In diablo using multihost it is recommended to run nova-api on the compute nodes. In essex, if you do this and use the same nova.conf on all nodes then nova-api on the compute nodes will fail because it now tries to import keystone. I worked around this by setting auth_strategy to noauth on the compute nodes. Is this correct?
This is the answer:
--enabled_apis=metadata
Yet another little-known trick I missed. It was not in Vish's document but at https://lists.launchpad.net/openstack/msg06784.html (https://lists.launchpad.net/openstack...)
Thanks for that. I am still a little confused because I am not talking about the "real" nova-api which talks to keystone when you issue a nova command, but the nova-api that runs on compute as recommended by Vish in
http://docs.openstack.org/diablo/openstack-compute/admin/content/existing-ha-networking-options.html (http://docs.openstack.org/diablo/open...)
It says
" The requirements for configuring are the following: --multi_host flag must be in place for network creation along the extra installation of nova-network and nova-api on every compute host.
The nova-api will make sure the instances will be able to get the metadatas from their local nova-api server. These created multi hosts networks will send all network related commands to the host that the VM is on. "
I don't really understand what this means but my interpretation was that this local user of nova-api server will not be using keystone. I guess this is more of a nova than keystone question.
David -
If you're using keystone in glance, you will have significant issues when attempting to run instances with noauth (default auth_strategy). Nova just needs the keystone libraries installed, so depending on how you install, you just need the python-keystone package (ubuntu or fedora packages), or you can get the source and install it (python setup.py install) and the auth_token middleware will be available for configuration in nova.
Asked: 2012-03-23 14:48:21 -0600
Seen: 134 times
Last updated: Mar 23 '12
