<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I was bitten by this a few days ago
while updating Folsom code to deploy non-devstack grizzly. From
the perspective of the deployer, this is simply an incompatible
change to the config file<br>
associated with the keystone auth_token middleware. As with any
configuration file change, the normal process would be to
deprecate the config option and remove it in the next release.
Because the config files are for the most part not templated, and
they change from release to release, real deployment technology
ends up making copies of them (or uses sed, or whatever) that have
to be updated with each release. Whatever the decision about this,
the most important thing is to clearly document all changes to
config files in the release notes. For example, I noticed that in
grizzly keystone setting verbose to True turns on sqlalchemy
echoing, which it did not in Folsom. It would make if much easier
for people to test grizzly if the release notes were updated now.<br>
<br>
-David<br>
<br>
On 3/18/2013 4:37 PM, Dolph Mathews wrote:<br>
</div>
<blockquote
cite="mid:CAC=h7gXcZpRGV0F8Hnkg852mEJFTpV6Y_83n1NLo_zvHD3ot+Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style="">tl;dr keystone.middleware.auth_token is deprecated
(and currently broken) in favor
of keystoneclient.middleware.auth_token</div>
<div style=""><br>
</div>
<div style="">During grizzly we moved auth_token from keystone
to keystoneclient, and provided a bit of backwards
compatibility for configurations still using
keystone.middleware.auth_token by having keystone import
auth_token from keystoneclient.</div>
<div style=""><br>
</div>
<div style="">Unfortunately that backwards compatibility is now
broken and being tracked in an RC-blocking bug:</div>
<div style=""><br>
</div>
<div style=""> <a moz-do-not-send="true"
href="https://bugs.launchpad.net/nova/+bug/1143998">https://bugs.launchpad.net/nova/+bug/1143998</a><br>
</div>
<div style=""><br>
</div>
<div style="">I described the root cause of the problem in
comment #12:</div>
<div style=""><br>
</div>
<div style=""> <a moz-do-not-send="true"
href="https://bugs.launchpad.net/nova/+bug/1143998/comments/12">https://bugs.launchpad.net/nova/+bug/1143998/comments/12</a></div>
<div style=""><br>
</div>
<div style="">I've proposed two fixes based on markmc's comments
in that bug.</div>
<div><br>
</div>
<div>A) Drop support for keystone.middleware.auth_token:</div>
<div><br>
</div>
<div> <a moz-do-not-send="true"
href="https://review.openstack.org/#/c/24251/">https://review.openstack.org/#/c/24251/</a><br>
</div>
<div><br>
</div>
<div>B) Ignore the exception described in the bug and log a
warning:<br>
</div>
<div><br>
</div>
<a moz-do-not-send="true"
href="https://review.openstack.org/#/c/24701/">https://review.openstack.org/#/c/24701/</a>
<div><br>
</div>
<div style="">Neither solution is ideal IMO but we need to fix
this for RC1; feedback & alternative solutions welcome!</div>
<div><br>
</div>
<div>
<div>-Dolph</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
OpenStack-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>