On 07/31/2015 07:18 AM, Matthew Mosesohn wrote:
Jesse, thanks for raising this. Like you, I should just track upstream
and wait for full V3 support.
I've taken the quickest approach and written fixes to
puppet-openstacklib and puppet-keystone:
https://review.openstack.org/#/c/207873/
https://review.openstack.org/#/c/207890/
and again to Fuel-Library:
https://review.openstack.org/#/c/207548/1
I greatly appreciate the quick support from the community to find an
appropriate solution. Looks like I'm just using a weird edge case
where we're creating users on a separate node from where keystone is
installed and it never got thoroughly tested, but I'm happy to fix
bugs where I can.
Most puppet deployments either realize all keystone resources on the
keystone node, or drop an /etc/keystone/keystone.conf with admin token
onto non-keystone nodes where additional keystone resources need to be
realized.
-Matthew
On Fri, Jul 31, 2015 at 3:54 PM, Jesse Pretorius
<jesse.pretor...@gmail.com> wrote:
With regards to converting all services to use Keystone v3 endpoints, note
the following:
1) swift-dispersion currently does not support consuming Keystone v3
endpoints [1]. There is a patch merged to master [2] to fix that, but a
backport to kilo is yet to be done.
2) Each type (internal, admin, public) of endpoint created with the Keystone
v3 API has its own unique id, unlike with the v2 API where they're all
created with a single ID. This results in the keystone client being unable
to read the catalog created via the v3 API when querying via the v2 API. The
solution is to use the openstack client and to use the v3 API but this
obviously needs to be noted for upgrade impact and operators.
3) When glance is setup to use swift as a back-end, glance_store is unable
to authenticate to swift when the endpoint it uses is a v3 endpoint. There
is a review to master in progress [3] to fix this which is unlikely to make
it into kilo.
We (the openstack-ansible/os-ansible-deployment project) are tracking these
issues and doing tests to figure out all the bits. These are the bugs we've
hit so far. Also note that there is a WIP patch to gate purely on Keystone
v3 API's which is planned to become voting (hopefully) by the end of this
cycle.
[1] https://bugs.launchpad.net/swift/+bug/1468374
[2] https://review.openstack.org/195131
[3] https://review.openstack.org/193422
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
