Commit Graph

10 Commits

Author SHA1 Message Date
Jenkins
c3b5d2d77b Merge "In the devstack plugin, restart keystone after modifying conf" 2017-07-26 23:55:10 +00:00
Kristi Nikolla
e5666f92d5 In the devstack plugin, restart keystone after modifying conf
Keystone was complaining about not being able to load the
remote_id_attribute in the mapped group [0]. Since moving
to uwsgi, restarting keystone is done separately from apache,
so the configuration file wasn't being reloaded. Added a line
to restart the keystone service.

Also added a line to restart apache after configuration.

[0] http://paste.openstack.org/show/616498/

Change-Id: I4e7c04241c5058152529f8c95963be6f05f51a51
Closes-Bug: 1700847
2017-07-26 13:57:44 -04:00
Kristi Nikolla
1394b0c6b1 Make the devstack plugin more configurable for federation
* In shibboleth2.xml make the ENTITY_ID and METADATA_URL
  configurable.
* Copy over an attribute map that includes support for
  keystone as an idp attributes.

bp devstack-plugin

Change-Id: I40157b00e5d084dcc6bb5b1f4be7d9cd3a8a0fc7
2017-07-17 16:38:08 -04:00
Kristi Nikolla
b8555843bf Update Devstack plugin for uwsgi and mod_proxy_uwsgi
[0] switched keystone to use uwsgi and mod_proxy_uwsgi by default
instead of mod_wsgi breaking the Devstack plugin which assumed
the latter. This commit fixes the Devstack plugin to work with
both and therefore fixes the functional v3 only gates which
are currently broken.

[0]. I46294fb24e3c23fa19fcfd7d6c9ee8a932354702

Change-Id: Iaffb3f18fd0f1444a6b6067d63474c27eb1bd13d
2017-04-26 14:30:42 -04:00
Eric Brown
30d9095d28 Use https for docs.openstack.org references
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.

Change-Id: I30a462e03d1fd7852511e22cac34c6bc0e8917f4
2017-01-30 16:05:08 -08:00
Rodrigo Duarte Sousa
91167ad58a Settings for test cases
This patch adds a function to configure the settings for test cases. It
currently sets the needed settings for the first federation scenario
test (follow up patch). If needed, additional settings can be added.

Change-Id: I5f0d0b5eeee1d8f03b38a2eb4cdc2101d3dccaa1
2016-12-20 09:07:09 -03:00
Rodrigo Duarte Sousa
ccf5dc7749 Do not manually remove /etc/shibboleth folder
This leads to some bug where we can't rerun ./stack.sh.
The error displayed is:
  [ERROR] /home/stack/devstack/lib/keystone:599 keystone did not start

Change-Id: I452cf2a023195fa64bb39953d5a3c32acda035ce
2016-12-13 18:49:28 +00:00
Rodrigo Duarte Sousa
bd37276b5b Upload service provider metadata to testshib
In order to register the service provider in testshib, we need to upload
its metadata.

Also makes some minor fixes.

Change-Id: Idfe0eb016370e7776de3525a813d0535cfc75e27
2016-11-28 23:44:01 -03:00
Kristi Nikolla
fbafc06ac6 Devstack plugin to federate with testshib.org
In a previous patch, I implemented a Devstack plugin to enable
federation and idp features in keystone. The plugin was to be
configured from environment variables for the idp entityID, metadata,
sp_auth_url, sp_url, etc. Providing an endless and untestable matrix
of combinations. Therefore the review was gathering dust waiting for
brave reviewers.

This review extracts the meat of the previous patch and removes all
the configuration options. This plugin now does one thing only: It
installs mod_shibboleth and sets up testshib.org as the IdP for keystone.

While testshib.org will not be used in our functional testing, this
is a necessary first step to make such complex changes more testable
reproducible and reviewable.

A follow-up patch will install a shibboleth-idp, and either that one,
or a later one, will switch from testshib.org to the local shibboleth.

This plugin will not yet be run as part of the gate, as "enable_service
federation" needs to be added to the Devstack options.

To run add the following after the lines that set up keystone from a
gerrit review:

enable_plugin keystone $KEYSTONE_REPO
enable_service keystone-saml2-federation

Change-Id: I6f7491ff063359d7065c77b00fe5bfc76f8587d6
2016-11-17 13:54:42 -05:00
Kristi Nikolla
75e8cd1538 Add structure for Devstack plugin
This review creates the structure for the Devstack plugin and
prints to the console to ensure its execution in the gate.

Follow-up reviews will do more useful stuff like setting up
the environment for our functional testing (ldap, federation).

Change-Id: I820ae355ae8f3183fee2b8207e3c17e8bd10dc17
2016-10-31 10:03:16 -04:00