openstack-manuals

Add support for tenant_id based authentication with Neutron

Bug #1285921 reported by OpenStack Infra
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-manuals
Fix Released
Medium
Summer Long
openstack-manuals juno

Bug Description

https://review.openstack.org/69972
commit e80cf75fc0f25f6279200f59a70fd7c6e4766b0f
Author: Phil Day <email address hidden>
Date: Wed Jan 29 20:48:49 2014 +0000

    Add support for tenant_id based authentication with Neutron

    Keystone v3 supports non-unique project/tenant names, so
    Nova should switch to using tenant ID for admin authentication.

    Implements blueprint tenant-id-based-auth-for-neutron
    DocImpact: Adds new flag, nova_admin_tenant_id, and deprecates
    existing flag, nova_admin_tenant_name

    Change-Id: I4a4ffe84fdcf98ace81fd148f096cad483aad96c

Tags: nova
Gauvain Pocentek (gpocentek)
Changed in openstack-manuals:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Lars Kellogg-Stedman (larsks) wrote :

I don't think the fact that Keystone v3 supports non-unique tenant names should drive us to requiring UUIDs in config files. We already have several models of how to handle non-unique names in OpenStack. For example, Nova allows multiple instances to have the same name, but still allows me to reference instances by name. If type "nova show myserver" and "myserver" is unique, it works; if it is not unique, I get:

  ERROR: Unable to delete any of the specified servers.

Glance operates the same way with respect to image names.

Cinder operates the same way with respect to volume names.

Requiring a UUID in this file needlessly complicates configuration management tools, since now keystone must be up and running at the time the neutron configuration is generated.

I would like to see this value accept either UUIDs *or* names, and produce a sane error message in the event that a name matches multiple tenants.

Revision history for this message
Summer Long (slong-g) wrote :

Lars, has another dev task been raised to make your suggestion happen? Otherwise, I'll go ahead and doc what is there now.

Changed in openstack-manuals:
assignee: nobody → Summer Long (slong-g)
milestone: none → icehouse
Tom Fifield (fifieldt)
Changed in openstack-manuals:
status: Confirmed → Incomplete
Tom Fifield (fifieldt)
Changed in openstack-manuals:
milestone: icehouse → juno
Revision history for this message
Summer Long (slong-g) wrote :

nova_admin_tenant_name was automatically removed and nova_admin_tenant_id added in the Config Reference. This task can be closed.

Changed in openstack-manuals:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.