Comment 4 for bug 1563011

sounds greats. Thanks, Fawad.
Let me rephrase the solution a bit to make sure I understand you correctly.

The kuryr configuration file generated from Kolla ansible [1] task will be something like

[binding]
admin_user = admin
admin_tenant_name = admin
admin_password = keystone_admin_password

#DEPRECATED, we will not use token for kuryr
admin_token =

auth_uri = https://192.168.10.101:35357/v3

--------------- END OF FILE ------------

This patch will identify this is a v3 auth type. However, this patch will generate token from the admin_user and admin_password.

However, how can you authenticate with keystone because this token is not issued by keystone? Keystone has no knowledge about the token generated by kuryr.

[1] https://review.openstack.org/#/c/298894/10/ansible/roles/kuryr/templates/kuryr.conf.j2
- Hui