I reinstalled https://ipa.younglogic.net. My browser started complaining when I try to visit it; The serial number of the TLS certificate is a duplicate. If I am seeing this, anyone else that looked at the site in the past is going to see it, too, so I don’t want to just hack my browser setup to ignore it. Here’s how I fixed it:
Keystone now has Implied Roles. What does this mean? Lets say we define the role Admin to imply the Member role. Now, if you assigned someone Admin on a project they are automatically assigned the Member role on that project implicitly.
Let’s test it out:
The default layout for disks in a Centos deployment may make sense for the average use case, but not for using the machine as a Tripleo all-in-one development box. I have 500 GB of Disk space, and the default installer puts 400GB into /home and 50 GB into /. However, since most of the work here is going to be done in virtual machines, the majority of the /home space is wasted, and I found I have filled up the 50 GB partition on / on a regular basis. So, I want to remove /home and put all the space under /.
Keystone needs to work with multiple federation sources. Keycloak is a JBoss based project that provides, among other things, SAML and OpenID connect protocols. As part of my work in getting the two integrated, I needed to deploy Keycloak. The rest of my development setup is done via Ansible and I wanted to handle Keycloak the same way.
Ossipee started off as OS-IPA. As it morphed into a tool for building development clusters,I realized it was more useful to split the building of the cluster from the Install and configuration of the application on that cluster. To install IPA and OpenStack, and integrate them together, we now use an ansible-playbook called Rippowam.
Juan Antonio Osorio Robles was instrumental in me getting Tripelo up and running. He sent me the following response, which he’s graciously allowed me to share with you.
As many of you have found out, I am relatively willing to help people out with Keystone related questions. Here are a couple guidelines. Continue reading
OpenStack is big. I’ve been focused on my little corner of it, Keystone, for a long time. Now, it is time for me to help out with some of the more downstream aspects of configuring RDO deployments. In order to do so, I need to do an RDO deployment. Until recently, this has meant Packstack. However, Packstack really is not meant for production deployments. RDO manager is the right tool for that. So, I am gearing up on RDO manager. The upstream of RDO Manager is TripleO.
There is a straight forward mapping between the version numbers used for Red Hat Enterprise Linux OpenStack Platform release numbers, and the upstream and RDO releases of OpenStack. I can never keep them straight. So, I write code.
UPDATE1: missed Juno before…this is why we code review
UPDATE2: had RDO using the version numbers, but it in sync with upstream.
upstream = ['Austin', 'Bexar', 'Cactus', 'Diablo', 'Essex', 'Folsom',
'Grizzly', 'Havana', 'Icehouse', 'Juno', 'Kilo', 'Liberty',
'Mitaka', 'N', 'O', 'P', 'Q', 'R', 'S']
for v in range(0, len(upstream) - 3):
print "RHOS Version %s = upstream %s" % (v, upstream[v + 3])
RHOS Version 0 = upstream Diablo
RHOS Version 1 = upstream Essex
RHOS Version 2 = upstream Folsom
RHOS Version 3 = upstream Grizzly
RHOS Version 4 = upstream Havana
RHOS Version 5 = upstream Icehouse
RHOS Version 6 = upstream Juno
RHOS Version 7 = upstream Kilo
RHOS Version 8 = upstream Liberty
RHOS Version 9 = upstream Mitaka
RHOS Version 10 = upstream N
RHOS Version 11 = upstream O
RHOS Version 12 = upstream P
RHOS Version 13 = upstream Q
RHOS Version 14 = upstream R
RHOS Version 15 = upstream S
I’ll update one we have names for N and O.