no way to publish-image if nova uses keystone (no EC2_CERT)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Vish Ishaya |
Bug Description
prior to keystone, the user would get credentials via
nova-manage project zipfile
and in the zip file was a .pem file there was a pk.pem, and cert.pem file. These could then be used wherever there was a need for 'EC2_CERT' and 'EC2_PRIVATE_KEY' respectively.
In EC2, almost everything has moved to using the REST api, which does authentication via secret key and access key. The one set of tools that still needs the cert and private key path is the ec2-api-tools. The only functionality that i'm aware of that *depends* on those is bundle-image (ec2-bundle-image, euca-bundle-image).
In a openstack system set up to use keystone, there is no way to get certificate and private key, and thus no way to publish an image via the bundle-
Changed in nova: | |
assignee: | nobody → Vish Ishaya (vishvananda) |
status: | Confirmed → In Progress |
Changed in nova: | |
status: | Fix Committed → In Progress |
Changed in nova: | |
milestone: | none → essex-3 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | essex-3 → 2012.1 |
I think that asks the question of how badly we want to support bundle-image in Nova. Its interdependency with S3 makes it a bit of an oddball in EC2 too :)