911 Commits

Author SHA1 Message Date
Jenkins
5685990287 Merge "Doc fix: "keystone-manage upgrade" is not a thing" 2016-08-25 04:26:46 +00:00
Jenkins
6d8ad9c27e Merge "Add mapping_populate command" 2016-08-25 00:38:40 +00:00
Boris Bobrov
b1fdad9875 Add mapping_populate command
Fetching users from LDAP requires creating public ids for them.
id_mapping_api does that. Creating public ids is slow, because it
requires performing N INSERTs for N users, and there is no way to
work around that. It leads to very slow responses to queries like
"list users".

By pre-creating these public ids we improve API users' experience.

Add keystone-manage mapping_populate command that creates id mapping entries
for users.

bp ldap-preprocessing
Partial-Bug: 1582585
Change-Id: I98f795854aee26f9e7f668372c47572d2b6d4f0f
2016-08-23 20:52:10 +00:00
Dolph Mathews
5ae761e8e3 Doc fix: license rendered in published doc
This wasn't indented correctly, so it ended up being rendered in the
HTML as plain text:

  http://docs.openstack.org/developer/keystone/upgrading.html

Change-Id: I3f7f43484abaf128a5a2d3c3f120df9c4951b856
2016-08-23 10:35:33 -05:00
Dolph Mathews
52b2503e55 Doc fix: "keystone-manage upgrade" is not a thing
This was part of Henry's initial patch, which ended up just being part
of db_sync instead.

Change-Id: Ibbfec6d665e59a0195a425f75a108819d42a946d
2016-08-23 10:17:59 -05:00
Dolph Mathews
a5e2906dc4 Add rolling upgrade documentation
This documentation conflicts a bit with the approach originally proposed
in bp manage-migration because it depends on the notion of having
database triggers to assist in the migration process.

Change-Id: Iec9269ab6d799b757451cb8afe7fa889fe7068b9
2016-08-18 16:15:13 +00:00
Jenkins
84ee0d93e8 Merge "Add basic upgrade documentation" 2016-08-12 22:35:28 +00:00
Samuel de Medeiros Queiroz
7f3ec1428d Updates Development Environment Docs
Now that we support other-requirements.txt and there is a Project Team
Guide doc [1] on how to set a Python environment up for development, we
can take benefit of them and make our docs more concise.

[1] http://docs.openstack.org/project-team-guide/project-setup/python.html

Co-Authored-By: Hidekazu Nakamura <hid-nakamura@vf.jp.nec.com>

Change-Id: Idcfadb7922b75464af430264e55aadc442e1b0a8
2016-08-10 20:36:27 +00:00
Dolph Mathews
ff00d33e9b Add basic upgrade documentation
Rolling upgrades are being introduced in the Newton release, which will
substantially impact the process that deployers will have to follow to
upgrade keystone.

This will provide us a basis for documenting rolling upgrades (also,
it's about time we documented our current process).

bp manage-migration

Change-Id: I5a37c781b83967b12cda60b054c612df3c3cb697
2016-08-08 16:12:24 -05:00
Dolph Mathews
141970f193 Remove mention of db_sync per backend
Many releases ago, we supported the notion of having migration
repositories per backend interface. If a backend needed to use the
database, it could manage it's own migrations independently from the
rest of keystone. That functionality was removed long ago, and this
blurb of text should have been removed with it.

Change-Id: If90e25ec556cf42322509ef28878e96120b0baad
2016-08-04 12:09:35 -05:00
Dolph Mathews
bfa13b7a64 Clean up the introductory text in the docs
I made a few specific changes, hopefully for the better:

- Removed the "Welcome!" from the title, which is quite verbose in the
  sidebar index (and reads awkwardly as a title, IMO).

- Revised the project description to match what's on our Launchpad page,
  https://launchpad.net/keystone

- Revised the target audience to more accurately reflect who we actually
  write for (it's still contributors first, but it's not fair to ignore
  operators, etc).

Change-Id: I9955f31216e7a70fed10501f096001433609ac70
2016-08-03 10:59:58 -05:00
Jenkins
b79e08b9bc Merge "Remove configuration references to eventlet" 2016-08-03 14:25:30 +00:00
Jenkins
41aa273f67 Merge "Add token feature support matrix to documentation" 2016-08-02 14:27:49 +00:00
Gage Hugo
44ccc92c1a Added postgresql libs to developer docs
Added corresponding packages for postgresql libraries for various
distros to the development docs to avoid causing pip to fail when
installing dependencies within test-requirements.txt

Change-Id: Ie181cf01bb22366b80d0639e66d939aaa948490b
Closes-Bug: #1608653
2016-08-01 15:26:10 -05:00
Eric Brown
8cef8483e6 Document the domain config API as stable
As a follow-on to commit I7bf0a914be13f88313c14bc196369de49cc7413f,
the documentation should also reflect that the domain config API
is now stable. Previous releases are still considered experimental.

Change-Id: I6fb993ac678d0aeaa43547c4b24b62d1a784a615
2016-07-28 14:11:00 -07:00
Eric Brown
fc924f8e44 Remove configuration references to eventlet
There were still a couple references remaining for using keystone
under eventlet. These are no longer applicable since keystone is
no longer supported under eventlet.

Change-Id: If6d2013cc2396d6d1df43f7f2091b5fa02115ca4
2016-07-28 14:04:28 -07:00
Dolph Mathews
927b08bbf7 Add token feature support matrix to documentation
This introduces a feature support matrix to illustrate which of our
various token providers supports which API operations and features. This
is intended to mirror Nova's feature support matrix documentation page,
found here:

  http://docs.openstack.org/developer/nova/support-matrix.html

After running `tox -e docs`, the result is embedded in
`doc/build/html/configuration.html`.

Change-Id: I3dc896a2906e25827a9e01afc7de5a737831c336
2016-07-28 15:44:28 +00:00
Dolph Mathews
9d01162c40 Add performance tuning documentation
Change-Id: Ia6ab8fbc0fa5c8f055ef0e913c32e4b285a2a6e2
2016-07-26 11:44:19 -04:00
dineshbhor
d0328e3293 Replace OpenStack LLC with OpenStack Foundation
Change-Id: I08ad2fad6122734cbcc5842c0b6f76c5f680b69c
Closes-Bug: #1214176
2016-07-22 15:10:35 +05:30
Dolph Mathews
059f35302d keystone-manage doctor
This introduces a new keystone-manage command called 'doctor' which
attempts to diagnose and report on various ill-advised configurations
and deployment states.

The number of checks we could perform is basically endless, so this is
just a random sampling of checks to get the ball rolling. The idea is
that as new features are introduced, as default configurations change,
as we have new recommendations to make to deployers, etc, we can
implement new checks in keystone-manage doctor and communicate our
concerns directly to those operated affected deployments.

Change-Id: Ib6660c1a885c439ca03357870628b2ea52e39e9d
Implements: bp keystone-manage-doctor
2016-07-18 15:51:57 -07:00
Jenkins
e2f230a089 Merge "Mark the domain config via API as stable" 2016-07-09 09:09:31 +00:00
Jenkins
6e15e49f6d Merge "keystone recommend deprecated memcache backend" 2016-07-09 04:15:51 +00:00
Jenkins
8fa33efaf7 Merge "Doc update on enabled external auth and federation" 2016-07-09 04:04:13 +00:00
Jenkins
c1897ef1b1 Merge "Doc update for moving abstract base classes out of core" 2016-07-08 23:55:05 +00:00
Brad Topol
a5c5f5bce8 Mark the domain config via API as stable
The domain config via API is marked stable. Tests are updated
and the cli for updating domain configs is marked deprecated.

implements bp domain-config-as-stable

Change-Id: I7bf0a914be13f88313c14bc196369de49cc7413f
2016-07-08 14:44:30 -07:00
“Richard
82c7b8bedc Doc update on enabled external auth and federation
By default the external auth is enabled and can cause user_id conflict
when REMOTE_USER is set due to the fact that federation uses
REMOTE_USER as well. Therefore, the docs were updated to advise users
against using both external auth and federation on the same sequence.

Closes-Bug: #1563454

Change-Id: I193f78ae0ad0232471b725d5700870c349703310
2016-07-08 13:50:47 +00:00
jolie
b278f03a78 keystone recommend deprecated memcache backend
There is a recommendation in doc to use
backend = keystone.cache.memcache_pool
however this seems to be deprecated in the code

Change-Id: Ic029a8c6fd8a88cd0e73fb7b61ba8ad8625f5ee5
closes-bug:#1594371
2016-07-08 11:06:07 +08:00
Ronald De Rose
9f5ed12c11 Doc update for moving abstract base classes out of core
This patch updates the service backends documentation, updating the
location for the abstract base classes (out of core and into
backends.base).

Closes-Bug: #1563101

Change-Id: I0b4ce448ba94ec09294b07f704ee07d433049ac8
2016-07-07 18:03:51 +00:00
Ronald De Rose
5d707d510d Move the auth plugins abstract base class out of core
This patch moves the auth plugins abstract base class out of core and
into plugins/base.py

This removes dependencies where backend code references code in the
core. The reasoning being that the core should know about the backend
interface, but the backends should not know anything about the core
(separation of concerns). And part of the risk here is a potential for
circular dependencies.

Partial-Bug: #1563101

Change-Id: I4413ef01523d02c30af97e306069229252cb4971
2016-07-07 16:32:07 +00:00
Puneet Arora
08096a3f2e Fixed a Typo
Change-Id: I08fd03a21499b06a5595144a3faf7aa8f922a141
2016-07-05 20:08:29 +00:00
Jenkins
d7a08e05fc Merge "Include doc directory in pep8 checks" 2016-07-02 04:40:40 +00:00
Eric Brown
67a50b5bcf Include doc directory in pep8 checks
Currently, flake8 runs against doc related directories such as
releasenotes and api-ref. Might as well remove doc from the
flake8 exclude list.  Each of these directories has only one
python file (conf.py).

Change-Id: I0445ad083d8d9167e0309950c200c9abb766bc1a
2016-06-30 14:14:13 -07:00
Jenkins
7460877945 Merge "Concrete role assignments for federated users" 2016-06-29 23:24:15 +00:00
guoshan
4db765198d API Change Tutorial doc code modify
The refactor of code cause the inappropriate guide.
Code in tutorial is out of date.

Change-Id: Ic986af1072f158f0f0f5608a9754db9d3e507409
Closes-Bug: #1597196
2016-06-29 07:57:17 +00:00
Ronald De Rose
eed233cac8 Concrete role assignments for federated users
"Shadow users: unified identity" implementation:
Allow concrete role assignments for federated users. Currently,
federated users get roles from mapped group assignments. However, with
the shadow users implementation, federated users are mapped to
identities in the backend; thus, can be assigned roles.

This patch returns locally assigned roles with the mapped group roles
for federated users; allowing for authorization for those roles.

bp shadow-users-newton

Change-Id: I9a150ded6c4b556627147d2671be15d6a3794ba5
2016-06-29 02:24:03 +00:00
Ronald De Rose
e8a3d9cc5a Update driver versioning documentation
This patch updates the Developing Keystone Drivers documentation,
removing support for driver versioning and updating the text.

Change-Id: I92318ecf83244ebbc575188a85f2594efc2c570e
2016-06-15 17:47:31 +00:00
Eric Brown
6bc084df0e Update the keystone-manage man page options
Several of the command line options don't match the current output
from keystone-manage -h.

Here's the output of keystone-manage to compare with the new man
page content:
http://paste.openstack.org/show/508828/

Change-Id: I60d212c5930fcd450745b10155b578faff0e4654
2016-06-07 21:03:35 -07:00
Brant Knudson
d03ed967dd Keystone uwsgi performance tuning
I ran some tests locally that showed that when using the uwsgi
deploy the keystone server wasn't using all the processes
available. When I switched from "threads" to "processes" the
concurrent performance improved considerably. So I'm proposing
that the docs use processes to improve performance.

Change-Id: I5375702f45ccb82c02ff2bba1eabda836d5d25eb
2016-06-05 18:47:30 -05:00
Eric Brown
b2ee4a2a75 Update man page for Newton release
* Bump the version to 10
* Update the date of release

Change-Id: I6d8a6c6ef264740a065c8d24440fa95b5b5e1b3e
2016-06-02 14:42:35 -07:00
Jenkins
faa79c8e18 Merge "Add API Change Tutorial" 2016-05-25 22:35:15 +00:00
Ryosuke Mizuno
293c891dcf Fix broken link of federation docs
Fixed a place that was in some broken links in the federation document.

Change-Id: I296c4e2cff718f3eac02fa1c14563a2a4437cb80
2016-05-20 20:01:48 +09:00
Samuel de Medeiros Queiroz
de2f2b097a Add API Change Tutorial
This change adds a tutorial for making an API change. It describes from
the specification proposal to making real code changes in keystone.

Its goal is to help new contributors to get familiar with keystone code.
It simulates the addition of a 'description' field to role entities.

Change-Id: Ie6f302939f43e78f07183abf4bc5aadb6b50ef1c
2016-05-13 06:37:05 -03:00
nonameentername
f6ac0661bf Update documentation to remove keystone-all
keystone-all command was removed but no alternative for running
keystone in developer mode was added.  Update documentation with uwsgi
command and update keystone-all reference.

Change-Id: Ia949620de21c1b05127769c6da249b38d83cda9c
2016-05-10 17:06:49 -05:00
David Stanek
70b798641a Fixes example in the mapping combinations docs
When reviewing If74aaf07b77399f1648843280153c7523de5eb38 I noticed that
one of the examples was incorrect.

Change-Id: I4d5d88ea45c00fe874382c06a0626ea6aaeb87c9
Related-Bug: #1575057
2016-05-05 15:48:04 +00:00
Dolph Mathews
cafbe1b9f0 Correct RST syntax for a code block
The code block was being rendered as a plaintext paragraph:

  http://docs.openstack.org/developer/keystone/federation/federated_identity.html#configure-apache-httpd-for-mod-auth-mellon

Change-Id: I183d220228b3a2e804c4dcc68164da362523b3d0
2016-04-29 15:54:39 -05:00
ZhiQiang Fan
5cd8356b7c Fix doc build if git is absent
When building packages if git is absent, then we should not set
html_last_updated_fmt. It can still be set via the -D switch
when building with sphinx-build.

Change-Id: Iea0fb01314e1c4a66a55841df07b9bdaf10153a6
Closes-Bug: #1552251
2016-04-28 06:22:19 +08:00
Cristian Sava
c7cb72b20e Customize config file location when run as wsgi app.
Running keystone as a wsgi application should allow the same kind of
customization as when run from the command line. Setting sys.argv for
wsgi applications is difficult so that environment variables need to
be used for this purpose.

Closes-Bug: #1552397

Change-Id: I1cd8c7c9f8d4c748384f9b72511b677176672791
2016-04-20 15:21:08 +00:00
Steve Martinelli
20b851b240 Remove support for generating ssl certs
these config options and it's supporting command are only useful
when deploying keystone under eventlet, with that removed these
are redundant.

Change-Id: I7c602805bba2c658d3280811ed8919f78ed3aa0d
implements: bp removed-as-of-newton
2016-04-19 08:58:36 -03:00
Jenkins
23bb657369 Merge "Remove eventlet support" 2016-04-19 07:29:42 +00:00
Steve Martinelli
ac039414ce Remove eventlet support
Eventlet has been deprecated since the Kilo release and is
being removed in Newton.

A follow on patch will be proposed to remove the [ssl] section
since it is now redundant.

Co-Authored-By: Grzegorz Grasza <grzegorz.grasza@intel.com>
Partially implements: bp removed-as-of-newton

Change-Id: I963d94bbd188dbb6eba68623a42c5bc3f2289da4
2016-04-18 18:07:28 +00:00