[Rdo-list] Autoscaling stack croaks warning messages about trustee
Takenaka Kazuhiro
takenaka_kazuhiro_p7 at lab.ntt.co.jp
Mon Dec 7 10:27:45 UTC 2015
Hi Steve, John
I can hardly reply your messages each now
because I am having a mail system trouble,
so I reply them at once in this message.
Thanks for useful infomation.
Steve wrote:
>> (A) My heat.conf has some definitions in below
>> which aren't used in the DEFAULT section of
>> the draft web page.
>>
>> deferred_auth_method = trusts
>> trusts_delegated_roles = heat_stack_owner
>
>Yes these entries are no longer required:
> - deferred_auth_method = trusts is the default (since kilo)
> - heat_stack_owner is no longer required because by default we delegate
> all roles, since Launchpad bug #1376562 was fixed.
I understood it.
>> My questions is
>>
>> Can I configure the heat-engine service not to croak
>> the warning message about trustee?
>
>Yes, you need to configure the "trustee" section in heat.conf, which means
>heat will no longer use the keystone_authtoken to initialize the auth
>plugin associated with deferred authentication via trusts.
>
>Unfortunately, this isn't currently documented or exposed in our sample
>config. I'm working on a patch to fix that which I hope to post soon, you
>can follow progress here:
>
>https://bugs.launchpad.net/heat/+bug/1300246
Thanks. I'll keep checking it.
John wrote:
>I found from one of my coworkers that the v2.0 API supports trusts,
>but only from the external API endpoint, not the internal. If the VM has
>a route to the external API, you can use v2.0, but otherwise need v3.
>So, I did miss something.
I am planning to make a VM access to OpenStack services
for HA purpose. I would ask other questions on this issue later.
Sincerely
--
Takenaka Kazuhiro < takenaka_kazuhiro_p7 at lab.ntt.co.jp >
More information about the dev
mailing list