From cd495108780a3545fffb5bd04d2c2c24b0818f54 Mon Sep 17 00:00:00 2001 From: Akihiro Motoki Date: Thu, 21 Dec 2017 02:48:35 +0900 Subject: [PATCH] Updating default keystone API verson to 3 The keystone API version 3 has become the default API version for a long time and our CI already uses keystone v3 API only. In addition, our documentation recommended to use the cached session, so switching the default API version to 3 does not hit the limitation on the maximum size of session data when using the cookie-based sessions. This is based on django_opensatck_auth review https://review.openstack.org/#/c/158384/ Implements blueprint: default-keystone-api-3 Change-Id: I79e9fbd3567cc69468694dbf043fecf422347c7e --- doc/source/admin/customize-configure.rst | 6 +++--- doc/source/configuration/settings.rst | 6 +++--- doc/source/contributor/quickstart.rst | 2 +- openstack_auth/utils.py | 2 +- openstack_dashboard/local/local_settings.py.example | 6 +++--- openstack_dashboard/test/settings.py | 6 +++--- .../notes/default-keystone-api-v3-dc201adba4255752.yaml | 9 +++++++++ 7 files changed, 23 insertions(+), 14 deletions(-) create mode 100644 releasenotes/notes/default-keystone-api-v3-dc201adba4255752.yaml diff --git a/doc/source/admin/customize-configure.rst b/doc/source/admin/customize-configure.rst index 38a3c56e17..2b8114dc74 100644 --- a/doc/source/admin/customize-configure.rst +++ b/doc/source/admin/customize-configure.rst @@ -224,12 +224,12 @@ The standard installation uses a non-encrypted HTTP channel. # For multiple regions uncomment this configuration, and add (endpoint, title). # AVAILABLE_REGIONS = [ - # ('http://cluster1.example.com:5000/v2.0', 'cluster1'), - # ('http://cluster2.example.com:5000/v2.0', 'cluster2'), + # ('http://cluster1.example.com:5000/v3', 'cluster1'), + # ('http://cluster2.example.com:5000/v3', 'cluster2'), # ] OPENSTACK_HOST = "127.0.0.1" - OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST + OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member" # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the diff --git a/doc/source/configuration/settings.rst b/doc/source/configuration/settings.rst index c964552acf..f7aa9a3a9e 100644 --- a/doc/source/configuration/settings.rst +++ b/doc/source/configuration/settings.rst @@ -556,7 +556,7 @@ Default: { "data-processing": 1.1, - "identity": 2.0, + "identity": 3, "volume": 2, "compute": 2 } @@ -1173,7 +1173,7 @@ AVAILABLE_REGIONS Default: ``None`` A list of tuples which define multiple regions. The tuple format is -``('http://{{ keystone_host }}:5000/v2.0', '{{ region_name }}')``. If any regions +``('http://{{ keystone_host }}:5000/v3', '{{ region_name }}')``. If any regions are specified the login form will have a dropdown selector for authenticating to the appropriate region, and there will be a region switcher dropdown in the site header when logged in. @@ -1371,7 +1371,7 @@ OPENSTACK_KEYSTONE_URL Horizon's `OPENSTACK_HOST`_ documentation -Default: ``"http://%s:5000/v2.0" % OPENSTACK_HOST`` +Default: ``"http://%s:5000/v3" % OPENSTACK_HOST`` The full URL for the Keystone endpoint used for authentication. Unless you are using HTTPS, running your Keystone server on a nonstandard port, or using diff --git a/doc/source/contributor/quickstart.rst b/doc/source/contributor/quickstart.rst index e903139ecc..1457b80cba 100644 --- a/doc/source/contributor/quickstart.rst +++ b/doc/source/contributor/quickstart.rst @@ -52,7 +52,7 @@ from within the ``horizon`` directory. $ cp openstack_dashboard/local/local_settings.py.example openstack_dashboard/local/local_settings.py Horizon connects to the rest of OpenStack via a Keystone service catalog. By -default Horizon looks for an endpoint at ``http://localhost:5000/v2.0``; this +default Horizon looks for an endpoint at ``http://localhost:5000/v3``; this can be customised by modifying the ``OPENSTACK_HOST`` and ``OPENSTACK_KEYSTONE_URL`` values in ``openstack_dashboard/local/local_settings.py`` diff --git a/openstack_auth/utils.py b/openstack_auth/utils.py index cac0d7a3f0..ce9998498a 100644 --- a/openstack_auth/utils.py +++ b/openstack_auth/utils.py @@ -126,7 +126,7 @@ def remove_project_cache(token): # Helper for figuring out keystone version # Implementation will change when API version discovery is available def get_keystone_version(): - return getattr(settings, 'OPENSTACK_API_VERSIONS', {}).get('identity', 2.0) + return getattr(settings, 'OPENSTACK_API_VERSIONS', {}).get('identity', 3) def get_session(): diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example index 177b76e83d..f265c5ba72 100644 --- a/openstack_dashboard/local/local_settings.py.example +++ b/openstack_dashboard/local/local_settings.py.example @@ -183,12 +183,12 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # For multiple regions uncomment this configuration, and add (endpoint, title). #AVAILABLE_REGIONS = [ -# ('http://cluster1.example.com:5000/v2.0', 'cluster1'), -# ('http://cluster2.example.com:5000/v2.0', 'cluster2'), +# ('http://cluster1.example.com:5000/v3', 'cluster1'), +# ('http://cluster2.example.com:5000/v3', 'cluster2'), #] OPENSTACK_HOST = "127.0.0.1" -OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST +OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" # For setting the default service region on a per-endpoint basis. Note that the diff --git a/openstack_dashboard/test/settings.py b/openstack_dashboard/test/settings.py index 8b36dfda95..8e2b3f9fa8 100644 --- a/openstack_dashboard/test/settings.py +++ b/openstack_dashboard/test/settings.py @@ -142,8 +142,8 @@ settings_utils.find_static_files(HORIZON_CONFIG, AVAILABLE_THEMES, HORIZON_IMAGES_UPLOAD_MODE = 'legacy' AVAILABLE_REGIONS = [ - ('http://localhost:5000/v2.0', 'local'), - ('http://remote:5000/v2.0', 'remote'), + ('http://localhost:5000/v3', 'local'), + ('http://remote:5000/v3', 'remote'), ] OPENSTACK_API_VERSIONS = { @@ -151,7 +151,7 @@ OPENSTACK_API_VERSIONS = { "image": 2 } -OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v2.0" +OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v3" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True diff --git a/releasenotes/notes/default-keystone-api-v3-dc201adba4255752.yaml b/releasenotes/notes/default-keystone-api-v3-dc201adba4255752.yaml new file mode 100644 index 0000000000..935fa5810c --- /dev/null +++ b/releasenotes/notes/default-keystone-api-v3-dc201adba4255752.yaml @@ -0,0 +1,9 @@ +--- +features: + - The keystone v3 API now becomes the default keystone API version. +upgrade: + - | + The default keystone API vesion is switch to ``v3``. + If you still use the keystone v2.0 API by default, you need to configure + ``OPENSTACK_API_VERSIONS`` and ``OPENSTACK_KEYSTONE_URL`` + to point to the keystone v2.0 API.