** Description changed: + [ Impact ] + Keystone-28.0.0 (2025.2)[0] dropped the keystone-wsgi-admin and keystone-wsgi-public scripts were dropped, the provided Apache2 configuration[2] + The approach to fix this bug is to reintroduce the generation of the + wsgi scripts by patchin the setup.cfg file. + [0] https://docs.openstack.org/releasenotes/keystone/2025.2.html [1] https://opendev.org/openstack/keystone/commit/0d2cc1a3af4dbd2825cef5992056bffe935eaadd [2] /etc/apache2/sites-available/keystone.conf + + [ Test Plan ] + + 1. Install keystone, mysql and other packages to assist with the testing + sudo apt-get install keystone mysql-server crudini python3-openstackclient + + 2. Create a database for keystone + sudo mysql -u root << EOF + CREATE USER 'keystone'@'localhost' IDENTIFIED BY 'changeme'; + CREATE USER 'keystone'@'%' IDENTIFIED BY 'changeme'; + CREATE DATABASE keystone; + GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'; + GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'; + EOF + + 3. Configure keystone to use the database + sudo crudini --set /etc/keystone/keystone.conf database connection "mysql+pymysql://keystone:changeme@localhost/keystone" + + 4. Sync up the database + sudo -u keystone keystone-manage --config-dir /etc/keystone db_sync + + 5. Configure Fernet for Keystone + sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone + sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone + + 6. Restart apache2 + sudo systemctl restart apache2 + + 7. Bootstrap keystone + keystone-manage bootstrap \ + --bootstrap-password changeme \ + --bootstrap-admin-url http://localhost:/v3/ \ + --bootstrap-internal-url http://localhost:/v3/ \ + --bootstrap-public-url http://localhost:/v3/ \ + --bootstrap-region-id RegionOne + + 8. Issue a token + openstack --os-region-name RegionOne \ + --os-auth-url http://localhost:5000/v3 \ + --os-project-domain-name Default \ + --os-user-domain-name Default \ + --os-project-name admin \ + --os-username admin \ + --os-password changeme \ + token issue + + Example of the expected output: + +------------+------------------------------------------+ + | Field | Value | + +------------+------------------------------------------+ + | expires | 2025-11-02T11:10:36+0000 | + | id | gAAAAABpBy4ckoYzHMVnZFXNjwOXUg0-Us0[...] | + | project_id | 6497c42b07464c9594ed7dd1610986cd | + | user_id | 0708b8f653a14a158ed503dd1ff0eee8 | + +------------+------------------------------------------+ + + + [ Where problems could occur ] + + * The wsgi scripts are generated while the deb package is being built + and they are installed under /usr/bin , any issues with this patch would + be at building time when python's setup phase runs. + + * This patch doesn't change existing files, it will create new files to + be included in the package, hence no behavior change is being + introduced. + + [ Other Info ] + + * Another possible way to fix this bug would have been to migrate the + package to uwsgi, although keystone is in main and uwsgi is in universe, + so a Main Inclusion Request would need to be submitted first, in any + case this approach wouldn't be suitable for a SRU.
** Summary changed: - keystone-wsgi-public and keystone-wsgi-admin dropped from the keystone package + [SRU] keystone-wsgi-public and keystone-wsgi-admin missing from the keystone package ** Description changed: [ Impact ] Keystone-28.0.0 (2025.2)[0] dropped the keystone-wsgi-admin and keystone-wsgi-public scripts were dropped, the provided Apache2 configuration[2] + + The debian package provides an Apache2 configuration and it assumes the + existence of these scripts - https://git.launchpad.net/~ubuntu- + openstack-dev/ubuntu/+source/keystone/tree/debian/keystone.conf#n4 The approach to fix this bug is to reintroduce the generation of the wsgi scripts by patchin the setup.cfg file. [0] https://docs.openstack.org/releasenotes/keystone/2025.2.html [1] https://opendev.org/openstack/keystone/commit/0d2cc1a3af4dbd2825cef5992056bffe935eaadd [2] /etc/apache2/sites-available/keystone.conf [ Test Plan ] 1. Install keystone, mysql and other packages to assist with the testing sudo apt-get install keystone mysql-server crudini python3-openstackclient 2. Create a database for keystone sudo mysql -u root << EOF CREATE USER 'keystone'@'localhost' IDENTIFIED BY 'changeme'; CREATE USER 'keystone'@'%' IDENTIFIED BY 'changeme'; CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'; EOF 3. Configure keystone to use the database sudo crudini --set /etc/keystone/keystone.conf database connection "mysql+pymysql://keystone:changeme@localhost/keystone" 4. Sync up the database sudo -u keystone keystone-manage --config-dir /etc/keystone db_sync 5. Configure Fernet for Keystone sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 6. Restart apache2 sudo systemctl restart apache2 7. Bootstrap keystone keystone-manage bootstrap \ - --bootstrap-password changeme \ - --bootstrap-admin-url http://localhost:/v3/ \ - --bootstrap-internal-url http://localhost:/v3/ \ - --bootstrap-public-url http://localhost:/v3/ \ - --bootstrap-region-id RegionOne + --bootstrap-password changeme \ + --bootstrap-admin-url http://localhost:/v3/ \ + --bootstrap-internal-url http://localhost:/v3/ \ + --bootstrap-public-url http://localhost:/v3/ \ + --bootstrap-region-id RegionOne 8. Issue a token openstack --os-region-name RegionOne \ - --os-auth-url http://localhost:5000/v3 \ - --os-project-domain-name Default \ - --os-user-domain-name Default \ - --os-project-name admin \ - --os-username admin \ - --os-password changeme \ - token issue + --os-auth-url http://localhost:5000/v3 \ + --os-project-domain-name Default \ + --os-user-domain-name Default \ + --os-project-name admin \ + --os-username admin \ + --os-password changeme \ + token issue Example of the expected output: +------------+------------------------------------------+ | Field | Value | +------------+------------------------------------------+ | expires | 2025-11-02T11:10:36+0000 | | id | gAAAAABpBy4ckoYzHMVnZFXNjwOXUg0-Us0[...] | | project_id | 6497c42b07464c9594ed7dd1610986cd | | user_id | 0708b8f653a14a158ed503dd1ff0eee8 | +------------+------------------------------------------+ - [ Where problems could occur ] * The wsgi scripts are generated while the deb package is being built and they are installed under /usr/bin , any issues with this patch would be at building time when python's setup phase runs. * This patch doesn't change existing files, it will create new files to be included in the package, hence no behavior change is being introduced. [ Other Info ] * Another possible way to fix this bug would have been to migrate the package to uwsgi, although keystone is in main and uwsgi is in universe, so a Main Inclusion Request would need to be submitted first, in any case this approach wouldn't be suitable for a SRU. ** Patch removed: "lp2130370_resolute.debdiff" https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/2130370/+attachment/5923189/+files/lp2130370_resolute.debdiff ** Patch removed: "lp2130370_questing.debdiff" https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/2130370/+attachment/5923190/+files/lp2130370_questing.debdiff ** Description changed: [ Impact ] Keystone-28.0.0 (2025.2)[0] dropped the keystone-wsgi-admin and keystone-wsgi-public scripts were dropped, the provided Apache2 configuration[2] The debian package provides an Apache2 configuration and it assumes the existence of these scripts - https://git.launchpad.net/~ubuntu- openstack-dev/ubuntu/+source/keystone/tree/debian/keystone.conf#n4 The approach to fix this bug is to reintroduce the generation of the wsgi scripts by patchin the setup.cfg file. + + The patch also augments the autopkgtest configuring keystone and + validating the configured service is capable of issuing tokens. [0] https://docs.openstack.org/releasenotes/keystone/2025.2.html [1] https://opendev.org/openstack/keystone/commit/0d2cc1a3af4dbd2825cef5992056bffe935eaadd [2] /etc/apache2/sites-available/keystone.conf [ Test Plan ] 1. Install keystone, mysql and other packages to assist with the testing sudo apt-get install keystone mysql-server crudini python3-openstackclient 2. Create a database for keystone sudo mysql -u root << EOF CREATE USER 'keystone'@'localhost' IDENTIFIED BY 'changeme'; CREATE USER 'keystone'@'%' IDENTIFIED BY 'changeme'; CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'; EOF 3. Configure keystone to use the database sudo crudini --set /etc/keystone/keystone.conf database connection "mysql+pymysql://keystone:changeme@localhost/keystone" 4. Sync up the database sudo -u keystone keystone-manage --config-dir /etc/keystone db_sync 5. Configure Fernet for Keystone sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 6. Restart apache2 sudo systemctl restart apache2 7. Bootstrap keystone keystone-manage bootstrap \ --bootstrap-password changeme \ --bootstrap-admin-url http://localhost:/v3/ \ --bootstrap-internal-url http://localhost:/v3/ \ --bootstrap-public-url http://localhost:/v3/ \ --bootstrap-region-id RegionOne 8. Issue a token openstack --os-region-name RegionOne \ --os-auth-url http://localhost:5000/v3 \ --os-project-domain-name Default \ --os-user-domain-name Default \ --os-project-name admin \ --os-username admin \ --os-password changeme \ token issue Example of the expected output: +------------+------------------------------------------+ | Field | Value | +------------+------------------------------------------+ | expires | 2025-11-02T11:10:36+0000 | | id | gAAAAABpBy4ckoYzHMVnZFXNjwOXUg0-Us0[...] | | project_id | 6497c42b07464c9594ed7dd1610986cd | | user_id | 0708b8f653a14a158ed503dd1ff0eee8 | +------------+------------------------------------------+ [ Where problems could occur ] * The wsgi scripts are generated while the deb package is being built and they are installed under /usr/bin , any issues with this patch would be at building time when python's setup phase runs. * This patch doesn't change existing files, it will create new files to be included in the package, hence no behavior change is being introduced. [ Other Info ] * Another possible way to fix this bug would have been to migrate the package to uwsgi, although keystone is in main and uwsgi is in universe, so a Main Inclusion Request would need to be submitted first, in any case this approach wouldn't be suitable for a SRU. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130370 Title: [SRU] keystone-wsgi-public and keystone-wsgi-admin missing from the keystone package To manage notifications about this bug go to: https://bugs.launchpad.net/charm-keystone/+bug/2130370/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
