Open Stack

Hi,

Is it possible to have both v2.0 and v3 endpoints for Keystone? I’m trying to integrate a backup software into Swift, and it requires Keystone 2.0. I added the new endpoints fine, but I’m getting authentication/authorization errors:

My Endpoints
gvicopnstk01:~ # openstack endpoint list | grep -i identity
| 08b3ba7072ed44df9e7c90e99f8e71d9 | regionOne | keystone     | identity        | True    | internal  | http://gvicopnstk01:35357/v2.0                  |
| 55d52d6b6cb34d33979cd3c083416d44 | RegionOne | keystone     | identity        | True    | internal  | http://gvicopnstk01:5000/v3/                    |
| 6b5958647c1744a78657f2c8089ee97d | RegionOne | keystone     | identity        | True    | admin     | http://gvicopnstk01:35357/v3/                   |
| 70c939d2248f4845b1d0c9e8b7c7cf09 | regionOne | keystone     | identity        | True    | admin     | http://gvicopnstk01:35357/v2.0                  |
| 7e4d1c794ed1432ca28ea60b947fdc7a | RegionOne | keystone     | identity        | True    | public    | http://gvicopnstk01:5000/v3/                    |
| f46214dc916947d7a557a2e1b9dc65ca | regionOne | keystone     | identity        | True    | public    | http://gvicopnstk01:5000/v2.0                   |


Using v2.0 AUTH_URL
gvicopnstk01:~ # export OS_AUTH_URL=http://gvicopnstk01:35357/v2.0
gvicopnstk01:~ # swift stat
Authorization Failure. Authorization failed: (http://gvicopnstk01:35357/v2.0/auth/tokens): The resource could not be found. (HTTP 404) (Request-ID: req-ff14bc2d-dbbd-41ed-b81e-73c9397ea1d0)
gvicopnstk01:~ # openstack endpoint list
Cannot use v2 authentication with domain scope

keystone-wsgi-public.log when application tries to hit 2.0 endpoint
2017-10-26 08:43:59.255 21561 WARNING oslo_log.versionutils [req-8eb530eb-b2da-466d-9e34-7508f70b7c73 - - - - -] Deprecated: authenticate of the v2 Authentication APIs is deprecated as of Mitaka in favor of a similar function in the v3 Authentication APIs and may be removed in T.
2017-10-26 08:43:59.714 21561 WARNING keystone.common.wsgi [req-8eb530eb-b2da-466d-9e34-7508f70b7c73 - - - - -] Authorization failed. The request you have made requires authentication. from 192.168.241.121: Unauthorized: The request you have made requires authentication.
2017-10-26 08:44:04.728 21558 INFO keystone.common.wsgi [req-2f98c106-9e97-4a7a-94e9-515f8b388001 - - - - -] POST http://192.168.241.114:5000/v2.0/tokens
2017-10-26 08:44:04.729 21558 WARNING oslo_log.versionutils [req-2f98c106-9e97-4a7a-94e9-515f8b388001 - - - - -] Deprecated: authenticate of the v2 Authentication APIs is deprecated as of Mitaka in favor of a similar function in the v3 Authentication APIs and may be removed in T.
2017-10-26 08:44:05.185 21558 WARNING keystone.common.wsgi [req-2f98c106-9e97-4a7a-94e9-515f8b388001 - - - - -] Authorization failed. The request you have made requires authentication. from 192.168.241.121: Unauthorized: The request you have made requires authentication.
2017-10-26 08:52:34.534 21557 INFO keystone.common.wsgi [req-fa71683e-d4a3-4656-8eea-421caa10f841 - - - - -] POST http://192.168.241.114:5000/v2.0/tokens

When the application tried with v3 it just bombed out, after I added the v2.0 endpoints it connects but says invalid username/password and it fails.

Do I need to now instruct Swift to use the v2.0 endpoint inside swift.conf?

Thanks,
Andrew Wojnarek |  Sr. Systems Engineer    | ATS Group, LLC
mobile 717.856.6901 | andy.wojnarek at TheATSGroup.com<mailto:andy.wojnarek at TheATSGroup.com>
Galileo Performance Explorer Blog<http://galileosuite.com/blog/> Offers Deep Insights for Server/Storage Systems
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20171026/9da19a2c/attachment.html>