Hi Oleksiy, Good catch. Also OSTF should get endpoints from hiera as some plugins may override the initial deployment settings. There may be cases when keystone is detached by plugin.
-- Best regards, Sergii Golovatiuk, Skype #golserge IRC #holser On Tue, Jul 28, 2015 at 5:26 PM, Oleksiy Molchanov <omolcha...@mirantis.com> wrote: > Hello all, > > We need to discuss removal of OS_SERVICE_TOKEN usage in Fuel after > deployment. This came from https://bugs.launchpad.net/fuel/+bug/1430619. > I guess not all of us have an access to this bug, so to be short: > > # A "shared secret" that can be used to bootstrap Keystone. > # This "token" does not represent a user, and carries no > # explicit authorization. To disable in production (highly > # recommended), remove AdminTokenAuthMiddleware from your > # paste application pipelines (for example, in keystone- > # paste.ini). (string value) > > After removing this and testing we found out that OSTF fails because it > uses admin token. > > What do you think if we create ostf user like for workloads, but with > wider permissions? > > BR, > Oleksiy. > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev