Documentation needed to clarify how to configure auth_endpoint for image signing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Confirmed
|
Undecided
|
Kaitlin Farr | ||
openstack-manuals |
Opinion
|
High
|
Kaitlin Farr |
Bug Description
Description
===========
By default Barbican uses http://
Steps to reproduce
==================
If keystone is not on localhost then Barbican will not being able to connect to Keystone. Also, using this documentation to create a signed image:
https:/
Then booting the image using 'nova boot'.
Note: verify_
Expected result
===============
Barbican should connect to Keystone to authorize credentials when booting a signed image.
Actual result
=============
Barbican cannot connect to Keystone and booting a signed image fails.
Environment
===========
This is using the mitaka branch.
This also happens in Glance: https:/
Changed in barbican: | |
importance: | Undecided → High |
milestone: | none → pike-1 |
Changed in barbican: | |
assignee: | nobody → Kaitlin Farr (kaitlin-farr) |
Changed in nova: | |
assignee: | nobody → Kaitlin Farr (kaitlin-farr) |
Changed in openstack-manuals: | |
assignee: | nobody → Kaitlin Farr (kaitlin-farr) |
no longer affects: | barbican |
Basically it's really non-obvious to figure out what needs to be configured to get image signing to work in Nova.
Glance has some documentation:
https:/ /review. openstack. org/#/c/ 333209/
which tries to help users/admins through the process.
It would be great to see something equivalent for nova.