On 06/13/2015 01:37 PM, Rich Megginson wrote:
On 06/12/2015 07:30 PM, Adam Young wrote:
On 06/12/2015 04:53 PM, Rich Megginson wrote:
I've done a first pass of setting up a puppet module to configure
Keystone to use ipsilon for federation, using
https://github.com/richm/puppet-apache-auth-mods, and a version of
ipsilon-client-install with patches
https://fedorahosted.org/ipsilon/ticket/141 and
https://fedorahosted.org/ipsilon/ticket/142, and a heavily modified
version of the ipa/rdo federation setup scripts -
https://github.com/richm/rdo-vm-factory.
I would like some feedback from the Keystone and puppet folks about
this approach.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
I take it this is not WebSSO yet, but only Federation.
Around here...
https://github.com/richm/puppet-apache-auth-mods/blob/master/manifests/keystone_ipsilon.pp#L64
You would need to have the trusted dashboard, etc.
Right. In order to do websso, there is some additional setup that
needs to be done in the apache conf for the keystone wsgi virtual
hosts (which is in the rdo-federation-setup script). There is also
some additional configuration to do to Horizon to enable federated
auth and/or websso.
But I think that is what you intend.
Right. What I've done so far is only the first step.
It looks good at first blush. I'm trying to get to the point where I
can recreate RDO factory, but on a machine I launch in the Cloud Lab.
I've gotten it as far as allocating a floating IP address:
https://github.com/admiyo/ossipee/
Once I can get through the RDO Factory steps, I'll give it a live test.
However, without an ECP setup, we really have no way to test it.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev