Heat must use keystone v3 API, packstack configures v2.0

Bug #1464371 reported by John Haller
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ivan Chavero (imcsk8)

Bug Description

Packstack defaults the Keystone endpoint to v2.0. For Heat resources
like OS::Heat::WaitCondition and OS::Heat::SoftwareDeployment to work,
the delegated Heat requires the delegated authority, which needs the
Keystone v3 API.

Packstack uses the same CONFIG_KEYSTONE_PUBLIC_URL for all configuration files.
The default for the public URL is to provide the v2.0 API.

Heat needs the v3 API. There are two possible solutions, setting the
keystone API default to v3 for all services, by setting DEFAULT_VALUE to 'v3' below,
or by breaking out the keystone public URL used by heat separately, and defaulting that to v3.
I've tested just setting Heat to use v3 auth, haven't tested other services.

Related code snippets:

class { '::heat::keystone::domain':
  auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL'),

            {"CMD_OPTION": "keystone-api-version",
             "PROMPT": "Enter the Keystone API version string.",
             "OPTION_LIST": ['v2.0', 'v3'],
             "VALIDATORS": [validators.validate_options],
             "DEFAULT_VALUE": 'v2.0',
             "MASK_INPUT": False,
             "LOOSE_VALIDATION": False,
             "USE_DEFAULT": True,
             "NEED_CONFIRM": False,
             "CONDITION": False},

    config['CONFIG_KEYSTONE_PUBLIC_URL'] = "http://%s:5000/%s" % (

Changed in packstack:
assignee: nobody → Ivan Chavero (imcsk8) (ichavero-ichavero)
Revision history for this message
Alan Pevec (apevec) wrote :

" heat works around endpoints with the v2.0 path transparently, so there's nothing to do with packstack"

Changed in packstack:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers