Troubleshooting OpenStack
上QQ阅读APP看书,第一时间看更新

Know your version

As of the Liberty release of OpenStack, the identity service finds itself in transition. The service supports two API versions: v2 and v3. The v2 version of the API is deprecated, but may still be found in many OpenStack deployments. Recent releases of OpenStack are configured to serve both the v2 and v3 versions of the Identity API. This can be confirmed by examining the keystone-paste.ini configuration file.

In this file, you will find configurations for two composite apps: main and admin. As demonstrated in the preceding example, each app has a setting for /v2.0 and /v3. With this configuration, this deployment will serve a request to the v2 or v3 Identity API. Here, the command-line clients transition from inpidual clients per project to a unified OpenStack client that works across projects. The keystone command-line client supports v2 of the Identity API. The newer and preferred OpenStack client supports v2 and v3 of the Identity API.

The two composite apps in the preceding configuration are used to serve two different Keystone APIs: the public API and the admin API. Historically, the admin API was used to serve admin-level requests, such as adding a tenant or adding a user. The functionality of the admin API is small and focused. The public API is responsible for serving all other requests.

With v3 of the Identity API, the separation between the admin functionality and public functionality is handled within a single API. You will notice in the preceding configuration that the /v3 value is api_v3 for both the main composite app and the admin composite app.

When Keystone is operating properly, it provides two APIs: the Service API and the Administration API. The Service API runs on port 5000 and the Admin API runs on port 35357. In the OpenStack Juno release and earlier, the common way of running these APIs was via an Eventlet-based process. In the Kilo release and those thereafter, the recommended method to run the Keystone APIs is via a WSGI server. We'll take a look at how to troubleshoot each of these methods in the following sections.