911 Commits

Author SHA1 Message Date
jpic
e641f79155 Typo in sysctl command example Edit
Fixes error:

    # sysctl -w 'sys.net.ipv4.ip_local_reserved_ports=35357'
    sysctl: cannot stat /proc/sys/sys/net/ipv4/ip_local_reserved_ports: No such file or directory

The new command works:

    # sysctl -w 'net.ipv4.ip_local_reserved_ports=35357'
    net.ipv4.ip_local_reserved_ports = 35357

Closes-Bug: #1571555
Change-Id: I9665f56c23f50d45e4303f78046dc46becb59ec5
2016-04-18 11:20:32 +02:00
Jenkins
d132901f9c Merge "Dev doc update for moving abstract base classes out of core" 2016-04-14 21:23:24 +00:00
Steve Martinelli
e082c72861 group federated identity docs together
several of the federated identity docs were spread out in hard
to find locations. this puts the documentation more front and
centrer. expect detailed changes for each docs in future patches.

Change-Id: I82ba117dfd02f921d72b9f010becad57da03e090
2016-04-13 05:42:51 +00:00
Jenkins
764d3f45ff Merge "fix typo" 2016-04-13 01:46:55 +00:00
Jenkins
c34930eb48 Merge "create a new advanced topics section in the docs" 2016-04-12 09:14:27 +00:00
Christian Berendt
324f4b5978 Add missing backslash to keystone-manage bootstrap command in documentation
Change-Id: Idbaf38074f0869d6f5f288200671e7879312c00b
2016-04-11 15:20:32 +02:00
Joseph
cd3ef897cd fix typo
should be 128 bits (16 bytes), not 148 bits (16 bytes)

Change-Id: Icfbd6f6c6d53d3948ef8f88e71a2ee5966dd5bec
2016-04-09 14:26:52 +08:00
Ronald De Rose
b316b14138 Dev doc update for moving abstract base classes out of core
As part of an effort to remove backend dependencies on higher level
classes, this patch updates the dev docs, defining a standard as to
where abstract base classes are located and named.

Partial-Bug: #1563101

Change-Id: I784e344f333ee616bda800f63af0b1c149a529f3
2016-04-06 18:14:27 +00:00
venkatamahesh
f0000bf761 Update the Administrator guide link
Change-Id: I31e810b96e668504c50b1429681f841095f12922
2016-04-06 17:32:14 +05:30
Steve Martinelli
7f42e1d52e create a new advanced topics section in the docs
the `getting started` section had fairly advanced topics, and the
developer docs had info that should be user facing.

Change-Id: Id2f619140869769de29ddfa14ab168cc696be933
2016-04-01 00:56:53 -04:00
Jenkins
3406748a9b Merge "Update dev docs and sample script for v3/bootstrap" 2016-03-28 06:38:34 +00:00
Colleen Murphy
f7983d4bdf Update dev docs and sample script for v3/bootstrap
The default value for the admin_token parameter was removed from the
sample config file in ea952bd2, so the recommendation in the developer
documentation to use it without first setting it will result in an
error. This patch updates the developer documentation and the
sample_data.sh script to use the Identity v3 API and to follow the
latest recommendations for bootstrapping an admin user with which to
insert sample data.

Change-Id: I424ff6129d4ddcd63fb2bed4eabcbe910ab0153e
2016-03-17 15:11:37 -07:00
Jenkins
471b3a115b Merge "Document running in uwsgi proxied by apache" 2016-03-16 19:43:46 +00:00
Henrique Truta
42810fe46e Remove reference to keystoneclient CLI
python-keystoneclient CLI was removed in patch #258181.
This patch updates removes file that had examples of
keystone CLI  usage.

Change-Id: Ie7d3624149f15ee806aee3db4f64f542414b4728
2016-03-15 22:23:15 -04:00
Brant Knudson
07c8ecdff2 Document running in uwsgi proxied by apache
Add documentation for how to run uwsgi proxied by uwsgi.

Change-Id: I3d307a953bbe1ba78745c0846cd4c5a78010b6cb
2016-03-15 15:04:13 -05:00
Jenkins
1a18cfbe5f Merge "Add docs for additional bootstrap endpoint parameters" 2016-03-14 21:03:26 +00:00
Jamie Lennox
258d09a5ac Add docs for additional bootstrap endpoint parameters
The patch to add the endpoint parameters to the bootstrap command didn't
update the documentation to show how to use these commands. Add this
information now.

Original Patch: Ie78c61ecf1e5f787dd2528b887c1642fd8d457ff
Related-Bug: #1550057
DocImpact

Change-Id: I5a1cb38b05ebcb8c44c9cf90a490c849f44dbc32
2016-03-14 18:00:05 +00:00
Colleen Murphy
9274861942 Fix keystone-manage example command path
Whether the user is using tox or has installed keystone globally, the
keystone-manage command should already be in their path. The keystone
repo doesn't have a bin/ directory so trying to call
bin/keystone-manage from the root of the repo will result in an error.
Moreover, other references to keystone-manage in this page do not
specify a path. This patch fixes the instruction and makes it
consistent with the rest of the document.

Change-Id: I93f1aca9bdef0fa3ef4937ef616157d1e1b6fbe9
2016-03-09 15:31:55 -08:00
Jenkins
46272c9be7 Merge "Clarify virtualenv setup in developer docs" 2016-03-09 06:15:14 +00:00
Jenkins
c77b6d0dc1 Merge "Minor edits to the configuration doc" 2016-03-09 01:39:24 +00:00
Jenkins
45ffe4ee20 Merge "Minor edits to the installation doc" 2016-03-08 23:39:46 +00:00
Colleen Murphy
26397af6a3 Clarify virtualenv setup in developer docs
The Developer Environment documentation has an error where it explains
how to create a virtualenv with tox. If we follow instructions, we end
up with a nasty traceback from tox[1]. This is because the 'venv'
environment in tox.ini is expecting positional arguments and has no
default for when none are provided. This patch cribs from the Ironic
developer docs[2] to add a positional argument to make tox happy.

[1] http://paste.openstack.org/show/489709/
[2] http://docs.openstack.org/developer/ironic/dev/dev-quickstart.html

Change-Id: I5478e051372f6133cc902e82c4168774fb15b1df
2016-03-08 09:40:05 -08:00
Jenkins
e59327039c Merge "Minor edits to the developing doc" 2016-03-03 01:38:10 +00:00
Jenkins
838a34aff3 Merge "fix sample config link that 404s" 2016-03-02 21:50:11 +00:00
Eric Brown
cde6f276a0 Minor edits to the developing doc
The tools/with_venv.sh no longer exists in the source tree. This
patch cleans up all references to it.

Closes-Bug: #1514792

Change-Id: I4638c9894fab01b4556ee0537bf40807a659e7e9
2016-03-02 17:01:09 +00:00
Jenkins
71187d58b1 Merge "Update developer docs for ubuntu 15.10" 2016-03-02 05:56:51 +00:00
Steve Martinelli
7df7c3c180 fix sample config link that 404s
this link 404s:
  http://docs.openstack.org/developer/keystone/_static/keystone.conf.sample

it can be seen on this page:
  http://docs.openstack.org/developer/keystone/sample_config.html

Change-Id: Ide97caf90659e3bb3511fd629e945c275e522151
2016-03-02 03:22:12 +00:00
Pandiyan
b90160d4c6 Add driver details in architecture doc
Added missing keystone driver details in architecture doc

Change-Id: Iac6d4008d72feeffa7f12ad1fa3b1d6c2cd634fe
Closes-Bug: #1546189
2016-03-01 03:26:42 +00:00
Brant Knudson
4a68978e37 Update developer docs for ubuntu 15.10
The same instructions for ubuntu 14.04 work for 15.10.

Change-Id: I06294894041a72fff377649ddfb47456ff12ba07
2016-02-29 16:33:19 -06:00
Brant Knudson
9bfd0058a3 Fix doc build warnings
The documentation build was printing warnigs like

 doc/source/auth-totp.rst:111: SEVERE: Title level inconsistent:

 Tokens
 ======

This is because subtitle is being used incorrectly, see[1]. The
subtitles are changed to section headers instead.

[1] http://docutils.sourceforge.net/docs/user/rst/quickstart.html#document-title-subtitle

Also corrected these warnings:

 keystone/tests/unit/test_v3_assignment.py:docstring of
  keystone.tests.unit.test_v3_assignment.ImpliedRolesTests.
  test_list_role_assignments_with_implied_roles:9: ERROR: Unexpected
  indentation.
 keystone/keystone/tests/unit/test_v3_assignment.py:docstring of
  keystone.tests.unit.test_v3_assignment.ImpliedRolesTests.
  test_list_role_assignments_with_implied_roles:10: WARNING: Block
  quote ends without a blank line; unexpected unindent.

Change-Id: Ib88dbc7a31a6aed8048966574ac998b5332862c7
2016-02-26 13:25:18 -06:00
Eric Brown
8eacf0c98c Minor edits to the installation doc
* Removed referece to Ubuntu Precise. Mitaka packages are not
  available on Precise.
* Removed a false statement that apt-get would prompt the user for
  configuration options when installing the debian package.

Change-Id: Id588e99a4c17836156bb56b6c7322291f9f81af3
2016-02-25 22:30:32 -08:00
Eric Brown
045e3588c1 Minor edits to the configuration doc
* Replaced Url with URL
* Corrected dead link to 'Python logging module'
* Replaced deprecated reference to log_config with log_config_append
* Removed non-referenced link for 'PyMongo API'
* Added etc/ssl_callback_template.html as an example setting file

Change-Id: Ic24c000e3cab848b03cdd709d1d7f94deef6fb81
2016-02-25 20:45:01 -08:00
Eric Brown
f30fd6b7d4 Minor community doc edits
* Extra line at head of file
* Erroneous blank line in middle of a paragraph
* Dead Twitter search link:
     The Twitter REST API v1 is no longer active. Please migrate
     to API v1.1. https://dev.twitter.com/docs/api/1.1/overview.

Change-Id: Ibf6c0d4051df3eaf21e3ef987523f3a89c8bac28
2016-02-25 20:10:40 -08:00
Jenkins
66fef6491e Merge "Tidy up configuration documentation for inherited assignments" 2016-02-22 18:05:56 +00:00
werner mendizabal
900c2a6d0b Time-based One-time Password
Support TOTP as a distinct authentication mechanism from Password.

bp totp-auth

Co-Authored-By: David Stanek <dstanek@dstanek.com>
Change-Id: Ic0ccf89b9f35d3167a413b10f43be43cf892aead
2016-02-19 10:42:29 -08:00
Jenkins
303f681b16 Merge "Adds user_description_attribute mapping support to the LDAP backend" 2016-02-19 00:20:36 +00:00
Rudolf Vriend
448778a511 Adds user_description_attribute mapping support to the LDAP backend
The LDAP backend supports mapping between LDAP and keystone user
attributes via the 'user_<attribute_name>_attribute' settings in the
LDAP driver configuration.

The current implementation is incomplete, since there is no support for
specifying a 'user_description_attribute' setting for user get (read)
operations.

This change adds support to the LDAP backend for mapping of user
description attributes via a 'user_description_attribute' configuration
also during user retrieval.

Change-Id: I30b63306beae3379aa8c29d0df3f327369d3f2a6
Closes-Bug: #1542417
2016-02-18 11:53:22 +01:00
Jenkins
7563b50f22 Merge "Modify rules in the v3 policy sample for domain specifc roles" 2016-02-17 00:20:11 +00:00
Jenkins
7761a428d4 Merge "Don't describe trusts as an extension in configuration doc" 2016-02-16 21:39:55 +00:00
Henry Nash
a16287af5b Modify rules in the v3 policy sample for domain specifc roles
Currently, for global roles, cloud admin has full CRUD permissions
for roles, although a domain or project admin can read roles
(i.e. Get or List). This remains the case.

For domain specific roles, in addition to cloud admin, the domain
admin also has full CRUD permissions for the domain specific roles
of their own domain (but no permissions to see any domain specific
roles from other domains). In addition, a project admin can read
(i.e. Get or List) the domain specific roles from their domain
(but again no permissions to see any domain specific roles from
other domains).

Partially Implements: blueprint domain-specific-roles

Change-Id: I53499f164bfa4d3e65b70b9586b6fe0d71b60f41
2016-02-16 17:00:57 +00:00
Henry Nash
30fa94e3cb Don't describe trusts as an extension in configuration doc
Change-Id: I38be08f7668b0371af1c41e923b85717f2e98dd1
2016-02-16 15:14:53 +00:00
Henry Nash
d39bf80e34 Tidy up configuration documentation for inherited assignments
Remove the "extension" nomenclature, state that this is enabled
by default and remove the details of earlier experimental
phases (since they are now more than 3 releases ago).

Change-Id: Ifb42829988e12e506fc16585ea500976f573f29d
2016-02-16 15:11:37 +00:00
Henry Nash
fa16be916e Clean up configuration documentataion on v2 user CRUD
Now that this is no longer an extension, we should remove
the description on how to modify the paste pipeline for it.

Change-Id: I3b9e9338da2a114bb02d27370f3930bf65a8d7a6
2016-02-16 15:08:38 +00:00
Tom Cocozzello
d988de1004 Deprecate Saml2 auth plugin
Since the keystone.auth.plugins.saml2:Saml2 plugin is just a
wrapper for keystone.auth.plugins.mapped:Mapped there is no
need for it (log deprecation for now).

Change-Id: If82554f1e132c92c6fc707da6bdecba11e35620e
bp: deprecated-as-of-mitaka
2016-02-10 14:41:01 +01:00
Steve Martinelli
15668ded09 include sample config file in docs
leverage oslo.config to rebuild our sample config file in our
docs

Change-Id: I88a2429dd3cacd1d014b5b441b98fbfee7e1e208
2016-02-08 16:40:58 -05:00
Steve Martinelli
9d3b676b1f Support multiple URLs for LDAP server
python-ldap calls out to openldap which can handle multiple URLs for
ldap servers (for the purpose of high availability). openldap expects
these urls to be separated by a comma or whitespace.

Change the help text to specify a comma separated list of URLs is
allowed.

Change-Id: I523dcfc1701a6f7c725c4aa11482bfc15a3515a5
Closes-Bug: #1500631
2016-02-07 08:21:00 +00:00
Fernando Diaz
255685877e Opt-out certain Keystone Notifications
This patch will allow certain notifications for events in
Keystone to be opted out. Opting out may be a desired way of
doing this since most keystone deployers will likely like
to by default have all audit traces.

Change-Id: I86caf6e5f25cdd76121881813167c2144bf1d051
Closes-Bug: 1519210
2016-02-05 04:32:15 -05:00
Jenkins
bf1f509776 Merge "deprecate pki_setup from keystone-manage" 2016-02-05 07:37:23 +00:00
Jenkins
f387dcda62 Merge "Fix some word spellings" 2016-02-05 06:12:32 +00:00
Steve Martinelli
0f306111fb deprecate pki_setup from keystone-manage
with PKI deprecated, we should also deprecate this command

bp: deprecated-as-of-mitaka
Closes-Bug: 1541201
Change-Id: If0600fc52084d1bb2acaadb05d858e4b69ff48eb
2016-02-04 22:54:17 -05:00