<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 01/22/2014 12:21 PM, John Wood
wrote:<br>
</div>
<blockquote
cite="mid:49F5BF8205841548AB38409969C7AB3F915D7755@ORD1EXD02.RACKSPACE.CORP"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<style type="text/css" id="owaParaStyle"></style>
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">(Adding another member of our team
Douglas)
<div><br>
</div>
<div>Hello Giuseppe,</div>
<div><br>
</div>
<div>For questions about news or patches for Keystone's PKI vs
UUID modes, you might reach out to the
<a class="moz-txt-link-abbreviated" href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a> mailing list, with the
subject line prefixed with [openstack-dev] [keystone] </div>
<div><br>
</div>
<div>Our observation has been that the PKI mode can generate
large text blocks for tokens (esp. for large service catalogs)
that cause http header errors. </div>
<div><br>
</div>
<div>Regarding the specific barbican scripts you are running, we
haven't run those in a while, so I'll investigate as we might
need to update them. Please email back your
/etc/barbican/barbican-api-paste.ini paste config file when
you have a chance as well. </div>
<div><br>
</div>
<div>Thanks,</div>
<div>John</div>
<div><br>
</div>
<div><br>
<div style="font-family: Times New Roman; color: #000000;
font-size: 16px">
<hr tabindex="-1">
<div id="divRpF494683" style="direction: ltr;"><font
face="Tahoma" color="#000000" size="2"><b>From:</b>
Giuseppe Galeota [<a class="moz-txt-link-abbreviated" href="mailto:giuseppegaleota@gmail.com">giuseppegaleota@gmail.com</a>]<br>
<b>Sent:</b> Wednesday, January 22, 2014 7:36 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
<b>Cc:</b> John Wood<br>
<b>Subject:</b> [Openstack] [Barbican] Keystone PKI
token too much long<br>
</font><br>
</div>
<div>
<div dir="ltr">Dear all,
<div>I have configured Keystone for Barbican using this
<a moz-do-not-send="true"
href="https://github.com/cloudkeep/barbican/wiki/Developer-Guide-for-Keystone"
target="_blank">
guide</a>.</div>
<div><br>
</div>
<div>Is there any news or patch about the need to use a
shorter token? I would not use a modified token.</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
Its a known problem. You can request a token without the service
catalog using an extension.<br>
<br>
One possible future enhancement is to compress the key.<br>
<br>
<br>
<blockquote
cite="mid:49F5BF8205841548AB38409969C7AB3F915D7755@ORD1EXD02.RACKSPACE.CORP"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<div>
<div style="font-family: Times New Roman; color: #000000;
font-size: 16px">
<div>
<div dir="ltr">
<div><br>
</div>
<div>Following you can find an extract of the linked
guide:</div>
<div>
<ul>
<li><span style="color:rgb(51,51,51);
font-family:Helvetica,arial,freesans,clean,sans-serif;
font-size:15.333333015441895px;
line-height:17px">(Optional) Typical keystone
setup creates PKI tokens that are long, do not
fit easily into curl requests without splitting
into components. For testing purposes suggest
updating the keystone database with a shorter
token-id. (An alternative is to set up keystone
to generate uuid tokens.) From the above output
grad the token expiry value, referred to as
"x-y-z"</span><br>
</li>
</ul>
<div class="" style="color:rgb(51,51,51);
font-family:Helvetica,arial,freesans,clean,sans-serif;
font-size:15.333333015441895px; line-height:17px">
<pre style="font-family:Consolas,'Liberation Mono',Courier,monospace; font-size:13px; margin-top:15px; margin-bottom:15px; background-color:rgb(248,248,248); border:1px solid rgb(221,221,221); line-height:19px; overflow:auto; padding:6px 10px; word-wrap:normal"><span class="">mysql</span> <span class="" style="font-weight:bold">-</span><span class="">u</span> <span class="">root</span>
<span class="">use</span> <span class="">keystone</span><span class="">;</span>
<span class="">update</span> <span class="">token</span> <span class="">set</span> <span class="">id</span><span class="" style="font-weight:bold">=</span><span class="" style="color:rgb(221,17,68)">"foo"</span> <span class="">where</span> <span class="">expires</span><span class="" style="font-weight:bold">=</span><span class="" style="color:rgb(221,17,68)">"x-y-z"</span> <span class="">;</span></pre>
</div>
</div>
<div><br>
</div>
<div>Thank you,</div>
<div>Giuseppe</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</body>
</html>