[Openstack] Seeking clarification of 'auth_uri' configuration key

Steve Gordon sgordon at redhat.com
Fri Jan 24 00:06:15 UTC 2014


----- Original Message -----
> From: "Matt Kassawara" <mkassawara at gmail.com>
> To: "Steve Gordon" <sgordon at redhat.com>
> Cc: openstack at lists.openstack.org
> Sent: Tuesday, January 14, 2014 3:31:07 PM
> Subject: Re: [Openstack] Seeking clarification of 'auth_uri' configuration key
> On Tue, Jan 14, 2014 at 12:32 PM, Steve Gordon <sgordon at redhat.com> wrote:
> 
> > ----- Original Message -----
> > > From: "Matt Kassawara" <mkassawara at gmail.com>
> > > To: openstack at lists.openstack.org
> > >
> > > Hi,
> > >
> > > When authenticating via Keystone, most services seem to require
> > configuring
> > > the 'auth_uri' key to prevent the following warning:
> > >
> > > WARNING keystoneclient.middleware.auth_token [-] Configuring auth_uri to
> > > point to the public identity endpoint is required; clients may not be
> > able
> > > to authenticate against an admin endpoint
> > >
> > > I found several permutations of this key in the installation guide and
> > seek
> > > clarification on the following items:
> > >
> > > 1) Should this key contain 'http://controller:5000' or '
> > > http://controller:5000/v2.0'?
> > >
> > > 2) Should this key reside in the general configuration file (e.g.,
> > > nova.conf) or the paste configuration file (e.g., api-paste.ini)?
> > >
> > > Thanks,
> > > Matt
> >
> > ...and to pile on, another aspect I don't think we got around to
> > clarifying in the documentation - if auth_uri is set is setting of the
> > various bits that define it still required, e.g. [1]:
> >
> > auth_host = controller
> > auth_port = 35357
> > auth_protocol = http
> > auth_uri = http://controller:5000/v2.0
> >
> > (Yes I noticed that auth_port contradicts auth_uri, but that's the way it
> > currently is in the guide :/)
> >
> > Thanks,
> >
> > Steve
> >
> > [1]
> > http://docs.openstack.org/trunk/install-guide/install/apt/content/nova-controller.html
> >
> 
> Steve,
> 
> I recall researching a related bug[1] and determined through testing
> various permutations that 'auth_uri' cannot replace the other separate keys.
> 
> [1] https://bugs.launchpad.net/openstack-manuals/+bug/1248001
> 
> Matt
> 

So we never really got a clear answer on this - does anyone know why this behaviour is desirable/required?

-Steve




More information about the Openstack mailing list