Ask Your Question
0

auth_strategy, nova-api and multihost

asked 2012-03-23 14:48:21 -0600

david-kranz gravatar image

In diablo using multihost it is recommended to run nova-api on the compute nodes. In essex, if you do this and use the same nova.conf on all nodes then nova-api on the compute nodes will fail because it now tries to import keystone. I worked around this by setting auth_strategy to noauth on the compute nodes. Is this correct?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2012-03-23 19:55:10 -0600

david-kranz gravatar image

This is the answer:

--enabled_apis=metadata

Yet another little-known trick I missed. It was not in Vish's document but at https://lists.launchpad.net/openstack/msg06784.html (https://lists.launchpad.net/openstack...)

edit flag offensive delete link more
0

answered 2012-03-23 19:33:57 -0600

david-kranz gravatar image

Thanks for that. I am still a little confused because I am not talking about the "real" nova-api which talks to keystone when you issue a nova command, but the nova-api that runs on compute as recommended by Vish in

http://docs.openstack.org/diablo/openstack-compute/admin/content/existing-ha-networking-options.html (http://docs.openstack.org/diablo/open...)

It says

" The requirements for configuring are the following: --multi_host flag must be in place for network creation along the extra installation of nova-network and nova-api on every compute host.

The nova-api will make sure the instances will be able to get the metadatas from their local nova-api server. These created multi hosts networks will send all network related commands to the host that the VM is on. "

I don't really understand what this means but my interpretation was that this local user of nova-api server will not be using keystone. I guess this is more of a nova than keystone question.

edit flag offensive delete link more
0

answered 2012-03-23 18:44:22 -0600

heckj gravatar image

David -

If you're using keystone in glance, you will have significant issues when attempting to run instances with noauth (default auth_strategy). Nova just needs the keystone libraries installed, so depending on how you install, you just need the python-keystone package (ubuntu or fedora packages), or you can get the source and install it (python setup.py install) and the auth_token middleware will be available for configuration in nova.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-03-23 14:48:21 -0600

Seen: 134 times

Last updated: Mar 23 '12