)]}' { "log": [ { "commit": "fe1d3d6a7b3faa804800292c48f6ed2d75157963", "tree": "1adf3f560206179f104c61d0c5fba848ae7f7b3e", "parents": [ "477c55866bc5ee7d46b947da794c77f141d60e79" ], "author": { "name": "Jordan Pittier", "email": "jordan.pittier@scality.com", "time": "Wed Mar 15 13:27:20 2017 +0100" }, "committer": { "name": "Jordan Pittier", "email": "jordan.pittier@scality.com", "time": "Fri Mar 17 15:43:36 2017 +0000" }, "message": "Apache Keystone Template: reduce the number of processes to 3\n\nNow Apache2 has 5 dedicated processes for Keystone Admin and 5 for\nKeystone Public. As each Apache process consumes some memory and\nwe arbitrarly decided 5 was a good number more than 2 years ago,\nmaybe now (with the recent memory pressure we feel) is a good time\nto reconcider.\n\nWith 5 processes our peakmem_tracker.py script reports a max RSS size\nfor the \"wsgi:keystone-ad\" and \"wsgi:keystone-pu\" processes of\n2 (public and admin) * 5 (number of processes) * 90 Mo (RSS of each\nprocess) \u003d 900 Mo.\n\nWith 3 processes, the overall max RSS for Keystone is\n2 * 3 * 90 \u003d 540 Mo.\n\nNote that this is RSS memory, but using the \"smem\" linux command on\nmy laptop, I noticed that the USS (Unique set size, i.e RSS excluding\nshared memory) is around 80Mo per process. So reducing the number of\nprocesses will actually reduce memory consumption.\n\nChange-Id: Iba72d94aa15ecaa87c0115ad26d6bpeakmem_tracker62d5b3bea0a\n" }, { "commit": "ee548bc2bf409cffd4d131e5d6cf481704e50d89", "tree": "8b7d937e0d1a0878f092f138e1b6ce6094dfe643", "parents": [ "c18b804b161647452283a243b9c55eb14a416d26", "a1e1f5128a22a7d0cdc8136063d27d64c270021d" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Fri Dec 02 15:27:47 2016 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Fri Dec 02 15:27:47 2016 +0000" }, "message": "Merge \"Add keystone VirtualHost for port 443 when USE_SSL is True\"" }, { "commit": "04e69de6c513e1cddaaa74eb2ff428a5db4d223b", "tree": "0584e3049c750a2f72876ffed8dbf3dae1f03fdc", "parents": [ "7957489003137280aaa20415f5dc601a8276181e" ], "author": { "name": "Jamie Lennox", "email": "jamielennox@gmail.com", "time": "Wed Jul 27 08:05:05 2016 +1000" }, "committer": { "name": "Sean Dague", "email": "sean@dague.net", "time": "Mon Sep 26 14:44:40 2016 +0000" }, "message": "Mount identity admin script at /identity_admin\n\nThe /identity_admin endpoint is the port 80/443 equivalent of the\nservice that typically runs on port 35357. In v2 some operations must be\nperformed on the admin endpoint whereas on v3 the services on 5000 and\n35357 are exactly the same. This would be why the service was mounted at\n/identity_v2_admin however that is misleading because both the v2 and v3\nservices are present on that endpoint.\n\nThis is particularly confusing because we set this as the OS_AUTH_URL\nendpoint and it makes it seem like we are doing v2 authentication when\nwe are not.\n\nChange-Id: If73735026079fb19ca5bd44b3a4dc1f507b5c99d\n" }, { "commit": "a1e1f5128a22a7d0cdc8136063d27d64c270021d", "tree": "ba77b5a196c66099d0437dd2d3b85dc621e0d9fe", "parents": [ "61b319787bbd0af7f3cc1feb71cef0bef6dab373" ], "author": { "name": "Rob Crittenden", "email": "rcritten@redhat.com", "time": "Wed Jul 20 18:12:09 2016 -0400" }, "committer": { "name": "Rob Crittenden", "email": "rcritten@redhat.com", "time": "Wed Jul 20 18:15:00 2016 -0400" }, "message": "Add keystone VirtualHost for port 443 when USE_SSL is True\n\nAdd a VirtualHost that defines the necessary options for\nenabling SSL. The existing keystone Apache configuration already\ndoes all the location handling.\n\nChange-Id: I836a471a7258f14f051d3dd8bdb428286b5a11aa\n" }, { "commit": "841fdafa0bc542b595b267428c5d929bf0726205", "tree": "17524776a82b40151458eabc939a4803bf3156a4", "parents": [ "13b3be10a754c0e0f9fb31ce824d5f2d9cc905de" ], "author": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Sun Jun 21 10:08:22 2015 -0500" }, "committer": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Mon May 02 19:10:18 2016 -0500" }, "message": "Use path-mounted keystone when running in httpd\n\nWhen running in httpd, keystone accepts requests on /identity and\n/identity_v2_admin.\n\nThe path endpoints should be preferred over the ports so keystone\nis configured to point applications to the path endpoints by\nsetting admin_endpoint and public_endpoint.\n\nChange-Id: I34569b9e03c3f36748c92d803349e22a7ee1a633\n" }, { "commit": "da1cc5780d9501f5705a5e9844e819067514217f", "tree": "0a951412ea115c4c84f176e739ac0276aaa91495", "parents": [ "e20cb43fd691c77919d77618bce46bc8c3e4de11" ], "author": { "name": "Morgan Fainberg", "email": "morgan.fainberg@gmail.com", "time": "Tue Feb 02 09:09:28 2016 -0800" }, "committer": { "name": "Morgan Fainberg", "email": "morgan.fainberg@gmail.com", "time": "Mon Feb 08 11:36:37 2016 -0800" }, "message": "Remove microseconds from apache log(s)\n\nRemove the microseconds from the apache logs and move back to using\nmilliseconds. There is no longer any 2.2 workarounds in the keystone\nsetup process.\n\nChange-Id: I8787eee41fbde1f9794aeffe1e862af0d5117bc3\n" }, { "commit": "382f982e51d6117cf8d478b94f975455dabe4ce9", "tree": "b11ab62f1c339374854033f9388937ec87ae2511", "parents": [ "2a16b512640afd6290a4f023e359b83d7052a0de" ], "author": { "name": "Julien Danjou", "email": "julien@danjou.info", "time": "Mon Sep 21 14:19:52 2015 +0000" }, "committer": { "name": "Julien Danjou", "email": "julien@danjou.info", "time": "Tue Sep 22 07:04:18 2015 +0000" }, "message": "keystone: fix prefixed URL\n\nCommit 2ad1a42ca667ff21e6f7d2ae906be23a20430036 broke entirely the\nApache configuration for Keystone when used without a port on the\n/identity URL. This patch fixes that.\n\nChange-Id: I47805138c66456c9c5fa9af1f4ac33b03d0ce5b9\n" }, { "commit": "2ad1a42ca667ff21e6f7d2ae906be23a20430036", "tree": "029d5b293978355b381b7d4db83025360e477c49", "parents": [ "b1ea5eacbc173a0acc162dc486d17154d509a430" ], "author": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Tue Jun 23 10:53:50 2015 -0500" }, "committer": { "name": "Sean Dague", "email": "sean@dague.net", "time": "Tue Aug 25 11:01:05 2015 -0400" }, "message": "Use keystone wsgi_scripts\n\nDevstack was setting up a separate directory and copying\nhttp/keystone.py into it for the admin and public endpoints.\n\nKeystone now defines wsgi_scripts entrypoints so that\nkeystone-wsgi-admin and keystone-wsgi-public are created on\ninstall so devstack can reference these files instead.\n\nSee http://httpd.apache.org/docs/2.4/upgrading.html#access for\nthe apache docs with examples for the Allow|Deny/Require\ndirectives.\n\nDepends-On: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace\nChange-Id: Ided688be62b64066d90776313c963ec5016363f2\n" }, { "commit": "3bae7d48c0bd283779c206152e6dcfa4c5883521", "tree": "b0d151940bf6ed85723a1df2d15c3bb711a176e6", "parents": [ "7af8a1b9b3180da54e2c9505228ad722db44ca27" ], "author": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Sun Jun 21 09:56:17 2015 -0500" }, "committer": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Wed Jun 24 15:58:47 2015 -0500" }, "message": "Keystone also handle /identity and /identity_admin\n\nWhen configured to run under Apache Httpd, keystone will also\nhandle requests on /identity (public) and /identity_admin (admin).\n\nChange-Id: I4e6eb0cad1603aa0e612d0adc5431565da93870e\n" }, { "commit": "a80cb815fff0b625718550a2f19a0be08c1af6a1", "tree": "437f28f90c22d847ba362e4baec54fa2a2c084f5", "parents": [ "c2a3d3f16b130613d5e167a1123415662e42be0e" ], "author": { "name": "Morgan Fainberg", "email": "morgan.fainberg@gmail.com", "time": "Thu Mar 12 17:55:51 2015 -0700" }, "committer": { "name": "Morgan Fainberg", "email": "morgan.fainberg@gmail.com", "time": "Mon Apr 20 17:43:44 2015 +0000" }, "message": "Add response time to keystone access log\n\nAdd the response time to keystone\u0027s access log for each request. This\nwill be the last element in the log-line and will be represented in\nmicroseconds.\n\nChange-Id: I19204369af5cdf06df2237550c350dfb3ffc995d\n" }, { "commit": "f8ae647f2eabfd06c1006a1c3c92a3ef78578cfa", "tree": "1f61277b55cf28fb8390a0cc516503e614bf777e", "parents": [ "5686dbc45dbdc552080592e31bed63b0f201717e" ], "author": { "name": "Dean Troyer", "email": "dtroyer@gmail.com", "time": "Tue Feb 17 11:05:06 2015 -0600" }, "committer": { "name": "Dean Troyer", "email": "dtroyer@gmail.com", "time": "Fri Mar 20 10:47:37 2015 -0500" }, "message": "Install Keystone into its own venv\n\nConfigure Apache to use the Keystone venv.\n\nChange-Id: I86f1bfdfd800f5b818bfb5c4d2750ff732049107\n" }, { "commit": "1f316beb2052b715f077ef42279361026d1a24c3", "tree": "fedb4063e69caff48b005ccc7102a47aec971f55", "parents": [ "55383f1a9bb2538b3e6add6dd9bf38080b910492" ], "author": { "name": "Attila Fazekas", "email": "afazekas@redhat.com", "time": "Mon Jan 26 16:39:57 2015 +0100" }, "committer": { "name": "Attila Fazekas", "email": "afazekas@redhat.com", "time": "Tue Jan 27 09:22:52 2015 +0100" }, "message": "Remove rhel6 and py26 support\n\nel6 is shipped with Python 2.6.x which is not expected\nto be supported with the openstack kilo release.\n\nFor el6 support we need to do lot of thing differently,\nwhich makes the code more complicated.\n\nThis change removes el6 and py26 support from devstack.\n\nThis change also removed a discontinued (1 year ago)\nopenSUSE 12.2 code path, which used a similar codepath as el6.\n\nSeveral comment related to el6 also removed or modified.\n\nChange-Id: Iea0b0c98a5e11fd85bb5e93c099f740fe05d2f3a\n" }, { "commit": "b57f636ec8fc648917c05c80469473d4f1deb14e", "tree": "23ec2d1326f5169b1afd768e9b5236a69fcd60ec", "parents": [ "7f8028069883b8214bd2aae56f78514a4fddddbe" ], "author": { "name": "Steve Martinelli", "email": "stevemar@ca.ibm.com", "time": "Mon Dec 15 20:55:54 2014 -0500" }, "committer": { "name": "Steve Martinelli", "email": "stevemar@ca.ibm.com", "time": "Mon Dec 15 20:55:54 2014 -0500" }, "message": "Add WSGIPassAuthorization to the admin port too\n\nAccidentally only added WSGIPassAuthorization to the public port,\nlike all the other WSGI props, it should be added for both ports.\n\nChange-Id: I4e52e0881df464dfb7b28e22581f462e14e37bdb\n" }, { "commit": "dc31f76a27a909d010408428d938121b3abd3101", "tree": "59cf5a53eeda21b9693e57f3c820bf1bcd8345b4", "parents": [ "3b782d304ec2073a6406c37b9e1a76c8aecfc9a3" ], "author": { "name": "Steve Martinelli", "email": "stevemar@ca.ibm.com", "time": "Sat Dec 13 23:34:15 2014 -0500" }, "committer": { "name": "Steve Martinelli", "email": "stevemar@ca.ibm.com", "time": "Sat Dec 13 23:34:15 2014 -0500" }, "message": "Add WSGIPassAuthorization to the keystone apache template\n\nFor the OS-OAUTH1 Keystone extension to fully work under Apache,\nthe WSGIPassAuthorization parameter must be set to On, rather\nthan the default of Off. This will make functional testing of\nthis extension much easier.\n\nChange-Id: I5dcbdd27e7ef7a60fe3c7cb8b9c3c83b4197dfc1\n" }, { "commit": "18d4778cf7bffa60eb2e996a13c129c64f83575f", "tree": "d6d934b05026d32d6942b34a5e3a359202b3996c", "parents": [ "d60c10d6dbe44445aaab9e3fcc0127e39e989f40" ], "author": { "name": "Rob Crittenden", "email": "rcritten@redhat.com", "time": "Wed Mar 19 17:47:42 2014 -0400" }, "committer": { "name": "Rob Crittenden", "email": "rcritten@redhat.com", "time": "Wed Sep 24 18:36:37 2014 -0400" }, "message": "Configure endpoints to use SSL natively or via proxy\n\nConfigure nova, cinder, glance, swift and neutron to use SSL\non the endpoints using either SSL natively or via a TLS proxy\nusing stud.\n\nTo enable SSL via proxy, in local.conf add\n\nENABLED_SERVICES+\u003d,tls-proxy\n\nThis will create a new test root CA, a subordinate CA and an SSL\nserver cert. It uses the value of hostname -f for the certificate\nsubject. The CA certicates are also added to the system CA bundle.\n\nTo enable SSL natively, in local.conf add:\n\nUSE_SSL\u003dTrue\n\nNative SSL by default will also use the devstack-generate root and\nsubordinate CA.\n\nYou can override this on a per-service basis by setting\n\n\u003cSERVICE\u003e_SSL_CERT\u003d/path/to/cert\n\u003cSERVICE\u003e_SSL_KEY\u003d/path/to/key\n\u003cSERVICE\u003e_SSL_PATH\u003d/path/to/ca\n\nYou should also set SERVICE_HOST to the FQDN of the host. This\nvalue defaults to the host IP address.\n\nChange-Id: I36fe56c063ca921131ad98439bd452cb135916ac\nCloses-Bug: 1328226\n" }, { "commit": "14f6c50b187d0d35c0d344700de06fa478845237", "tree": "49c49eb702dc1505abb6ef6ef0cc2d4d2ee58085", "parents": [ "8fe3f70efd6c74479d2f17b789976fb3dfb8efd2", "b4495eb410e3ad348700f127dcf7c0562014c325" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Thu Sep 25 03:43:29 2014 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Thu Sep 25 03:43:29 2014 +0000" }, "message": "Merge \"Use mod_version to clean-up apache version matching\"" }, { "commit": "8b3217e31083625667225e5cddadf99d430a6206", "tree": "40fdc3e02b05c5767aaf9cb07571b7cc23efaa9a", "parents": [ "7a68f21b296464aed54da7e3c8f3e5de238ce61d", "2a6ce7197e5da9fddddaba2faff2a18c04ece957" ], "author": { "name": "Jenkins", "email": "jenkins@review.openstack.org", "time": "Mon Sep 08 16:23:11 2014 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Mon Sep 08 16:23:11 2014 +0000" }, "message": "Merge \"Change httpd Keystone access log to keystone_access.log\"" }, { "commit": "b4495eb410e3ad348700f127dcf7c0562014c325", "tree": "a2af0cc87edd09d37ab764ebc014264c60b79a00", "parents": [ "3d458eb703e52606d8aa8d58757285e61cb47b8b" ], "author": { "name": "Noboru Iwamatsu", "email": "n_iwamatsu@jp.fujitsu.com", "time": "Wed Jul 02 18:31:31 2014 +0900" }, "committer": { "name": "Ian Wienand", "email": "iwienand@redhat.com", "time": "Mon Sep 08 15:59:29 2014 +1000" }, "message": "Use mod_version to clean-up apache version matching\n\nThis change uses mod_version (shipped by default on everything we care\nabout) to set-up version-specific config within apache rather than\nwithin devstack scripts.\n\nClean up the horizon and keystone config file generation to use the\ninternal apache matching.\n\nSince I6478db385fda2fa1c75ced12d3e886b2e1152852 the apache matching in\n\u0027functions\u0027 is actually duplicated. just leave get_apache_version in\nlib/apache as it is used for config-file name matching in there.\n\nChange-Id: I6478db385fda2fa1c75ced12d3e886b2e1152852\n" }, { "commit": "d074dc7f7e37c8ff1ce781f0bbc7f88196567f00", "tree": "60995ba98b831d71ccb931f357fd4d11573a0046", "parents": [ "a90898d90438834ac32224162500b7d54fe2e603" ], "author": { "name": "Morgan Fainberg", "email": "morgan.fainberg@gmail.com", "time": "Tue Jun 24 21:33:39 2014 -0700" }, "committer": { "name": "Morgan Fainberg", "email": "morgan.fainberg@gmail.com", "time": "Thu Aug 28 08:39:50 2014 -0700" }, "message": "Use the apache 2.4 ErrorLogFormat directive\n\nUse the new ErrorLogFormat directive to make the Keystone logs\nunder Apache to look like the standard oslo log format.\n\nChange-Id: Ie823abf2fa06b8ce22027c21bef455808a4a768e\n" }, { "commit": "2a6ce7197e5da9fddddaba2faff2a18c04ece957", "tree": "eaf93a05bcf32d2f158ca3968449568cddc11edd", "parents": [ "11d6bde264a90fde1d8bb8b15e9229f7af808840" ], "author": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Thu Aug 21 18:23:12 2014 -0500" }, "committer": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Tue Aug 26 18:43:41 2014 -0500" }, "message": "Change httpd Keystone access log to keystone_access.log\n\nKeystone\u0027s access log was going to httpd/access.log, which is the\ncommon place for all access logging. This made it difficult to see\nKeystone accesses apart from other access. Keystone\u0027s access log\nwill now be keystone_access.log\n\nThis makes the Keystone configuration similar to Horizon which uses\nhorizon_access.log.\n\nChange-Id: I6e5ac121302b3d138758e6c49dffa9f05ad2fb85\nPartial-Bug: #1359995\n" }, { "commit": "e1d004aa4441ec031b6b09ea67e707f9143f91c1", "tree": "fe2f538c2686dcd63b5a79c102a3c8793216dfef", "parents": [ "a8f0d966a159220af11fe0171ae6dca24bc51b97" ], "author": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Thu Aug 21 18:22:00 2014 -0500" }, "committer": { "name": "Steve Martinelli", "email": "stevemar@ca.ibm.com", "time": "Sun Aug 24 17:53:46 2014 -0400" }, "message": "Change httpd Keystone log level to default\n\nHaving Keystone\u0027s log level at debug caused a lot of uninteresting\nHttpd-related log lines to be displayed which makes debugging more\ndifficult than it should be.\n\nRather than set the log level explicitly, Keystone will use the\nHttpd server\u0027s setting, which defaults to warn.\n\nPartial-Bug: #1359995\nChange-Id: Ieef882944bafd98f7b27497a5276124b21c3e576\n" }, { "commit": "cfc9465ee0ce212287f8426a883a94c1eee675a0", "tree": "3cdcd733d089fe6ddd26251d4e7b3e64bb02905b", "parents": [ "219e9c227832371f10f718dc3d793b03904f5968" ], "author": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Thu Aug 21 18:25:29 2014 -0500" }, "committer": { "name": "Brant Knudson", "email": "bknudson@us.ibm.com", "time": "Fri Aug 22 16:49:02 2014 -0500" }, "message": "Change httpd Keystone log to keystone.log\n\nThe normal extension for log files is .log. Log rotation should\nwork because the extension is as expected.\n\nChange-Id: Ia5e42ea9d953e8395b86ab58cdef6c2d852efc94\nRelated-Bug: #1359995\n" }, { "commit": "2c95fcd60c71e0a0c0a7b3801b1a5ca17507f20b", "tree": "c6c3752be349eb7a99aabb319f316faeb1278a94", "parents": [ "6db41b9716c5a82a32818d87ad3af662ecc1382a" ], "author": { "name": "Felipe Reyes", "email": "freyes@suse.com", "time": "Thu Aug 14 17:41:55 2014 +0200" }, "committer": { "name": "Felipe Reyes", "email": "freyes@suse.com", "time": "Thu Aug 14 17:48:33 2014 +0200" }, "message": "Set display name in apache processes\n\nThis change makes apache set process group name in the process name,\nso when listing the processes the user can easily identify what\u0027s\nrunning in each apache process. This is specially useful to debug\nmemory consumption or when a process consumming too much CPU.\n\nChange-Id: I9787980052f451f452d3b8e5e51385ad5aa01e6a\n" }, { "commit": "dcdcb5ace8ea30ffe164310e6771cbffac4374ab", "tree": "0287e8267d2249937fcbea307db80e40c8ab9697", "parents": [ "5e93727a23e3922efcdd80600a0b7fce5adb62cf" ], "author": { "name": "Ian Wienand", "email": "iwienand@redhat.com", "time": "Thu Jul 17 19:54:50 2014 +1000" }, "committer": { "name": "Ian Wienand", "email": "iwienand@redhat.com", "time": "Fri Jul 18 17:52:11 2014 +1000" }, "message": "Add WSGISocketPrefix to apache keystone config\n\nI think since probably fdf1cffbd5d2a7b47d5bdadbc0755fcb2ff6d52f\ndevstack on RHEL6 fails and it comes down to:\n\n---\n2014-07-17 05:05:49.235 | +++ openstack role create admin -f value -c id\n2014-07-17 05:05:49.615 | ERROR: cliff.app Service Unavailable (HTTP 503)\n\n[Thu Jul 17 15:05:46 2014] [error] [client 10.0.2.15]\n (13)Permission denied: mod_wsgi (pid\u003d30125): Unable to connect to WSGI\n daemon process \u0027keystone-public\u0027 on\n \u0027/etc/httpd/logs/wsgi.30098.0.1.sock\u0027 after multiple attempts.\n---\n\nThe apache user doesn\u0027t have permissons to this directory. Adding\nWSGISocketPath to /var/run solves it\n\nChange-Id: If4b74019b6bd389b576fc981154bb1b3aa471c9b\n" }, { "commit": "a00e5f8810b6ca3b0b5d63cc228125e19bc91955", "tree": "fb91d81e881a549a02877141ccccabf67ea4fef4", "parents": [ "5470701e10ee68c80860d4cf7e0fa5d8a913c288" ], "author": { "name": "Jamie Lennox", "email": "jlennox@redhat.com", "time": "Tue Sep 17 12:47:03 2013 +1000" }, "committer": { "name": "Gerrit Code Review", "email": "review@openstack.org", "time": "Tue Sep 24 01:14:28 2013 +0000" }, "message": "Allow keystone to run from apache\n\nProvide a template for running keystone as a mod_wsgi process and enable\nit from configuration.\n\nBased on: https://review.openstack.org/#/c/36474/\nAlso-by: zhang-hare \u003czhuadl@cn.ibm.com\u003e\nImplements: blueprint devstack-setup-apache-keystone\n\nChange-Id: Icc9d7ddfa4a488c08816ff4ae0b53c0134a1016b\n" } ] }