This script has moved the launchpad-toolkit repository.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TOKEN_ID: gAAAAABXm68KiDENNaJyydWf-MY64od2mMbZJIbrTaWLt9nkRx-fUASO_RNxaLSqSGjOd1a8A_7XawM9r4Jpr_jm4vEAX90Qo8b9K18Qqxvg5S91a1vZ8IG-1O3hR6eCCMwWYiWQW7gZ5W-GE4qi1xLou0 | |
R0sCoeYA | |
unmangled key: 'keystone.token.provider:_validate_token|gAAAAABXm68KiDENNaJyydWf-MY64od2mMbZJIbrTaWLt9nkRx-fUASO_RNxaLSqSG | |
jOd1a8A_7XawM9r4Jpr_jm4vEAX90Qo8b9K18Qqxvg5S91a1vZ8IG-1O3hR6eCCMwWYiWQW7gZ5W-GE4qi1xLou0R0sCoeYA' | |
mangled key: '2a40538b1ae86e0914ff94e5238fb89ad83a5381' | |
unmangled key: 'keystone.token.provider:validate_non_persistent_token|gAAAAABXm68KiDENNaJyydWf-MY64od2mMbZJIbrTaWLt9nkRx-f | |
UASO_RNxaLSqSGjOd1a8A_7XawM9r4Jpr_jm4vEAX90Qo8b9K18Qqxvg5S91a1vZ8IG-1O3hR6eCCMwWYiWQW7gZ5W-GE4qi1xLou0R0sCoeYA' | |
mangled key: 'e7e56c9ef2718e445c8cd52597c7f5e6312eefca' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export OS_USERNAME=admin | |
export OS_PASSWORD=password | |
export OS_PROJECT_NAME=admin | |
export OS_DEFAULT_DOMAIN=default | |
export OS_AUTH_URL=http://localhost:35357/v3/ | |
export OS_IDENTITY_API_VERSION=3 |
We had an operator come to us with an interesting issue regarding rolling upgrades from Mitaka to Newton. The conversation was logged in #openstack-keystone. This notepad is my attempt to recreate the issue and document whatever I find.
I documented most of the installation process while testing the migration for encrypted credentials. I'm going to essentially use the same steps to install keystone. The steps after setup are specific to creating test data for credentials. Here we are going to document the upgrade process separately since it doesn't have to be specific to credentials.
Once we have Mitaka up and running - we can go ahead and populate it with some data:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo apt-get update; sudo apt-get dist-upgrade | |
reboot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import six | |
import uuid | |
from Crypto.Cipher import AES | |
from cryptography.hazmat import backends | |
from cryptography.hazmat.primitives import ciphers | |
from cryptography.hazmat.primitives.ciphers import algorithms | |
from cryptography.hazmat.primitives.ciphers import modes | |
from cryptography.hazmat.primitives import padding |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
endpoint_schema = Endpoint(required=True) | |
resource_to_validate = endpoint_schema.__class__.__name__.lower() | |
@validation.validated(endpoint_schema.json(), resource_to_validate) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ keystone-manage fernet_rotate | |
2528 INFO keystone.token.providers.fernet.utils [-] Starting key rotation with 2 key files: ['/etc/keystone/fernet-keys/0', '/etc/keystone/fernet-keys/1'] | |
2528 INFO keystone.token.providers.fernet.utils [-] Current primary key is: 1 | |
2528 INFO keystone.token.providers.fernet.utils [-] Next primary key will be: 2 | |
2528 INFO keystone.token.providers.fernet.utils [-] Promoted key 0 to be the primary: 2 | |
2528 INFO keystone.token.providers.fernet.utils [-] Created a new key: /etc/keystone/fernet-keys/0 | |
2528 INFO keystone.token.providers.fernet.utils [-] Excess keys to purge: [] | |
$ ls /etc/keystone/fernet-keys/ | |
0 1 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ git clone https://gist.github.com/02c6d37f49596b3f4298.git | |
$ cd 02c6d37f49596b3f4298/ | |
$ pip install -r requirements.txt | |
$ export KEYSTONE_ENDPOINT=http://<keystone-1-ip>:35357 | |
$ python bootstrap.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
May 05 21:39:48 laptop mcelog[905]: mcelog: Family 6 Model 8e CPU: only decoding architectural errors | |
May 05 21:39:48 laptop mcelog[905]: Hardware event. This is not a software error. | |
May 05 21:39:48 laptop mcelog[905]: MCE 0 | |
May 05 21:39:48 laptop mcelog[905]: CPU 2 THERMAL EVENT TSC 2fcfe2b50638 | |
May 05 21:39:48 laptop mcelog[905]: TIME 1494038388 Fri May 5 21:39:48 2017 | |
May 05 21:39:48 laptop mcelog[905]: Processor 2 heated above trip temperature. Throttling enabled. | |
May 05 21:39:48 laptop mcelog[905]: Please check your system cooling. Performance will be impacted | |
May 05 21:39:48 laptop mcelog[905]: STATUS 8819080b MCGSTATUS 0 | |
May 05 21:39:48 laptop mcelog[905]: MCGCAP c08 APICID 1 SOCKETID 0 | |
May 05 21:39:48 laptop mcelog[905]: CPUID Vendor Intel Family 6 Model 142 |