[Openstack] keystone: change from fernet tokens to uuid
Adam Young
ayoung at redhat.com
Fri May 20 21:59:02 UTC 2016
On 05/20/2016 12:18 PM, magicboiz at hotmail.com wrote:
> Hi Adam
>
> What do you mean with "upgrade the Fuel code to use the V3 Keystone
> API"?? Afaik I'm running the latest FUEL distro released, which is
> fuel 8.0....is there any new version available?
Not you, the Fuel developers.
>
> On 20/05/16 17:16, Adam Young wrote:
>> On 05/20/2016 06:14 AM, magicboiz at hotmail.com wrote:
>>> Hi
>>>
>>> I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL
>>> works with fernet tokens. Because I have an old app which only works
>>> with UUID, I have changed /etc/keyston/keyston.conf
>>>
>>> from:
>>> [token]
>>> provider = keystone.token.providers.fernet.Provider
>>>
>>> to:
>>> [token]
>>> provider = keystone.token.providers.uuid.Provider
>>>
>>> But now, I'm facing a strange behavior:
>>>
>>> as admin user, executing a simple "keystone user-list" doesn't work
>>> and shows this error:
>>> /.................
>>> RESP BODY: {"error": {"message": "Non-default domain is not
>>> supported (Disable debug mode to suppress these details.)", "code":
>>> 401, "title": "Unauthorized"}}
>>> //.................//
>>>
>>> /Executing "openstack user list" also gets the same error:
>>> /Non-default domain is not supported (Disable debug mode to suppress
>>> these details.) (HTTP 401) (Request-ID:
>>> req-8285b64d-353a-4188-949f-679bbfaa1114)/
>>>
>>> Also from Horizon dashboard, I cannot retrieve the user list.....
>>
>> PLeaase upgrade the Fuel code to use the V3 Keystone API. It looks
>> like Fernet was forgiving on something it should not have been. The
>> "non-default-domain" error is due to passing a non default domain
>> along with a V2 token.
>>
>>
>>>
>>>
>>> But the funny/strange thing is that executing the same command
>>> through V3 indentity admin interface (/export
>>> OS_IDENTITY_API_VERSION=3/) it works:
>>>
>>> /root at node-1:~# openstack user list
>>> +----------------------------------+-------------------+
>>> | ID | Name |
>>> +----------------------------------+-------------------+
>>> | 06c80b0440034f49a674bd0ef56385e1 | heat_admin |
>>> | 1b5ae288f1494efd91aa67cadd290939 | sahara |
>>> | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
>>> | 4722750675d6416082be67a7cf9b03c3 | murano |
>>> | 6b020f2c8328430b9bc71400e8a8b661 | cinder |
>>> | 958dd93f02614f38b4575c05833b0884 | heat |
>>> | 97c015a3d9b2432090992027fdb16e44 | ceilometer |
>>> | 9fb385d757324bc0a62b502f4c3ae67c | swift |
>>> | cc1395223fd74ea2aa59242fccb279de | admin |
>>> | dc325906c9b6446a801a9d4914472b51 | neutron |
>>> | df265ea710294923991a5d10006dd9cb | nova |
>>> | ebcf0d3439c143d098d95212fa587b6a | glance |
>>> | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
>>> +----------------------------------+-------------------+
>>> /
>>>
>>> Anyone could help me?
>>>
>>> thanks in advance.
>>> J
>>>
>>>
>>> _______________________________________________
>>> Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to :openstack at lists.openstack.org
>>> Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>>
>> _______________________________________________
>> Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to :openstack at lists.openstack.org
>> Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160520/1246e3a0/attachment.html>
More information about the Openstack
mailing list