[openstack-dev] [keystone] support for keystone.middleware.auth_token (bug 1143998)
David Kranz
david.kranz at qrclab.com
Tue Mar 19 12:55:46 UTC 2013
I was bitten by this a few days ago while updating Folsom code to deploy
non-devstack grizzly. From the perspective of the deployer, this is
simply an incompatible change to the config file
associated with the keystone auth_token middleware. As with any
configuration file change, the normal process would be to deprecate the
config option and remove it in the next release. Because the config
files are for the most part not templated, and they change from release
to release, real deployment technology ends up making copies of them (or
uses sed, or whatever) that have to be updated with each release.
Whatever the decision about this, the most important thing is to clearly
document all changes to config files in the release notes. For example,
I noticed that in grizzly keystone setting verbose to True turns on
sqlalchemy echoing, which it did not in Folsom. It would make if much
easier for people to test grizzly if the release notes were updated now.
-David
On 3/18/2013 4:37 PM, Dolph Mathews wrote:
> tl;dr keystone.middleware.auth_token is deprecated (and currently
> broken) in favor of keystoneclient.middleware.auth_token
>
> During grizzly we moved auth_token from keystone to keystoneclient,
> and provided a bit of backwards compatibility for configurations still
> using keystone.middleware.auth_token by having keystone import
> auth_token from keystoneclient.
>
> Unfortunately that backwards compatibility is now broken and being
> tracked in an RC-blocking bug:
>
> https://bugs.launchpad.net/nova/+bug/1143998
>
> I described the root cause of the problem in comment #12:
>
> https://bugs.launchpad.net/nova/+bug/1143998/comments/12
>
> I've proposed two fixes based on markmc's comments in that bug.
>
> A) Drop support for keystone.middleware.auth_token:
>
> https://review.openstack.org/#/c/24251/
>
> B) Ignore the exception described in the bug and log a warning:
>
> https://review.openstack.org/#/c/24701/
>
> Neither solution is ideal IMO but we need to fix this for RC1;
> feedback & alternative solutions welcome!
>
> -Dolph
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130319/11887deb/attachment.html>
More information about the OpenStack-dev
mailing list