Fuel for OpenStack

Fuel master access control improvements

Registered by Łukasz Oleś

In 5.1 release cycle fuel master node access control was introduced. In next release some configuration tunning is required to make it easier to use and upgrade.

Feature Lead: Sebastian Kalinowski
Mandatory Design Reviewers: Matthew Mosesohn, Evgeny Li, Vitaly Kramskikh
Developers: Sebastian Kalinowski, Łukasz Oleś
QA: Dennis Dmitriev

Blueprint information

Status:
Complete
Approver:
Evgeniy L
Priority:
Essential
Drafter:
Łukasz Oleś
Direction:
Approved
Assignee:
Sebastian Kalinowski
Definition:
Approved
Series goal:
Accepted for 6.0.x
Implementation:
Implemented
Milestone target:
milestone icon 6.0
Started by
Łukasz Oleś
Completed by
Sebastian Kalinowski

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/access-control-master-node-improvments,n,z

Addressed by: https://review.openstack.org/118284
    Fuel master access control improvements

Addressed by: https://review.openstack.org/125319
    Generate keystone password for nailgun and ostf

Addressed by: https://review.openstack.org/125324
    Remove usage of admin_token

Addressed by: https://review.openstack.org/125584
    Remove usage of admin_token in nailgun

Addressed by: https://review.openstack.org/126480
    Migrate X-Auth-Token to cookie-based authentication

Addressed by: https://review.openstack.org/127206
    Ask for password during upgrade

Addressed by: https://review.openstack.org/127211
    Generate new keystone credentials during upgrade

Gerrit topic: https://review.openstack.org/#q,topic:bug/1362615,n,z

Addressed by: https://review.openstack.org/127234
    Add cookie-based authentication along with X-Auth-Token

Addressed by: https://review.openstack.org/127498
    Add cookie-based authentication along with X-Auth-Token

Addressed by: https://review.openstack.org/128274
    Increased keystone token expiration time to 24h

Addressed by: https://review.openstack.org/128595
    Flush expired tokens from Keystone

Addressed by: https://review.openstack.org/128584
    Remove storing of password in browser

Addressed by: https://review.openstack.org/129838
    Use keystonemiddleware package

Addressed by: https://review.openstack.org/129840
    Add python-keystonemiddleware package to OSTF spec

Addressed by: https://review.openstack.org/129914
    Use keystonemiddleware package

Addressed by: https://review.openstack.org/129916
    Add python-keystonemiddleware package to nailgun

Addressed by: https://review.openstack.org/131129
    Remove usage of admin_token

Gerrit topic: https://review.openstack.org/#q,topic:bp/access-control-master-node-improvments-patch4,n,z

Gerrit topic: https://review.openstack.org/#q,topic:bug/1375622,n,z

Addressed by: https://review.openstack.org/132220
    Remove storing of password in browser

Addressed by: https://review.openstack.org/132234
    Use keystonemiddleware package

Addressed by: https://review.openstack.org/132236
    Add python-keystonemiddleware package to OSTF spec

Addressed by: https://review.openstack.org/132237
    Add python-keystonemiddleware package to nailgun

Addressed by: https://review.openstack.org/132238
    Use keystonemiddleware package

Addressed by: https://review.openstack.org/132247
    Ask for password during upgrade

Addressed by: https://review.openstack.org/132284
    Remove storing of password in browser

Addressed by: https://review.openstack.org/132530
    Remove usage of admin_token

Addressed by: https://review.openstack.org/132534
    Flush expired tokens from Keystone

Addressed by: https://review.openstack.org/132539
    Increased keystone token expiration time to 24h

Addressed by: https://review.openstack.org/132541
    Generate keystone credentials for nailgun and ostf

Addressed by: https://review.openstack.org/132548
    Remove usage of admin_token in nailgun

Addressed by: https://review.openstack.org/132550
    Generate new keystone credentials during upgrade

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.