OpenStack libraries now use Authenication plugins from the keystoneauth1 library. One othe the plugins has disappered? Kerbersop. This used to be in the python-keystoneclient-kerberos package, but that is not shipped with Mitaka. What happened?
Continue reading
Dramatis Personae:
Adam Young, Jamie Lennox: Keystone core.
Scene: #openstack-keystone chat room.
The process of deploying the overcloud goes through several technologies. Here’s what I’ve learned about tracing it.
Continue reading
I’ve been using Tripleo Quickstart. I need custom deploys. Start with modifying the heat templates. I’m doing a mitaka deploy
SAML is usually thought of as a WebSSO mechanism, but it can be made to work for command line operations if you use the Extended Client Protocol (ECP). When we did the Rippowam demo last year, we were successful in getting an Unscoped token by using ECP, but that was not sufficient to perform operations on other services that need a scoped token.
Continue reading
We are in the process of getting the docs straightened out for reviewing RDO packages. As we do, I want to record what I have working.
In the previous post, I described the setup for installing FreeIPA on a VM parallel to the undercloud VM setup by Tripleo Quickstart. The network on the undercloud VM has been setup up by Ironic and Neutron to listen on a network defined for the overcloud. I want to reproduce this on a second machine that is not enrolled in the undercloud. How can I reproduce the steps?
Continue readingI’ve been talking about using FreeIPA to secure OpenStack since the Havana summit in Portland. I’m now working with Tripleo to install OpenStack. To get the IPA server installed along with Tripleo Quickstart requires a VM accessible from the Ansible playbook.
Certmonger is split into 3 parts
Debugging this process is much easier if you run the certmonger service from the command line and tell it to log debugging output. Make sure no certmonger-session processes are running: