Fuel master access control improvements

Registered by Łukasz Oleś on 2014-08-29

In 5.1 release cycle fuel master node access control was introduced. In next release some configuration tunning is required to make it easier to use and upgrade.

Feature Lead: Sebastian Kalinowski
Mandatory Design Reviewers: Matthew Mosesohn, Evgeny Li, Vitaly Kramskikh
Developers: Sebastian Kalinowski, Łukasz Oleś
QA: Dennis Dmitriev

Blueprint information

Status:
Complete
Approver:
Evgeniy L
Priority:
Essential
Drafter:
Łukasz Oleś
Direction:
Approved
Assignee:
Sebastian Kalinowski
Definition:
Approved
Series goal:
Accepted for 6.0.x
Implementation:
Implemented
Milestone target:
milestone icon 6.0
Started by
Łukasz Oleś on 2014-09-17
Completed by
Sebastian Kalinowski on 2014-11-14

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/access-control-master-node-improvments,n,z

Addressed by: https://review.openstack.org/118284
    Fuel master access control improvements

Addressed by: https://review.openstack.org/125319
    Generate keystone password for nailgun and ostf

Addressed by: https://review.openstack.org/125324
    Remove usage of admin_token

Addressed by: https://review.openstack.org/125584
    Remove usage of admin_token in nailgun

Addressed by: https://review.openstack.org/126480
    Migrate X-Auth-Token to cookie-based authentication

Addressed by: https://review.openstack.org/127206
    Ask for password during upgrade

Addressed by: https://review.openstack.org/127211
    Generate new keystone credentials during upgrade

Gerrit topic: https://review.openstack.org/#q,topic:bug/1362615,n,z

Addressed by: https://review.openstack.org/127234
    Add cookie-based authentication along with X-Auth-Token

Addressed by: https://review.openstack.org/127498
    Add cookie-based authentication along with X-Auth-Token

Addressed by: https://review.openstack.org/128274
    Increased keystone token expiration time to 24h

Addressed by: https://review.openstack.org/128595
    Flush expired tokens from Keystone

Addressed by: https://review.openstack.org/128584
    Remove storing of password in browser

Addressed by: https://review.openstack.org/129838
    Use keystonemiddleware package

Addressed by: https://review.openstack.org/129840
    Add python-keystonemiddleware package to OSTF spec

Addressed by: https://review.openstack.org/129914
    Use keystonemiddleware package

Addressed by: https://review.openstack.org/129916
    Add python-keystonemiddleware package to nailgun

Addressed by: https://review.openstack.org/131129
    Remove usage of admin_token

Gerrit topic: https://review.openstack.org/#q,topic:bp/access-control-master-node-improvments-patch4,n,z

Gerrit topic: https://review.openstack.org/#q,topic:bug/1375622,n,z

Addressed by: https://review.openstack.org/132220
    Remove storing of password in browser

Addressed by: https://review.openstack.org/132234
    Use keystonemiddleware package

Addressed by: https://review.openstack.org/132236
    Add python-keystonemiddleware package to OSTF spec

Addressed by: https://review.openstack.org/132237
    Add python-keystonemiddleware package to nailgun

Addressed by: https://review.openstack.org/132238
    Use keystonemiddleware package

Addressed by: https://review.openstack.org/132247
    Ask for password during upgrade

Addressed by: https://review.openstack.org/132284
    Remove storing of password in browser

Addressed by: https://review.openstack.org/132530
    Remove usage of admin_token

Addressed by: https://review.openstack.org/132534
    Flush expired tokens from Keystone

Addressed by: https://review.openstack.org/132539
    Increased keystone token expiration time to 24h

Addressed by: https://review.openstack.org/132541
    Generate keystone credentials for nailgun and ostf

Addressed by: https://review.openstack.org/132548
    Remove usage of admin_token in nailgun

Addressed by: https://review.openstack.org/132550
    Generate new keystone credentials during upgrade

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.