Thanks Adam for clarifying the position of the ENVVARS: SERVICE_ENDPOINT and SERVICE_TOKEN.<br>There are a couple of issues I have with this though:<br><br>1) It's not clear that these are strictly over-riding envvars.<br>
2) The bug I've raised has been marked invalid - but I'd like to argue that this is a user-interface bug with the keystone client. If a user has an option to specify options on the command line in context with what he/she is doing - they shouldn't be overriden by an environment variable because that user is specifically trying to achieve the goal of authentication in those options. These should over-ride the environment variables because the user specifically put these on the command line to ensure there are no ambiguities.<br>
<br>I'd appreciate the thoughts on this and why this route was chosen, though.<br><br>Cheers,<br><br>Kev<br><br><div class="gmail_quote">On 9 March 2012 10:06, Kevin Jackson <span dir="ltr"><<a href="mailto:kevin@linuxservices.co.uk">kevin@linuxservices.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Ah, sorry - didn't make myself clear.<div><br></div><div>I tried both token and user/pass approaches separately to see if one approach worked and not another. They were giving the same response.</div>
<div><br></div><div>
Bug is <a href="https://bugs.launchpad.net/keystone/+bug/949904" target="_blank">https://bugs.launchpad.net/keystone/+bug/949904</a></div><div><br></div><div>Regards,</div><div><br></div><div>Kev<div><div class="h5"><br>
<br><div class="gmail_quote">On 8 March 2012 19:09, Adam Gandelman <span dir="ltr"><<a href="mailto:adamg@canonical.com" target="_blank">adamg@canonical.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hey Kevin-<br>
<br>
Some stuff in-line<div><br>
<br>
On 03/08/2012 06:08 AM, Kevin Jackson wrote:
<blockquote type="cite">Dear all,
<div>I've just installed Ubuntu 12.04 B1 with OpenStack from the
Ubuntu repos.</div>
<div><br>
</div>
<div>I've set up keystone as per: <a href="https://github.com/uksysadmin/OpenStackInstaller/blob/essex/keystone-services.sh" target="_blank">https://github.com/uksysadmin/OpenStackInstaller/blob/essex/keystone-services.sh</a>
(which I based on the <a href="http://keystone.openstack.org" target="_blank">keystone.openstack.org</a>
docs)</div>
</blockquote>
<br></div>
Thanks for the handy script!<div><br>
<br>
<blockquote type="cite">
<div>
<br>
</div>
<div>I have raised a bug under Keystone (though more than likely
this could be a Ubuntu specific bug from this version), but
reading on the mailing list, hints that others have gotten
further perhaps.</div>
</blockquote>
<br></div>
Bug #?<div><br>
<br>
<blockquote type="cite">
<div>
<br>
</div>
<div>On setting up my environment vars (SERVICE_ENDPOINT,
SERVICE_TOKEN) and trying --username and --password based auth
to keystone I can view my endpoints, list users, roles, etc.</div>
</blockquote>
<br></div>
I think you're confusing the two sets of credentials. Currently,
SERVICE_ENDPOINT + SERVICE_TOKEN are used to run admin commands
against keystone (user-list, endpoint-create, etc) With these set,
all commands are run in admin context against the admin URL
(ks_host:35357/v2.0/) User-level commands (catalog, token-get,
discover, etc) require regular user credentials passed and auth_url
set to the :5000/v2.0/ URL. I believe the SERVICE_ENDPOINT +
SERVICE_TOKEN environment variables override user-level credentials
in keystone client, so if you're setting both you'll be hitting the
admin URL which does not support the user-level stuff.<br>
<br>
I used your script to bootstrap a fresh keystone and things worked
as expected as long as the two user environments are kept isolated.<br>
<br>
HTH,<br>
Adam<br>
<br>
<br>
<br>
<blockquote type="cite"><div>
<div><br>
</div>
<div>On trying to do the following I get problems:</div>
<div><br>
</div>
<div>$ keystone discover</div>
<div>
<div>root@openstack2:/etc/keystone# keystone discover</div>
<div>No handlers could be found for logger
"keystoneclient.client"</div>
<div>No Keystone-compatible endpoint found</div>
</div>
<div><br>
</div>
<div>
<div>root@openstack2:/etc/keystone# keystone token-get</div>
<div>'Client' object has no attribute 'service_catalog'</div>
</div>
<div><br>
</div>
<div>
<div>root@openstack2:/etc/keystone# keystone catalog</div>
<div>'Client' object has no attribute 'service_catalog'</div>
</div>
<div><br>
</div>
<div>Any pointers in what I've done wrong will be super.</div>
<div><br>
</div>
<div>Cheers,</div>
<div><br>
</div>
<div>Kev</div>
<div>-- <br>
Kevin Jackson<br>
@itarchitectkev<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div><pre>_______________________________________________
Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a>
Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br>Kevin Jackson<br>@itarchitectkev<br>
</font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br>Kevin Jackson<br>@itarchitectkev<br>