 9519601401
			
		
	
	9519601401
	
	
	
		
			
			Change the Adapter loading for glance to use the auth from the user
context instead of exposing and requiring it in the conf.  With this
change, it is possible to leave the [glance] conf section empty and
still be able to discover the image API endpoint from the service
catalog.
Note that, when we do this, we often end up with the user auth being a
_ContextAuthPlugin, which doesn't conform to the characteristics of
keystoneauth1.identity.base.BaseIdentityPlugin as augmented in
keystoneauth1 3.1.0.  This requires a series of workarounds until bug
1709118 is fixed.  These, along with workarounds for bugs 1707993 and
1707995, are subsumed with this change set in a (hopefully temporary)
helper method nova.utils.get_endpoint.
This lays the foundation for other services that should use user
context for authentication - those via which Nova is acting on behalf
of the user, i.e. cinder, keystone, and (sometimes) neutron[1].
(Services such as placement and ironic (and sometimes neutron) should
continue to use admin auth context loaded from the conf.)
[1] bb4faf40df/nova/network/neutronv2/api.py (L149-L160)
Co-Authored-By: Eric Fried <efried@us.ibm.com>
Partial-Implements: bp use-ksa-adapter-for-endpoints
Change-Id: I4e755b9c66ec8bc3af0393e81cffd91c56064717
		
	
		
			
				
	
	
		
			12 lines
		
	
	
		
			601 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			12 lines
		
	
	
		
			601 B
		
	
	
	
		
			YAML
		
	
	
	
	
	
| ---
 | |
| upgrade:
 | |
|   - |
 | |
|     Nova now uses keystoneauth1 configuration to set up communication with the
 | |
|     image service.  Use keystoneauth1 loading parameters for Session and
 | |
|     Adapter setup in the ``[glance]`` conf section.  This includes using
 | |
|     ``endpoint_override`` in favor of ``api_servers``.  The
 | |
|     ``[glance]api_servers`` conf option is still supported, but should only be
 | |
|     used if you need multiple endpoints and are unable to use a load balancer
 | |
|     for some reason.  However, note that no configuration is necessary with an
 | |
|     appropriate service catalog entry for the image service.
 |