puppet-keystone

remove port 35357 deployment

Bug #1804426 reported by Tobias Urdin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-keystone
Fix Released
Undecided
Tobias Urdin

Bug Description

Recently we remove all references to port 35357 for all modules so prepare for keystone only deploying port 5000.

This bug will track the work to remove port 35357 from being deployed in puppet-keystone, we will deprecate all parameters that is not needed anymore and only deploy port 5000.

Tobias Urdin (tobias-urdin)
Changed in puppet-keystone:
assignee: nobody → Tobias Urdin (tobias-urdin)
OpenStack Infra (hudson-openstack)
Changed in puppet-keystone:
status: New → In Progress
OpenStack Infra (hudson-openstack)
Changed in puppet-keystone:
assignee: Tobias Urdin (tobias-urdin) → Lars Kellogg-Stedman (larsks)
OpenStack Infra (hudson-openstack)
Changed in puppet-keystone:
assignee: Lars Kellogg-Stedman (larsks) → Tobias Urdin (tobias-urdin)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-keystone (master)

Reviewed: https://review.openstack.org/619257
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=ace7aeb3b71b39a59f92fbc9e7f676a70c9a797a
Submitter: Zuul
Branch: master

commit ace7aeb3b71b39a59f92fbc9e7f676a70c9a797a
Author: Tobias Urdin <email address hidden>
Date: Wed Nov 21 15:17:08 2018 +0100

    Remove port 35357 deployment

    The legacy admin and public ports for Keystone has since the
    release of the v3 API not been required as keystone moved all
    actions to the same API. [1]

    This patch removes the deployment of port 35357 and remodels
    puppet-keystone and more specifically the keystone::wsgi::apache
    class to only deploy keystone on port 5000.

    This has already been changed in the installation guides [2]
    and is the recommend way to deploy keystone.

    We have already prepared all our modules default values to use
    port 5000 instead of 35357 a while ago and we also in the Rocky
    release informed our users with a release note that this would
    be performed [3]

    [1] https://github.com/openstack/keystone/blob/master/keystone/server/wsgi.py
    [2] https://docs.openstack.org/keystone/rocky/install/keystone-install-obs.html
    [3] https://review.openstack.org/#/c/586791/

    Closes-Bug: 1804426
    Depends-On: https://review.openstack.org/#/c/627793/
    Change-Id: I726cd9408d20f868b2b5337ef2df4da458904e51

Changed in puppet-keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-keystone 14.2.0

This issue was fixed in the openstack/puppet-keystone 14.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to puppet-keystone (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/632459

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to puppet-keystone (master)

Reviewed: https://review.openstack.org/632459
Committed: https://git.openstack.org/cgit/openstack/puppet-keystone/commit/?id=58dfc07b3a90a8b05aeb0cbeae17c1b7cfc35594
Submitter: Zuul
Branch: master

commit 58dfc07b3a90a8b05aeb0cbeae17c1b7cfc35594
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Tue Jan 22 14:59:41 2019 +0200

    Use "public" endpoint for the authentication URL for the keystone provider

    With the removal of the 35357 port in a recent commit [1], we ended up
    with an inconsistent use of public/internal bits of the URL. This breaks
    in TripleO, since we still configure the admin endpoint. So, the default
    port that was used (5000), doesn't work in TripleO.

    To address this, we then completely remove the usage of the admin
    endpoint for the provider, relying instead on the "public" endpoint
    that's configured in keystone.

    Typically, it will be behind a load balancer, so it'll actually point to
    the internal endpoint of keystone. Which is what we really want to use.

    [1] I951e863e7e7c8f409a13398b397b82ef70d7c123

    Change-Id: I64cf93ab0c4ade3ae71aa3cd4aea444aff699a17
    Related-Bug: #1804426

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.