Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enable serving keystone from apache mod_wsgi
Serving keystone from a wsgi container is recommended for production setups. SSL is enabled by default. See the following URLs for explanations: http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/ https://etherpad.openstack.org/havana-keystone-performance Documentation in manifests/wsgi/apache.pp Apache can be configured as a drop in replacement for keystone (using ports 5000 & 35357) or with paths using the standard SSL port. See examples in examples/apache_*.pp - Also change some 'real_' prefix into '_real' suffix to respect the coding guide. - Added the '--insecure' option to keystone client in the provider to allow using self-signed certificates. - Fixed parsing the ssl/enable value in the provider. There is no integer verification done in the manifests and to get around a bug in rspec, which has been fixed in rodjek/rspec-puppet#107, certain parameters that should be integer are treated as strings files/httpd/keystone.py updated with lastest from keystone git repo Change-Id: Ide8c090d105c1ea75a14939f5e8ddb7d24ca3f1c
- Loading branch information
1 parent
01d32a8
commit c4371c9
Showing
10 changed files
with
615 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
# Example using apache to serve keystone | ||
# | ||
# To be sure everything is working, run: | ||
# $ export OS_USERNAME=admin | ||
# $ export OS_PASSWORD=ChangeMe | ||
# $ export OS_TENANT_NAME=openstack | ||
# $ export OS_AUTH_URL=http://keystone.local/keystone/main/v2.0 | ||
# $ keystone catalog | ||
# Service: identity | ||
# +-------------+----------------------------------------------+ | ||
# | Property | Value | | ||
# +-------------+----------------------------------------------+ | ||
# | adminURL | http://keystone.local:80/keystone/admin/v2.0 | | ||
# | id | 4f0f55f6789d4c73a53c51f991559b72 | | ||
# | internalURL | http://keystone.local:80/keystone/main/v2.0 | | ||
# | publicURL | http://keystone.local:80/keystone/main/v2.0 | | ||
# | region | RegionOne | | ||
# +-------------+----------------------------------------------+ | ||
# | ||
|
||
Exec { logoutput => 'on_failure' } | ||
|
||
class { 'mysql::server': } | ||
class { 'keystone::db::mysql': | ||
password => 'keystone', | ||
} | ||
class { 'keystone': | ||
verbose => true, | ||
debug => true, | ||
sql_connection => 'mysql://keystone_admin:keystone@127.0.0.1/keystone', | ||
catalog_type => 'sql', | ||
admin_token => 'admin_token', | ||
enabled => false, | ||
} | ||
class { 'keystone::roles::admin': | ||
email => 'test@puppetlabs.com', | ||
password => 'ChangeMe', | ||
} | ||
class { 'keystone::endpoint': | ||
public_address => $::fqdn, | ||
admin_address => $::fqdn, | ||
internal_address => $::fqdn, | ||
public_protocol => 'https', | ||
admin_protocol => 'https' | ||
} | ||
|
||
keystone_config { 'ssl/enable': value => true } | ||
|
||
include apache | ||
class { 'keystone::wsgi::apache': | ||
ssl => true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# Example using apache to serve keystone | ||
# | ||
# To be sure everything is working, run: | ||
# $ export OS_USERNAME=admin | ||
# $ export OS_PASSWORD=ChangeMe | ||
# $ export OS_TENANT_NAME=openstack | ||
# $ export OS_AUTH_URL=http://keystone.local/keystone/main/v2.0 | ||
# $ keystone catalog | ||
# Service: identity | ||
# +-------------+----------------------------------------------+ | ||
# | Property | Value | | ||
# +-------------+----------------------------------------------+ | ||
# | adminURL | http://keystone.local:80/keystone/admin/v2.0 | | ||
# | id | 4f0f55f6789d4c73a53c51f991559b72 | | ||
# | internalURL | http://keystone.local:80/keystone/main/v2.0 | | ||
# | publicURL | http://keystone.local:80/keystone/main/v2.0 | | ||
# | region | RegionOne | | ||
# +-------------+----------------------------------------------+ | ||
# | ||
|
||
Exec { logoutput => 'on_failure' } | ||
|
||
class { 'mysql::server': } | ||
class { 'keystone::db::mysql': | ||
password => 'keystone', | ||
} | ||
class { 'keystone': | ||
verbose => true, | ||
debug => true, | ||
sql_connection => 'mysql://keystone_admin:keystone@127.0.0.1/keystone', | ||
catalog_type => 'sql', | ||
admin_token => 'admin_token', | ||
enabled => true, | ||
} | ||
class { 'keystone::roles::admin': | ||
email => 'test@puppetlabs.com', | ||
password => 'ChangeMe', | ||
} | ||
class { 'keystone::endpoint': | ||
public_address => $::fqdn, | ||
admin_address => $::fqdn, | ||
internal_address => $::fqdn, | ||
public_port => 443, | ||
admin_port => 443, | ||
public_protocol => 'https', | ||
admin_protocol => 'https' | ||
} | ||
|
||
# keystone_config { 'ssl/enable': value => true } | ||
keystone_config { 'ssl/enable': ensure => absent } | ||
|
||
include apache | ||
class { 'keystone::wsgi::apache': | ||
ssl => true, | ||
public_port => 443, | ||
admin_port => 443, | ||
public_path => '/main/', | ||
admin_path => '/admin/' | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
# vim: tabstop=4 shiftwidth=4 softtabstop=4 | ||
|
||
# Copyright 2013 OpenStack Foundation | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
# not use this file except in compliance with the License. You may obtain | ||
# a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
# License for the specific language governing permissions and limitations | ||
# under the License. | ||
|
||
# | ||
# This file was copied from https://github.com/openstack/keystone/raw/c3b92295b718a41c3136876eb39297081015a97c/httpd/keystone.py | ||
# It's only required for platforms on which it is not packaged yet. | ||
# It should be removed when available everywhere in a package. | ||
# | ||
|
||
import logging | ||
import os | ||
|
||
from paste import deploy | ||
|
||
from keystone.openstack.common import gettextutils | ||
|
||
# NOTE(blk-u): | ||
# gettextutils.install() must run to set _ before importing any modules that | ||
# contain static translated strings. | ||
gettextutils.install('keystone') | ||
|
||
from keystone.common import environment | ||
from keystone import config | ||
from keystone.openstack.common import log | ||
|
||
|
||
CONF = config.CONF | ||
CONF(project='keystone') | ||
config.setup_logging(CONF) | ||
|
||
environment.use_stdlib() | ||
name = os.path.basename(__file__) | ||
|
||
if CONF.debug: | ||
CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG) | ||
|
||
# NOTE(ldbragst): 'application' is required in this context by WSGI spec. | ||
# The following is a reference to Python Paste Deploy documentation | ||
# http://pythonpaste.org/deploy/ | ||
application = deploy.loadapp('config:%s' % config.find_paste_config(), | ||
name=name) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.