e35a6dc6ee
Serving keystone from a wsgi container is recommended for production
setups. SSL is enabled by default.
See the following URLs for explanations:
http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/
https://etherpad.openstack.org/havana-keystone-performance
Documentation in manifests/wsgi/apache.pp
Apache can be configured as a drop in replacement for keystone (using
ports 5000 & 35357) or with paths using the standard SSL port. See
examples in examples/apache_*.pp
- Also change some 'real_' prefix into '_real' suffix to respect the
coding guide.
- Added the '--insecure' option to keystone client in the provider to
allow using self-signed certificates.
- Fixed parsing the ssl/enable value in the provider.
There is no integer verification done in the manifests
and to get around a bug in rspec, which has been fixed
in https://github.com/rodjek/rspec-puppet/pull/107,
certain parameters that should be integer are treated as
strings
files/httpd/keystone.py updated with lastest from keystone git repo
Change-Id: Ide8c090d105c1ea75a14939f5e8ddb7d24ca3f1c
55 lines
1.8 KiB
Python
55 lines
1.8 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2013 OpenStack Foundation
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
#
|
|
# This file was copied from https://github.com/openstack/keystone/raw/c3b92295b718a41c3136876eb39297081015a97c/httpd/keystone.py
|
|
# It's only required for platforms on which it is not packaged yet.
|
|
# It should be removed when available everywhere in a package.
|
|
#
|
|
|
|
import logging
|
|
import os
|
|
|
|
from paste import deploy
|
|
|
|
from keystone.openstack.common import gettextutils
|
|
|
|
# NOTE(blk-u):
|
|
# gettextutils.install() must run to set _ before importing any modules that
|
|
# contain static translated strings.
|
|
gettextutils.install('keystone')
|
|
|
|
from keystone.common import environment
|
|
from keystone import config
|
|
from keystone.openstack.common import log
|
|
|
|
|
|
CONF = config.CONF
|
|
CONF(project='keystone')
|
|
config.setup_logging(CONF)
|
|
|
|
environment.use_stdlib()
|
|
name = os.path.basename(__file__)
|
|
|
|
if CONF.debug:
|
|
CONF.log_opt_values(log.getLogger(CONF.prog), logging.DEBUG)
|
|
|
|
# NOTE(ldbragst): 'application' is required in this context by WSGI spec.
|
|
# The following is a reference to Python Paste Deploy documentation
|
|
# http://pythonpaste.org/deploy/
|
|
application = deploy.loadapp('config:%s' % config.find_paste_config(),
|
|
name=name)
|