[openstack-dev] [keystone][heat] Migration to keystone v3 API questions
ayoung at redhat.com
Tue Jan 28 20:45:57 UTC 2014
On 01/23/2014 06:21 AM, Steven Hardy wrote:
> Hi all,
> I've recently been working on migrating the heat internal interfaces to use
> the keystone v3 API exclusively.
> This work has mostly been going well, but I've hit a couple of issues which
> I wanted to discuss, so we agree the most appropriate workarounds:
> 1. keystoneclient v3 functionality not accessible when catalog contains a
> v2 endppoint:
Please chime in here:
> In my test environment my keystone endpoint looks like:
> And I'd guess this is similar to the majority of real deployments atm?
> So when creating a keystoneclient object I've been doing:
> from keystoneclient.v3 import client as kc_v3
> v3_endpoint = self.context.auth_url.replace('v2.0', 'v3')
> client = kc_v3.Client(auth_url=v3_endpoint, ...
> Which, assuming the keystone service has both v2 and v3 API's enabled
> works, but any attempt to use v3 functionality fails with 404 because
> keystoneclient falls back to using the v2.0 endpoint from the catalog.
> So to work around this I do this:
> client = kc_v3.Client(auth_url=v3_endpoint, endpoint=v3_endpoint, ...
> Which results in the v3 features working OK.
> So my questions are:
> - Is this a reasonable workaround for production environments?
> - What is the roadmap for moving keystone endpoints to be version agnostic?
> - Is there work ongoing to make the client smarter in terms of figuring out
> what URL to use (version negotiation or substituting the appropriate path
> when we are in an environment with a legacy v2.0 endpoint..)
> 2. Client (CLI) support for v3 API
> What is the status re porting keystoneclient to provide access to the v3
> functionality on the CLI?
> In particular, Heat is moving towards using domains to encapsulate the
> in-instance users it creates, so administrators will require some way to
> manage users in a non-default domain, e.g to get visibility of what Heat is
> doing in that domain and debug in the event of any issues.
> If anyone can provide any BP links or insight that would be much
>  https://blueprints.launchpad.net/heat/+spec/keystone-v3-only
>  https://wiki.openstack.org/wiki/Heat/Blueprints/InstanceUsers
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
More information about the OpenStack-dev