<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" id="owaParaStyle"></style>
</head>
<body fpstyle="1" ocsi="0">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">(Adding another member of our team Douglas)
<div><br>
</div>
<div>Hello Giuseppe,</div>
<div><br>
</div>
<div>For questions about news or patches for Keystone's PKI vs UUID modes, you might reach out to the openstack-dev@lists.openstack.org mailing list, with the subject line prefixed with [openstack-dev] [keystone] </div>
<div><br>
</div>
<div>Our observation has been that the PKI mode can generate large text blocks for tokens (esp. for large service catalogs) that cause http header errors. </div>
<div><br>
</div>
<div>Regarding the specific barbican scripts you are running, we haven't run those in a while, so I'll investigate as we might need to update them. Please email back your /etc/barbican/barbican-api-paste.ini paste config file when you have a chance as well.
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>John</div>
<div><br>
</div>
<div><br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div id="divRpF494683" style="direction: ltr;"><font face="Tahoma" size="2" color="#000000"><b>From:</b> Giuseppe Galeota [giuseppegaleota@gmail.com]<br>
<b>Sent:</b> Wednesday, January 22, 2014 7:36 AM<br>
<b>To:</b> openstack@lists.openstack.org<br>
<b>Cc:</b> John Wood<br>
<b>Subject:</b> [Openstack] [Barbican] Keystone PKI token too much long<br>
</font><br>
</div>
<div></div>
<div>
<div dir="ltr">Dear all,
<div>I have configured Keystone for Barbican using this <a href="https://github.com/cloudkeep/barbican/wiki/Developer-Guide-for-Keystone" target="_blank">
guide</a>.</div>
<div><br>
</div>
<div>Is there any news or patch about the need to use a shorter token? I would not use a modified token.</div>
<div><br>
</div>
<div>Following you can find an extract of the linked guide:</div>
<div>
<ul>
<li><span style="color:rgb(51,51,51); font-family:Helvetica,arial,freesans,clean,sans-serif; font-size:15.333333015441895px; line-height:17px">(Optional) Typical keystone setup creates PKI tokens that are long, do not fit easily into curl requests without splitting
into components. For testing purposes suggest updating the keystone database with a shorter token-id. (An alternative is to set up keystone to generate uuid tokens.) From the above output grad the token expiry value, referred to as "x-y-z"</span><br>
</li></ul>
<div class="" style="color:rgb(51,51,51); font-family:Helvetica,arial,freesans,clean,sans-serif; font-size:15.333333015441895px; line-height:17px">
<pre style="font-family:Consolas,'Liberation Mono',Courier,monospace; font-size:13px; margin-top:15px; margin-bottom:15px; background-color:rgb(248,248,248); border:1px solid rgb(221,221,221); line-height:19px; overflow:auto; padding:6px 10px; word-wrap:normal"><span class="">mysql</span> <span class="" style="font-weight:bold">-</span><span class="">u</span> <span class="">root</span>
<span class="">use</span> <span class="">keystone</span><span class="">;</span>
<span class="">update</span> <span class="">token</span> <span class="">set</span> <span class="">id</span><span class="" style="font-weight:bold">=</span><span class="" style="color:rgb(221,17,68)">"foo"</span> <span class="">where</span> <span class="">expires</span><span class="" style="font-weight:bold">=</span><span class="" style="color:rgb(221,17,68)">"x-y-z"</span> <span class="">;</span></pre>
</div>
</div>
<div><br>
</div>
<div>Thank you,</div>
<div>Giuseppe</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>