bebda9fac3ac47e3b613b87606ff51918
Author: Rodolfo Díaz <email address hidden>
Date: Thu Aug 10 20:24:43 2023 +0000

    Fixes WEBSSO_KEYSTONE_URL Value

    Change I60162b54bc06e158534d29311d4474b34750c64d
    removed the `/v3` prefix from the WEBSSO_KEYSTONE_URL
    variable. However, keystone endpoints do in fact
    have the `/v3` prefix, and Horizon expects the
    WEBSSO_KEYSTONE_URL variable to already contain
    the prefix.

    This patch adds the prefix again so that SSO
    works with Horizon again.

    Closes-Bug: #2028921
    Change-Id: I5799f7a6fa4f52c2904b14fc02ed18443f4194bd
    Signed-off-by: Juan Pablo Suazo <email address hidden>
    (cherry picked from commit 59204b2fee66d8985a151dc1441aecb88c705a9f)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 16.2.0

This issue was fixed in the openstack/kolla-ansible 16.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 15.3.0

This issue was fixed in the openstack/kolla-ansible 15.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 17.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 17.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.