[Openstack] [Heat][Keystone]Heat deals with different version of keystone API

Duan, Li-Gong (Gary@HPServers-Core-OE-PSC) li-gong.duan at hp.com
Mon Jan 19 01:50:59 UTC 2015 

Thank Steven for such a great explanation on this issue.
I'll check the configuration of my OpenStack cluster and provide the actual log if the issue still occurs.

Regards,
Gary

-----Original Message-----
From: Steven Hardy [mailto:shardy at redhat.com] 
Sent: Friday, January 16, 2015 5:18 PM
To: Duan, Li-Gong (Gary at HPServers-Core-OE-PSC)
Cc: openstack at lists.openstack.org
Subject: Re: [Openstack] [Heat][Keystone]Heat deals with different version of keystone API

On Fri, Jan 16, 2015 at 05:57:46AM +0000, Duan, Li-Gong (Gary at HPServers-Core-OE-PSC) wrote:
>    Can the keystone token, obtained from keystone API v2.0, be used in the
>    openstack service/endpoint which are configured to use keystone API v3?

Yes, AFAIK this should work.

>    There is an OpenStack cluster, where most of services(such as Heat, Nova,
>    Ceilometer) are configured to use keystone API v2.0 but one of the
>    services are using keystone API v3. Now I want to launch a heat template
>    (The Heat service are using ks API v2.0) to access the service using
>    keystone API v3.

Note that recent versions of heat require keystone v3, unless you use the
v2 compatibility shim:

https://github.com/openstack/heat/tree/master/contrib/heat_keystoneclient_v2

If possible, heat should be configured to use keystone v3 (if your keystone has v3 enabled, heat is probably already using it unless you've enabled that v2 plugin).

>    Error occurs and it says the token is not correct.

Can you provide the actual error please?

>    So in this case, is there any way to let heat-engine to handle this
>    conversion or I have to change the configuration to let all services in a
>    OpenStack cluster are using only one version of keystone API (say v2.0)?

I think this should just work - getting a v2 keystone token and passing it to heat shouldn't cause an error IME, so possibly you have either a misconfiguration or have found a bug.

If you're going to align on a keystone API version, it should be v3, as heat requires it and v2.0 is deprecated.

Steve

More information about the Openstack mailing list