openstack-qa-team team mailing list archive

Thread
Date

Re: [openstack-dev] Changes with ids/uuids?

To: OpenStack Development Mailing List <openstack-dev@xxxxxxxxxxxxxxxxxxx>
From: Dolph Mathews <dolph.mathews@xxxxxxxxx>
Date: Thu, 25 Oct 2012 08:30:45 -0500
Cc: openstack-qa-team@xxxxxxxxxxxxxxxxxxx
In-reply-to: <50893617.4070600@qrclab.com>

In short, PKI tokens are able to be validated client-side, reducing network
chattiness with keystone, etc.

Although PKI was implemented in Folsom, it wasn't shipped as the default.
Our goal in changing the default now is to flush out any issues as early in
the Grizzly cycle as possible.

If you're having any issues with PKI tokens, you can A) file bugs as
appropriate (please!), and B) switch back to UUID tokens by changing
[signing] token_format in keystone.conf from 'PKI' back to 'UUID'.

-Dolph

On Thu, Oct 25, 2012 at 7:52 AM, David Kranz <david.kranz@xxxxxxxxxx> wrote:

>  On 10/25/2012 1:13 AM, Daryl Walleck wrote:
>
> While spinning up a new devstack tonight I noticed some very odd behavior.
> Keystone is suddenly giving me back a 3000+ character auth token, and the
> ids for flavors I'm creating are extremely large ints (uuids I could see,
> but not this). Does anyone have any insight into if either of these changes
> were intentional?
>
>  Daryl
>
>
>  I think that must be a result of https://review.openstack.org/#/c/14577/which changed the keystone default to use PKI "tokens".
> Could some one from the keystone team explain any implication of this?
>
>  -David
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@xxxxxxxxxxxxxxxxxxx
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>

References

Changes with ids/uuids?
From: Daryl Walleck, 2012-10-25
Re: Changes with ids/uuids?
From: David Kranz, 2012-10-25