| 2012-11-21 16:06:55 |
Boden R |
description |
This scenario occurs under the following conditions:
* A service of a given type (for example 'compute') is registered in keystone.
* There are more than 1 endpoints in keystone for the associated service's type. For example there are 2 different endpoints in keystone, both for the compute service of the 'compute' type.
In the above scenario a response from the POST /tokens API only returns a single endpoint per service type. So for example in the above scenario my endpoint catalog in the POST /tokens response would only include 1 'compute' service endpoint -- the other is not returned.
Note that in this scenario you can still use the admin API for GET /services -- this will return all endpoints regardless of if there are multiple endpoints for a single service.
See keystone.catalog.backend.sql.get_catalog()
To repo you can use the templated catalog driver with this templated catalog:
-------------
# config for TemplatedCatalog, using camelCase because I don't want to do
# translations for keystone compat
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0
catalog.RegionOne.identity.adminURL = http://localhost:$(admin_port)s/v2.0
catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0
catalog.RegionOne.identity.name = Identity Service
# fake compute service for now to help novaclient tests work
catalog.RegionOne.compute.publicURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.adminURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.internalURL = http://localhost:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.name = Compute Service
# 2nd compute endpoint for bug repo
catalog.RegionOne.compute.publicURL = http://localhost2:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.adminURL = http://localhost2:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.internalURL = http://localhost2:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.name = Compute Service
catalog.RegionOne.volume.publicURL = http://localhost:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.adminURL = http://localhost:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.internalURL = http://localhost:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.name = Volume Service
catalog.RegionOne.ec2.publicURL = http://localhost:8773/services/Cloud
catalog.RegionOne.ec2.adminURL = http://localhost:8773/services/Admin
catalog.RegionOne.ec2.internalURL = http://localhost:8773/services/Cloud
catalog.RegionOne.ec2.name = EC2 Service
catalog.RegionOne.image.publicURL = http://localhost:9292/v1
catalog.RegionOne.image.adminURL = http://localhost:9292/v1
catalog.RegionOne.image.internalURL = http://localhost:9292/v1
catalog.RegionOne.image.name = Image Service
-------------
When you do a POST /tokens, you get back a token which contains only a single set of endpoint links for 'compute':
{
"endpoints_links":[
],
"endpoints":[
{
"adminURL":"http://localhost2:8774/v1.1/6f8945f2d47f4abea149b7a0176b12a8",
"region":"RegionOne",
"internalURL":"http://localhost2:8774/v1.1/6f8945f2d47f4abea149b7a0176b12a8",
"publicURL":"http://localhost2:8774/v1.1/6f8945f2d47f4abea149b7a0176b12a8"
}
],
"type":"compute",
"name":"Compute Service"
}, |
This scenario occurs under the following conditions:
* A service of a given type (for example 'compute') is registered in keystone.
* There are more than 1 endpoints in keystone for the associated service's type for a given region. For example there are 2 different endpoints in keystone, both for the compute service of the 'compute' type and both in the region 'RegionOne'.
In the above scenario a response from the POST /tokens API only returns a single endpoint per service type (per region). So for example in the above scenario my endpoint catalog in the POST /tokens response would only include 1 'compute' service endpoint -- the other is not returned.
Note that in this scenario you can still use the admin API for GET /services -- this will return all endpoints regardless of if there are multiple endpoints for a single service.
See keystone.catalog.backend.sql.get_catalog()
To repo use the SQL catalog driver:
* Define a service of type 'compute'
* Define 2 different endpoints which contain different urls but both endpoint definitions are for the service created in the previous step. Both of these endpoints should be defined using the same region.
* Use POST /tokens on keystone to to authenticate.
* Inspect the response token.
==> You will see it only includes 1 endpoint definition for the 'compute' service.
Example from my system using MySQL backed catalog:
(1) My keystone.service table has the following service defined:
| d0912023a0304d5191ca95d59b19c8e0 | compute | {"description": "Nova Compute Service", "name": "nova"}
(2) My keystone.endpoint table has the following endpoints associated with that service:
| d2299650573a46cf8ff7eebb6f7871dc | RegionOne | d0912023a0304d5191ca95d59b19c8e0 | {"adminurl": "http://localhost:8774/v2/%(tenant_id)s", "internalurl": "http://localhost:8774/v2/%(tenant_id)s", "publicurl": "http://localhost:8774/v2/%(tenant_id)s"} |
| 80d2546f347d41f8b10a313f1bbf4726 | RegionOne | d0912023a0304d5191ca95d59b19c8e0 | {"publicurl":"http://somehost:8992/v2"} |
| 27aeb73ff319405f946fe1fff785b3fb | us-southeast | d0912023a0304d5191ca95d59b19c8e0 | {"adminurl": "http://us-se.ibm.com:4302/v2.0", "internalurl": "http://us-se.ibm.com:4301/v2.0", "publicurl": "http://us-se.ibm.com:4300/v2.0"} |
(3) A POST /tokens response to obtain an admin user scoped token contains the following endpoints for 'compute':
"endpoints":[
{
"adminURL":"http://localhost:8774/v2/6f8945f2d47f4abea149b7a0176b12a8",
"region":"RegionOne",
"publicURL":"http://localhost:8774/v2/6f8945f2d47f4abea149b7a0176b12a8",
"internalURL":"http://localhost:8774/v2/6f8945f2d47f4abea149b7a0176b12a8",
"id":"d2299650573a46cf8ff7eebb6f7871dc"
},
{
"adminURL":"http://us-se.ibm.com:4302/v2.0",
"region":"us-southeast",
"publicURL":"http://us-se.ibm.com:4300/v2.0",
"internalURL":"http://us-se.ibm.com:4301/v2.0",
"id":"27aeb73ff319405f946fe1fff785b3fb"
}
],
"type":"compute",
"name":"nova"
},
As shown in the JSON snippet below, only 1 of the RegionOne compute endpoints is in the token's catalog.
Additional Notes:
* I don't believe this scenario is valid using the templated driver as it appears the template format is not robust enough to allow you to define multiple endpoint per service.. I could be wrong, but IMO something like SQL is more realistic anyway.
* There is a similar issue here if you try to define multiple services of the same type (for example 'compute') but each service having its own name and description. In this case you only get 1 of the services since the catalog is indexed by region/type and hence you get at most 1 service of a given type per region. |
|
