Reading keystone.conf in a container

Posted on December 11, 2019 by Adam Young

Step 3 of the 12 Factor app is to store config in the environment. For Keystone, the set of configuration options is controlled by the keystone.conf file. In an earlier attempt at containerizing the scripts used to configure Keystone, I had passed an environment variable in to the script that would then be written to the configuration file. I realize now that I want the whole keystone.conf external to the application. This allow me to set any of the configuration options without changing the code in the container. More importantly, it allows me to make the configuration information immutable inside the container, so that the applications cannot be hacked to change their own configuration options.

Continue reading →

Building an OpenShift LDAP URL from FreeIPA

Posted on December 7, 2019 by Adam Young

If you want to use LDAP authentication with OpenShift, you need to build an LDAP URL from the information you do have. Here are the steps.

Continue reading →

Building the Kolla Keystone Container

Posted on March 14, 2019 by Adam Young

Kolla has become the primary source of Containers for running OpenStack services. Since if has been a while since I tried deliberately running just the Keystone container, I decided to build the Kolla version from scratch and run it.

Continue reading →

Ansible, Azure, and Managed Disks

Posted on March 21, 2018 by Adam Young

Many applications have a data directory, usually due to having an embedded database. For the set I work with, this includes Red Hat IdM/FreeIPA, CloudForms/ManageIQ, Ansible Tower/AWX, and OpenShift/Kubernetes. Its enough of a pattern that I have Ansible code for pairing a set of newly allocated partitions with a set of previously built virtual machines.

Continue reading →

Launching Custom Image VMs on Azure With Ansible

Posted on March 20, 2018 by Adam Young

Part of my Job is making sure our customers can run our software in Public clouds. Recently, I was able to get CloudForms Management Engine (CFME) to deploy to Azure. Once I got it done manually, I wanted to automate the deployment, and that means Ansible. Turns out that launching custom images from Ansible is not support int the current GA version of the Azure modules, but has been implemented upstream.

Continue reading →

Deploying an image on OpenStack that is bigger than the available flavors.

Posted on January 30, 2018 by Adam Young

Today I tried to use our local OpenStack instance to deploy CloudForms Management Engine (CFME). Our OpenStack deployment has a set of flavors that all are defined with 20 GB Disks. The CFME image is larger than this, and will not deploy on the set of flavors. Here is how I worked around it.
Continue reading →

Mapping from iSCSI session to device.

Posted on February 3, 2017 by Adam Young

I was monitoring my system, so I knew the file was /dev/sdb was the new iSCSI target I was trying to turn into a file system. TO provide it, I ran:

iscsiadm -m session --print=3

And saw:

...
		scsi4 Channel 00 Id 0 Lun: 0
		scsi4 Channel 00 Id 0 Lun: 1
			Attached scsi disk sdb		State: running

But what did that do? Using Strace helped me sort it a little. I worked backwards.

Continue reading →

Tripleo HA Federation Proof-of-Concept

Posted on August 11, 2016 by Adam Young

Keystone has supported identity federation for several releases. I have been working on a proof-of-concept integration of identity federation in a TripleO deployment. I was able to successfully login to Horizon via WebSSO, and want to share my notes.

A federation deployment requires changes to the network topology, Keystone, the HTTPD service, and Horizon. The various OpenStack deployment tools will have their own ways of applying these changes. While this proof-of-concept can’t be called production-ready, it does demonstrate that TripleO can support Federation using SAML. From this proof-of-concept, we should be to deduce the necessary steps needed for a production deployment.

Continue reading →