[openstack-dev] Keystone Apache2 Installation Question

Fox, Kevin M kevin.fox at pnnl.gov
Wed Oct 9 23:59:21 UTC 2013


I've just started playing around with Keystone under Apache. I have managed to get it embedded now and all services talking to it.

Now, I'm trying to get it to do apache authentication. The documentation states that it should honor REMOTE_USER if its present.

The default wsgi-keystone.conf has this in it:
<Location "/keystone">
 NSSRequireSSL
 Authtype none
</Location>

Which Locations do you put Apache auth plugins on? Putting it on all of /keystone seems wrong. I tried putting it only on <Location "/keystone/main/v2.0/tokens"> and that didn't work either...

Looking at the token api, it doesn't look like it does basic auth at all, expecting the username/password to be passed through a json document? So perhaps what I am trying to do will never work? Do I have to set some flag to get python-keystoneclient/Dashboard to pass the username/password as basicauth instead of in a json form?

Thanks,
Kevin



________________________________________
From: Miller, Mark M (EB SW Cloud - R&D - Corvallis) [mark.m.miller at hp.com]
Sent: Monday, August 12, 2013 4:17 PM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] Keystone Apache2 Installation Question

Progress: Got Keystone working under Apache2 with HTTP based on the following 2 URLs . HTTPS is the next.

https://keystone-voms.readthedocs.org/en/latest/requirements.html
https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04

Mark

From: Miller, Mark M (EB SW Cloud - R&D - Corvallis)
Sent: Monday, August 12, 2013 3:10 PM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] Keystone Apache2 Installation Question

Looks like I may be ahead of the game. It doesn’t look like this blueprint has been started yet. Am I correct?

https://blueprints.launchpad.net/devstack/+spec/devstack-setup-apache-keystone

A very valuable feature of Keystone is to configure it to leverage apache as its front end. As a means of demonstrating how this works, and to facilitate automated testing of this configuration in the future, support to devstack will be added to enable it to optionally install and configure keystone using apache as it front end. The design approach used will be that described in the keystone docs: https://github.com/openstack/keystone/blob/master/doc/source/apache-httpd.rst
Thanks,

Mark



From: Miller, Mark M (EB SW Cloud - R&D - Corvallis)
Sent: Monday, August 12, 2013 1:45 PM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] Keystone Apache2 Installation Question

The commands/libraries  do not exist for Ubuntu, Keystone no longer starts up, directories between the sets of documents do not match, …

From: Dolph Mathews [mailto:dolph.mathews at gmail.com]
Sent: Monday, August 12, 2013 1:41 PM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] Keystone Apache2 Installation Question

What problem(s) are you running into when following the above documentation / examples?

On Mon, Aug 12, 2013 at 3:32 PM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <mark.m.miller at hp.com<mailto:mark.m.miller at hp.com>> wrote:
Hello,

I am looking for documentation on how to install/configure Apache2 as the Keystone front end for "Ubuntu 12.04". I have found various documentation snippets for a variety of applications and operating systems, but nothing for Ubuntu. Any pointers would greatly be appreciated. I have been trying to piece the installation/configuration from the following URLs but have yet to be successful.

http://docs.openstack.org/developer/keystone/apache-httpd.html#keystone-configuration
https://keystone-voms.readthedocs.org/en/latest/requirements.html
https://github.com/enovance/keystone-wsgi-apache/blob/master/provision.sh
http://adam.younglogic.com/2012/04/keystone-httpd/

Regards,

Mark


_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



--

-Dolph



More information about the OpenStack-dev mailing list