keystone-doc 1:2014.1.3-0ubuntu2.1 / usr / share / doc / keystone-doc / html / apache-httpd.html

This file is indexed.

/usr/share/doc/keystone-doc/html/apache-httpd.html is in keystone-doc 1:2014.1.3-0ubuntu2.1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>Running Keystone in HTTPD &mdash; keystone  documentation</title>
    
    <link rel="stylesheet" href="_static/nature.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <link rel="stylesheet" href="_static/tweaks.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    './',
        VERSION:     '',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <link rel="top" title="keystone  documentation" href="index.html" />
    <link rel="next" title="Using external authentication with Keystone" href="external-auth.html" />
    <link rel="prev" title="Service API Examples Using Curl" href="api_curl_examples.html" /> 
  </head>
  <body>
  <div id="header">
    <h1 id="logo"><a href="http://www.openstack.org/">OpenStack</a></h1>
    <ul id="navigation">
      
      <li><a href="http://www.openstack.org/" title="Go to the Home page" class="link">Home</a></li>
      <li><a href="http://www.openstack.org/projects/" title="Go to the OpenStack Projects page">Projects</a></li>
      <li><a href="http://www.openstack.org/user-stories/" title="Go to the User Stories page" class="link">User Stories</a></li>
      <li><a href="http://www.openstack.org/community/" title="Go to the Community page" class="link">Community</a></li>
      <li><a href="http://www.openstack.org/blog/" title="Go to the OpenStack Blog">Blog</a></li>
      <li><a href="http://wiki.openstack.org/" title="Go to the OpenStack Wiki">Wiki</a></li>
      <li><a href="http://docs.openstack.org/" title="Go to OpenStack Documentation" class="current">Documentation</a></li>
      
    </ul>
  </div>
  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body">
            
  <div class="section" id="running-keystone-in-httpd">
<h1>Running Keystone in HTTPD<a class="headerlink" href="#running-keystone-in-httpd" title="Permalink to this headline">¶</a></h1>
<div class="section" id="ssl">
<h2>SSL<a class="headerlink" href="#ssl" title="Permalink to this headline">¶</a></h2>
<p>To run Keystone in HTTPD, first enable SSL support.  This is optional,  but highly recommended.</p>
<p>Install mod_nss according to your distribution, then apply the following patch and restart HTTPD:</p>
<div class="highlight-python"><div class="highlight"><pre>--- /etc/httpd/conf.d/nss.conf.orig 2012-03-29 12:59:06.319470425 -0400
+++ /etc/httpd/conf.d/nss.conf      2012-03-29 12:19:38.862721465 -0400
@@ -17,7 +17,7 @@
 # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
 #       Listen directives: &quot;Listen [::]:8443&quot; and &quot;Listen 0.0.0.0:443&quot;
 #
-Listen 8443
+Listen 443

 ##
 ##  SSL Global Context
@@ -81,7 +81,7 @@
 ## SSL Virtual Host Context
 ##

-&lt;virtualhost _default_:8443=&quot;&quot;&gt;
+&lt;virtualhost _default_:443=&quot;&quot;&gt;

 #   General setup for the virtual host
 #DocumentRoot &quot;/etc/httpd/htdocs&quot;
&lt;/virtualhost&gt;&lt;/virtualhost&gt;
</pre></div>
</div>
<div class="section" id="firewall">
<h3>Firewall<a class="headerlink" href="#firewall" title="Permalink to this headline">¶</a></h3>
<p>Add the following rule to IPTables in order to ensure the SSL traffic can pass your firewall:</p>
<div class="highlight-python"><div class="highlight"><pre>-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
</pre></div>
</div>
<p>it goes right before:</p>
<div class="highlight-python"><div class="highlight"><pre>-A INPUT -j REJECT --reject-with icmp-host-prohibited
</pre></div>
</div>
</div>
<div class="section" id="files">
<h3>Files<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h3>
<p>Copy the file httpd/wsgi-keystone.conf to the appropriate location for your apache server, most likely:</p>
<div class="highlight-python"><div class="highlight"><pre>/etc/httpd/conf.d/wsgi-keystone.conf
</pre></div>
</div>
<p>Create the directory <tt class="docutils literal"><span class="pre">/var/www/cgi-bin/keystone/</span></tt>. You can either hardlink or softlink the files <tt class="docutils literal"><span class="pre">main</span></tt> and <tt class="docutils literal"><span class="pre">admin</span></tt> to the file <tt class="docutils literal"><span class="pre">keystone.py</span></tt> in this directory.  For a distribution appropriate place, it should probably be copied to:</p>
<div class="highlight-python"><div class="highlight"><pre>/usr/share/openstack/keystone/httpd/keystone.py
</pre></div>
</div>
<p>Keystone&#8217;s primary configuration file (<tt class="docutils literal"><span class="pre">etc/keystone.conf</span></tt>) and the PasteDeploy
configuration file (<tt class="docutils literal"><span class="pre">etc/keystone-paste.ini</span></tt>) must be readable to HTTPD in
one of the default locations described in <a class="reference internal" href="configuration.html"><em>Configuring Keystone</em></a>.</p>
</div>
<div class="section" id="selinux">
<h3>SELinux<a class="headerlink" href="#selinux" title="Permalink to this headline">¶</a></h3>
<p>If you are running with SELinux enabled (and you should be) make sure that the file has the appropriate SELinux context to access the linked file.  If you have the file in /var/www/cgi-bin,  you can do this by running:</p>
<div class="highlight-python"><div class="highlight"><pre>sudo restorecon /var/www/cgi-bin
</pre></div>
</div>
<p>Putting it somewhere else requires you set up your SELinux policy accordingly.</p>
</div>
<div class="section" id="keystone-configuration">
<h3>Keystone Configuration<a class="headerlink" href="#keystone-configuration" title="Permalink to this headline">¶</a></h3>
<p>Make sure you use either the <tt class="docutils literal"><span class="pre">SQL</span></tt> or the <tt class="docutils literal"><span class="pre">memcached</span></tt> driver for <tt class="docutils literal"><span class="pre">tokens</span></tt>, otherwise the tokens will not be shared between the processes of the Apache HTTPD server.</p>
<p>For <tt class="docutils literal"><span class="pre">SQL,</span></tt> in <tt class="docutils literal"><span class="pre">/etc/keystone/keystone.conf</span></tt> make sure you have set:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="p">[</span><span class="n">token</span><span class="p">]</span>
<span class="n">driver</span> <span class="o">=</span> <span class="n">keystone</span><span class="o">.</span><span class="n">token</span><span class="o">.</span><span class="n">backends</span><span class="o">.</span><span class="n">sql</span><span class="o">.</span><span class="n">Token</span>
</pre></div>
</div>
<p>For <tt class="docutils literal"><span class="pre">memcache,</span></tt> in <tt class="docutils literal"><span class="pre">/etc/keystone/keystone.conf</span></tt> make sure you have set:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="p">[</span><span class="n">token</span><span class="p">]</span>
<span class="n">driver</span> <span class="o">=</span> <span class="n">keystone</span><span class="o">.</span><span class="n">token</span><span class="o">.</span><span class="n">backends</span><span class="o">.</span><span class="n">memcache</span><span class="o">.</span><span class="n">Token</span>
</pre></div>
</div>
<p>In both cases,  all servers that are storing tokens need a shared backend.  This means either that both point
to the same database server, or both point to a common memcached instance.</p>
</div>
</div>
</div>


          </div>
        </div>
      </div>
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
            <h3><a href="index.html">Table Of Contents</a></h3>
            <ul>
<li><a class="reference internal" href="#">Running Keystone in HTTPD</a><ul>
<li><a class="reference internal" href="#ssl">SSL</a><ul>
<li><a class="reference internal" href="#firewall">Firewall</a></li>
<li><a class="reference internal" href="#files">Files</a></li>
<li><a class="reference internal" href="#selinux">SELinux</a></li>
<li><a class="reference internal" href="#keystone-configuration">Keystone Configuration</a></li>
</ul>
</li>
</ul>
</li>
</ul>

            <h4>Previous topic</h4>
            <p class="topless"><a href="api_curl_examples.html"
                                  title="previous chapter">Service API Examples Using Curl</a></p>
            <h4>Next topic</h4>
            <p class="topless"><a href="external-auth.html"
                                  title="next chapter">Using external authentication with Keystone</a></p>
            <h3>This Page</h3>
            <ul class="this-page-menu">
              <li><a href="_sources/apache-httpd.txt"
                     rel="nofollow">Show Source</a></li>
            </ul>
          <div id="searchbox" style="display: none">
            <h3>Quick search</h3>
              <form class="search" action="search.html" method="get">
                <input type="text" name="q" size="18" />
                <input type="submit" value="Go" />
                <input type="hidden" name="check_keywords" value="yes" />
                <input type="hidden" name="area" value="default" />
              </form>
              <p class="searchtip" style="font-size: 90%">
              Enter search terms or a module, class or function name.
              </p>
          </div>
          <script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="genindex.html" title="General Index"
             accesskey="I">index</a></li>
        <li class="right" >
          <a href="external-auth.html" title="Using external authentication with Keystone"
             accesskey="N">next</a> |</li>
        <li class="right" >
          <a href="api_curl_examples.html" title="Service API Examples Using Curl"
             accesskey="P">previous</a> |</li>
        <li><a href="index.html">keystone  documentation</a> &raquo;</li> 
      </ul>
    </div>
    <div class="footer">
        &copy; Copyright 2012, OpenStack, LLC.
      Last updated on Oct 21, 2014.
      Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.2.2.
    </div>
  </body>
</html>

APT Browse - Built by Thomas Orozco.