+++ This bug was initially created as a clone of Bug #975153 +++ +++ This bug was initially created as a clone of Bug #975050 +++ Description of problem: in Grizzly the default token_format changed from UUID to PKI. While in the RHOS 3.0 release, we primarily worked with UUID, we would like to follow upstream in the future. For RHOS 4.0, we would like to use PKI by default from packstack. Perhaps as a 3.0.z release of packstack, it would be ideal to have the option to turn on PKI tokens but not affect existing answer files. That is, prompt the user for a token type, and the default should be 'UUID', but allow 'PKI'. Version-Release number of selected component (if applicable): openstack-packstack-2013.1.1-0.17.dev631.el6ost.noarch --- Additional comment from Adam Young on 2013-06-17 13:38:01 EDT --- Specifically, we should not force the token format to be UUID tokens. This was done by a puppet module chance in 3.0 but has been changed in upstream puppet to align with upstream Keystone.
Backported to Grizzly branch.
Note that upstream packstack grizzly has "DEFAULT_VALUE" : 'PKI' but RHOS rpm includes additional patch which keeps default UUID: http://pkgs.devel.redhat.com/cgit/rpms/openstack-packstack/tree/0007-token_format-bz975050.patch?h=rh-grizzly-rhel-6
Verified NVR: openstack-packstack-2013.1.1-0.23.dev642.el6ost.noarch * Verified With RHOS Verification Steps: =================== 1. Installed packstack and generated an answer-file 2. Verified that an attribute named CONFIG_KEYSTONE_TOKEN_FORMAT was added to the file. 3. Verified that CONFIG_KEYSTONE_TOKEN_FORMAT default value is UUID 4. Installed Openstack with UUID Configured 5. Installed Openstack with PKI Configured Result: ======= 1. Both installations (steps 4,5) passed OK. 2. Sanity tests passed OK.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1058.html