[Openstack-operators] How to force Heat to use v2.0 Keystone

Alvise Dorigo alvise.dorigo at pd.infn.it
Tue Feb 17 15:11:38 UTC 2015

I've an IceHouse installation with v2.0 Keystone. All services run 
correctly but Heat, which wants authenticate to the non-existing 
endpoint https://cloud-areapd-test.pd.infn.it:5000/v3/auth/tokens. In 
fact only v2 is configured (and we cannot reconfigure all the openstack 
installation in a short term):

[dorigoa at lxadorigo ~]$ cat keystone_admin.sh
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_AUTH_URL=https://<CONTROLLER_IP>:5000/v2.0/
export OS_CACERT=/etc/grid-security/certificates/INFN-CA-2006.pem

[dorigoa at lxadorigo ~]$ heat  -k stack-create -f test-stack.yml   -P 
"ImageID=cirros;NetID=$NET_ID" testStac
ERROR: Property error : server1: image Authorization failed: SSL 
exception connecting to 

A strange thing (at least for me) is that another heat's command, heat 
-k stack-list,  doesn't raise the problem.

Any idea ?

BTW: why I've to forcely use the "-k" even if the OS_CACERT env var is 
set (and correctly working for nova/glance/neutron/cinder) ?



More information about the OpenStack-operators mailing list