[Openstack-operators] [Pike][Keystone] Multiple Keystone Endpoints?
Andy Wojnarek
andy.wojnarek at theatsgroup.com
Thu Oct 26 13:10:49 UTC 2017
Hi,
Is it possible to have both v2.0 and v3 endpoints for Keystone? I’m trying to integrate a backup software into Swift, and it requires Keystone 2.0. I added the new endpoints fine, but I’m getting authentication/authorization errors:
My Endpoints
gvicopnstk01:~ # openstack endpoint list | grep -i identity
| 08b3ba7072ed44df9e7c90e99f8e71d9 | regionOne | keystone | identity | True | internal | http://gvicopnstk01:35357/v2.0 |
| 55d52d6b6cb34d33979cd3c083416d44 | RegionOne | keystone | identity | True | internal | http://gvicopnstk01:5000/v3/ |
| 6b5958647c1744a78657f2c8089ee97d | RegionOne | keystone | identity | True | admin | http://gvicopnstk01:35357/v3/ |
| 70c939d2248f4845b1d0c9e8b7c7cf09 | regionOne | keystone | identity | True | admin | http://gvicopnstk01:35357/v2.0 |
| 7e4d1c794ed1432ca28ea60b947fdc7a | RegionOne | keystone | identity | True | public | http://gvicopnstk01:5000/v3/ |
| f46214dc916947d7a557a2e1b9dc65ca | regionOne | keystone | identity | True | public | http://gvicopnstk01:5000/v2.0 |
Using v2.0 AUTH_URL
gvicopnstk01:~ # export OS_AUTH_URL=http://gvicopnstk01:35357/v2.0
gvicopnstk01:~ # swift stat
Authorization Failure. Authorization failed: (http://gvicopnstk01:35357/v2.0/auth/tokens): The resource could not be found. (HTTP 404) (Request-ID: req-ff14bc2d-dbbd-41ed-b81e-73c9397ea1d0)
gvicopnstk01:~ # openstack endpoint list
Cannot use v2 authentication with domain scope
keystone-wsgi-public.log when application tries to hit 2.0 endpoint
2017-10-26 08:43:59.255 21561 WARNING oslo_log.versionutils [req-8eb530eb-b2da-466d-9e34-7508f70b7c73 - - - - -] Deprecated: authenticate of the v2 Authentication APIs is deprecated as of Mitaka in favor of a similar function in the v3 Authentication APIs and may be removed in T.
2017-10-26 08:43:59.714 21561 WARNING keystone.common.wsgi [req-8eb530eb-b2da-466d-9e34-7508f70b7c73 - - - - -] Authorization failed. The request you have made requires authentication. from 192.168.241.121: Unauthorized: The request you have made requires authentication.
2017-10-26 08:44:04.728 21558 INFO keystone.common.wsgi [req-2f98c106-9e97-4a7a-94e9-515f8b388001 - - - - -] POST http://192.168.241.114:5000/v2.0/tokens
2017-10-26 08:44:04.729 21558 WARNING oslo_log.versionutils [req-2f98c106-9e97-4a7a-94e9-515f8b388001 - - - - -] Deprecated: authenticate of the v2 Authentication APIs is deprecated as of Mitaka in favor of a similar function in the v3 Authentication APIs and may be removed in T.
2017-10-26 08:44:05.185 21558 WARNING keystone.common.wsgi [req-2f98c106-9e97-4a7a-94e9-515f8b388001 - - - - -] Authorization failed. The request you have made requires authentication. from 192.168.241.121: Unauthorized: The request you have made requires authentication.
2017-10-26 08:52:34.534 21557 INFO keystone.common.wsgi [req-fa71683e-d4a3-4656-8eea-421caa10f841 - - - - -] POST http://192.168.241.114:5000/v2.0/tokens
When the application tried with v3 it just bombed out, after I added the v2.0 endpoints it connects but says invalid username/password and it fails.
Do I need to now instruct Swift to use the v2.0 endpoint inside swift.conf?
Thanks,
Andrew Wojnarek | Sr. Systems Engineer | ATS Group, LLC
mobile 717.856.6901 | andy.wojnarek at TheATSGroup.com<mailto:andy.wojnarek at TheATSGroup.com>
Galileo Performance Explorer Blog<http://galileosuite.com/blog/> Offers Deep Insights for Server/Storage Systems
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20171026/9da19a2c/attachment.html>
More information about the OpenStack-operators
mailing list