Divided the keystone docs into four categories, depending
upon the usage criteria: general information (which will
be common for all), developer documentation,
user documantation and operator documentation.
Change-Id: I2f5dd41acd9874739accc54c4f4fd69460b58334
KVS Code (core) and items depending on it was deprecated in Newton slated
for removal in Pike.
implements bp removed-as-of-pike
Closes-Bug: 1077282
Change-Id: I6ed4e3688f2a63b0fc439527957bc027db8d5d66
`mod_proxy_uwsgi` depends on `mod_proxy`, enable `mod_proxy`
only will not enable `mod_proxy_uwsgi`.
Change-Id: Ifad3f6eee09031764aa1817655282e0a423a28a1
I ran some tests locally that showed that when using the uwsgi
deploy the keystone server wasn't using all the processes
available. When I switched from "threads" to "processes" the
concurrent performance improved considerably. So I'm proposing
that the docs use processes to improve performance.
Change-Id: I5375702f45ccb82c02ff2bba1eabda836d5d25eb
Running keystone as a wsgi application should allow the same kind of
customization as when run from the command line. Setting sys.argv for
wsgi applications is difficult so that environment variables need to
be used for this purpose.
Closes-Bug: #1552397
Change-Id: I1cd8c7c9f8d4c748384f9b72511b677176672791
The httpd/keystone.py file needed to be copied and then
symlinked when used by web servers to "admin" and "main".
pbr 1.4.0 added support for wsgi_scripts that creates scripts
for wsgi servers on install. Keystone will now specify
wsgi_scripts so that the admin (keystone-wsgi-admin) and
main (keystone-wsgi-public) scripts will be created on install.
See http://httpd.apache.org/docs/2.4/upgrading.html#access for
the apache docs with examples for the Allow/Deny/Require
directives.
DocImpact
Related-Bug: #1441733
Change-Id: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
Newer releases of Apache Httpd server prefer to use sites-available /
sites-enabled configuration directories, but the Apache setup
documentation was still using conf.d. This change updates the Apache
setup documentation to use the preferred method.
Change-Id: I00a4cef2e4194b07f12ed0c0f6c584f236771a00
some docs were using the old fully-qualified class path for
the drivers. With stevedore support these can be changed to use
the short names of the entrypoints.
Change-Id: I7ec20ffe2237ddc94319d5fb5c7bd60a0a2f7c4d
Not every distribution uses SELinux (some use AppArmor for
example). It's confusing to tell those deployers to use SELinux.
Co-Authored-By: Lin Hua Cheng
Change-Id: I4e80f47aada52fd555f30c55ae1996c56c2db59c
The sample httpd config file was not using best practices for
apache configuration. The file is now a copy of the file that
devstack uses for keystone apache config
(files/apache-keystone.template), with the replacement strings
updated to the keystone defaults.
Also, the "Firewall" section is removed from the httpd config
docs because the sample config file isn't using port 443.
Change-Id: I1d10925b33ec7e70793e61db1cb99186f112ef3e
The Apache httpd config docs referred to the "token" driver, but
this is now known as the "token persistence" driver. Also, not
all token formats require token persistence now.
Change-Id: I42f0a227a9a665bc68dbc31d9a3ef64dc484ce05
Configuring SSL in Apache HTTPd is more complicated than the
instructions indicate. First, there's multiple mods for SSL and these
docs only mention mod_nss, where some deployers will find mod_ssl
the better option. Second, it doesn't say how to set up a server
certificate so they'll be using a self-signed certificate which is
useless.
Since this doc is only useful to an inexperienced deployers, and an
inexperienced deployer will be confused by these instructions, we're
better off not documenting it. Deployers should be reading the
excellent Apache docs for how to set up SSL.
Change-Id: I8e95cddd23ded0b07b21112c0827f9d1cd86eae8
Document in logical places that keystone under mod_wsgi will not
support chunked encoding.
Change-Id: I957059be560fa65e2f0d5166d9490b2c7bab9f17
Closes-Bug: #1346211
Several examples were either missing code-blocks entirely,
this patch added either bash or python, so the rendered HTML
is nicer.
Change-Id: Ia145dc78a871dc27cf0926ea1ef9cf9b6df564b7
PasteDeploy configuration contains class names which might change
between releases. Keeping it separate from user-configurable
parameters allows deployers to move paste-deploy ini file out of
configuration directory to a place where it can be safely overwritten
on updates e.g. under /usr/share/
DocImpact
Change-Id: I9292ca6226c8430b93565dedd45cc842742a23e2