Unfortunatly, the test day scheduled for Tuesday happens to fall during
my Family vacation. There are a couple of things I would love to have
tested.
In Foslom, my largest feature is PKI Tokens and their revocation. I am
not sure if the revocation code will land in the Fedora repo yet, as it
was committed after the F3 milestone was cut.
To check that is has been merged, look in the Keystone config file
under the section
[signing]
you should see a commented out value:
#token_format = PKI
To activate the PKI tokens, uncomment this value and restart Keystone.
When you run keystone token-get, the tokens should now be several lines
long.
By default, the services like glance, nova, and the like store their
cached version of certificates etc in ~/keystone-signing/. I tend to
test against glance so after running
glance image-list
you will see:
$ ls ~/keystone-signing/
cacert.pem revoked.pem signing_cert.pem
To modify the place that these files get saved, to put them in the more
correct location of /var/cache, create a directory /var/cache/$USER
where $USER is glance, etc. Modify the config file for the appropriate
service to set:
[signing]
signing_dir = /var/cache/glance
This should also test Alan Pevec's change that configuration should be
read from the paste-config file of the application, as opposed to
Keystone's config file.
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
