Description of problem: The systemd start script starts cinder api with: ExecStart=/usr/bin/cinder-api --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf --logfile /var/log/cinder/api.log And the /usr/share/cinder/cinder-dist.conf has [keystone_authtoken] admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http This forced auth_tokem middleware to build its auth_uri out of components. The recommended way to customize the auth_uri is to set it in the config file with a full url, example: auth_uri = https://fqdn:port/v3 However, the end user cannot set this value in /etc/cinder/cinder.conf due to auth_token favoring the "compose by parts" This shows up in the log file with: WARNING keystoneclient.middleware.auth_token [-] Configuring admin URI using auth fragments. This is deprecated, use 'identity_uri' instead. We should remove the whole /usr/share configuration file, and only have the portion in /etc.
Adam: you mentioned "auth_uri" in your report, but the error message references "identity_uri", which I think is something else. Does this still need fixing? It looks like our current packages are still setting the auth_* fragments in /usr/share/cinder/cinder-dist.conf.
Lars, yes, the identity_uri is the preferred way of setting the value in the config file, instead of composing it out of its parts. http://git.openstack.org/cgit/openstack/keystonemiddleware/tree/keystonemiddleware/auth_token/_auth.py?id=1285fb2337bedc29482356cb8d6ad87efc26fc7f#n166 And, since this is more than just the auth_uri (just used to get a token) it is more correct to say identity_uri.
So I think this is sorted now?