A simple generic v3 keystone admintoken openrc
Some things in OpenStack Keystone (mainly bootstrapping) really needs the admin token. As the admin token should not leave the keystone machines, here is a simple openrc for when you need the admin token.
#!/bin/bash export OS_IDENTITY_API_VERSION=3 export OS_URL=$(grep ^admin_endpoint /etc/keystone/keystone.conf |cut -f 2 -d . . .
Or how I learned to to UEFI iPXE
Trying Identity API v3 and Domains
General disclaimer, I'm talking about OpenStack Juno, but a lot of this applies to Kilo too.
Before getting to this post, you will need your assignment separated from identities as per my previous post.
Keystone and keystone domains
Keystone - the identity management component of OpenStack - has for a while . . .
Normal disclaimer: RDO Icehouse
I ran into an issue where a VM previously had a floating IP, but it was released back to the pool. It was important to get that IP back for that VM.
Icehouse-era Neutron does not allow you to specify which specific floating ip you want, but kilo might. So how could this be fixed? I guess I . . .
Moving Keystone from LDAP roles to SQL roles
In early versions of OpenStack keystone did all its own user management. When it matured a bit, there was a cool new feature, you can point it at LDAP for authentication and authorization. This was a big step forward when running OpenStack as a part of a larger system.
Everything wasn't perfect though. . . .
This time, I'll write about a problem I did manage to DuckDuckGo, but it did little to make me happy after I debugged the problem. Our OpenStack version is Icehouse, this issue has been actively debated and different versions might have different defaults. I'm not completely sure about the Juno status, if this is handled correctly for . . .
In the previous post I went through some issues we had with our OpenStack upgrade from Grizzly to Icehouse.
We had successfully run the OpenStack update scripts, and we were in the Icehouse version. We started testing, and everything worked fine... until security groups. Well, they did work, they just weren't there. There was . . .