I believe that this should be reopened, since the issue remains for the following reasons:
* All installation guide docs refer to Keystone running on port 5000 (OS_AUTH_URL=http://controller:5000/v3). If that's no longer the recommended deployment model, then the docs should be updated accordingly. * The file in question still contains endpoints on both :5000 and /identity. If the Keystone project believes that :5000 is deprecated in favor of /identity, then the WSGI config should be updated in the file to remove :5000. But having both seems broken. * For some reason that I haven't worked out yet, the /identity endpoint *is* interfering with the /horizon endpoint. If /identity will be remaining, we should try to figure out why that is. -MJ ** Changed in: keystone Status: Invalid => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1799332 Title: Apache WSGI config shipping with Keystone is incompatible with Horizon Status in OpenStack Identity (keystone): New Bug description: In keystone/httpd/wsgi-keystone.conf, the following configuration is present: Alias /identity /usr/local/bin/keystone-wsgi-public <Location /identity> SetHandler wsgi-script Options +ExecCGI WSGIProcessGroup keystone-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On </Location> However, it is both harmful and unnecessary. The operative WSGI configuration for Keystone comes from the <VirtualHost *:5000>...</VirtualHost> section. In fact, the commit which added the /identity endpoint described it as an documentation example: "Apache Httpd can be configured to accept keystone requests on all sorts of interfaces. The sample config file is updated to show how to configure Apache Httpd to also send requests on /identity and /identity_admin to keystone." Leaving it in place, however, causes conflicts when Horizon is concurrently installed: AH01630: client denied by server configuration: /usr/bin/keystone- wsgi-public ...in responses to Horizon URL's referencing '/identity'. Therefore, I believe keeping this configuration snippet in the shipped WSGI configuration (as opposed to actual documentation) is a defect. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1799332/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
