Commit Graph

88 Commits

Author SHA1 Message Date
Pino de Candia 6480a35530 Minor doc fixes + some sample Tatu API log output.
Change-Id: I4f0e14f41072f87d83d8b3d31af4e2e9026c9892
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-14 19:30:24 +00:00
Pino de Candia 8ba9919b5a Detailed documentation of sudo_pam option and pam-ussh module
Also, configure pam-ussh module directly in /etc/pam.d/sudo and leave
/etc/pam.d/system-auth unchanged.

Change-Id: Ie86daf7f51c99915d20d0a7da9020584d807f9c8
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-13 05:55:35 +00:00
Pino de Candia bfe0242883 Add API versioning.
This also fixes the openstack CLI warning:
"Failed to contact the endpoint at <...> for discovery. Fallback to using that endpoint as the base url."

Change-Id: I411b7a795ac01e050cf8162e48d1fdbdc870c8f9
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-12 20:30:39 +00:00
Pino de Candia e72df954d7 Use sqlalchemy pool_recycle 3600 (seconds) to avoid re-using connections that MySQL already closed.
This fixes "MySQL server has gone away" error that occurs after long idle times.

Change-Id: I9e17ac6d2494e0db5f3d3ccbd5e45dd3172e7141
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-12 18:41:03 +00:00
Pino de Candia 3dc247767d Enable pam-ussh module to check user ssh cert on sudo authentication.
Change-Id: Iffde339572885b21673731dd69fb9b2ba4df6073
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-12 18:23:32 +00:00
Pino de Candia 5269c48085 Documentation improvements and clarifications.
Change-Id: Iba08b6385e4b1dfec595fc6edae244b01b66a861
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-10 20:37:05 +00:00
Pino de Candia 18413ba679 Format INSTALLATION document. New TRY_IT document with basic commands.
Change-Id: Id855ea88cfd5574ad534f842eef5dca7484beb79
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-09 22:53:19 +00:00
Pino de Candia 67436e32eb Castellan context based on password instead of short-lived token.
Change-Id: I951869483981bba6b3522d152ac97922dcaab1b9
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-09 21:55:13 +00:00
Pino de Candia 3a5a9fbe03 Devstack fixes; configurable API address for VMs; documentation refresh.
Change-Id: I1438d8c954f76f15afae33c92473b846d40ebe3d
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-09 16:52:36 +00:00
Pino de Candia fe3e41f34e Tatu should be last plugin in local.conf; write vendordata config to NOVA_CONF, not NOVA_CPU_CONF.
Change-Id: Iba80bc8452bf9726b7b861eaec2ac25d85e4e93e
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-08 21:40:22 +00:00
Pino de Candia 5a2e575a56 Devstack plugin sets up Nova static+dynamic vendor data.
Change-Id: I1ca5efeea07bd465cd5b9887e6407f6532b1b86a
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-08 05:50:32 +00:00
Pino de Candia 5a29ced8b2 Devstack plugin fixes
Change-Id: Ie9798fe1bb4c6d511c601306ed1d366d97ff09f7
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-03-07 22:55:50 +00:00
Pino de Candia fb3766ef9c Fixed processing of role assignment deletions.
Change-Id: Ib791702e2a09e7f907e664b1a262544cd9484735
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-02-26 21:39:49 +00:00
Pino de Candia 7679f42150 Fix notification/sync daemon; get principals from keystone roles.
Change-Id: I240c402af07bcb83e99343eb207ec906ce0d4caa
Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
2018-02-26 09:40:49 +00:00
Pino de Candia d34125d4f7 Clarification in README about known_hosts file.
Change-Id: Ie7361469d00b8904ef841f31b859bce06269b607
2018-02-15 15:10:24 +00:00
Pino de Candia 031f13edbd Remove devstack upgrade and gate (for now). 2018-01-26 17:32:47 -06:00
Pino de Candia 7f55b15f63 Fix devstack settings and plugin.sh for Tatu. 2018-01-26 15:58:14 -06:00
Pino de Candia 6a546abc52 Copied devstack from designate. 2018-01-26 14:41:34 -06:00
Pino de Candia b1ed741394 API for single host provides same data as List. 2018-01-25 16:29:26 -06:00
Pino de Candia 6fd075dd16 Rename Authority public key fields. 2018-01-25 13:31:02 -06:00
Pino de Candia 6ecf7ceec7 Make serial number the main identifier of UserCert 2018-01-24 00:04:26 -06:00
Pino de Candia 5153135019 Remove '.' from API object keys. 2018-01-23 16:56:17 -06:00
Pino de Candia 2030f2f4bc Merge branch 'master' of https://github.com/pinodeca/tatu 2018-01-23 22:14:28 +00:00
Pino de Candia 252e740911 Add method to get UserCert by serial number. 2018-01-23 22:12:29 +00:00
Pino de Candia 4147c298b7 Cloud config checks some error conditions. 2018-01-22 10:15:23 -06:00
Pino de Candia a061c474c2 pat.py catches nova exceptions on dead servers. 2018-01-22 16:08:43 +00:00
Pino de Candia 0d456cc116 New cloud-config uses only bash, no python. 2018-01-21 15:02:05 -06:00
Pino de Candia 326f0590ae Add revoked key management script to user-cloud-config. 2018-01-20 02:25:34 -06:00
Pino de Candia 4450ba773f Debugged/fixed revoked key file generation. 2018-01-20 08:23:16 +00:00
Pino de Candia 0b207f6123 Add a script to revoke certificates. 2018-01-19 17:59:30 -06:00
Pino de Candia 8e52c850ce Implemented certificate revocation. 2018-01-19 16:56:26 -06:00
Pino de Candia b5991fe143 Added a script that wraps ssh and does an SRV lookup. 2018-01-19 06:56:21 +00:00
Pino de Candia be028d5cf3 Make PATEntries and SRV Recordset creation idempotent. 2018-01-16 23:52:23 +00:00
Pino de Candia 4a9f96d253 Added list methods for users and hosts. 2018-01-16 10:57:41 -06:00
Pino de Candia 512b262470 Merge branch 'master' of https://github.com/pinodeca/tatu 2018-01-16 14:47:13 +00:00
Pino de Candia 54874d4c41 Remove key_manager section of config. 2018-01-16 14:45:54 +00:00
Pino de Candia 6a1099c89e Add devstack local.conf and .gitignore 2018-01-05 12:48:31 -06:00
Pino de Candia d83fca3537 Fixes to PAT and DNS support. 2018-01-04 14:41:22 -06:00
Pino de Candia c1239d9a5c Merge branch 'master' of https://github.com/pinodeca/tatu 2017-12-29 04:09:47 -06:00
Pino de Candia 27b180f864 Draft bastion support and Designate integration. 2017-12-29 03:53:32 -06:00
Pino de Candia 91c0b33338 Use argparse in helper scripts 2017-12-29 03:51:54 -06:00
Pino de Candia a419429041 Make Barbican integration work with Keystone middleware. 2017-12-21 16:39:28 +00:00
Pino de Candia 6ea9865b2a Merge branch 'master' of https://github.com/pinodeca/tatu 2017-12-20 15:07:30 -06:00
Pino de Candia 25fdd3b800 Moved config handling to one file. 2017-12-20 15:07:15 -06:00
pinodeca 428005ca56 Fixed requirements file. 2017-12-20 17:33:29 +00:00
Pino de Candia 303827c514 Oslo test skeleton. 2017-12-18 16:09:16 -06:00
Pino de Candia 6f69ba8090 Initial Devstack support skeleton. 2017-12-18 15:58:04 -06:00
Pino de Candia f28231f20d REsolve some differences with cookiecutter project. 2017-12-18 15:57:26 -06:00
Pino de Candia 9c51ed1705 Making doc and releasenotes compatible with cookiecutter. 2017-12-18 21:42:51 +00:00
Pino de Candia 1a4df292b1 Fixed requirements.txt for tox. 2017-12-09 00:08:32 +00:00