OpenStack Compute (nova)

Bug #1765144
Comment #1

Comment 1 for bug 1765144

Revision history for this message

Matt Riedemann (mriedem) wrote on 2018-04-19:

(2:19:57 PM) mriedem: lbragstad: is this right? https://bugs.launchpad.net/nova/+bug/1765144
(2:19:59 PM) openstack: Launchpad bug 1765144 in OpenStack Compute (nova) "[keystone_authtoken] auth_url = http://controller:35357 port error, it should be 5000" [Undecided,New]
(2:20:40 PM) lbragstad: mriedem: yes and no
(2:20:55 PM) lbragstad: technically we removed the legacy v2.0 app in queens, so we no longer require two ports
(2:21:05 PM) lbragstad: but it certainly don't have to be port 5000, or 35357
(2:21:23 PM) mriedem: yeah looking in http://logs.openstack.org/20/554920/12/check/tempest-full/df42a0d/controller/logs/etc/nova/nova_conf.txt.gz
(2:21:27 PM) mriedem: we don't specify a port at all
(2:21:50 PM) lbragstad: oh - sure v
(2:21:52 PM) lbragstad: https://github.com/openstack/releases/blob/master/deliverables/queens/keystoneauth.yaml#L17
(2:22:00 PM) ***lbragstad fails copy/paste
(2:22:07 PM) lbragstad: auth_url = https://198.72.124.213/identity
(2:22:16 PM) mriedem: and auth_uri isn't specified at all
(2:22:44 PM) mriedem: was auth_uri keystone v1/v2 only?
(2:23:38 PM) lbragstad: you should use auth_url
(2:23:52 PM) lbragstad: auth_url and auth_uri was causing a lot of confusion
(2:23:57 PM) lbragstad: so we renamed it https://github.com/openstack/keystonemiddleware/commit/409b482253dec248ed828e92e52b09d4c02e51dd
(2:24:32 PM) lbragstad: it was ultimately a side-effect of integrating keystoneauth into keystonemiddleware
(2:27:01 PM) mriedem: ok so the note at step 5 here https://docs.openstack.org/keystone/latest/install/keystone-install-ubuntu.html#install-and-configure-components
(2:27:09 PM) mriedem: "Before the Queens release, keystone needed to be run on two separate ports to accommodate the Identity v2 API which ran a separate admin-only service commonly on port 35357. With the removal of the v2 API, keystone can be run on the same port for all interfaces."
(2:28:28 PM) openstackgerrit: Merged openstack/nova stable/ocata: Clean up volumes on boot failure https://review.openstack.org/545086
(2:28:42 PM) mriedem: lbragstad: and i'm assuming that keystone-manage bootstrap creates the identity service endpoint in the catalog?
(2:28:51 PM) lbragstad: it does
(2:29:01 PM) mriedem: so if hte docs say "--bootstrap-public-url http://controller:5000/v3/"
(2:29:11 PM) mriedem: then that's probably what the nova docs should use
(2:29:24 PM) mriedem: or internal url i guess, but they are the same in the docs
(2:30:16 PM) mriedem: ok i'll push a change to fix the nova install guide docs to remove auth_uri and change auth_url to use port 5000
(2:30:20 PM) mriedem: thanks

(2:19:57 PM) mriedem: lbragstad: is this right? https://bugs.launchpad.net/nova/+bug/1765144
(2:19:59 PM) openstack: Launchpad bug 1765144 in OpenStack Compute (nova) "[keystone_authtoken] auth_url = http://controller:35357 port error, it should be 5000" [Undecided,New]
(2:20:40 PM) lbragstad: mriedem: yes and no
(2:20:55 PM) lbragstad: technically we removed the legacy v2.0 app in queens, so we no longer require two ports
(2:21:05 PM) lbragstad: but it certainly don't have to be port 5000, or 35357
(2:21:23 PM) mriedem: yeah looking in http://logs.openstack.org/20/554920/12/check/tempest-full/df42a0d/controller/logs/etc/nova/nova_conf.txt.gz
(2:21:27 PM) mriedem: we don't specify a port at all
(2:21:50 PM) lbragstad: oh - sure v
(2:21:52 PM) lbragstad: https://github.com/openstack/releases/blob/master/deliverables/queens/keystoneauth.yaml#L17
(2:22:00 PM) ***lbragstad fails copy/paste
(2:22:07 PM) lbragstad: auth_url = https://198.72.124.213/identity
(2:22:16 PM) mriedem: and auth_uri isn't specified at all
(2:22:44 PM) mriedem: was auth_uri keystone v1/v2 only?
(2:23:38 PM) lbragstad: you should use auth_url
(2:23:52 PM) lbragstad: auth_url and auth_uri was causing a lot of confusion
(2:23:57 PM) lbragstad: so we renamed it https://github.com/openstack/keystonemiddleware/commit/409b482253dec248ed828e92e52b09d4c02e51dd
(2:24:32 PM) lbragstad: it was ultimately a side-effect of integrating keystoneauth into keystonemiddleware
(2:27:01 PM) mriedem: ok so the note at step 5 here https://docs.openstack.org/keystone/latest/install/keystone-install-ubuntu.html#install-and-configure-components
(2:27:09 PM) mriedem: "Before the Queens release, keystone needed to be run on two separate ports to accommodate the Identity v2 API which ran a separate admin-only service commonly on port 35357. With the removal of the v2 API, keystone can be run on the same port for all interfaces."
(2:28:28 PM) openstackgerrit: Merged openstack/nova stable/ocata: Clean up volumes on boot failure  https://review.openstack.org/545086
(2:28:42 PM) mriedem: lbragstad: and i'm assuming that keystone-manage bootstrap creates the identity service endpoint in the catalog?
(2:28:51 PM) lbragstad: it does
(2:29:01 PM) mriedem: so if hte docs say "--bootstrap-public-url http://controller:5000/v3/"
(2:29:11 PM) mriedem: then that's probably what the nova docs should use
(2:29:24 PM) mriedem: or internal url i guess, but they are the same in the docs
(2:30:16 PM) mriedem: ok i'll push a change to fix the nova install guide docs to remove auth_uri and change auth_url to use port 5000
(2:30:20 PM) mriedem: thanks