+++ This bug was initially created as a clone of Bug #1121256 +++
Description of problem:
The systemd start script starts cinder api with:
ExecStart=/usr/bin/cinder-api --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf --logfile /var/log/cinder/api.log
And the /usr/share/cinder/cinder-dist.conf has
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
This forced auth_tokem middleware to build its auth_uri out of components.
The recommended way to customize the auth_uri is to set it in the config file with a full url, example:
auth_uri = https://fqdn:port/v3
However, the end user cannot set this value in /etc/cinder/cinder.conf due to auth_token favoring the "compose by parts"
This shows up in the log file with:
WARNING keystoneclient.middleware.auth_token [-] Configuring admin URI using auth fragments. This is deprecated, use 'identity_uri' instead.
We should remove the whole /usr/share configuration file, and only have the portion in /etc.
Mistake on my part; identity_uri does take preference, and the /etc/cinder file does over ride the /usr/share value