Hi, Dolph, You are right, it’s same issue. Hans and I work together on this prototype, and Hans first found the token validation is not routed to local KeyStone, and I tried to find why in the source code. The patch in the bug description could be reference for the correction. (I am not sure how much of the side effect for the patch)
Best Regards Chaoyi Huang ( Joe Huang ) From: Dolph Mathews [mailto:dolph.math...@gmail.com] Sent: Tuesday, August 25, 2015 7:03 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Keystone][Glance] keystonemiddleware & multiple keystone endpoints On Thu, Aug 20, 2015 at 7:40 AM, Hans Feldt <hans.fe...@ericsson.com<mailto:hans.fe...@ericsson.com>> wrote: How do you configure/use keystonemiddleware for a specific identity endpoint among several? In an OPNFV multi region prototype I have keystone endpoints per region. I would like keystonemiddleware (in context of glance-api) to use the local keystone for performing user token validation. Instead keystonemiddleware seems to use the first listed keystone endpoint in the service catalog (which could be wrong/non-optimal in most regions). I found this closed, related bug: https://bugs.launchpad.net/python-keystoneclient/+bug/1147530 This (brand new) bug report appears to describe the same issue: https://bugs.launchpad.net/keystonemiddleware/+bug/1488347 Thanks, Hans __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev