Fixes error:
# sysctl -w 'sys.net.ipv4.ip_local_reserved_ports=35357'
sysctl: cannot stat /proc/sys/sys/net/ipv4/ip_local_reserved_ports: No such file or directory
The new command works:
# sysctl -w 'net.ipv4.ip_local_reserved_ports=35357'
net.ipv4.ip_local_reserved_ports = 35357
Closes-Bug: #1571555
Change-Id: I9665f56c23f50d45e4303f78046dc46becb59ec5
several of the federated identity docs were spread out in hard
to find locations. this puts the documentation more front and
centrer. expect detailed changes for each docs in future patches.
Change-Id: I82ba117dfd02f921d72b9f010becad57da03e090
As part of an effort to remove backend dependencies on higher level
classes, this patch updates the dev docs, defining a standard as to
where abstract base classes are located and named.
Partial-Bug: #1563101
Change-Id: I784e344f333ee616bda800f63af0b1c149a529f3
the `getting started` section had fairly advanced topics, and the
developer docs had info that should be user facing.
Change-Id: Id2f619140869769de29ddfa14ab168cc696be933
The default value for the admin_token parameter was removed from the
sample config file in ea952bd2, so the recommendation in the developer
documentation to use it without first setting it will result in an
error. This patch updates the developer documentation and the
sample_data.sh script to use the Identity v3 API and to follow the
latest recommendations for bootstrapping an admin user with which to
insert sample data.
Change-Id: I424ff6129d4ddcd63fb2bed4eabcbe910ab0153e
python-keystoneclient CLI was removed in patch #258181.
This patch updates removes file that had examples of
keystone CLI usage.
Change-Id: Ie7d3624149f15ee806aee3db4f64f542414b4728
The patch to add the endpoint parameters to the bootstrap command didn't
update the documentation to show how to use these commands. Add this
information now.
Original Patch: Ie78c61ecf1e5f787dd2528b887c1642fd8d457ff
Related-Bug: #1550057
DocImpact
Change-Id: I5a1cb38b05ebcb8c44c9cf90a490c849f44dbc32
Whether the user is using tox or has installed keystone globally, the
keystone-manage command should already be in their path. The keystone
repo doesn't have a bin/ directory so trying to call
bin/keystone-manage from the root of the repo will result in an error.
Moreover, other references to keystone-manage in this page do not
specify a path. This patch fixes the instruction and makes it
consistent with the rest of the document.
Change-Id: I93f1aca9bdef0fa3ef4937ef616157d1e1b6fbe9
The Developer Environment documentation has an error where it explains
how to create a virtualenv with tox. If we follow instructions, we end
up with a nasty traceback from tox[1]. This is because the 'venv'
environment in tox.ini is expecting positional arguments and has no
default for when none are provided. This patch cribs from the Ironic
developer docs[2] to add a positional argument to make tox happy.
[1] http://paste.openstack.org/show/489709/
[2] http://docs.openstack.org/developer/ironic/dev/dev-quickstart.html
Change-Id: I5478e051372f6133cc902e82c4168774fb15b1df
The tools/with_venv.sh no longer exists in the source tree. This
patch cleans up all references to it.
Closes-Bug: #1514792
Change-Id: I4638c9894fab01b4556ee0537bf40807a659e7e9
The documentation build was printing warnigs like
doc/source/auth-totp.rst:111: SEVERE: Title level inconsistent:
Tokens
======
This is because subtitle is being used incorrectly, see[1]. The
subtitles are changed to section headers instead.
[1] http://docutils.sourceforge.net/docs/user/rst/quickstart.html#document-title-subtitle
Also corrected these warnings:
keystone/tests/unit/test_v3_assignment.py:docstring of
keystone.tests.unit.test_v3_assignment.ImpliedRolesTests.
test_list_role_assignments_with_implied_roles:9: ERROR: Unexpected
indentation.
keystone/keystone/tests/unit/test_v3_assignment.py:docstring of
keystone.tests.unit.test_v3_assignment.ImpliedRolesTests.
test_list_role_assignments_with_implied_roles:10: WARNING: Block
quote ends without a blank line; unexpected unindent.
Change-Id: Ib88dbc7a31a6aed8048966574ac998b5332862c7
* Removed referece to Ubuntu Precise. Mitaka packages are not
available on Precise.
* Removed a false statement that apt-get would prompt the user for
configuration options when installing the debian package.
Change-Id: Id588e99a4c17836156bb56b6c7322291f9f81af3
* Replaced Url with URL
* Corrected dead link to 'Python logging module'
* Replaced deprecated reference to log_config with log_config_append
* Removed non-referenced link for 'PyMongo API'
* Added etc/ssl_callback_template.html as an example setting file
Change-Id: Ic24c000e3cab848b03cdd709d1d7f94deef6fb81
* Extra line at head of file
* Erroneous blank line in middle of a paragraph
* Dead Twitter search link:
The Twitter REST API v1 is no longer active. Please migrate
to API v1.1. https://dev.twitter.com/docs/api/1.1/overview.
Change-Id: Ibf6c0d4051df3eaf21e3ef987523f3a89c8bac28
Support TOTP as a distinct authentication mechanism from Password.
bp totp-auth
Co-Authored-By: David Stanek <dstanek@dstanek.com>
Change-Id: Ic0ccf89b9f35d3167a413b10f43be43cf892aead
The LDAP backend supports mapping between LDAP and keystone user
attributes via the 'user_<attribute_name>_attribute' settings in the
LDAP driver configuration.
The current implementation is incomplete, since there is no support for
specifying a 'user_description_attribute' setting for user get (read)
operations.
This change adds support to the LDAP backend for mapping of user
description attributes via a 'user_description_attribute' configuration
also during user retrieval.
Change-Id: I30b63306beae3379aa8c29d0df3f327369d3f2a6
Closes-Bug: #1542417
Currently, for global roles, cloud admin has full CRUD permissions
for roles, although a domain or project admin can read roles
(i.e. Get or List). This remains the case.
For domain specific roles, in addition to cloud admin, the domain
admin also has full CRUD permissions for the domain specific roles
of their own domain (but no permissions to see any domain specific
roles from other domains). In addition, a project admin can read
(i.e. Get or List) the domain specific roles from their domain
(but again no permissions to see any domain specific roles from
other domains).
Partially Implements: blueprint domain-specific-roles
Change-Id: I53499f164bfa4d3e65b70b9586b6fe0d71b60f41
Remove the "extension" nomenclature, state that this is enabled
by default and remove the details of earlier experimental
phases (since they are now more than 3 releases ago).
Change-Id: Ifb42829988e12e506fc16585ea500976f573f29d
Now that this is no longer an extension, we should remove
the description on how to modify the paste pipeline for it.
Change-Id: I3b9e9338da2a114bb02d27370f3930bf65a8d7a6
Since the keystone.auth.plugins.saml2:Saml2 plugin is just a
wrapper for keystone.auth.plugins.mapped:Mapped there is no
need for it (log deprecation for now).
Change-Id: If82554f1e132c92c6fc707da6bdecba11e35620e
bp: deprecated-as-of-mitaka
python-ldap calls out to openldap which can handle multiple URLs for
ldap servers (for the purpose of high availability). openldap expects
these urls to be separated by a comma or whitespace.
Change the help text to specify a comma separated list of URLs is
allowed.
Change-Id: I523dcfc1701a6f7c725c4aa11482bfc15a3515a5
Closes-Bug: #1500631
This patch will allow certain notifications for events in
Keystone to be opted out. Opting out may be a desired way of
doing this since most keystone deployers will likely like
to by default have all audit traces.
Change-Id: I86caf6e5f25cdd76121881813167c2144bf1d051
Closes-Bug: 1519210
with PKI deprecated, we should also deprecate this command
bp: deprecated-as-of-mitaka
Closes-Bug: 1541201
Change-Id: If0600fc52084d1bb2acaadb05d858e4b69ff48eb