[Openstack] Challenges faced with Openstack keystone v3 API

Yaguang Tang heut2008 at gmail.com
Tue Apr 1 02:17:54 UTC 2014


so far, not all python-*client are ready for keystone v3, but if you want
to try do some testing the correct procedure is

1.  add or modify keystone identity service endpoints to v3  eg.
http://localhost:5000/v3
2. change all openstack services auth_token middleware to use v3
authentication, e.g. add auth_version=3.0 in nova.conf under
[keystone_authtoken] section or in api-paste.ini file.
3. you need the two python-novaclient patch
https://review.openstack.org/#/c/82149/ ,
https://review.openstack.org/#/c/81749/.
4.  export OS_IDENTITY_API_VERSION=3
    export OS_AUTH_URL=http://127.0.0.1:5000/v3

then you should be able to use v3 token to do authentication,  run nova
--debug list and check the result.








2014-04-01 0:47 GMT+08:00 Joe Gordon <joe.gordon0 at gmail.com>:

>
>
>
> On Mon, Mar 31, 2014 at 2:39 AM, Devendra Gupta <dev29aug at gmail.com>wrote:
>
>> Hi,
>> We have been doing analysis around keystone v3 api for authenticating
>> with openstack components in Havana release but while doing so we are
>> facing some issues with the authentication using keytone v3 API .
>>
>> Below is the list of Components that we are using along with versions:-
>> *Compute : v2*
>> *Identity : v2.0 & v3*
>> *Network : v2*
>> *Image : v2*
>>
>>
>
>>
>> Following are the concerns that we have :-
>>
>> 1. After getting authentication token using API */v3/auth/tokens *and
>> supplying userid, password along with project scope , when we try to hit
>> Compute's API
>> *  v2/58d73fe0ec9c44e7a2127bf8abd60dc2/os-networks* we are getting
>> *Internal server error occured : code 500.*
>>
>
>
> Nova doesn't support keystone v3 yet.
>
>
>
>>
>>
>>  Moreover , even if we try to hit other components like Neutron we have
>> similar issues . However, when we hit the same API call with keystone v2.0
>> generated auth token we are able to get results as desired.
>>
>> Since keystone is by default enabled to use v3 and v2.0 , the tokens
>> generated by v3 should be able to authenticate for othe components like
>> nova, neutron , glance which it is not happening as of now.
>>
>> So is it a configuration issue or keystone v3 version is not yet
>> supported by other components.
>>
>> 2. Can there be a scenario where keystone will be setup with v3 only
>> instead of both v2.0 and v3.
>>
>> Please provide inputs on the above.
>>
>> Regards,
>> Devendra Gupta
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>


-- 
Tang Yaguang

Canonical Ltd. | www.ubuntu.com | www.canonical.com
Mobile:  +86 152 1094 6968
gpg key: 0x187F664F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140401/9b197043/attachment.html>


More information about the Openstack mailing list