Mitaka nova keystone_authtoken missing auth_uri
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Cloud Controller Charm |
Fix Released
|
High
|
Liam Young | ||
nova-cloud-controller (Juju Charms Collection) |
Invalid
|
High
|
Liam Young |
Bug Description
I've been deploying a Mitaka openstack using the trusty-mitaka cloud archives and have noticed something odd with the nova.conf keystone_authtoken section. We've been using the auth_uri setting in our verification scripts to ensure that the keystone VIP is being used, and this has broken that validation. Investigating this has shown what appears to be a confusing situation.
With earlier version (Liberty and below) that section has an auth_uri and identity_uri setting which looks like:
identity_uri = http://<keystone_
auth_uri = http://<keystone_
Mitaka however has only an auth_url setting, like:
auth_url = http://<keystone_
and also has a warning in nova-api-
2016-03-14 12:46:33.586 124365 WARNING keystonemiddlew
The best explanation of the difference I've found is at http://
I suspect we need at least an auth_uri setting in the nova.conf pointing to the publicURL endpoint for keystone.
This was tested with trusty servers deployed using MaaS 1.9.1+bzr4543-
Please let me know if you need any more information about this.
Related branches
- Billy Olsen: Approve
- Edward Hope-Morley: Needs Information
-
Diff: 44 lines (+15/-13)2 files modifiedcharmhelpers/contrib/openstack/templates/section-keystone-authtoken (+5/-13)
charmhelpers/contrib/openstack/templates/section-keystone-authtoken-legacy (+10/-0)
Changed in nova-cloud-controller (Juju Charms Collection): | |
status: | Confirmed → In Progress |
Changed in charm-nova-cloud-controller: | |
assignee: | nobody → Liam Young (gnuoy) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in nova-cloud-controller (Juju Charms Collection): | |
status: | In Progress → Invalid |
Changed in charm-nova-cloud-controller: | |
status: | In Progress → Fix Released |
I think we should take the install guide as authoritative. It says....
http:// docs.openstack. org/liberty/ install- guide-ubuntu/ nova-controller -install. html
[DEFAULT]
...
auth_strategy = keystone
[keystone_ authtoken] controller: 5000 controller: 35357
...
auth_uri = http://
auth_url = http://
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = NOVA_PASS
http:// docs.openstack. org/kilo/ install- guide/install/ apt/content/ ch_nova. html#nova- controller- install
[DEFAULT]
...
auth_strategy = keystone
[keystone_ authtoken] controller: 5000 controller: 35357
...
auth_uri = http://
auth_url = http://
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = NOVA_PASS
http:// docs.openstack. org/juno/ install- guide/install/ apt/content/ ch_nova. html#nova- controller- install
[DEFAULT]
...
auth_strategy = keystone
[keystone_ authtoken] controller: 5000/v2. 0 controller: 35357
...
auth_uri = http://
identity_uri = http://
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
http:// docs.openstack. org/icehouse/ install- guide/install/ apt/content/ nova-controller .html authtoken] section:
[DEFAULT]
...
auth_strategy = keystone
Add these keys to the [keystone_

[keystone_ authtoken] controller: 5000
...
auth_uri = http://
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
As bradm points out this does not match what our charms are doing.