<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Dear colleagues,<br>
<br>
I have the following configuration of endpoints:<br>
<br>
<tt>$ openstack endpoint list --service identity<br>
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+<br>
| ID | Region | Service Name |
Service Type | Enabled | Interface |
URL |<br>
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+<br>
| 68a4eabc27474beeb6f08d986cca3263 | RegionOne | keystone |
identity | True | public |
<a class="moz-txt-link-freetext" href="http://controller-ext:5000/v3/">http://controller-ext:5000/v3/</a> |<br>
| 6fab7abe61e84463a05b4e58d8f7bb60 | RegionOne | keystone |
identity | True | internal |
<a class="moz-txt-link-freetext" href="http://controller:5000/v3/">http://controller:5000/v3/</a> |<br>
| eb378df5949046a49661dad3c887677f | RegionOne | keystone |
identity | True | admin |
<a class="moz-txt-link-freetext" href="http://controller:5000/v3/">http://controller:5000/v3/</a> |<br>
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+</tt><br>
<br>
and want to explicitly use public endpoint (calling controller-ext,
NOT controller) when doing API calls. Example of code:<br>
<br>
<pre style="background-color: rgb(255, 255, 255); font-family: "Menlo"; font-size: 9pt;">from keystoneauth1.identity import v3
from keystoneauth1 import session as authsession
from keystoneclient.v3 import client as identity
os_domain = 'default'
auth_url = '<a class="moz-txt-link-freetext" href="http://controller-ext:5000/v3">http://controller-ext:5000/v3</a>'
os_username = 'admin'
os_password = 'adminpass'
project_name = 'admin'
password = v3.Password(auth_url=auth_url,
username=os_username,
password=os_password,
user_domain_name=os_domain,<span style="font-style: italic;">
</span><span style="font-style: italic;"> </span>project_name=project_name,<span style="font-style: italic;">
</span><span style="font-style: italic;"> </span>project_domain_name=os_domain)<span style="font-style: italic;">
</span><span style="font-style: italic;">
</span>auth = authsession.Session(auth=password)
ks = identity.Client(session = auth)
for ep in ks.endpoints.list():
<span style="font-style: italic;"> </span>pass
</pre>
<br>
returns an error since it tries to call 'controller' (which is
internal address and isn't resolvable):<br>
<br>
<tt>keystoneauth1.exceptions.connection.ConnectFailure: Unable to
establish connection to
<a class="moz-txt-link-freetext" href="http://controller:5000/v3/endpoints?endpoint_filter=service_type&endpoint_filter=interface">http://controller:5000/v3/endpoints?endpoint_filter=service_type&endpoint_filter=interface</a>:
HTTPConnectionPool(host='controller', port=5000): Max retries
exceeded with url:
/v3/endpoints?endpoint_filter=service_type&endpoint_filter=interface
(Caused by
NewConnectionError('<urllib3.connection.HTTPConnection object
at 0x1063f1940>: Failed to establish a new connection: [Errno
8] nodename nor servname provided, or not known',))</tt><br>
<br>
The question is: are there ways to implicitly point to 'public' (and
whatever else) endpoint when working with identity service?<br>
<br>
Thank you.<br>
<br>
<pre class="moz-signature" cols="72">--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison</pre>
</body>
</html>