Bug 1425533

Summary: [RFE] Option to configure Keystone v3 on OSP deployment via the Director
Product: Red Hat OpenStack Reporter: Irina Petrova <ipetrova>
Component: instack-undercloudAssignee: James Slagle <jslagle>
Status: CLOSED ERRATA QA Contact: Arik Chernetsky <achernet>
Severity: medium Docs Contact:
Priority: medium    
Version: 12.0 (Pike)CC: cpaquin, dbecker, emacchi, gcharot, jcoufal, josorior, jpullen, kbasil, mburns, mcornea, morazi, nkinder, nlevinki, pablo.iranzo, panbalag, rajini.karthik, raywang, rcritten, rduartes, rhel-osp-director-maint, tvignaud
Target Milestone: Upstream M2Keywords: FutureFeature, Triaged
Target Release: 12.0 (Pike)   
Hardware: noarch   
OS: Linux   
Whiteboard:
Fixed In Version: instack-undercloud-7.0.0-0.20170503001109.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-13 21:08:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1335596, 1356451, 1426284, 1434928, 1434929, 1434931, 1442136, 1469330    

Description Irina Petrova 2017-02-21 16:43:26 UTC 
Description of problem:

We have customers that would like tested production-ready Director templates that deploy RHOS with Keystone v3 by default (v3 is not only installed/available but also pre-configured for use by the other OSP services).

I know it is a broad RFE (since I am not specifying which services are expected to work with Keystone v3) but having some supported options (that passed QE tests) would be nice.

Also, at the moment it is not clear (I cannot find any documentation on) which services can talk to Keystone v3 API. We have a manual guide for Nova and Cinder [1] but what about the rest?

Creating a Director-driven framework that would be updated on each release is a good way of pushing v3 to the environment and keeping it consistent during the upgrades that will follow. Because even though we might be able to create and offer some lab-tested templates, it does not mean that we can carry them on through the OSP versions. It's much better if we can have a centralized (as in 'coming with the product') solution that we can keep track of.


[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/10/html-single/integrate_with_identity_service/#enable_command_line_access_to_keystone_v3_3
Comment 7 Emilien Macchi 2017-04-03 21:22:37 UTC 
Work can be tracked here: https://blueprints.launchpad.net/tripleo/+spec/keystone-v3
Comment 8 Nathan Kinder 2017-04-27 20:40:11 UTC 
This looks mostly complete upstream:

  https://review.openstack.org/#/q/topic:bp/keystone-v3,n,z

The only outstanding review appears to be for having stackrc use v3 in instack-undercloud.

Is there anything else outstanding that is still using the v2 Identity API?
Comment 9 Juan Antonio Osorio 2017-04-28 06:15:55 UTC 
Well, the undercloud commit is not really just the stackrc but a bunch of services whose API we use v2 for. Hopefully that patch is merging soon as we got finally a release for mistralclient which is what we needed to make that work.
Comment 11 Nathan Kinder 2017-05-26 17:41:06 UTC 
*** Bug 1434928 has been marked as a duplicate of this bug. ***
Comment 12 Nathan Kinder 2017-05-26 17:44:52 UTC 
*** Bug 1434923 has been marked as a duplicate of this bug. ***
Comment 18 errata-xmlrpc 2017-12-13 21:08:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:3462