Open Stack

(Adding another member of our team Douglas)

Hello Giuseppe,

For questions about news or patches for Keystone's PKI vs UUID modes, you might reach out to the openstack-dev at lists.openstack.org mailing list, with the subject line prefixed with [openstack-dev] [keystone]

Our observation has been that the PKI mode can generate large text blocks for tokens (esp. for large service catalogs) that cause http header errors.

Regarding the specific barbican scripts you are running, we haven't run those in a while, so I'll investigate as we might need to update them. Please email back your /etc/barbican/barbican-api-paste.ini paste config file when you have a chance as well.

Thanks,
John


________________________________
From: Giuseppe Galeota [giuseppegaleota at gmail.com]
Sent: Wednesday, January 22, 2014 7:36 AM
To: openstack at lists.openstack.org
Cc: John Wood
Subject: [Openstack] [Barbican] Keystone PKI token too much long

Dear all,
I have configured Keystone for Barbican using this guide<https://github.com/cloudkeep/barbican/wiki/Developer-Guide-for-Keystone>.

Is there any news or patch about the need to use a shorter token? I would not use a modified token.

Following you can find an extract of the linked guide:

  *   (Optional) Typical keystone setup creates PKI tokens that are long, do not fit easily into curl requests without splitting into components. For testing purposes suggest updating the keystone database with a shorter token-id. (An alternative is to set up keystone to generate uuid tokens.) From the above output grad the token expiry value, referred to as "x-y-z"

mysql -u root
use keystone;
update token set id="foo" where expires="x-y-z" ;

Thank you,
Giuseppe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140122/3bcf38ab/attachment.html>