Not clear if www_authenticate_uri is really needed
Bug #1822986 reported by
massimo.sgaravatto
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Sharat Sharma |
Bug Description
I am validating a small OpenStack Rocky installation.
The nova part seems working but I noticed this warning in the nova log files:
Configuring www_authenticat
not be able to authenticate against an admin endpoint
Indeed I didn't set the attribute, since it is not mentioned in the Rocky installation guide.
If it is really required:
- I think it should be mentioned in the installation guide
- The nova services shouldn't start if it is not defined (also because according to the confi guide it has not a default)
If it is not required, the warning message is not very clear IMHO
summary: |
- Not clear if www__authenticate_uri is really needed + Not clear if www_authenticate_uri is really needed |
Changed in nova: | |
assignee: | nobody → Sharat Sharma (sharat-sharma) |
To post a comment you must log in.
I've asked this same question before during a placement install guide review:
https:/ /review. openstack. org/#/c/ 643938/ 5/doc/source/ install/ from-pypi. rst@139
I asked the keystone team about it and the answer is in the gerrit review, but this is probably the most relevant part:
(12:10:11 PM) cmurphy: well, it is kind of optional because of how openstackclient works
(12:10:42 PM) cmurphy: what it does is if it doesn't see a token in the X-Auth-Token header it sets the WWW-Authenticate header in its response to the user
(12:10:49 PM) cmurphy: to yell at them to go authenticate
(12:11:09 PM) cmurphy: but most clients sidestep that and go to keystone first anyways
The warning you mention is coming from keystonemiddleware which nova-api uses:
http:// git.openstack. org/cgit/ openstack/ keystonemiddlew are/tree/ keystonemiddlew are/auth_ token/_ _init__ .py#n581
Looking at that code, it's a fallback and that's why there is a warning because there is a TODO to remove the fallback and make it an error (but that is pretty old).
So I think the answer for this bug is yes the nova install docs should include setting that value as part of the install to include the public endpoint for the identity service.