Nicolas,<div><br></div><div>It looks like that guide was written for the diablo (or perhaps pre-diablo) keystone API. The corrections you're suggesting are accurate to bring the guide forward to essex.</div><div><br></div>
<div>However, you might find the following a bit easier, as we now have a <a href="https://github.com/openstack/python-keystoneclient">real auth client</a>!</div><div><br></div><div>Start by using the keystoneclient to <a href="http://paste.openstack.org/raw/12219/">create an initial tenant and user to work with</a>. I'm using the default admin_token defined in keystone.conf and the default management endpoint (on port 35357).</div>
<div><br></div><div>Then, import the client in python:</div><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div>>>> from keystoneclient.v2_0 import client</div></div></blockquote>
<div><div><br></div><div>Initialize an instance with your credentials and the URL to your keystone endpoint:</div><div><br></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div>>>> c = client.Client(username='my-user', password='my-pass', tenant_name='my-tenant', auth_url='<a href="http://localhost:5000/v2.0/">http://localhost:5000/v2.0/</a>')</div>
</div></blockquote><div><div><br></div><div>That's it! You now have an token (i.e. X-Auth-Token) you can use to make requests to other OpenStack services:</div><div><br></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div><div>>>> print c.auth_token</div></div><div><div>3f52de2c8bcf46a8917bde1209a0448a</div></div></blockquote><div><div><br></div><div>There are also additional operations the client can perform, such as:</div><div>
<br></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div>>>> c.tenants.list()</div></div><div><div>[<Tenant {u'id': u'61133986e465492cb7214778432608cd', u'enabled': True, u'description': None, u'name': u'my-tenant'}>]</div>
</div></blockquote><div><div><br></div><div>... as well as full CRUD on tenants, users, roles, services, endpoints, etc (assuming you're using the keystone management endpoint & appropriate admin credentials).</div>
<div><br></div><div>Hope this is useful,</div><div><br></div><div>-Dolph</div><br><div class="gmail_quote">On Wed, Mar 28, 2012 at 2:10 AM, Nicolas Odermatt <span dir="ltr"><<a href="mailto:odermattn@gmail.com">odermattn@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Hello Anne</div><div><br></div><div>I am playing with the OpenStack API on my StackOps environment to get an idea of how to use it for scripts to programm some little scripts.</div>
<div>I read the documentation "Programming OpenStack Compute API - 1.1" and tried the code examples but at one specific script the machine threw me an error. The mentioned script is found in Chapter "2. The Basics" in the section "Using Python to Obtain the Authentication Token". If you copy-paste the script in a file, adjust the variables like username, password, etc. and then execute the file, you will receive a parse error from python:</div>
<div><br></div><div>"root@nova-controller:~# ./gettoken.py</div><div>{"badRequest": {"message": "Cannot parse auth", "code": "400", "details": "Expecting object: line 1 column 43 (char 43)"}}</div>
<div>Traceback (most recent call last):</div><div> File "./gettoken.py", line 41, in <module></div><div> apitoken = dd['auth']['token']['id']</div><div>KeyError: 'auth'"</div>
<div><br></div><div>This is due to the fact that line 39 tries to extract the api token from the response ['auth']['token']['id'], which rather ought to be ['access']['token']['id']</div>
<div><br></div><div>old: apitoken = dd['auth']['token']['id']</div><div>new: apitoken = dd['access']['token']['id']</div><div><br></div><div>As you might have noticed you receive an answer, which states "badRequest". From former experience with the API, I remembered that this means that there is something wrong with the credentials provided to keystone. I checked the params variable and realized that there was no information about the tenantid. Therefore I edited the line like this:</div>
<div><br></div><div>old:params = '{"passwordCredentials":{"username":osuser, "password":ospassword}}'</div><div>new: params = '{"auth":{"passwordCredentials":{"username": osuser, "password":"ospassword"}, "tenantId":ostenant}}'</div>
<div><br></div><div>After that the script worked like a charm. Could it be that this error only occurs on StackOps environments or is it a spelling error?</div><div><br></div><div>PS: I learned a lot from the "Programming OpenStack Compute API" documentation. Thank you very much for this superb how to!</div>
<div><br></div><div>Best regards,</div><div>Nicolas</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>-- </div><div>Freundliche Grüsse,</div><div>Nicolas Odermatt</div><div><br></div>
</font></span></div>
<br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div>