[openstack-dev] Token Constraints
Adam Young
ayoung at redhat.com
Fri Sep 26 12:30:10 UTC 2014
On 09/25/2014 10:38 PM, Robert Collins wrote:
> On 26 September 2014 14:18, Adam Young <ayoung at redhat.com> wrote:
>> There are a few Keystone features that are coming together for Kilo.
> ...
>> For endpoint binding, an endpoint will have to know its own id. So the
>> endpoint_id will be recorded in the config file. This means that the
>> endpoint should be created in keystone before bringing up the server. Since
>> we already require workflow like this to create the service users, this
>> should not be too big a burden. Then that becomes a check here:
> That will break TripleO. We currently deploy everything and *then*
> configure keystone. That is, we don't follow that workflow for service
> users today.
>
> -Rob
>
Rob,
This is one of the reasons we really were pushing for proper Kill -1
behavior; Ideally we should be able to set the endpoint ID after the
service is running and then tell the service to re-read its config
file. I have not looked at how far we are from that in practice. So
the endpoint binding would depend on that feature.
More information about the OpenStack-dev
mailing list