Not clear if www_authenticate_uri is really needed
Bug #1822986 reported by
massimo.sgaravatto
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
Medium
|
Sharat Sharma | ||
Bug Description
I am validating a small OpenStack Rocky installation.
The nova part seems working but I noticed this warning in the nova log files:
Configuring www_authenticat
not be able to authenticate against an admin endpoint
Indeed I didn't set the attribute, since it is not mentioned in the Rocky installation guide.
If it is really required:
- I think it should be mentioned in the installation guide
- The nova services shouldn't start if it is not defined (also because according to the confi guide it has not a default)
If it is not required, the warning message is not very clear IMHO
| summary: |
- Not clear if www__authenticate_uri is really needed + Not clear if www_authenticate_uri is really needed |
Revision history for this message
| Matt Riedemann (mriedem) wrote | #1 |
| tags: | added: docs |
| Changed in nova: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| tags: | added: low-hanging-fruit |
| tags: | added: install-guide |
| Changed in nova: | |
| assignee: | nobody → Sharat Sharma (sharat-sharma) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to nova (master) | #2 |
| Changed in nova: | |
| status: | Confirmed → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to nova (master) | #3 |
| Changed in nova: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/nova 20.0.0.0rc1 | #4 |
To post a comment you must log in.
I've asked this same question before during a placement install guide review:
https:/
I asked the keystone team about it and the answer is in the gerrit review, but this is probably the most relevant part:
(12:10:11 PM) cmurphy: well, it is kind of optional because of how openstackclient works
(12:10:42 PM) cmurphy: what it does is if it doesn't see a token in the X-Auth-Token header it sets the WWW-Authenticate header in its response to the user
(12:10:49 PM) cmurphy: to yell at them to go authenticate
(12:11:09 PM) cmurphy: but most clients sidestep that and go to keystone first anyways
The warning you mention is coming from keystonemiddleware which nova-api uses:
http://
Looking at that code, it's a fallback and that's why there is a warning because there is a TODO to remove the fallback and make it an error (but that is pretty old).
So I think the answer for this bug is yes the nova install docs should include setting that value as part of the install to include the public endpoint for the identity service.