Bug 1121259 - Configuration file in share forces ignore of auth_uri
Summary: Configuration file in share forces ignore of auth_uri
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-cinder
Version: 5.0 (RHEL 7)
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Eric Harney
QA Contact: nlevinki
Depends On: 1121256
TreeView+ depends on / blocked
Reported: 2014-07-18 19:17 UTC by Adam Young
Modified: 2016-04-27 00:06 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1121256
Last Closed: 2014-07-18 20:00:18 UTC

Attachments (Terms of Use)

Description Adam Young 2014-07-18 19:17:46 UTC
+++ This bug was initially created as a clone of Bug #1121256 +++

Description of problem:

The systemd start script starts cinder api with:

ExecStart=/usr/bin/cinder-api --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf --logfile /var/log/cinder/api.log

And the /usr/share/cinder/cinder-dist.conf has 

admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
auth_host =
auth_port = 35357
auth_protocol = http

This forced auth_tokem middleware to build its auth_uri out of components.

The recommended way to customize the auth_uri is to set it in the config file with a full url, example:

auth_uri = https://fqdn:port/v3

However, the end user cannot set this value in /etc/cinder/cinder.conf due to auth_token favoring the "compose by parts"

This shows up in the log file with:

WARNING keystoneclient.middleware.auth_token [-] Configuring admin URI using auth fragments. This is deprecated, use 'identity_uri' instead.

We should remove the whole /usr/share configuration file, and only have the portion in /etc.

Comment 2 Adam Young 2014-07-18 20:00:18 UTC
Mistake on my part;  identity_uri does take preference, and the /etc/cinder file does over ride the /usr/share value

Note You need to log in before you can comment on or make changes to this bug.