Open Stack

I've been having some issues with keystone v3 and versionless endpoints and
I'd like to know what's expected to work exactly in Liberty and beyond. I
thought with v3 we used versionless endpoints but it seems to cause some
breakages and some disagreement as to what should work.

Here's what I've found:

Using versionless endpoints:
 - horizon project selector doesn't work (v3 api configured in horizon
local_settings) [1]
 - keystone client doesn't work (expected v3 I think)
 - nova/neutron etc seem ok with a few exceptions [2]

Adding /v3 to my endpoints:
 - openstackclient seems to double up the /v3 reference which fails [3],
this breaks puppet-openstack, in addition to general CLI usage.

Adding /v2.0 to my endpoints:
 - things seem to work the best this way
 - this matches the install docs too
 - its not very "v3-onic"


My goal is to be as v3 as possible, but everything needs to work 100%.
Given that...

What's the correct and supported way to setup endpoints such that Keystone
v3 works?

Are services expected to handle versionless keystone endpoints properly?

Can I ignore that keystoneclient doesn't work with versionless? Does this
imply that services that use the python library (like Horizon) will also be
broken?

Do I need/Should I have both v2.0 and v3 endpoints in my catalog?


[1] its making curl calls without a version on the endpoint, causing it to
fail. I will file a bug pending the outcome of this discussion.

[2] specifically neutron_admin_auth_url in nova.conf doesn't seem to work
without a Keystone API version on it. For cinder keymgr_encryption_auth_url
also seems to need it. I assume I'll eventually also hit some of these:
https://etherpad.openstack.org/p/v3-only-devstack

[3] "Making authentication request to
http://127.0.0.1:5000/v3/v3/auth/tokens"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160217/aa8309f0/attachment.html>