[Openstack] Challenges faced with Openstack keystone v3 API

Yaguang Tang heut2008 at gmail.com
Tue Apr 1 03:19:16 UTC 2014


Devendra,

yeah, Just as Joe said it's not supported  officially by OpenStack
community.

2014-04-01 10:38 GMT+08:00 Devendra Gupta <dev29aug at gmail.com>:

> Thanks you Tang and Joe for your inputs. I'll give it a try in my Havana
> setup.
>
> Tang, I guess the solution you provided is not yet released in Havana. I
> mean to say if someone have latest released version setup of OpenStack
> Havana then by default he don't have Identity v3 compatibility for nova in
> his environment.
>
> Regards,
> Devendra
>
>
>
> On Tue, Apr 1, 2014 at 7:47 AM, Yaguang Tang <heut2008 at gmail.com> wrote:
>
>> so far, not all python-*client are ready for keystone v3, but if you want
>> to try do some testing the correct procedure is
>>
>> 1.  add or modify keystone identity service endpoints to v3  eg.
>> http://localhost:5000/v3
>> 2. change all openstack services auth_token middleware to use v3
>> authentication, e.g. add auth_version=3.0 in nova.conf under
>> [keystone_authtoken] section or in api-paste.ini file.
>> 3. you need the two python-novaclient patch
>> https://review.openstack.org/#/c/82149/ ,
>> https://review.openstack.org/#/c/81749/.
>> 4.  export OS_IDENTITY_API_VERSION=3
>>     export OS_AUTH_URL=http://127.0.0.1:5000/v3
>>
>> then you should be able to use v3 token to do authentication,  run nova
>> --debug list and check the result.
>>
>>
>>
>>
>>
>>
>>
>>
>> 2014-04-01 0:47 GMT+08:00 Joe Gordon <joe.gordon0 at gmail.com>:
>>
>>
>>>
>>>
>>> On Mon, Mar 31, 2014 at 2:39 AM, Devendra Gupta <dev29aug at gmail.com>wrote:
>>>
>>>> Hi,
>>>> We have been doing analysis around keystone v3 api for authenticating
>>>> with openstack components in Havana release but while doing so we are
>>>> facing some issues with the authentication using keytone v3 API .
>>>>
>>>> Below is the list of Components that we are using along with versions:-
>>>> *Compute : v2*
>>>> *Identity : v2.0 & v3*
>>>> *Network : v2*
>>>> *Image : v2*
>>>>
>>>>
>>>
>>>>
>>>> Following are the concerns that we have :-
>>>>
>>>> 1. After getting authentication token using API */v3/auth/tokens *and
>>>> supplying userid, password along with project scope , when we try to hit
>>>> Compute's API
>>>> *  v2/58d73fe0ec9c44e7a2127bf8abd60dc2/os-networks* we are getting
>>>> *Internal server error occured : code 500.*
>>>>
>>>
>>>
>>> Nova doesn't support keystone v3 yet.
>>>
>>>
>>>
>>>>
>>>>
>>>>  Moreover , even if we try to hit other components like Neutron we have
>>>> similar issues . However, when we hit the same API call with keystone v2.0
>>>> generated auth token we are able to get results as desired.
>>>>
>>>> Since keystone is by default enabled to use v3 and v2.0 , the tokens
>>>> generated by v3 should be able to authenticate for othe components like
>>>> nova, neutron , glance which it is not happening as of now.
>>>>
>>>> So is it a configuration issue or keystone v3 version is not yet
>>>> supported by other components.
>>>>
>>>> 2. Can there be a scenario where keystone will be setup with v3 only
>>>> instead of both v2.0 and v3.
>>>>
>>>> Please provide inputs on the above.
>>>>
>>>> Regards,
>>>> Devendra Gupta
>>>>
>>>> _______________________________________________
>>>> Mailing list:
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> Post to     : openstack at lists.openstack.org
>>>> Unsubscribe :
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>>
>>
>>
>> --
>> Tang Yaguang
>>
>> Canonical Ltd. | www.ubuntu.com | www.canonical.com
>> Mobile:  +86 152 1094 6968
>> gpg key: 0x187F664F
>>
>>
>
>


-- 
Tang Yaguang

Canonical Ltd. | www.ubuntu.com | www.canonical.com
Mobile:  +86 152 1094 6968
gpg key: 0x187F664F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140401/698133ba/attachment.html>


More information about the Openstack mailing list