Juju Charms Collection
keystone package

support disabling admin_token

Bug #1578678 reported by Edward Hope-Morley
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack Keystone Charm
Fix Released
Medium
Unassigned
OpenStack Keystone Charm 20.05
keystone (Juju Charms Collection)
Invalid
Medium
Unassigned
Juju Charms Collection 17.01

Bug Description

We support providing an admin-token via charm config or having one auto-generated but production envs will want to be able to disable it - http://docs.openstack.org/developer/keystone/configuringservices.html#admin-token

Tags: openstack sts
Liam Young (gnuoy)
Changed in keystone (Juju Charms Collection):
milestone: 16.07 → 16.10
James Page (james-page)
Changed in keystone (Juju Charms Collection):
milestone: 16.10 → 17.01
James Page (james-page)
Changed in keystone (Juju Charms Collection):
status: New → Triaged
James Page (james-page)
Changed in charm-keystone:
importance: Undecided → Medium
status: New → Triaged
Changed in keystone (Juju Charms Collection):
status: Triaged → Invalid
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-keystone (master)

Reviewed: https://review.opendev.org/712040
Committed: https://git.openstack.org/cgit/openstack/charm-keystone/commit/?id=0a02c30fe5f4650235519897b71588ae22fa0971
Submitter: Zuul
Branch: master

commit 0a02c30fe5f4650235519897b71588ae22fa0971
Author: Frode Nordahl <email address hidden>
Date: Mon Mar 9 15:06:09 2020 +0100

    Replace use of admin_token with Keystone bootstrap

    Stop the use of the admin_token and use the bootstrap process
    to initialize Keystone instead. Fortunately the implementation
    of the bootstrap process is both idempotent when it needs to be
    and it can be safely called on an existing deployment.

    Subsequently we can migrate by just removing the admin_token
    from the configuration and create new credentials for use by
    the charm with a call to ``keystone-manage bootstrap``.

    Remove configuration templates for versions prior to Mitaka, by
    doing this we need to move any configuration initially defined
    prior to Miataka forward to the ``templates/mitaka`` folder.

    A side effect of this migration is that newly bootstrapped
    deployments will get their ``default`` domain created with a
    literal ID of ``default``. Prior to this change third party
    software making assumptions about that being the case may have
    had issues.

    Closes-Bug: #1859844
    Closes-Bug: #1837113
    Related-Bug: #1774733
    Closes-Bug: #1648719
    Closes-Bug: #1578678
    Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/191
    Change-Id: I23940720c24527ee34149f035c3bdf9ff54812c9

Changed in charm-keystone:
status: Triaged → Fix Committed
James Page (james-page)
Changed in charm-keystone:
milestone: none → 20.05
David Ames (thedac)
Changed in charm-keystone:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.