I've been having some issues with keystone v3 and versionless endpoints and I'd like to know what's expected to work exactly in Liberty and beyond. I thought with v3 we used versionless endpoints but it seems to cause some breakages and some disagreement as to what should work.
Here's what I've found: Using versionless endpoints: - horizon project selector doesn't work (v3 api configured in horizon local_settings) [1] - keystone client doesn't work (expected v3 I think) - nova/neutron etc seem ok with a few exceptions [2] Adding /v3 to my endpoints: - openstackclient seems to double up the /v3 reference which fails [3], this breaks puppet-openstack, in addition to general CLI usage. Adding /v2.0 to my endpoints: - things seem to work the best this way - this matches the install docs too - its not very "v3-onic" My goal is to be as v3 as possible, but everything needs to work 100%. Given that... What's the correct and supported way to setup endpoints such that Keystone v3 works? Are services expected to handle versionless keystone endpoints properly? Can I ignore that keystoneclient doesn't work with versionless? Does this imply that services that use the python library (like Horizon) will also be broken? Do I need/Should I have both v2.0 and v3 endpoints in my catalog? [1] its making curl calls without a version on the endpoint, causing it to fail. I will file a bug pending the outcome of this discussion. [2] specifically neutron_admin_auth_url in nova.conf doesn't seem to work without a Keystone API version on it. For cinder keymgr_encryption_auth_url also seems to need it. I assume I'll eventually also hit some of these: https://etherpad.openstack.org/p/v3-only-devstack [3] "Making authentication request to http://127.0.0.1:5000/v3/v3/auth/tokens";
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
