[Openstack-operators] Kilo keystone v3 and multi-domain identity backend help
Robert Plestenjak
robert.plestenjak at xlab.si
Mon Oct 26 15:33:26 UTC 2015
Hello,
I'm trying to setup multi-domain identity backend on Kilo
I've hit a wall with admin role assignment to 'cloud_admin' user.
With password authentication:
openstack --verbose --os-identity-api-version 3 \
--os-auth-url http://xx.xx.xx.xx:35357/v3 \
--os-username admin \
--os-auth-type password \
--os-user-domain-name default \
--os-project-domain-name default \
--os-project-name admin \
role add --domain admin_domain admin --user cloud_admin admin
INFO: openstackclient.shell command: <none> -> openstackclient.identity.v3.role.AddRole
Password:
INFO: openstackclient.common.clientmanager Using auth plugin: password
ERROR: openstack The request you have made requires authentication. (HTTP 401) (Request-ID: req-18db4cfa-41c2-4470-a8d5-a300bc13142e)
With token_endpoint authentication:
openstack --verbose --os-identity-api-version 3 \
--os-url http://xx.xx.xx.xx:35357/v3 \
--os-token xxxxxxxxx \
role add --domain admin_domain --user cloud_admin admin
INFO: openstackclient.shell command: <none> -> openstackclient.identity.v3.role.AddRole
INFO: openstackclient.common.clientmanager Using auth plugin: token_endpoint
ERROR: openstack The request you have made requires authentication. (HTTP 401) (Request-ID: req-15002bd3-c959-4b32-bd28-2c50f8e9071c)
I can list roles, users, domains without problem (on default and admin_domain). Anyone have any suggestion how to proceed?
Regards,
Robert Plestenjak
More information about the OpenStack-operators
mailing list