)]}'
{"docker/services/keystone.yaml":[{"author":{"_account_id":8449,"name":"Marios Andreou","email":"marios.andreou@gmail.com","username":"marios"},"change_message_id":"934c337fec4f8dedeb45eaa76bf44af3aebc2c62","unresolved":false,"context_lines":[{"line_number":189,"context_line":"            environment:"},{"line_number":190,"context_line":"              - KOLLA_CONFIG_STRATEGY\u003dCOPY_ALWAYS"},{"line_number":191,"context_line":"        step_4:"},{"line_number":192,"context_line":"          # There are cases where we need to refresh keystone after the resource provisioning,"},{"line_number":193,"context_line":"          # such as the case of using LDAP backends for domains. So we trigger a graceful"},{"line_number":194,"context_line":"          # restart [1], which shouldn\u0027t cause service disruption, but will reload new"},{"line_number":195,"context_line":"          # configurations for keystone."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"bf659307_84156ee7","line":192,"range":{"start_line":192,"start_character":15,"end_line":192,"end_character":27},"updated":"2018-04-02 07:41:07.000000000","message":"just wondering if we need to also replicate this behaviour for puppet/keystone.yaml @ keystone wsgi apache https://github.com/openstack/tripleo-heat-templates/blob/e947c7e610e45d07da537a102f3309a34823b6d7/puppet/services/keystone.yaml#L399","commit_id":"ffc14e3067e6eb0039dceec9656f07d7663dc87f"},{"author":{"_account_id":10873,"name":"Juan Antonio Osorio Robles","email":"jaosorior@redhat.com","username":"ejuaoso"},"change_message_id":"77808ef55eb65ae65d29b6584f18367035a2f42f","unresolved":false,"context_lines":[{"line_number":189,"context_line":"            environment:"},{"line_number":190,"context_line":"              - KOLLA_CONFIG_STRATEGY\u003dCOPY_ALWAYS"},{"line_number":191,"context_line":"        step_4:"},{"line_number":192,"context_line":"          # There are cases where we need to refresh keystone after the resource provisioning,"},{"line_number":193,"context_line":"          # such as the case of using LDAP backends for domains. So we trigger a graceful"},{"line_number":194,"context_line":"          # restart [1], which shouldn\u0027t cause service disruption, but will reload new"},{"line_number":195,"context_line":"          # configurations for keystone."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"bf659307_b66e96fd","line":192,"range":{"start_line":192,"start_character":15,"end_line":192,"end_character":27},"in_reply_to":"bf659307_84156ee7","updated":"2018-04-03 04:56:57.000000000","message":"The puppet case is already managed here https://github.com/openstack/puppet-keystone/blob/master/manifests/ldap_backend.pp#L610\n\nThat refresh of the keystone_restart exec doesn\u0027t get run on the container scenario though. So we need to use another container for that.","commit_id":"ffc14e3067e6eb0039dceec9656f07d7663dc87f"},{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"81528ea944840841beaa397ebcc92b34a8671f74","unresolved":false,"context_lines":[{"line_number":199,"context_line":"            action: exec"},{"line_number":200,"context_line":"            user: root"},{"line_number":201,"context_line":"            command:"},{"line_number":202,"context_line":"              [ \u0027keystone\u0027, \u0027pkill\u0027, \u0027--signal\u0027, \u0027USR1\u0027, \u0027httpd\u0027 ]"},{"line_number":203,"context_line":"      docker_puppet_tasks:"},{"line_number":204,"context_line":"        # Keystone endpoint creation occurs only on single node"},{"line_number":205,"context_line":"        step_3:"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"bf659307_cd3946d7","line":202,"updated":"2018-04-02 15:20:07.000000000","message":"What part of the configuration is getting missed/changed after keystone is launched?  The domain config should have been written by the puppet_config. We fixed this in https://review.openstack.org/#/c/527758/. The bug report seems to indicate they don\u0027t have this patch.","commit_id":"ffc14e3067e6eb0039dceec9656f07d7663dc87f"},{"author":{"_account_id":10873,"name":"Juan Antonio Osorio Robles","email":"jaosorior@redhat.com","username":"ejuaoso"},"change_message_id":"77808ef55eb65ae65d29b6584f18367035a2f42f","unresolved":false,"context_lines":[{"line_number":199,"context_line":"            action: exec"},{"line_number":200,"context_line":"            user: root"},{"line_number":201,"context_line":"            command:"},{"line_number":202,"context_line":"              [ \u0027keystone\u0027, \u0027pkill\u0027, \u0027--signal\u0027, \u0027USR1\u0027, \u0027httpd\u0027 ]"},{"line_number":203,"context_line":"      docker_puppet_tasks:"},{"line_number":204,"context_line":"        # Keystone endpoint creation occurs only on single node"},{"line_number":205,"context_line":"        step_3:"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"bf659307_d6330a13","line":202,"in_reply_to":"bf659307_cd3946d7","updated":"2018-04-03 04:56:57.000000000","message":"This is not a problem with the configuration not being there. It\u0027s a problem with keystone not being restarted/refreshed. Seems folks were doing the restart/refresh manually after the deployment in order to get the new domains available (this is what I\u0027m trying to fix).\n\nThis is the standard way of adding new LDAP backed domains. we were already doing something similar in puppet: https://github.com/openstack/puppet-keystone/blob/master/manifests/ldap_backend.pp#L610 . But this behavior got broken when containers came along (I need to backport this to pike).\n\nThe restart is even part of the official documentation https://docs.openstack.org/keystone/pike/admin/identity-integrate-with-ldap.html#integrate-identity-back-end-with-ldap (check step 8 of \"To integrate multiple Identity back ends with LDAP\")","commit_id":"ffc14e3067e6eb0039dceec9656f07d7663dc87f"}]}