Ironic API fails when keystone /v2.0 pipeline is disabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ironic |
Fix Released
|
High
|
Pavlo Shchelokovskyy |
Bug Description
Looks like Ironic cannot function with just Keystone /v3 API. Found this when i am trying to completely disable keystone /v2 usage in devstack (https:/
Stack trace in ir-api log:
2015-09-11 14:02:34.244 11471 WARNING keystonemiddlew
2015-09-11 14:02:34.250 11471 WARNING keystonemiddlew
2015-09-11 14:02:34.250 11471 DEBUG keystonemiddlew
2015-09-11 14:02:34.250 11471 ERROR keystonemiddlew
2015-09-11 14:02:34.250 11471 ERROR keystonemiddlew
2015-09-11 14:02:34.250 11471 ERROR keystonemiddlew
2015-09-11 14:02:34.250 11471 ERROR keystonemiddlew
2015-09-11 14:02:34.250 11471 ERROR keystonemiddlew
2015-09-11 14:02:34.250 11471 ERROR keystonemiddlew
2015-09-11 14:02:34.250 11471 ERROR keystonemiddlew
2015-09-11 14:02:34.252 11471 DEBUG keystonemiddlew
Evidence from keystone-access logs:
127.0.0.1 - - [11/Sep/
127.0.0.1 - - [11/Sep/
127.0.0.1 - - [11/Sep/
(picked from http://
Changed in ironic: | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in ironic: | |
assignee: | nobody → Pavlo Shchelokovskyy (pshchelo) |
dims, can you please be more specific on how to reproduce this?
unfortunately I can not install devstack with V3 only (various places are failing, seems that handling of ENABLE_ IDENTITY_ V2=False is not supported in DevStack for most of the services)
but using a standard install with both V2 and V3 when I do the following
$ export IDENTITY_ API_VERSION= 3 devstack/ openrc admin admin domain- name default --os-project- domain- name default driver-list
$ . /opt/stack/
$ ironic --os-user-
I see tokens being validated against V3 only