[openstack-dev] Barbican : Unable to authenticate with keystone V3 for Barbican curl command

Asha Seshagiri asha.seshagiri at gmail.com
Wed Apr 8 15:22:36 UTC 2015


Thanks a lot John for your response.
The issue was were working with keystone server which is SSL enabled and we
need to configure Barbican to provide clients side certificate.

Thanks and Regards,
Asha Seshagiri

On Tue, Apr 7, 2015 at 6:26 PM, John Wood <john.wood at rackspace.com> wrote:

>  Hello Asha,
>
>  Please following the steps in the pending CR [1]. That configures v3
> usage with Keystone, and if you use the Docker Keystone instance mentioned,
> it syncs the passwords with it as well. Note the need to execute the setup
> script noted to configure Keystone properly as well.
>
>  Thanks,
> John
>
>  [1]
> https://review.openstack.org/#/c/169114/2/doc/source/setup/keystone.rst
>
>   From: Asha Seshagiri <asha.seshagiri at gmail.com>
> Date: Tuesday, April 7, 2015 at 2:49 PM
> To: John Wood <john.wood at rackspace.com>
> Cc: openstack-dev <openstack-dev at lists.openstack.org>, "Reller, Nathan
> S." <Nathan.Reller at jhuapl.edu>, Douglas Mendizabal <
> douglas.mendizabal at RACKSPACE.COM>, "alee at redhat.com" <alee at redhat.com>,
> Paul Kehrer <paul.kehrer at RACKSPACE.COM>, Adam Harwell <
> adam.harwell at RACKSPACE.COM>, Alexis Lee <alexisl at hp.com>
> Subject: Re: Barbican : Unable to authenticate with keystone V3 for
> Barbican curl command
>
>   Thanks a lot John for your help and response.
>
>  I had followed the same set of instructions as given in the link 1
> initially changing the version to v3  , it did not work and hence followed
> with link 2 and is not working though.
>
>  The link 1 provided  below points to keystone v2 changes with barbican
>  and not v3
> [1]  http://docs.openstack.org/developer/barbican/setup/keystone.html .
> But in this link  2 for Integration keystone V3 with barbican we have to
> modify both the configuriation files
>   *barbican-api-paste.ini and barbican-admin-paste.ini* files . There are
> some changes in the filter and pipline names  names tied with v3
>
>  pipeline = keystone_v3_authtoken context apiapp
> .....
> [filter:keystone_v3_authtoken]
>
>  [2]
> https://github.com/cloudkeep/barbican/wiki/Integration-with-Keystone-V3-API
>
>  Could you please confirm that we need to follow the link 1 changing the
> version from v2 to v3 with only modification in *barbican-api-paste.ini
>  file and not **barbican-admin-paste.ini so that I can start looking into
> the issue with the changes mentioned in link1 alone.*
>
>  Thanks and Regards,
> Asha Seshagiri
>
> On Tue, Apr 7, 2015 at 2:08 PM, John Wood <john.wood at rackspace.com> wrote:
>
>>  Hello Asha,
>>
>>  We are in the process of migrating our documentation to Sphinx, so I’d
>> suggest following this link for Keystone configuration options [1].
>>
>>  I’d also note that a CR is pending with a bit more details to setup via
>> a Docker Keystone here [2].
>>
>>  Thanks,
>> John
>>
>>
>>  [1]  http://docs.openstack.org/developer/barbican/setup/keystone.html
>> [2]  https://review.openstack.org/#/c/169114/
>>
>>   From: Asha Seshagiri <asha.seshagiri at gmail.com>
>> Date: Tuesday, April 7, 2015 at 1:34 PM
>> To: openstack-dev <openstack-dev at lists.openstack.org>
>> Cc: John Wood <john.wood at rackspace.com>, "Reller, Nathan S." <
>> Nathan.Reller at jhuapl.edu>, Douglas Mendizabal <
>> douglas.mendizabal at RACKSPACE.COM>, "alee at redhat.com" <alee at redhat.com>,
>> Paul Kehrer <paul.kehrer at RACKSPACE.COM>, Adam Harwell <
>> adam.harwell at RACKSPACE.COM>, Alexis Lee <alexisl at hp.com>
>> Subject: Barbican : Unable to authenticate with keystone V3 for Barbican
>> curl command
>>
>>   Hi All ,
>>
>>  Could anyone please help me on this integration issue.
>> I am unable to authenticate with keystone V3  for Barbican curl command
>> .I have followed the procedure given in the following link :
>>
>>
>> https://github.com/cloudkeep/barbican/wiki/Integration-with-Keystone-V3-API
>>
>>  I was unable to authenticate with the keystone V3 even though the right
>> token was provided in the curl command
>> Please find the command to get the token and the curl command to post the
>> secret .
>>
>>  [root at keystone-versiontest ~]# openstack --insecure token issue *(Command
>> to get token from keystone v3)*
>>  +------------+----------------------------------+
>> | Field      | Value                            |
>> +------------+----------------------------------+
>> | expires    | 2015-04-07T18:26:13.835641Z      |
>> |* id         | f28b93f27cce4bc09f9ac50d84bde736 |*
>> | project_id | 9d37f9ecc481422aa8ab53674cb82410 |
>> | user_id    | e7d02ed8e7e64b01a1d66bb86ffa90d8 |
>> +------------+----------------------------------+
>>
>>  [root at keystone-versiontest ~]# curl -X POST -H
>> 'content-type:application/json' -H 'X-Project-Id:12345' \
>> > -H "X-Auth-Token:*f28b93f27cce4bc09f9ac50d84bde736*" -d '{"payload":
>> "my-secret-here", "payload_content_type": "text/plain"}'
>> http://localhost:9311/v1/secrets
>> *Authentication required*[root at keystone-versiontest ~]#
>>
>>  The contents of the admin.opensrc file is as given below :
>>
>>  [root at keystone-versiontest ~]# cat admin.openrc
>> export OS_USERNAME=admin
>> export OS_TENANT_NAME=admin
>> export OS_PASSWORD=admin
>> export OS_AUTH_URL=https://169.54.204.69:35357/v3
>> export OS_REGION_NAME=RegionOne
>> export OS_IDENTITY_API_VERSION=3
>> export OS_USER_DOMAIN_ID=default
>> export OS_PROJECT_DOMAIN_ID=default
>>
>>
>>  And also I have attached the  barbican-api-paste.ini and
>> barbican-admin-paste.ini files.
>>
>>  I would like to know why the curl command for posting the secret is not
>> geting authenticated with Keystone V3
>>
>>  Any help would highly be appreciated.
>> --
>>   *Thanks and Regards,*
>> *Asha Seshagiri*
>>
>
>
>
>  --
>  *Thanks and Regards,*
> *Asha Seshagiri*
>



-- 
*Thanks and Regards,*
*Asha Seshagiri*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150408/3e5572ad/attachment-0001.html>


More information about the OpenStack-dev mailing list