el6 is shipped with Python 2.6.x which is not expected
to be supported with the openstack kilo release.
For el6 support we need to do lot of thing differently,
which makes the code more complicated.
This change removes el6 and py26 support from devstack.
This change also removed a discontinued (1 year ago)
openSUSE 12.2 code path, which used a similar codepath as el6.
Several comment related to el6 also removed or modified.
Change-Id: Iea0b0c98a5e11fd85bb5e93c099f740fe05d2f3a
Accidentally only added WSGIPassAuthorization to the public port,
like all the other WSGI props, it should be added for both ports.
Change-Id: I4e52e0881df464dfb7b28e22581f462e14e37bdb
For the OS-OAUTH1 Keystone extension to fully work under Apache,
the WSGIPassAuthorization parameter must be set to On, rather
than the default of Off. This will make functional testing of
this extension much easier.
Change-Id: I5dcbdd27e7ef7a60fe3c7cb8b9c3c83b4197dfc1
Configure nova, cinder, glance, swift and neutron to use SSL
on the endpoints using either SSL natively or via a TLS proxy
using stud.
To enable SSL via proxy, in local.conf add
ENABLED_SERVICES+=,tls-proxy
This will create a new test root CA, a subordinate CA and an SSL
server cert. It uses the value of hostname -f for the certificate
subject. The CA certicates are also added to the system CA bundle.
To enable SSL natively, in local.conf add:
USE_SSL=True
Native SSL by default will also use the devstack-generate root and
subordinate CA.
You can override this on a per-service basis by setting
<SERVICE>_SSL_CERT=/path/to/cert
<SERVICE>_SSL_KEY=/path/to/key
<SERVICE>_SSL_PATH=/path/to/ca
You should also set SERVICE_HOST to the FQDN of the host. This
value defaults to the host IP address.
Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac
Closes-Bug: 1328226
This change uses mod_version (shipped by default on everything we care
about) to set-up version-specific config within apache rather than
within devstack scripts.
Clean up the horizon and keystone config file generation to use the
internal apache matching.
Since I6478db385fda2fa1c75ced12d3e886b2e1152852 the apache matching in
'functions' is actually duplicated. just leave get_apache_version in
lib/apache as it is used for config-file name matching in there.
Change-Id: I6478db385fda2fa1c75ced12d3e886b2e1152852
Use the new ErrorLogFormat directive to make the Keystone logs
under Apache to look like the standard oslo log format.
Change-Id: Ie823abf2fa06b8ce22027c21bef455808a4a768e
Keystone's access log was going to httpd/access.log, which is the
common place for all access logging. This made it difficult to see
Keystone accesses apart from other access. Keystone's access log
will now be keystone_access.log
This makes the Keystone configuration similar to Horizon which uses
horizon_access.log.
Change-Id: I6e5ac121302b3d138758e6c49dffa9f05ad2fb85
Partial-Bug: #1359995
Having Keystone's log level at debug caused a lot of uninteresting
Httpd-related log lines to be displayed which makes debugging more
difficult than it should be.
Rather than set the log level explicitly, Keystone will use the
Httpd server's setting, which defaults to warn.
Partial-Bug: #1359995
Change-Id: Ieef882944bafd98f7b27497a5276124b21c3e576
The normal extension for log files is .log. Log rotation should
work because the extension is as expected.
Change-Id: Ia5e42ea9d953e8395b86ab58cdef6c2d852efc94
Related-Bug: #1359995
This change makes apache set process group name in the process name,
so when listing the processes the user can easily identify what's
running in each apache process. This is specially useful to debug
memory consumption or when a process consumming too much CPU.
Change-Id: I9787980052f451f452d3b8e5e51385ad5aa01e6a
I think since probably fdf1cffbd5d2a7b47d5bdadbc0755fcb2ff6d52f
devstack on RHEL6 fails and it comes down to:
---
2014-07-17 05:05:49.235 | +++ openstack role create admin -f value -c id
2014-07-17 05:05:49.615 | ERROR: cliff.app Service Unavailable (HTTP 503)
[Thu Jul 17 15:05:46 2014] [error] [client 10.0.2.15]
(13)Permission denied: mod_wsgi (pid=30125): Unable to connect to WSGI
daemon process 'keystone-public' on
'/etc/httpd/logs/wsgi.30098.0.1.sock' after multiple attempts.
---
The apache user doesn't have permissons to this directory. Adding
WSGISocketPath to /var/run solves it
Change-Id: If4b74019b6bd389b576fc981154bb1b3aa471c9b
Provide a template for running keystone as a mod_wsgi process and enable
it from configuration.
Based on: https://review.openstack.org/#/c/36474/
Also-by: zhang-hare <zhuadl@cn.ibm.com>
Implements: blueprint devstack-setup-apache-keystone
Change-Id: Icc9d7ddfa4a488c08816ff4ae0b53c0134a1016b
