auth_strategy, nova-api and multihost

David -

If you're using keystone in glance, you will have significant issues when attempting to run instances with noauth (default auth_strategy). Nova just needs the keystone libraries installed, so depending on how you install, you just need the python-keystone package (ubuntu or fedora packages), or you can get the source and install it (python setup.py install) and the auth_token middleware will be available for configuration in nova.

Thanks for that. I am still a little confused because I am not talking about the "real" nova-api which talks to keystone when you issue a nova command, but the nova-api that runs on compute as recommended by Vish in

http://docs.openstack.org/diablo/openstack-compute/admin/content/existing-ha-networking-options.html

It says

"
The requirements for configuring are the following: --multi_host flag must be in place for network creation along the extra installation of nova-network and nova-api on every compute host.

The nova-api will make sure the instances will be able to get the metadatas from their local nova-api server. These created multi hosts networks will send all network related commands to the host that the VM is on. "

I don't really understand what this means but my interpretation was that this local user of nova-api server will not be
using keystone. I guess this is more of a nova than keystone question.

This is the answer:

--enabled_apis=metadata

Yet another little-known trick I missed. It was not in Vish's document but at
https://lists.launchpad.net/openstack/msg06784.html