If it is not fixed in Nova it is not fixed in Keystone, as the solution
has to start there.
** Changed in: keystone
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keyst
THis is an installer specific issue and not with the Keystone upstream
project. The .deb should be creating the /etc/keytstone directory on
install. PLease open the bug with the packager. Note that the page
linked is specific to Ubuntu.
** Changed in: keystone
Status: New => Invalid
--
The Keystone server was down and the message was reported by the client.
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.n
** Changed in: neutron
Status: Triaged => Fix Committed
** Changed in: nova
Status: In Progress => Fix Committed
** Changed in: puppet-keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscri
For these kinds of operations, you use role assignment inheritance. Do
not attempt to enforce policy on parent project ID.
I wrote up an article about this about a year back. CloudForms is just
the consumer, but the rules are the same.
https://adam.younglogic.com/2018/02/openstack-hmt-cloudfor
Public bug reported:
Identifiers
Each resource in Keystone has a unique identifier. For the majority of
resources, the identifiers are currently generated as UUIDs. In
addition, the identifiers are assigned by the system, and are not
something an end user can specify when creating the resource. T
Public bug reported:
I wrote up the issues with gaming the system that can happen with deep
quotas. This has driven what happened with 2 level quota in unified
limites.
https://adam.younglogic.com/2018/05/tracking-quota/
This should merge in with the documentation to explain why we limit
things
Public bug reported:
Make it possible to know what the ID of a role will be prior to creating
it. This allows synchronization between multiple keystone servers
** Affects: keystone
Importance: Undecided
Assignee: Adam Young (ayoung)
Status: In Progress
--
You received this
UNtil recently, this should be in bootstrap. This is the minimal amount
of configuration a Keystone server needs: to be able to create a new
domain, or create projects on the domain, etc.
Now it should be one admin user with a service scoped admin role. From
that, all other configuration can flo
Added Oslo.policy to the bug report, as this is going to be an issue
across all of the projects. Barbican, especially, needs target info,
but the same is true for anything that enforces the scope check.
** Also affects: oslo.policy
Importance: Undecided
Status: New
--
You received thi
I wanted to float the idea of bumping DNS to a top level Menu Item in IdM.
Here is how it looks right now:
https://admiyo.fedorapeople.org/ipa/IPA-Netsvc-screenshot.png
Note that I had to know to click "Network services" in order to find DNS.
DNS is a much more important Use case than Automou
After reviewing these tests, I think I can say with confidence that they
are not testing code that we support any longer. External plugins work
fine, including Kerberos. These tests were Kerberos specific, but we no
longer support a specific Kerberos plugin, only the External one. They
were test
Public bug reported:
THe Federation itegration (not voting) tests for Python35 are failing.
==
2018-09-26 06:26:21.371093 | primary | Failed 1 tests - output below:
2018-09-26 06:26:21.371172 | primary | ==
2018-09-26 06:26:21.371200 | pri
Public bug reported:
When keeping two Keystone servers in sync, but avoiding Database
replication, it is often necessary to hack the database to update the
Domain ID so that entries match. Domain ID is then used for LDAP mapped
IDs, and if they don't match, the user IDs are different. It should
user in
LDAP). THus, the LDAP code can be changed at config time, but the
Federated code can't. It also means that Federated IDs cannot be kept
in sync between two keystone servers.
** Affects: keystone
Importance: Low
Assignee: Adam Young (ayoung)
Status: In Pro
Public bug reported:
in keystone/tests/unit/test_v3_auth.py there are two tests that have
been commented out because they are unrunnable:
test_remote_user_with_realm
and
test_remote_user_with_default_domain
These support the External auth mechanism which should be avaialable to
people with t
Just to be clear, this has always been the case. THe documentation for
the cloud sample stated it needed to be edited.
Of course, I tripped over this exact problem. A few times. I once
proposed reading policy values from the config file as a work around.
But this is not a bug. As Lance put, w
Public bug reported:
Looking at a coverage report for the Keystone CLI shows that the
entirety of
class MappingEngineTester(BaseApp):
Is untested. Since this is production and supported code, this is a
risk.
** Affects: keystone
Importance: Undecided
Status: New
--
You received
** Changed in: keystone
Status: Invalid => New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1780159
Title:
Some inherited projects missing when listing use
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1780159
Title:
Some inherited projects missing when listing use
I'm closing this Won't fix because running with the LDAP backend is a
bad approach. Use SQL, with LDAP in a domain specific back end.
** Changed in: keystone
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is s
As we attempt to close the gap on Bug 968696, we have to make sure we are
headed forward in a path that won't get us stuck.
It seems that many people use Admin-every accounts for many things that
they are not really meant for. Such as performing Operations that should
be scoped to a project, like
On Fri, Mar 9, 2018 at 2:42 AM, Adrian Turjak
wrote:
> Sooo to follow up from the discussion last night partly with Lance and
> Adam, I'm still not exactly sure what difference, if any, there is
> between a domain scoped role assignment, and a project scoped role
> assignment. And... It appears s
Bug 968696 and System Roles. Needs to be addressed across the Service
catalog.
On Mon, Jan 29, 2018 at 7:38 AM, Luke Hinds wrote:
> Just a reminder as we have not had many uptakes yet..
>
> Are there any projects (new and old) that would like to make use of the
> security SIG for either gainin
Fixed in Keystone by f71a78db86632dccb391782e62da69a4627c7cad
https://review.openstack.org/#/c/523650/
** Changed in: keystone
Assignee: (unassigned) => Adam Young (ayoung)
** Changed in: keystone
Status: Triaged => Fix Released
** Changed in: keystone
Status: Fix Re
Public bug reported:
In order to activate a protocol for Federation, you need SOME value for
remote_id_attribute. However , this is set once per protocol in the
config file, not in the federated data. Thus, if two different SAML
implementations both wanted to use different values for
remote_id_a
Public bug reported:
When a Federated User logs in for the first time, many organizations
want to be able to provision resources. This is a specific instance of
the general idea that a Keystone token operation should be able to kick
off a playbook. PLaybooks can perform both Openstack specific a
> *From:* cas-...@apereo.org [mailto:cas-...@apereo.org
> ] *On Behalf Of *Adam Young
> *Sent:* Monday, June 26, 2017 12:24 PM
> *To:* CAS Community >
> *Subject:* [cas-user] CAS 5.0.5: Mixing default and custom attribute
> resolvers (PersonAttributeDao)
>
>
>
&
We are currently using the default attribute resolvers for LDAP and jdbc
with no issues. We configure them via the properties file and everything
works as expected.
We have now been given new requirements that will involve us having to
write a custom implementation of IPersonAttributeDao to
On 05/09/2017 06:39 AM, ch...@foxmail.com wrote:
Hello:
I want every one can access a volume I created in cinder as admin,
so I changed /etc/cinder/policy.json as bellow, but it won't work.
Why? And how to do it?
Thanks!
policy.json
So, debugging policy is a pain. What operation specifi
Public bug reported:
Keystone is now behind the other projects in reporting the microversions
in the microversion header
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subsc
CLosing as a duplicate.
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1648542
Title:
keystone does not retry
Public bug reported:
Description of problem:
DBDeadlock: (pymysql.err.InternalError) (1213, u'Deadlock found when trying to
get lock; try restarting transaction')
The above error is retry-able error, but no evidence for keystone would
really did a retry before throwing a 500.
2016-11-12 08:55:1
Public bug reported:
ADMIN_PASSWORD=keystone tools/sample_data.sh
... lots of stuff working fine ...
usage: openstack ec2 credentials create [-h]
[-f {json,shell,table,value,yaml}]
[-c COLUMN] [--max-width ]
Public bug reported:
Web SSO will be broken in places where the ssumption that the AUTH_URL
that Horizon uses is publically accessible.
Conversation with deployer:
"keystone is open in haproxy to the public world, but the problem is
that horizon forming the SSO url based on the region URL, which
Public bug reported:
When setting up Federation, if the protocol needs an new auth plugin,
the current mechanism is to add it to the methods list for the [auth]
section. However, this has the effect of linking them all together,
when the real method should be to link the auth plugin with the
prot
There has been a lot of talk about Policy this past summit and release.
Based on feedback, we've come up with the following spec to address it.
https://review.openstack.org/#/c/391624/
The idea is that we are going to split the role check off from the
existing policy checks. The role check
Public bug reported:
Active Directory has a very specific mechanism to
handle nested groups. LDAP queries need to look like this:
"(&(objectClass=group)(member=member:1.2.840.113556.1.4.1941:=CN=nwalnut,OU=Users,DC=EXAMPLE,DC=COM))"
If a deployment is using nested groups, three queries need to
On 10/09/2016 10:57 PM, Ton Ngo wrote:
Hi Keystone team,
We have a scenario that involves securing services for container and
this has
turned out to be rather difficult to solve, so we would like to bring
to the larger team for
ideas.
Examples of this scenario:
1. Kubernetes cluster:
To suppo
On 09/28/2016 11:06 PM, Adrian Turjak wrote:
Hello Keystone Devs,
Just curious as to the choice to have the project name be only 64
characters:
https://github.com/openstack/keystone/blob/master/keystone/resource/backends/sql.py#L241
Seems short, and an odd choice when the user.name field is 255
On 09/23/2016 11:03 AM, Alexandr Porunov wrote:
Hello,
I have next nodes:
swift_proxy1 - 192.168.0.11
swift_proxy2 - 192.168.0.12
keystone1 - 192.168.0.21
keystone2 - 192.168.0.22
I wonder to know if it is possible to use two keystone servers if we
use "uuid" or "fernet" tokens.
Yes, you wa
On 10/17/2016 09:53 AM, Chris Dent wrote:
It turns out that summit this year will be just down the road from
Chris Sharma's relatively new indoor climbing gym in Barcelona:
http://www.sharmaclimbingbcn.com/
If the fun, frisson and frustration of summit sessions leaves you with
the energy o
Reopening the Keystone one as the fix does not work for default policy,
which is what most people use.
** Changed in: keystone
Status: Fix Released => In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
htt
Not a bugf, leave the wrapper in for SQL message reporting.
** Changed in: keystone
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1
On 08/11/2016 06:25 AM, Steven Hardy wrote:
On Wed, Aug 10, 2016 at 11:31:29AM -0400, Zane Bitter wrote:
On 09/08/16 21:21, Adam Young wrote:
On 08/09/2016 06:00 PM, Zane Bitter wrote:
In either case a good mechanism might be to use a Heat Software
Deployment via the Heat API directly (i.e
** Project changed: keystone => ceilometer
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1627094
Title:
Keystone overwhelms Ceilometer with Identity Events
Statu
fo:
Suggest setting notification_driver to either log or noop in
/etc/keystone/keystone.conf
** Affects: keystone
Importance: Undecided
Assignee: Adam Young (ayoung)
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is sub
https://review.openstack.org/#/c/368530/
This change is for Python >2.7 only, as python2.7 already supports the
latest version of these libraraies. Back in the "just get pythoin3 to
work" days we cut our losses on Kerberos support, but now it is
working. Getting this restriction removed mean
** Also affects: tripleo
Importance: Undecided
Status: New
** Changed in: tripleo
Status: New => Confirmed
** Changed in: keystone
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscr
On 09/01/2016 08:48 PM, Michael Still wrote:
On Thu, Sep 1, 2016 at 11:58 AM, Adam Young <mailto:ayo...@redhat.com>> wrote:
On 08/31/2016 07:56 AM, Michael Still wrote:
There is a quick sketch of what a service account might look like
at https://review.openstack.org/#
Public bug reported:
A recent change to encrypt credetials broke RDO/Tripleo deployments:
2016-09-02 17:16:55.074 17619 ERROR keystone.common.fernet_utils
[req-31d60075-7e0e-401e-a93f-58297cd5439b f2caffbaf10d4e3da294c6366fe19a36
fd71b607cfa84539bf0440915ea2d94b - default default] Either [fern
Reported in a downstream distribution that should have synced from this
code as still a bug. please reconfirm.
** Changed in: keystone
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenS
On 09/01/2016 10:44 AM, Steve Martinelli wrote:
I want to welcome Ron De Rose (rderose) to the Keystone core team. In
a short time Ron has shown a very positive impact. Ron has contributed
feature work for shadowing LDAP and federated users, as well as
enhancing password support for SQL users.
g to be when the instance itself makes a
metadata request).
I think what you're saying though is that the middleware wont
let any
requests through if they have no auth details? Is that correct?
Michael
On Fri, Aug 26, 2016 at 12:46 PM, Adam You
is correct.
Michael
On Fri, Aug 26, 2016 at 12:46 PM, Adam Young <mailto:ayo...@redhat.com>> wrote:
On 08/22/2016 11:11 AM, Rob Crittenden wrote:
Adam Young wrote:
On 08/15/2016 05:10 PM, Rob Crittenden wrote:
Review https://review.opens
Closing the Keystone server component again, as I just confirmed the
user-list error does not happen in this code base, and thus it is a new
bug and a regression. Will open a separate ticket for that.
** Changed in: keystone
Status: Confirmed => Fix Released
--
You received this bug notif
Reopening the issue against the Keystone server. The fix was not
sufficient, as it was just a workaround, and one that we can't apply via
the CLI.
The real fix requires avoiding the exception from the identity backend
when performing any assignment-backend calls.
** Changed in: keystone
S
So...this is a continuing Saga. The fix that went in for Keystone only
allows the V3 AP call to continue. However, there is currently no way
to call that API except for CURL.
Something like:
curl -X DELETE -H"X-Auth-Token:$TOKEN" -H "Content-type:
application/json"
$OS_AUTH_URL/projects/e9d
On 08/22/2016 11:11 AM, Rob Crittenden wrote:
Adam Young wrote:
On 08/15/2016 05:10 PM, Rob Crittenden wrote:
Review https://review.openstack.org/#/c/317739/ added a new dynamic
metadata handler to nova. The basic jist is that rather than serving
metadata statically, it can be done dyamically
These changes are necessary so policy files can in include the check
"is_admin_project:True" which allows us to Scope what is meant by "Admin"
Use from_environ to load context
Use to_policy_values for enforcing policy
Use context from_environ to load contexts
Use from_dict to load context p
On 08/15/2016 05:10 PM, Rob Crittenden wrote:
Review https://review.openstack.org/#/c/317739/ added a new dynamic
metadata handler to nova. The basic jist is that rather than serving
metadata statically, it can be done dyamically, so that certain values
aren't provided until they are needed, mo
http://adam.younglogic.com/2016/08/ooo-ha-fed-poc/
It is painful, sloppy, Mitaka based. Have at it, and lets make
Federation a reality for Newton based deployments. Feedback eagerly sought.
Thanks for all the people that helped get me through this. Won't list
you all, as it would start t
On 08/09/2016 05:11 PM, Adam Young wrote:
The Fernet token format uses a symmetric key to sign tokens. In order
to check the signature, these keys need to be synchronized across all
of the Keystone servers.
I don't want to pass around nake symmetric keys. The right way to do
this
On 08/09/2016 09:21 PM, Adam Young wrote:
On 08/09/2016 06:00 PM, Zane Bitter wrote:
In either case a good mechanism might be to use a Heat Software
Deployment via the Heat API directly (i.e. not as part of a stack) to
push changes to the servers. (I say 'push' but it's
On 08/09/2016 06:00 PM, Zane Bitter wrote:
In either case a good mechanism might be to use a Heat Software
Deployment via the Heat API directly (i.e. not as part of a stack) to
push changes to the servers. (I say 'push' but it's more a case of
making the data available for os-collect-config t
The Fernet token format uses a symmetric key to sign tokens. In order
to check the signature, these keys need to be synchronized across all of
the Keystone servers.
I don't want to pass around nake symmetric keys. The right way to do
this is to put them into a PKCS 11 Envelope. Roughly, th
On 08/04/2016 07:11 AM, Prakash Kanthi wrote:
Hello,
Is there a easy way to enable Multi-Domain support in Mitaka, so that
I can create domains from default 'admin' account?
I already have following config in
/etc/openstack-dashboard/local_settings file. This allows me to enter
domain duri
On 08/06/2016 08:44 AM, John Dennis wrote:
On 08/05/2016 06:06 PM, Adam Young wrote:
Ah...just noticed the redirect is to :5000, not port :13000 which is
the HA Proxy port.
OK, this is due to the SAML request:
https://identity.ayoung-dell-t1700.test/auth/realms/openstack/protocol/saml
On 08/06/2016 03:20 PM, Dan Prince wrote:
On Sat, 2016-08-06 at 13:21 -0400, Adam Young wrote:
As I try to debug Federaion problems, I am often finding I have to
check
three nodes to see where the actual requrest was processed. However,
If
I close down to of the controller nodes in Nova, the
As I try to debug Federaion problems, I am often finding I have to check
three nodes to see where the actual requrest was processed. However, If
I close down to of the controller nodes in Nova, the whole thing just fails.
So, while that in it self is a problem, what I would like to be able to
On 08/05/2016 06:40 PM, Fox, Kevin M wrote:
*From:* Adam Young [ayo...@redhat.com]
*Sent:* Friday, August 05, 2016 3:06 PM
*To:* openstack-dev@lists.openstack.org
*Subject:* Re: [openstack-dev] [keystone][tripleo
On 08/05/2016 04:54 PM, Adam Young wrote:
On 08/05/2016 04:52 PM, Adam Young wrote:
Today I discovered that we need to modify the HA proxy config to tell
it to rewrite redirects. Otherwise, I get a link to
http://openstack.ayoung-dell-t1700.test:5000/v3/mellon/postResponse
Which should be
On 08/05/2016 04:52 PM, Adam Young wrote:
Today I discovered that we need to modify the HA proxy config to tell
it to rewrite redirects. Otherwise, I get a link to
http://openstack.ayoung-dell-t1700.test:5000/v3/mellon/postResponse
Which should be https, not http.
I mimicked the lines in
Today I discovered that we need to modify the HA proxy config to tell it
to rewrite redirects. Otherwise, I get a link to
http://openstack.ayoung-dell-t1700.test:5000/v3/mellon/postResponse
Which should be https, not http.
I mimicked the lines in the horizon config so that the keystone sect
I think this is a Horizon bug, not Keystone. The stack trace is all
Horizon code.
I suspect it is a conflict between domain and project scoped token code
in Horizon
** Also affects: horizon
Importance: Undecided
Status: New
--
You received this bug notification because you are a membe
On 07/28/2016 10:05 PM, Tim Hinrichs wrote:
I've never worked on the authentication details, so this may be off
track, but that error message indicates the failure is happening
inside Congress's oslo_policy.
Error message shows up here as a Python exception class.
https://github.com/openstac
On 07/06/2016 10:23 AM, Ben Morrice wrote:
Hello,
We have a small private OpenStack deployment with 300 VMs across 2
regions.
We currently use the Keystone v2.0 API and all accounts are currently
stored in SQL.
We would like to move keystone to authenticate users from LDAP
(identity), whils
On 07/04/2016 11:14 AM, schmitt wrote:
Hi,
I am learning to configure keystone for tokenless ssl x509
authorization, according to the document:
http://docs.openstack.org/developer/keystone/configure_tokenless_x509.html.
when making self-signed certificate with command openssl,
I don't know
On 07/27/2016 06:04 AM, Steven Hardy wrote:
On Tue, Jul 26, 2016 at 05:23:21PM -0400, Adam Young wrote:
I worked through how to do a complete clone of the templates to do a
deploy and change a couple values here:
http://adam.younglogic.com/2016/06/custom-overcloud-deploys
I worked through how to do a complete clone of the templates to do a
deploy and change a couple values here:
http://adam.younglogic.com/2016/06/custom-overcloud-deploys/
However, all I want to do is to set two config options in Keystone. Is
there a simple way to just modify the two values bel
ocs/ already gets
stagnate but a new repo would end up being largely ignored and at
least theoretically you can update docs/ when the relevant code
changes.
On Tue, Jun 28, 2016 at 6:00 PM, Ian Cordasco
mailto:sigmaviru...@gmail.com>> wrote:
-
On 06/28/2016 11:13 PM, Tom Fifield wrote:
Quick answers in-line
On 29/06/16 05:44, Adam Young wrote:
It seems to me that keystone Core should be able to moderate Keystone
questions on the site. That means that they should be able to remove
old dead ones, remove things tagged as Keystone that
On 06/28/2016 03:18 AM, 林自均 wrote:
Hi Steve,
Thanks for your explanation! I have some further questions:
You said that OS-OAUTH doesn't make Keystone a proper OAuth provider,
so what is missing? Can name some of the missing parts?
Another thing, a backlog started by you proposed to unify del
o it again, I'll double check all these. Thanks
Cheers,
Dr. Pavlo Shchelokovskyy
Senior Software Engineer
Mirantis Inc
www.mirantis.com <http://www.mirantis.com>
On Tue, Jun 28, 2016 at 1:29 AM, Adam Young <mailto:ayo...@redhat.com>> wrote:
On 06/26/20
Recently, the Keystone team started brainstormin a troubleshooting
document. While we could, eventually put this into the Keystone repo,
it makes sense to also be gathering troubleshooting ideas from the
community at large. How do we do this?
I think we've had a long enough run with the ask
On 06/27/2016 10:37 AM, Venkatesh Kotipalli wrote:
Hi All,
i want to change the admin password for openstack mitaka by using CLI.
i installed on centos7
when i am tried to change the password in
admin-openrc, after changing the password i am unable to login with
the password i changed, as i
On 06/24/2016 03:16 AM, Soputhi Sea wrote:
Hi,
I'm using Mitaka release (the very latest public release one from
Jun-02), and i'm having issue with List Project in Horizon. In my case
i have multiple projects created and when i login to Horizon the drop
down list of project (on the top left
have that. First thing we checked. I assume "available" is the
most important part of that?
On 25/06/16 09:27, Adam Young wrote:
A coworker and I have both had trouble recovering from failed
overcloud deploys. I've wiped out whatever data I can, but, even
with noth
A coworker and I have both had trouble recovering from failed overcloud
deploys. I've wiped out whatever data I can, but, even with nothing in
the Heat Database, doing an
openstack overcloud deploy
seems to be looking for a specific Nova server by UUID:
heat resource-show 93afc25e-1ab2-4773
d.
Anyway, in each of the service's profiles (the puppet manifests) I'm
setting up the tracking of the certificates with the certmonger's
puppet manifest.
BR
On Tue, Jun 21, 2016 at 5:39 PM, Adam Young <mailto:ayo...@redhat.com>> wrote:
When deploying the ov
On 06/20/2016 10:09 PM, Michael Richardson wrote:
On Fri, 17 Jun 2016 16:27:54 +
Also which would be preferred "role:admin" or "!"? Brian points out on [1] that
"!" would in effect, notify the admins that a policy is not defined as they would be unable to
preform the action themselves.
+
On 06/17/2016 08:03 AM, Mohan Kumar wrote:
Karun,
Please check q-svc (neutron) service is running or not ! Error
complaining that keystone url is not reachable to authenticate , IP
192.168.202.130 should be reachable and keystone service should be
active .
Maybe you can rerun devstack if
On 06/21/2016 08:43 AM, Markus Zoeller wrote:
A reminder that this will happen in ~2 weeks.
Please note that you can spare bug reports if you leave a comment there
which says one of these (case-sensitive flags):
* CONFIRMED FOR: NEWTON
* CONFIRMED FOR: MITAKA
* CONFIRMED FOR: LIBERTY
On 23.05.2
On 06/21/2016 11:26 AM, John Dennis wrote:
On 06/21/2016 10:55 AM, Ian Cordasco wrote:
-Original Message-
From: Adam Young
Reply: OpenStack Development Mailing List (not for usage questions)
Date: June 21, 2016 at 09:40:39
To: OpenStack Development Mailing List
Subject: [openstack
When deploying the overcloud with TLS, the current "no additional
technology" approach is to use opensssl and self signed. While this
works for a Proof of concept, it does not make sense if the users need
to access the resources from remote systems.
It seems to me that the undercloud, as the
e proposal part of the spec as there
will be a lot of details to figure out if we go forward. It is also
fairly rough but it should convey the point.
Thanks
Jamie
On 3 June 2016 at 03:06, Shawn McKinney <mailto:smckin...@symas.com>> wrote:
> On Jun 2, 2016, at 10:58 A
On 06/13/2016 07:08 PM, Marc Heckmann wrote:
Hi,
I currently have a lab setup using SAML2 federation with Microsoft
ADFS.
The federation part itself works wonderfully. However, I'm also trying
to use the new project as domains feature along with the Keystone v3
sample policy.json file for Keyst
On 06/07/2016 10:28 AM, Gyorgy Szombathelyi wrote:
Hi!
As an OIDC user, tried to play with Heat and Murano recently. They usually fail
with a trust creation error, noticing that keystone cannot find the _member_
role while creating the trust.
Hmmm...that should not be the case. The user in qu
On 06/02/2016 07:22 PM, Henry Nash wrote:
Hi
As you know, I have been working on specs that change the way we
handle the uniqueness of project names in Newton. The goal of this is
to better support project hierarchies, which as they stand today are
restrictive in that all project names within
On 06/02/2016 11:36 AM, Shawn McKinney wrote:
On Jun 2, 2016, at 10:03 AM, Adam Young wrote:
To do all of this right, however, requires a degree of introspection that we do not have
in OpenStack. Trove needs to ask Nova "I want to do X, what role do I need?"
and there is no wh
1 - 100 of 2739 matches
Mail list logo
