Ubuntu
keystone package

  1. Raring (13.04)
  2. Bug #1166670
  3. Comment #5

Comment 5 for bug 1166670

Revision history for this message
Sam Stoelinga (sammiestoel) wrote : Re: Deleted user can still create instances

"Also, I assume step 4 was meant to read "4. Go back to **firefox**...""
Yes a typo, have updated the description

- which type of tokens are in use, UUID or PKI?
select * from token LIMIT 0,1\G
*************************** 1. row ***************************
     id: 0029fab4803b4caab6b0e0d7b47fd608
expires: 2013-04-12 02:28:14
  extra: {"user": {"email": "<email address hidden>", "enabled": true, "id": "e81e1688ce7b4ee1a7af1cd12d084870", "name": "admin", "tenantId": null}, "key": "0029fab4803b4caab6b0e0d7b47fd608", "tenant": null, "metadata": {}}
  valid: 1
1 row in set (0.00 sec)

Not sure if this answers your question. If not could you tell me how to check this?

- which middleware is protecting nova? keystone.middleware.auth_token or keystoneclient.middleware.auth_token?
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory

- how is the middleware configured? specifically interested in revocation_cache_time if set, which should default to 1 second
Seems we don't have this set in nova.conf, api-paste.conf and keystone.conf. Any other place to check this? This should be a keystone option I guess?

- which release/branch of keystone is this occurring on?
dpkg -l | grep keystone
ii keystone 2012.2.1-0ubuntu1~cloud0 OpenStack identity service - Daemons
ii python-keystone 2012.2.1-0ubuntu1~cloud0 OpenStack identity service - Python library
ii python-keystoneclient 1:0.1.3-0ubuntu1.1~cloud0 Client libary for Openstack Keystone API

Those are the folsom cloudarchive packages for ubuntu 12.04

I'm not sure if I answered your questions correclty, so please see related configurations below.

nova.conf:
http://paste.openstack.org/show/35770/

nova/api-paste.conf:
http://paste.openstack.org/show/35771/

keystone.conf
http://paste.openstack.org/show/35774/