Remove eventlet support

Eventlet has been deprecated since the Kilo release and is
being removed in Newton.

A follow on patch will be proposed to remove the [ssl] section
since it is now redundant.

Co-Authored-By: Grzegorz Grasza <grzegorz.grasza@intel.com>
Partially implements: bp removed-as-of-newton

Change-Id: I963d94bbd188dbb6eba68623a42c5bc3f2289da4

config-generator/keystone.conf

@@ -9,7 +9,6 @@ namespace = oslo.messaging
 namespace = oslo.policy
 namespace = oslo.db
 namespace = oslo.middleware
-namespace = oslo.service.service
 namespace = osprofiler
 # We don't use oslo.concurrency config options in
 # keystone now, just in case it slips through unnoticed.

doc/source/conf.py

@@ -111,9 +111,7 @@
 
 man_pages = [
     ('man/keystone-manage', 'keystone-manage', u'Keystone Management Utility',
-     [u'OpenStack'], 1),
-    ('man/keystone-all', 'keystone-all', u'Keystone Startup Command',
-     [u'OpenStack'], 1),
+     [u'OpenStack'], 1)
 ]
 
 

doc/source/configuration.rst

@@ -22,7 +22,6 @@ Configuring Keystone
    :maxdepth: 1
 
    man/keystone-manage
-   man/keystone-all
 
 Once Keystone is installed, it is configured via a primary configuration file
 (``etc/keystone.conf``), a PasteDeploy configuration file
@@ -45,48 +44,6 @@ To make the above change persistent,
 ``net.ipv4.ip_local_reserved_ports = 35357`` should be added to
 ``/etc/sysctl.conf`` or to ``/etc/sysctl.d/keystone.conf``.
 
-Starting and Stopping Keystone under Eventlet
-=============================================
-
-.. WARNING::
-
-    Running keystone under eventlet has been deprecated as of the Kilo release.
-    Support for utilizing eventlet will be removed as of the M-release. The
-    recommended deployment is to run keystone in a WSGI server such as Apache
-    httpd with ``mod_wsgi``.
-
-Keystone can be run using either its built-in eventlet server or it can be run
-embedded in a web server. While the eventlet server is convenient and easy to
-use, it's lacking in security features that have been developed into Internet-
-based web servers over the years. As such, running the eventlet server as
-described in this section is not recommended.
-
-Start Keystone services using the command:
-
-.. code-block:: bash
-
-    $ keystone-all
-
-Invoking this command starts up two ``wsgi.Server`` instances, ``admin`` (the
-administration API) and ``main`` (the primary/public API interface). Both
-services are configured to run in a single process.
-
-.. NOTE::
-
-    The separation into ``admin`` and ``main`` interfaces is a historical
-    anomaly. The new V3 API provides the same interface on both the admin and
-    main interfaces (this can be configured in ``keystone-paste.ini``, but the
-    default is to have both the same). The V2.0 API provides a limited public
-    API (getting and validating tokens) on ``main``, and an administrative API
-    (which can include creating users and such) on the ``admin`` interface.
-
-Stop the process using ``Control-C``.
-
-.. NOTE::
-
-    If you have not already configured Keystone, it may not start as expected.
-
-
 Configuration Files
 ===================
 
@@ -115,8 +72,6 @@ The primary configuration file is organized into the following sections:
 * ``[credential]`` - Credential system driver configuration
 * ``[endpoint_filter]`` - Endpoint filtering configuration
 * ``[endpoint_policy]`` - Endpoint policy configuration
-* ``[eventlet_server]`` - Eventlet server configuration
-* ``[eventlet_server_ssl]`` - Eventlet server SSL configuration
 * ``[federation]`` - Federation driver configuration
 * ``[identity]`` - Identity system driver configuration
 * ``[identity_mapping]`` - Identity mapping system driver configuration
@@ -977,32 +932,19 @@ certificates are just provided as an example.
 Configuration
 ^^^^^^^^^^^^^
 
-To enable SSL modify the ``etc/keystone.conf`` file under the ``[ssl]`` and
-``[eventlet_server_ssl]`` sections. The following is an SSL configuration
-example using the included sample certificates:
+To enable SSL a deployment should configure a web server (such as Apache) to
+use SSL. Keystone is able to generate SSL certificates by modifying the
+``[ssl]`` section in the ``etc/keystone.conf`` file. The following is an SSL
+configuration example using the included sample certificates:
 
 .. code-block:: ini
 
-    [eventlet_server_ssl]
-    enable = True
-    certfile = <path to keystone.pem>
-    keyfile = <path to keystonekey.pem>
-    ca_certs = <path to ca.pem>
-    cert_required = False
-
     [ssl]
     ca_key = <path to cakey.pem>
     key_size = 1024
     valid_days=3650
     cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost
 
-* ``enable``: True enables SSL. Defaults to False.
-* ``certfile``: Path to Keystone public certificate file.
-* ``keyfile``: Path to Keystone private certificate file. If the private key is
-  included in the certfile, the keyfile may be omitted.
-* ``ca_certs``: Path to CA trust chain.
-* ``cert_required``: Requires client certificate. Defaults to False.
-
 When generating SSL certificates the following values are read
 
 * ``key_size``: Key size to create. Defaults to 1024.

doc/source/http-api.rst

@@ -222,6 +222,5 @@ HTTP/1.1 Chunked Encoding
 
     Running Keystone under HTTPD in the recommended (and tested) configuration does not support
     the use of ``Transfer-Encoding: chunked``. This is due to a limitation with the WSGI spec
-    and the implementation used by ``mod_wsgi``. Support for chunked encoding under ``eventlet``
-    may or may not continue. It is recommended that all clients assume Keystone will not support
-    ``Transfer-Encoding: chunked``.
+    and the implementation used by ``mod_wsgi``. It is recommended that all
+    clients assume Keystone will not support ``Transfer-Encoding: chunked``.

doc/source/index.rst

@@ -78,7 +78,6 @@ Man Pages
 .. toctree::
     :maxdepth: 1
 
-    man/keystone-all
     man/keystone-manage
 
 Developers Documentation

keystone/cmd/manage.py

@@ -30,13 +30,10 @@
     sys.path.insert(0, possible_topdir)
 
 from keystone.cmd import cli
-from keystone.common import environment
 
 
 # entry point.
 def main():
-    environment.use_stdlib()
-
     dev_conf = os.path.join(possible_topdir,
                             'etc',
                             'keystone.conf')