[heat] keystone endpoint configuration

Jonathan Rosser jonathan.rosser at rd.bbc.co.uk
Wed Feb 20 18:40:13 UTC 2019


In openstack-ansible we are trying to help a number of our end users 
with their heat deployments, some of them in conjunction with magnum.

There is some uncertainty with how the following heat.conf sections 
should be configured:

[clients_keystone]
auth_uri = ...

[keystone_authtoken]
www_authenticate_uri = ...

It does not appear to be possible to define a set of internal or 
external keystone endpoints in heat.conf which allow the following:

  * The orchestration panels being functional in horizon
  * Deployers isolating internal openstack from external networks
  * Deployers using self signed/company cert on the external endpoint
  * Magnum deployments completing
  * Heat delivering an external endpoint at [1]
  * Heat delivering an external endpoint at [2]

There are a number of related bugs:

https://bugs.launchpad.net/openstack-ansible/+bug/1814909
https://bugs.launchpad.net/openstack-ansible/+bug/1811086
https://storyboard.openstack.org/#!/story/2004808
https://storyboard.openstack.org/#!/story/2004524

Any help we could get from the heat team to try to understand the root 
cause of these issues would be really helpful.

Jon.


[1] 
https://github.com/openstack/heat/blob/master/heat/engine/resources/server_base.py#L87

[2] 
https://github.com/openstack/heat/blob/master/heat/engine/resources/signal_responder.py#L106



More information about the openstack-discuss mailing list