I asked the keystone team about it and the answer is in the gerrit review, but this is probably the most relevant part:
(12:10:11 PM) cmurphy: well, it is kind of optional because of how openstackclient works
(12:10:42 PM) cmurphy: what it does is if it doesn't see a token in the X-Auth-Token header it sets the WWW-Authenticate header in its response to the user
(12:10:49 PM) cmurphy: to yell at them to go authenticate
(12:11:09 PM) cmurphy: but most clients sidestep that and go to keystone first anyways
The warning you mention is coming from keystonemiddleware which nova-api uses:
Looking at that code, it's a fallback and that's why there is a warning because there is a TODO to remove the fallback and make it an error (but that is pretty old).
So I think the answer for this bug is yes the nova install docs should include setting that value as part of the install to include the public endpoint for the identity service.
I've asked this same question before during a placement install guide review:
https:/ /review. openstack. org/#/c/ 643938/ 5/doc/source/ install/ from-pypi. rst@139
I asked the keystone team about it and the answer is in the gerrit review, but this is probably the most relevant part:
(12:10:11 PM) cmurphy: well, it is kind of optional because of how openstackclient works
(12:10:42 PM) cmurphy: what it does is if it doesn't see a token in the X-Auth-Token header it sets the WWW-Authenticate header in its response to the user
(12:10:49 PM) cmurphy: to yell at them to go authenticate
(12:11:09 PM) cmurphy: but most clients sidestep that and go to keystone first anyways
The warning you mention is coming from keystonemiddleware which nova-api uses:
http:// git.openstack. org/cgit/ openstack/ keystonemiddlew are/tree/ keystonemiddlew are/auth_ token/_ _init__ .py#n581
Looking at that code, it's a fallback and that's why there is a warning because there is a TODO to remove the fallback and make it an error (but that is pretty old).
So I think the answer for this bug is yes the nova install docs should include setting that value as part of the install to include the public endpoint for the identity service.