2

As a follow up on this question: How do I configure Keystone with Juju? Other questions on this topic like this ask what they need to be able to use Juju in their openstack installation. I need it just the other way around. I want to configure keystone for authentication against Active Directory, but the first thing in the keystone config file is:

# [ WARNING ]
# Configuration file maintained by Juju. Local changes may be overwritten.

This warning should be heeded, as the config changes are reset after a reboot of the container.

I searched the whole filesystem of the container for files related to keystone and juju, but the only file I could find (/var/lib/juju/agents/unit-keystone-0/charm/.juju-persistent-config) that seems related is also reset after the reboot.

So, where can I configure juju to create a keystone config file with my additions for Active Directory?

Community
  • 1
Gerald Schneider
  • 563

1 Answers1

3

I'll try to provide a starting answer, and hopefully someone can edit and improve my answer if they have more relevant information.

Configuration options can be found at JUJU Keystone Charm.

From your machine with juju tools installed.

export JUJU_HOME=~/.cloud-install/juju
juju ssh landscape-server/0 sudo 'JUJU_HOME=/var/lib/landscape/juju-homes/`sudo ls -rt /var/lib/landscape/juju-homes/ | tail -1` sudo -u landscape -E bash'

Once connected you can juju set keystone "key=value" using the values found in the juju keystone charm page. I don't know what specific settings you'll need add for active directory, but most likely you will find some of the information you need from Sample Active Directory Information.

  • This worked for the configuration of Keystone, after setting the ldap related values with juju set keystone "key=value" and rebooting the container the values showed up in the keystone.conf as intended. Sadly, this only lead to the next problem, with Keystone being unable to start and reporting ImportError: No module named ldap.filter in the error log. – Gerald Schneider May 30 '16 at 08:22
  • Now, before I start the next question on how to tell juju that I want to have the relevant package in this container, which surely will only lead to the next undocumented problem I'll just give up on Ubuntu Autopilot and try a commercial OpenStack management solution that actually gives support for their product. Thanks for the help anyway. – Gerald Schneider May 30 '16 at 08:23
  • No problem! Couple things, ldap.filter error is most likely due to a missing package (libldap2), you'd run into errors like that with any openstack deployment. JUJU is meant to make deployment easier, but really, it's all still openstack once things are deployed. Canonical does offer commercial support. Additional support can be found at https://ask.openstack.org. You do get some nice features with JUJU, for instance, add a harddrive, automagically it can be added to your ceph cluster. –  May 30 '16 at 12:57