After the endpoints are configured to Keystone V3, you must configure the other OpenStack services to use the Keystone V3 API and to use the new Keystone V3 endpoints. You must configure the services on all the OpenStack servers in your installation.
[keystone_authtoken]
auth_uri = http://192.0.2.67:5000/v2.0
identity_uri = http://192.0.2.67:35357/
auth_version = v2.0
admin_tenant_name = service
admin_user = nova
admin_password = W0lCTTp2MV1iY3JhZmducHgtcGJ6Y2hncg==
signing_dir = /var/cache/nova/api
hash_algorithms = md5
insecure = false
The following parameters must be changed
to use the new V3 endpoints:auth_uri = http://192.0.2.67:5000/v3
auth_version = v3
[auth]
external = keystone.auth.plugins.external.Domain
[keystone_authtoken]
auth_uri = http://192.0.2.67:5000/v3
identity_uri = http://192.0.2.67:35357/
auth_version = v3
admin_tenant_name = service
admin_user = cinder
admin_password = W0lCTTp2MV1iY3JhZmducHgtcGJ6Y2hncg==
signing_dir = /var/cache/nova/api
hash_algorithms = md5
"identity": 3
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_URL = "http://192.0.2.67:5000/v3"
OPENSTACK_KEYSTONE_ADMIN_URL = "http://192.0.2.67:35357/v3"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
Additional changes might be needed.
After the changes, the Keystone policy.json file must be replaced with the version delivered by IBM Cloud Orchestrator. To do this manually, copy the keystone_policy.json file into the Keystone configuration directory, for example /etc/keystone, as policy.json. See your OpenStack distribution documentation for the correct path and file name to replace. Then, change the owner of this file to the original values.