<div dir="ltr">I post a question to <a href="http://ask.openstack.org">ask.openstack.org</a> but got no answers yet, so I repost it here.<div><a href="https://ask.openstack.org/en/question/79509/heat-autoscaling-aws-authentication-failure-under-keystone-v3/">https://ask.openstack.org/en/question/79509/heat-autoscaling-aws-authentication-failure-under-keystone-v3/</a><br></div><div><br></div><div>I'm using kilo codes and we wanna keystone v3 instead of keystone v2 in our product.</div><div>So we change heat.conf and configure to use v3 as following:</div><div><pre class="prettyprint" style="font-family:Menlo,Monaco,'Courier New',monospace;font-size:12.025px;margin-top:0px;margin-bottom:18px;padding:2px;color:rgb(51,51,51);border-radius:4px;line-height:18px;border:1px solid rgb(136,136,136);white-space:pre-wrap;word-break:break-all;word-wrap:break-word;clear:both;background-color:rgb(245,245,245)"><code style="font-family:Menlo,Monaco,'Courier New',monospace;font-size:12px;padding:0px;color:inherit;border-radius:3px;border:0px;clear:both;background-color:transparent"><span class="pun" style="color:rgb(102,102,0)">[</span><span class="pln" style="color:rgb(0,0,0)">keystone_authtoken</span><span class="pun" style="color:rgb(102,102,0)">]</span><span class="pln" style="color:rgb(0,0,0)">
signing_dir </span><span class="pun" style="color:rgb(102,102,0)">=</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="str" style="color:rgb(0,136,0)">/var/</span><span class="pln" style="color:rgb(0,0,0)">cache</span><span class="pun" style="color:rgb(102,102,0)">/</span><span class="pln" style="color:rgb(0,0,0)">heat
cafile </span><span class="pun" style="color:rgb(102,102,0)">=</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="str" style="color:rgb(0,136,0)">/opt/</span><span class="pln" style="color:rgb(0,0,0)">stack</span><span class="pun" style="color:rgb(102,102,0)">/</span><span class="pln" style="color:rgb(0,0,0)">data</span><span class="pun" style="color:rgb(102,102,0)">/</span><span class="pln" style="color:rgb(0,0,0)">ca</span><span class="pun" style="color:rgb(102,102,0)">-</span><span class="pln" style="color:rgb(0,0,0)">bundle</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">pem
admin_tenant_name </span><span class="pun" style="color:rgb(102,102,0)">=</span><span class="pln" style="color:rgb(0,0,0)"> service
admin_password </span><span class="pun" style="color:rgb(102,102,0)">=</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="typ" style="color:rgb(102,0,102)">Passw0rd</span><span class="pln" style="color:rgb(0,0,0)">
admin_user </span><span class="pun" style="color:rgb(102,102,0)">=</span><span class="pln" style="color:rgb(0,0,0)"> heat
auth_uri </span><span class="pun" style="color:rgb(102,102,0)">=</span><span class="pln" style="color:rgb(0,0,0)"> http</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="com" style="color:rgb(136,0,0)">//<a href="http://9.123.137.235:5000/v3">9.123.137.235:5000/v3</a></span><span class="pln" style="color:rgb(0,0,0)">
identity_uri </span><span class="pun" style="color:rgb(102,102,0)">=</span><span class="pln" style="color:rgb(0,0,0)"> http</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="com" style="color:rgb(136,0,0)">//<a href="http://9.123.137.235:35357">9.123.137.235:35357</a></span><span class="pln" style="color:rgb(0,0,0)">
auth_version </span><span class="pun" style="color:rgb(102,102,0)">=</span><span class="pln" style="color:rgb(0,0,0)"> v3</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="lit" style="color:rgb(0,102,102)">0</span><span class="pln" style="color:rgb(0,0,0)">
</span><span class="pun" style="color:rgb(102,102,0)">[</span><span class="pln" style="color:rgb(0,0,0)">ec2authtoken</span><span class="pun" style="color:rgb(102,102,0)">]</span><span class="pln" style="color:rgb(0,0,0)">
auth_uri </span><span class="pun" style="color:rgb(102,102,0)">=</span><span class="pln" style="color:rgb(0,0,0)"> http</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="com" style="color:rgb(136,0,0)">//<a href="http://9.123.137.235:5000/v3">9.123.137.235:5000/v3</a></span></code></pre></div><div>But when doing autoscale, I see errors in api-cfn.log:</div><div><pre class="prettyprint" style="font-family:Menlo,Monaco,'Courier New',monospace;font-size:12.025px;margin-top:0px;margin-bottom:18px;padding:2px;color:rgb(51,51,51);border-radius:4px;line-height:18px;border:1px solid rgb(136,136,136);white-space:pre-wrap;word-break:break-all;word-wrap:break-word;clear:both;background-color:rgb(245,245,245)"><code style="font-family:Menlo,Monaco,'Courier New',monospace;font-size:12px;padding:0px;color:inherit;border-radius:3px;border:0px;clear:both;background-color:transparent"><span class="lit" style="color:rgb(0,102,102)">2015</span><span class="pun" style="color:rgb(102,102,0)">-</span><span class="lit" style="color:rgb(0,102,102)">08</span><span class="pun" style="color:rgb(102,102,0)">-</span><span class="lit" style="color:rgb(0,102,102)">03</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="lit" style="color:rgb(0,102,102)">15</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="lit" style="color:rgb(0,102,102)">32</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="lit" style="color:rgb(0,102,102)">47.040</span><span class="pln" style="color:rgb(0,0,0)"> INFO heat</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">api</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">aws</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">ec2token </span><span class="pun" style="color:rgb(102,102,0)">[-]</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="typ" style="color:rgb(102,0,102)">Checking</span><span class="pln" style="color:rgb(0,0,0)"> AWS credentials</span><span class="pun" style="color:rgb(102,102,0)">..</span><span class="pln" style="color:rgb(0,0,0)">
</span><span class="lit" style="color:rgb(0,102,102)">2015</span><span class="pun" style="color:rgb(102,102,0)">-</span><span class="lit" style="color:rgb(0,102,102)">08</span><span class="pun" style="color:rgb(102,102,0)">-</span><span class="lit" style="color:rgb(0,102,102)">03</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="lit" style="color:rgb(0,102,102)">15</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="lit" style="color:rgb(0,102,102)">32</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="lit" style="color:rgb(0,102,102)">47.040</span><span class="pln" style="color:rgb(0,0,0)"> INFO heat</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">api</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">aws</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">ec2token </span><span class="pun" style="color:rgb(102,102,0)">[-]</span><span class="pln" style="color:rgb(0,0,0)"> AWS credentials found</span><span class="pun" style="color:rgb(102,102,0)">,</span><span class="pln" style="color:rgb(0,0,0)"> checking against keystone</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">
</span><span class="lit" style="color:rgb(0,102,102)">2015</span><span class="pun" style="color:rgb(102,102,0)">-</span><span class="lit" style="color:rgb(0,102,102)">08</span><span class="pun" style="color:rgb(102,102,0)">-</span><span class="lit" style="color:rgb(0,102,102)">03</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="lit" style="color:rgb(0,102,102)">15</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="lit" style="color:rgb(0,102,102)">32</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="lit" style="color:rgb(0,102,102)">47.041</span><span class="pln" style="color:rgb(0,0,0)"> INFO heat</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">api</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">aws</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">ec2token </span><span class="pun" style="color:rgb(102,102,0)">[-]</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="typ" style="color:rgb(102,0,102)">Authenticating</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="kwd" style="color:rgb(0,0,136)">with</span><span class="pln" style="color:rgb(0,0,0)"> http</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="com" style="color:rgb(136,0,0)">//<a href="http://9.123.137.235:5000/v3/ec2tokens">9.123.137.235:5000/v3/ec2tokens</a></span><span class="pln" style="color:rgb(0,0,0)">
</span><span class="lit" style="color:rgb(0,102,102)">2015</span><span class="pun" style="color:rgb(102,102,0)">-</span><span class="lit" style="color:rgb(0,102,102)">08</span><span class="pun" style="color:rgb(102,102,0)">-</span><span class="lit" style="color:rgb(0,102,102)">03</span><span class="pln" style="color:rgb(0,0,0)"> </span><span class="lit" style="color:rgb(0,102,102)">15</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="lit" style="color:rgb(0,102,102)">32</span><span class="pun" style="color:rgb(102,102,0)">:</span><span class="lit" style="color:rgb(0,102,102)">47.224</span><span class="pln" style="color:rgb(0,0,0)"> INFO heat</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">api</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">aws</span><span class="pun" style="color:rgb(102,102,0)">.</span><span class="pln" style="color:rgb(0,0,0)">ec2token </span><span class="pun" style="color:rgb(102,102,0)">[-]</span><span class="pln" style="color:rgb(0,0,0)"> AWS authentication failure</span><span class="pun" style="color:rgb(102,102,0)">.</span></code></pre></div><div>But if auth_uri change to using v2, it can work.</div><div><br></div><div><div>I google it and find some mails said that ec2tokens can work under v3.</div></div><div><a href="http://lists.openstack.org/pipermail/openstack-dev/2013-December/021765.html">http://lists.openstack.org/pipermail/openstack-dev/2013-December/021765.html</a><br></div><div><br></div><div><br></div><div>So I'm wanna know that if I missed any place to be configured and how to debug with ec2tokens?</div><div><br></div><div><br></div><div><br></div></div>