Not the way to do it long term, but this will give you a chance to play with it.
From the controller node:
sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sudo crudini --set /etc/keystone/keystone.conf token provider fernet
sudo systemctl restart httpd.service
$ openstack token issue -f shell
The Newton Summit is behind us, and we have six months to prepare for the next release in both upstream OpenStack and RDO. Here is my attempt to build a prioritized list of the large tasks I want to tackle in this release.
It is really hard to make remote calls securely without a minimal Public Key Infrastructure. For a single server development deployment, you can use a self-signed certificate, but once you have multiple servers that need to intercommunicate, you want to have a single signing cert used for all the services. I’m investigating an approach which chains multiple Certmonger instances together.
Just because upstrem is no longer supporting Essix doesn’t mean that someone out there is not running it. So, if you need to back port a patch, you might find yourself in the position of having to run unit tests against an older version of Keystone (or other) that does not run cleanly against the files installed by tox. For example, I tried running against an Icehouse era checkout and got a slew of errors like this:
Tripleo uses Puppet to manage the resources in a deployment. Puppet has a command line tool to look at resources.
Rust is Pedantic. I’m Pedantic. We get along wonderfully. Since HTTP is way too overdone, I wanted to try something at the Byte twiddling level. I got a very, very basic TFTP server to run and fetch a larger binary file without corrupting it. Time to celebrate with a bragpost.
I had an interesting exchange last week. We had someone in the chatroom asking for help, morgan was doing his part, and I chimed in and proceeded to get attacked.
My last post showed how to allocate an additional VM for Tripleo. Now I’m going to go through the steps to deploy FreeIPA on it. However, since I went through all of the effort to write Ossipee and Rippowam, I am going to use those to do the heavy lifting.
I’ve switched my Tripleo development to using tripleo quickstart. While the steps to create an additional VM for the IdM server are roughly what I posted before, it is different enough to warrant description.
You are trying to push along a patch…and it dawns on you that you have no idea who to ask. The answer is out there.