Re: [Rdo-list] Autoscaling stack croaks warning messages about trustee
- deferred_auth_method = trusts is the default (since kilo)
- heat_stack_owner is no longer required because by default we delegate
all roles, since Launchpad bug #1376562 was fixed.
You also need to configure heat to use keystone v3. Packstack,
at least as of Kilo, was still configuring keystone v2.0 by default,
see https://bugs.launchpad.net/packstack/+bug/1464371 (my bug report)
Trust delegation requires the v3 API, unless I've missed something.
There appear to be a number of issues with globally enabling keystone v3
being addressed in Red Hat OpenStack Liberty version, many of the bugs
in this query are related to keystone v3 bugs:
https://bugzilla.redhat.com/buglist.cgi?quicksearch=keystone%20v3
It doesn't look like you want to globally set Keystone v3 while these
are bugs outstanding, but you can change it in the Heat config file directly
to only affect the Heat service.
> (B) The keystone_authtoken sections have many differences.
>
> My heat.conf:
> [keystone_authtoken]
> admin_user=heat
> admin_password=***
> admin_tenant_name=services
> identity_uri=http://10.0.2.11:35357
> auth_uri=http://10.0.2.11:5000/v2.0
^^^^
Trust delegation requires the v3 API in the line above
> Draft Page:
> auth_uri = http://controller:5000
> auth_url = http://controller:35357
> auth_plugin = password
> project_domain_id = default
> user_domain_id = default
> project_name = service
> username = heat
> password = HEAT_PASS
Not sure about this - IIRC authtoken supports several argument formats
for backwards compatibility, so we need to ensure we're documenting the
currently preferred one.
> My questions is
>
> Can I configure the heat-engine service not to croak the warning
> message about trustee?
Yes, you need to configure the "trustee" section in heat.conf, which
means heat will no longer use the keystone_authtoken to initialize the
auth plugin associated with deferred authentication via trusts.
Unfortunately, this isn't currently documented or exposed in our sample
config. I'm working on a patch to fix that which I hope to post soon,
you can follow progress here:
https://bugs.launchpad.net/heat/+bug/1300246
Steve
Regards,
John Haller