This prevents old invalid tokens from working after a rerun of stack.sh
and potentially providing users and tenants that don't exist.
Fixes bug 1089700
Change-Id: Icfc22978e41e459d51b50bc7ad2e6d98d766e402
If the directory exists but is owned by another user, then this will
cause failures.
Note that we already do this for other components (glance, for
instance).
Change-Id: Ic7d2a2dd179f721636afc9ea9c3fe6bb314c9b33
* Adds lib/tls to create test CA/certs
* Start proxy if 'tls-proxy' is enabled
* Configure keystone service catalog for TLS
* Tear down proxy in unstack.sh
* Set auth protocol and ca-cert chain in openrc
* Add DATA_DIR to stackrc
This is the first in a series of patches to enable TLS support
for the service API endpoints.
Change-Id: Ia1c91dc8f1aaf94fbec9dc71da322559a83d14b6
keystone_data.sh is getting unwieldly and increasingly needs
configuration information for services. Also need the ability
to manipulate HOST/IP information for hosts to handle service
HA/proxy configurations.
Begin moving the creation of service account information into
the service lib files, starting with the common accounts and
keystone itself.
Change-Id: Ie259f7b71983c4f4a2e33ab9c8a8e2b00238ba38
This patch adds an interface for supporting multiple database backend
types and implemnts support for PostgreSQL. It also adds a function,
use_exclusive_service, which serves as a base for enabling a service
that conflicts with other services. The use_database function uses it,
and it might also be useful for selecting messaging backends.
MySQL is still selected by default. Tested on Fedora 17 and Ubuntu
12.04 with MySQL and PostgreSQL. Implements blueprint postgresql-support
Change-Id: I4b1373e25676fd9a9809fe70cb4a6450a2479174
* Configure Cinder, Glance, Keystone, Nova to put cached credentials
from keystone.auth_token into /var/cache/<service>
It is not obvious to me that having each of these service share a
credentials cache is a good idea. It does appear to work but this
patch takes the conservative approach of putting each service's cache
in a distinct directory.
More importantly it gets them out of $HOME!
Change-Id: If88088fc287a2f2f4f3e34f6d9be9de3da7ee00d
This change lets the developer running devstack
control the token format used by keystone through
setting KEYSTONE_TOKEN_FORMAT in their localrc
file.
Change-Id: Ic1265fcb10b8de112891f61d5e07312322148ec2
Signed-off-by: Doug Hellmann <doug.hellmann@dreamhost.com>
Set VERBOSE=False to turn off the noise of stack.sh output. All
output still is written to the logfile if LOGFILE is set.
Rebased
Change-Id: I316bc4d68c997ec907a48e720e2f7778428d935b
The templated backend for Keystone is limited and does not support the
CRUD operations so does not fully exercise the Identity API. Change
the default to SQL but leave the templated back-end in place for now.
Set KEYSTONE_CATALOG_BACKEND=template in localrc to restore the old
behaviour.
Change-Id: Id4490194d49b8004583016a9666cb9439cd4700a
The next in a line of changes to break down stack.sh and make
it a bit more manageable.
Part of blueprint devstack-modular
Change-Id: I40405af07b776f045d6bf801f7e4f1ad863139ae
