<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <br>
    <br>
    <div class="moz-cite-prefix">On 10/26/2017 08:10 AM, Andy Wojnarek
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:9DF5DE1A-F47A-469F-8BE5-164993316C44@theatsgroup.com">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <meta name="Title" content="">
      <meta name="Keywords" content="">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.msoIns
        {mso-style-type:export-only;
        mso-style-name:"";
        text-decoration:underline;
        color:teal;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style>
      <div class="WordSection1">
        <p class="MsoNormal"><span style="font-size:11.0pt">Hi,<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">Is it
            possible to have both v2.0 and v3 endpoints for Keystone?
            I’m trying to integrate a backup software into Swift, and it
            requires Keystone 2.0. I added the new endpoints fine, but
            I’m getting authentication/authorization errors:<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
        <p class="MsoNormal"><b><u><span style="font-size:11.0pt">My
                Endpoints<o:p></o:p></span></u></b></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">gvicopnstk01:~
            # openstack endpoint list | grep -i identity<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">|
            08b3ba7072ed44df9e7c90e99f8e71d9 | regionOne | keystone    
            | identity        | True    | internal  |
            <a class="moz-txt-link-freetext" href="http://gvicopnstk01:35357/v2.0">http://gvicopnstk01:35357/v2.0</a>                  |<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">|
            55d52d6b6cb34d33979cd3c083416d44 | RegionOne | keystone    
            | identity        | True    | internal  |
            <a class="moz-txt-link-freetext" href="http://gvicopnstk01:5000/v3/">http://gvicopnstk01:5000/v3/</a>                    |<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">|
            6b5958647c1744a78657f2c8089ee97d | RegionOne | keystone    
            | identity        | True    | admin     |
            <a class="moz-txt-link-freetext" href="http://gvicopnstk01:35357/v3/">http://gvicopnstk01:35357/v3/</a>                   |<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">|
            70c939d2248f4845b1d0c9e8b7c7cf09 | regionOne | keystone    
            | identity        | True    | admin     |
            <a class="moz-txt-link-freetext" href="http://gvicopnstk01:35357/v2.0">http://gvicopnstk01:35357/v2.0</a>                  |<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">|
            7e4d1c794ed1432ca28ea60b947fdc7a | RegionOne | keystone    
            | identity        | True    | public    |
            <a class="moz-txt-link-freetext" href="http://gvicopnstk01:5000/v3/">http://gvicopnstk01:5000/v3/</a>                    |<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">|
            f46214dc916947d7a557a2e1b9dc65ca | regionOne | keystone    
            | identity        | True    | public    |
            <a class="moz-txt-link-freetext" href="http://gvicopnstk01:5000/v2.0">http://gvicopnstk01:5000/v2.0</a>                   |<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
        <p class="MsoNormal"><b><u><span style="font-size:11.0pt">Using
                v2.0 AUTH_URL<o:p></o:p></span></u></b></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">gvicopnstk01:~
            # export OS_AUTH_URL=<a class="moz-txt-link-freetext" href="http://gvicopnstk01:35357/v2.0">http://gvicopnstk01:35357/v2.0</a><o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">gvicopnstk01:~
            # swift stat<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">Authorization
            Failure. Authorization failed:
            (<a class="moz-txt-link-freetext" href="http://gvicopnstk01:35357/v2.0/auth/tokens">http://gvicopnstk01:35357/v2.0/auth/tokens</a>): The resource
            could not be found. (HTTP 404) (Request-ID:
            req-ff14bc2d-dbbd-41ed-b81e-73c9397ea1d0)<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">gvicopnstk01:~
            # openstack endpoint list<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">Cannot use
            v2 authentication with domain scope<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
      </div>
    </blockquote>
    <br>
    This is resulting in a 404 Not Found because the authentication
    endpoint changed from v2.0 to v3. For v2.0 it is /v2.0/tokens/ and
    for v3 it's /v3/auth/tokens. Also, v2.0 doesn't have the concept of
    domains. Multiple domains only really exist in the v3 API. As a
    result, the v2.0 API is unable to understand or issue domain-scoped
    tokens. It can also only authenticate users who are in the default
    domain as defined in keystone's configuration file [0].<br>
    <br>
    What happens if you set ST_AUTH_VERSION=3 [1]? <br>
    <br>
    [0]
<a class="moz-txt-link-freetext" href="https://docs.openstack.org/keystone/latest/configuration/config-options.html#identity.default_domain_id">https://docs.openstack.org/keystone/latest/configuration/config-options.html#identity.default_domain_id</a><br>
    [1]
<a class="moz-txt-link-freetext" href="https://github.com/openstack/python-swiftclient/blob/0982791db2ccb851f277ffa653065e4021e52b3f/doc/source/cli/index.rst#authentication">https://github.com/openstack/python-swiftclient/blob/0982791db2ccb851f277ffa653065e4021e52b3f/doc/source/cli/index.rst#authentication</a><br>
    <br>
    <blockquote type="cite"
      cite="mid:9DF5DE1A-F47A-469F-8BE5-164993316C44@theatsgroup.com">
      <div class="WordSection1">
        <p class="MsoNormal"><b><u><span style="font-size:11.0pt">keystone-wsgi-public.log
                when application tries to hit 2.0 endpoint<o:p></o:p></span></u></b></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">2017-10-26
            08:43:59.255 21561 WARNING oslo_log.versionutils
            [req-8eb530eb-b2da-466d-9e34-7508f70b7c73 - - - - -]
            Deprecated: authenticate of the v2 Authentication APIs is
            deprecated as of Mitaka in favor of a similar function in
            the v3 Authentication APIs and may be removed in T.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">2017-10-26
            08:43:59.714 21561 WARNING keystone.common.wsgi
            [req-8eb530eb-b2da-466d-9e34-7508f70b7c73 - - - - -]
            Authorization failed. The request you have made requires
            authentication. from 192.168.241.121: Unauthorized: The
            request you have made requires authentication.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">2017-10-26
            08:44:04.728 21558 INFO keystone.common.wsgi
            [req-2f98c106-9e97-4a7a-94e9-515f8b388001 - - - - -] POST
            <a class="moz-txt-link-freetext" href="http://192.168.241.114:5000/v2.0/tokens">http://192.168.241.114:5000/v2.0/tokens</a><o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">2017-10-26
            08:44:04.729 21558 WARNING oslo_log.versionutils
            [req-2f98c106-9e97-4a7a-94e9-515f8b388001 - - - - -]
            Deprecated: authenticate of the v2 Authentication APIs is
            deprecated as of Mitaka in favor of a similar function in
            the v3 Authentication APIs and may be removed in T.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">2017-10-26
            08:44:05.185 21558 WARNING keystone.common.wsgi
            [req-2f98c106-9e97-4a7a-94e9-515f8b388001 - - - - -]
            Authorization failed. The request you have made requires
            authentication. from 192.168.241.121: Unauthorized: The
            request you have made requires authentication.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">2017-10-26
            08:52:34.534 21557 INFO keystone.common.wsgi
            [req-fa71683e-d4a3-4656-8eea-421caa10f841 - - - - -] POST
            <a class="moz-txt-link-freetext" href="http://192.168.241.114:5000/v2.0/tokens">http://192.168.241.114:5000/v2.0/tokens</a><o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">When the
            application tried with v3 it just bombed out, after I added
            the v2.0 endpoints it connects but says invalid
            username/password and it fails.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt">Do I need to
            now instruct Swift to use the v2.0 endpoint inside
            swift.conf?<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
        <p class="MsoNormal" style="text-autospace:none"><span
            style="font-size:11.0pt">Thanks,<o:p></o:p></span></p>
        <p class="MsoNormal" style="text-autospace:none"><span
            style="font-size:11.0pt">Andrew Wojnarek |  Sr. Systems
            Engineer    | ATS Group, LLC<o:p></o:p></span></p>
        <p class="MsoNormal" style="text-autospace:none"><span
            style="font-size:11.0pt">mobile 717.856.6901 | <a
              href="mailto:andy.wojnarek@TheATSGroup.com"
              moz-do-not-send="true"><span style="color:#0000E9">andy.wojnarek@TheATSGroup.com</span></a><o:p></o:p></span></p>
        <p class="MsoNormal"><span style="font-size:11.0pt"><a
              href="http://galileosuite.com/blog/"
              moz-do-not-send="true"><b><span
style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#6B006D">Galileo
                  Performance Explorer Blog</span></b></a></span><b><span
style="font-size:7.0pt;font-family:"Verdana",sans-serif;color:#535187"> Offers
              Deep Insights for Server/Storage Systems</span></b><o:p></o:p></p>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OpenStack-operators mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-operators@lists.openstack.org">OpenStack-operators@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>