OpenStack Identity (keystone)

Keystone version discovery is broken if you configure admin_endpoint and public_endpoint in conf file

Bug #1483860 reported by Haneef Ali
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Opinion
Low
Unassigned

Bug Description

Keystone version discovery is broken if you configure admin_endpoint and public_endpoint in conf file. Version discovery is supposed to return the configured endpoint, but it will always return "admin" endpoint. This bug is in Juno/Kilo/master. This is only applicable for v3

In master
----------
Please have a look at https://github.com/openstack/keystone/blob/master/keystone/service.py#L130

V3 doesn't have public and admin factories. There is only one factory and we are installing only Version("public"), so it is always going to return public_endpoint configured in conf file

Juno
------
In juno it is bit different
https://github.com/openstack/keystone/blob/stable/juno/keystone/service.py#L114

We are installing both "Version(Public") and Version("Admin") at /v3. First will take prcedence and here we will always get "admin" endpoint.

Haneef Ali (haneef)
Changed in keystone:
assignee: nobody → Haneef Ali (haneef)
Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → Low
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/213379

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
Haneef Ali (haneef) wrote :

Dolph,

IMO this is a major bug which should be backported. If keystone is deployed using haproxy or external loadbalancer then they will definitely want to configure different endpoint in the CONF file. If that is the case, all the service clients such as nova-client, glance-client etc will fail for v3

In our case, we configured ssl for public endpoint and http for endpoint. None of the clients are working if they use
OS_AUTH_URL= PUBLIC_URL:5000/v3

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (master)

Change abandoned by Haneef Ali (<email address hidden>) on branch: master
Review: https://review.openstack.org/213379

Revision history for this message
Steve Martinelli (stevemar) wrote :

Change was abandoned, no recent activity, and affects Juno (which is EOL) and Kilo (which is nearing EOL), marking as opinion for now.

Changed in keystone:
status: In Progress → Opinion
assignee: Haneef Ali (haneef) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.