[openstack-dev] [keystoneclient] self-signed keystone not accessible from other services
Bhuvan Arumugam
bhuvan at apache.org
Tue Oct 15 01:36:49 UTC 2013
Just making sure i'm not the only one facing this problem.
https://bugs.launchpad.net/nova/+bug/1239894
keystoneclient v0.4.0 was released last week and used by all openstack
services now. The insecure=False, as defined in
keystoneclient.middleware.auth_token. The keystone client is happy as long
as --insecure flag is used. There is no way to configure it in other
openstack services like nova, neutron or glance while it is integrated with
self-signed keystone instance.
We should introduce new config parameter keystone_api_insecure and
configure keystoneclient behavior based on this parameter. The config
parameter should be defined in all other openstack services, as all of them
integrate with keystone.
Until it's resolved, I think the known workaround is to use
keystoneclient==0.3.2.
Is there any other workaround for this issue?
--
Regards,
Bhuvan Arumugam
www.livecipher.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131014/90f280c8/attachment.html>
More information about the OpenStack-dev
mailing list