In a recent post I showed how to set up the LDAP in a domain other than default. It turns out that the Nova configuration does accept these tokens; by default, Nova uses the V2 version of the Keystone API only. This is easy to fix.
The first indication that something was wrong was that Horizon threw up a warning
Cannot Fetch Usage Information.
It turns out that all Operations against Nova were failing.
The Default for Auth token should be to perform discovery to see what version of the Keystone API is supported. However, Nova seems to have a configuration override that defaults the value to the V2.0 API. Looking in /etc/nova/nova.conf
I saw:
#auth_version=V2.0
Setting this to
auth_version=
And restarting all of the services fixed the problem.
What are the ramifications of nova not working with domains though? I think this last blueprint is the holdout for nova using keystone v3: https://blueprints.launchpad.net/nova/+spec/support-keystone-v3-api
Anne, its OK. This issue is actually due to how RDO deploys the Configuration, files, to work around a bug from 2-3 release ago. It forces the default in /usr/share…and then inherits that value in /etc/nova/nova.conf.