[openstack-dev] [keystone] [horizon] [qa] keystone versionless endpoints and v3
matt at mattfischer.com
Wed Feb 17 23:50:35 UTC 2016
I've been having some issues with keystone v3 and versionless endpoints and
I'd like to know what's expected to work exactly in Liberty and beyond. I
thought with v3 we used versionless endpoints but it seems to cause some
breakages and some disagreement as to what should work.
Here's what I've found:
Using versionless endpoints:
- horizon project selector doesn't work (v3 api configured in horizon
- keystone client doesn't work (expected v3 I think)
- nova/neutron etc seem ok with a few exceptions 
Adding /v3 to my endpoints:
- openstackclient seems to double up the /v3 reference which fails ,
this breaks puppet-openstack, in addition to general CLI usage.
Adding /v2.0 to my endpoints:
- things seem to work the best this way
- this matches the install docs too
- its not very "v3-onic"
My goal is to be as v3 as possible, but everything needs to work 100%.
What's the correct and supported way to setup endpoints such that Keystone
Are services expected to handle versionless keystone endpoints properly?
Can I ignore that keystoneclient doesn't work with versionless? Does this
imply that services that use the python library (like Horizon) will also be
Do I need/Should I have both v2.0 and v3 endpoints in my catalog?
 its making curl calls without a version on the endpoint, causing it to
fail. I will file a bug pending the outcome of this discussion.
 specifically neutron_admin_auth_url in nova.conf doesn't seem to work
without a Keystone API version on it. For cinder keymgr_encryption_auth_url
also seems to need it. I assume I'll eventually also hit some of these:
 "Making authentication request to
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev