[openstack-dev] [Fuel] using keystone client in fuel master node
Andrew Woodward
xarses at gmail.com
Tue Oct 21 22:14:02 UTC 2014
Using the keystone client is currently quite painful for fuel. For
example getting tokens from a fuel env when auth required (which is
needed if we want to use curl or other clients) is currently quite a
mess.
In order to get a token you can
> python <<EOF
> from fuelclient.client import Client
> print Client().auth_token
> EOF
or attempt to use the keystone client
cat /etc/fuel/client/config.yaml
>
> SERVER_ADDRESS: "10.108.0.2"
> SERVER_PORT: "8000"
> KEYSTONE_USER: "admin"
> KEYSTONE_PASS: "admin"
> KEYSTONE_PORT: "5000"
export OS_AUTH_URL="http://10.108.0.2:8000/keystone/v2.0"
# where did the auth url come from ? [1]
# alternatly its also at http://10.108.0.2:5000/v2.0/
export OS_USERNAME="admin"
export OS_PASSWORD="admin"
export OS_TENANT_NAME="admin"
keystone token-get
>
> WARNING:keystoneclient.httpclient:Failed to retrieve management_url from token
> +-----------+----------------------------------+
> | Property | Value |
> +-----------+----------------------------------+
> | expires | 2014-10-21T00:08:52Z |
> | id | 4acbc25ee95947e9adeafedecc2f8e31 |
> | tenant_id | 8bd09f40faec4112864b23c6a03ac3bd |
> | user_id | ca080c124b8943678e0f1edc6a92b8e2 |
> +-----------+----------------------------------+
[1] https://github.com/stackforge/fuel-web/blob/master/fuelclient/fuelclient/client.py#L55
As we extend our usage of keystone to include other data in the
endpoints / catalog, it becomes more and more relevant for us to
consume the auth information the same way as is done for the other
openstack clients.
To this end, I think we should be using the same parameters and
patterns as in openstack. This will help admins be familiar with
openstack tools, and enable us to use the same methods across multiple
clients.
Fuel client should be changed to take the same options --os-username,
--os-password, etc... as well as accept the environment variables that
correlate with them, This would also allow us to bring openrc onto the
fuel master, and unify getting credentials to the various clients.
Later on, I think we should be adding the fuel url to the endpoint's
data so that we can use the client only with the auth url like the
openstack clients. It would also allow us to set the fuel endpoint in
deployed clouds so that the fuel node could be easily found later.
--
Andrew
Mirantis
Ceph community
More information about the OpenStack-dev
mailing list