[Openstack] [Heat][Keystone]Heat deals with different version of keystone API

Steven Hardy shardy at redhat.com
Fri Jan 16 09:17:58 UTC 2015


On Fri, Jan 16, 2015 at 05:57:46AM +0000, Duan, Li-Gong (Gary at HPServers-Core-OE-PSC) wrote:
>    Can the keystone token, obtained from keystone API v2.0, be used in the
>    openstack service/endpoint which are configured to use keystone API v3?

Yes, AFAIK this should work.

>    There is an OpenStack cluster, where most of services(such as Heat, Nova,
>    Ceilometer) are configured to use keystone API v2.0 but one of the
>    services are using keystone API v3. Now I want to launch a heat template
>    (The Heat service are using ks API v2.0) to access the service using
>    keystone API v3.

Note that recent versions of heat require keystone v3, unless you use the
v2 compatibility shim:

https://github.com/openstack/heat/tree/master/contrib/heat_keystoneclient_v2

If possible, heat should be configured to use keystone v3 (if your keystone
has v3 enabled, heat is probably already using it unless you've enabled
that v2 plugin).

>    Error occurs and it says the token is not correct.

Can you provide the actual error please?

>    So in this case, is there any way to let heat-engine to handle this
>    conversion or I have to change the configuration to let all services in a
>    OpenStack cluster are using only one version of keystone API (say v2.0)?

I think this should just work - getting a v2 keystone token and passing it
to heat shouldn't cause an error IME, so possibly you have either a
misconfiguration or have found a bug.

If you're going to align on a keystone API version, it should be v3, as
heat requires it and v2.0 is deprecated.

Steve




More information about the Openstack mailing list