x
/
fuel-ccp-keystone
Code Issues Proposed changes
121 Commits 1 Branch 1 Tag 828 KiB
Commit Graph

27 Commits

Author SHA1 Message Date
Andreas Jaeger a497e15a00 Retire repository 
Fuel (from openstack namespace) and fuel-ccp (in x namespace)
repositories are unused and ready to retire.

This change removes all content from the repository and adds the usual
README file to point out that the repository is retired following the
process from
https://docs.openstack.org/infra/manual/drivers.html#retiring-a-project

See also
http://lists.openstack.org/pipermail/openstack-discuss/2019-December/011647.html

Depends-On: https://review.opendev.org/699362
Change-Id: Iaf61f1be5c082af0f602834e86748e667a4273e5
 2019-12-18 09:48:37 +01:00
Sergey Reshetnyak 49c835ec09 LDAP intergation 
This patch adds support LDAP as authentication backend

Change-Id: Ic6d04450dcdc68c41aa503370fcc347c894f0093
 2017-03-13 17:16:19 +03:00
Andrey Pavlov ece5b265d7 Store sensitive configs in secret 
Change-Id: If03e4560fbedf3d31226eee9ee1e527f90196929
Depends-On: Ie6a9833cdf73b076e24204d47e5898dfb24de43e
 2017-03-09 10:14:04 +00:00
Jenkins 4a6ffd6204 Merge "Enable memcache protection for keystone" 2017-03-06 10:21:56 +00:00
Sergey Kraynev 849f62782d Rename domain to use correct domain name 
Previously in configs "default" value was used as domain_id, but now we
use domain name and as result value should be changed to "Default".

Change-Id: Iee433f968b96f1c3b023bf984b9c886efe52da88
 2017-03-03 12:01:21 +00:00
Marek Zawadzki d4f3cec629 Enable memcache protection for keystone 
Done accordingly to:
* https://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#memcache-protection
* https://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html

Change-Id: I91b279e5433569393275ff334d63b43b211a014d
 2017-03-02 12:39:27 +01:00
Sergey Kraynev 0a9850e1d4 Add TLS support for Keystone 
- Add files for certificates
- Add config file for nginx service
- Update service definition by adding new container for nginx
- Update wsgi to use localhost

This patch requires patches in other repos:
 - fuel-ccp
 - fuel-ccp-entrypoint
 - fuel-ccp-nginx

Co-Authored-By: Artur Zarzycki <azarzycki@mirantis.com>

Depends-On: I65002b7ff9cfa2faf9d5bce470334aae95334d00
Depends-On: I88bc21571589dcd4c31bb5ce5015a75676ed2d85
Depends-On: I0660cc3ca2723bc06871b61f859adfed42c0d807

Change-Id: If796ea145c0a6b1bcb711496a4ad97a0a4ac2fb2
 2017-02-17 10:58:57 +00:00
Jenkins 0563e47d58 Merge "Make service account configurable" 2017-02-14 10:32:58 +00:00
Sergey Reshetnyak c236b0776b Make service account configurable 
Change-Id: I7353611fde5a7916d707603315a613607e8b4013
 2017-02-10 17:01:53 +03:00
Dmitry Klenov cef1b979ba Enable fernet keys generation 
This change effectively enables fernet keys generation and their
usage via the mechanism of k8s secrets. Legacy approach with
pre-generated fernet key is removed.

Change-Id: Ibdf0a0eafb48930d5536f35511be78c1e5df9921
Partial-Bug: #1651392
Partial-Bug: #1651394
Depends-On: Iaaede4ccb94c99d70f3ecad040d5ab6c41428c5e
Depends-On: I577b3f36a12d14b4b5d546d9633d4629eb5d8a37
 2017-02-10 13:15:25 +00:00
Marek Zawadzki b816b9d22e Add an option to enable notifications in keystone 
By this option (disabled by default), user can enable notifications in keystone
and configure their format (basic or CADF: Cloud Auditing Data Federation
standard).

Change-Id: I8dd5c2a24851d71db18399a709794d6c514e02b6
 2017-01-16 15:46:41 +01:00
Sergey Kraynev e48f4f6eb0 Use git.openstack.org url instead of github.com 
Change-Id: Icc85e7d011186a9782221f9e2ab0de8127dfdd28
 2016-12-22 11:01:57 +00:00
Proskurin Kirill b3503d709e Add credential keys setup 
Same as "keystone_mamage credential_setup"

Change-Id: I8bf71402905c2c0de72a002cffa5ca6eef3609e6
 2016-11-14 13:16:22 +00:00
Andrey Pavlov 0741a57b1a Adding ingress support 
Adding ingress objects creation for service

Change-Id: I295acae92c5ca6c2667edd293834bf5fc672b393
Depends-On: Ic621af6930f078eea17fd83fce26b42cd32ecf01
 2016-10-27 08:10:48 +00:00
Andrey Pavlov 8b17fae393 Ports configuration refactoring 
Ports configuration has been changed:

before:

  port: 123:3333

after:

  port:
    cont: 123
    node: 3333

Change-Id: Ic2933d3326afd4090c7a941ebaaebd9cdbaba464
Depends-On: I54ab8dd02fc88b821a1f0d05c08f98b618730150
 2016-10-26 17:29:23 +00:00
Jenkins 6cbd2d5ca3 Merge "Change default keystone wsgi threads to 1" 2016-10-12 13:39:30 +00:00
Yuriy Taraday f55bdb54a7 Move fernet_key into keystone namespace in config 
Change-Id: I8b19d036f380732a4878b14098939aa2a0fd1617
 2016-10-10 12:29:00 +03:00
Proskurin Kirill 302ed27483 Change default keystone wsgi threads to 1 
Due to perfomance problem reported by keystone team

Change-Id: I89cccaf0ad48df2eed41fd670edc65ea8fccb339
 2016-10-05 15:21:01 +03:00
Jenkins 87c891ea81 Merge "Convert all Keystone-specific configs to nested" 2016-10-04 17:46:38 +00:00
Yuriy Taraday 0ec695e5a9 Convert all Keystone-specific configs to nested 
Change-Id: I393f8898657543a8c4536159e9a6d773b13cefbf
 2016-10-04 00:34:52 +03:00
Yuriy Taraday 3798cda9da Add basic Fernet tokens support 
Tokens are propagated from config for now, no additional security.
Rotation is not supported, at all.

Change-Id: Ifa67cc3f98f1316dd61c132c0b1d662ee6ea9b0a
 2016-09-30 05:59:59 +00:00
Sergey Lukjanov 58923d1656 Switch to stable/newton by default 
Change-Id: I3ee5c23102c2dbaee85bf311a9cc532f6afbe308
 2016-09-26 08:30:05 -07:00
Sergey Lukjanov 08e977f6b9 Bump keystone wsgi props and make configurable 
In MOS we're using formula, but it should be more or less always correct to
have 6/3 for CCP:
https://github.com/openstack/fuel-library/blob/master/deployment/puppet/openstack_tasks/manifests/keystone/keystone.pp#L154-L155

Change-Id: Iaa19c607c614f9b14426d3d2771333cc29fef989
 2016-08-29 23:40:24 -07:00
Andrey f7a21cd7ab Adding default configs to build from git repo 
Images will be built with sources from master branch of
https://github.com/openstack/keystone.git repository by default.

Change-Id: I97c2a309f2025aebcff90ea1326c2a2eb1c848ee
Depends-On: I4d91aa8632fcd55735d791300fde475696b435b5
 2016-08-26 14:10:31 +00:00
Sergey Lukjanov 700b2142a6 Make Keystone debug log configurable 
Change-Id: I86968d845ef0f936526913d0686ca76e2a690466
 2016-08-09 06:53:00 -07:00
Sergey Reshetnyak 3206cc83b3 Migration to multicontainer pod 
Change-Id: I4b9bd3173d6fb0be71cde0dd4367f5faab190191
 2016-06-30 16:25:43 +03:00
Andrey Pavlov 26e2873f58 Adding application definition for keystone 
Change-Id: I78501d26ee633fba32f5d9919bfb49faedd8d8f9
 2016-06-23 17:59:58 +02:00