[Openstack] Missing(?) keystone service catalog

Dolph Mathews dolph.mathews at gmail.com
Fri May 4 13:36:56 UTC 2012


Replied inline.

On Thu, May 3, 2012 at 6:08 PM, Nick Lothian <nick.lothian at gmail.com> wrote:

> (Replying to list this time... Is there a reason why the reply-to isn't
> set to the list?!)
>
> Is this really the case? Why does service-list require the admin port?
>

GET /services requires admin privileges because it's really a CRUD
operation on a small portion of the service catalog equation. End users can
simply auth and get endpoints for the services they have access to.


>
> Running against TryStack (note that I don't supply a tenant):
>

I'm assuming your user account has a default tenant defined in keystone...
because you don't explicitly provide a tenant, keystone can assume you want
to use your default tenant, and provide the corresponding service catalog.
Alternatively, you can call GET /tenants,  select an alternative (if any),
and explicitly auth for another tenant.


>
> $ curl -k -X 'POST' -v https://nova-api.trystack.org:5443/v2.0/tokens -d
> '{"aut
> h":{"passwordCredentials":{"username": <username>,
> "password":<password>}}}' -H 'Content-type: application/json'
>
>
> {"access": {"token": {"expires": "2012-05-04T23:01:56.797115", "id":
> <token>, "tenant": {"id": <tenant>, "name": <username>
> }}, "serviceCatalog": [{"endpoints": [{"adminURL": "
> https://nova-api.trystack.or
> g:9774/v1.1/929", "region": "RegionOne", "internalURL": "
> https://nova-api.trysta
> ck.org:9774/v1.1/<tenent>", "publicURL": "
> https://nova-api.trystack.org:9774/v1.1/929
> "}], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "
> https://GL <https://gl/>
> ANCE_API_IS_NOT_DISCLOSED/v1.1/ <tenent> ", "region": "RegionOne",
> "internalURL": "http
> s://GLANCE_API_IS_NOT_DISCLOSED/v1.1/ <tenent> ", "publicURL": "
> https://GLANCE_API_IS_N <https://glance_api_is_n/>
> OT_DISCLOSED/v1.1/ <tenent> "}], "type": "image", "name": "glance"},
> {"endpoints": [{"a
> dminURL": "https://nova-api.trystack.org:5443/v2.0", "region":
> "RegionOne", "int
> ernalURL": "https://keystone.thefreecloud.org:5000/v2.0", "publicURL":
> "https://
> keystone.thefreecloud.org:5000/v2.0"}], "type": "identity", "name":
> "keystone"}]
> , "user": {"id": <userid>, "roles": [{"tenantId":  <tenent> , "id": "2",
> "name": "Member
> "}], "name": <username>}}}
>
> On Fri, May 4, 2012 at 1:08 AM, Dolph Mathews <dolph.mathews at gmail.com>wrote:
>
>> "service-list" calls the admin API (port 35357), but the auth_url you
>> provided was port 5000. I don't think the current keystoneclient is smart
>> enough to try and switch to the correct endpoint. If you have an admin
>> role, switching to port 35357 should work for you.
>>
>> Additionally, you won't get a service catalog without also providing a
>> tenant, so that behavior is by design as well. Try --os_tenant_name or
>> --os_tenant_id if using the client, or providing "tenantName" or "tenantId"
>> in your "auth" object for curl.
>>
>> -Dolph
>>
>> On Wed, May 2, 2012 at 11:38 PM, Nick Lothian <nick.lothian at gmail.com>wrote:
>>
>>> I'm having some trouble using the Keystone API.
>>>
>>> When I run
>>>
>>> keystone --os_username=admin --os_password=password --os_auth_url=
>>> http://192.168.1.50:5000/v2.0/ service-list
>>>
>>> I get the following:
>>>
>>> No handlers could be found for logger "keystoneclient.v2_0.client"
>>> Unable to communicate with identity service: 404 Not Found
>>>
>>> The resource could not be found.
>>>
>>>    . (HTTP 404)
>>>
>>>
>>> The keystone log shows the following:
>>>
>>> (eventlet.wsgi.server): 2012-05-03 14:03:12,840 DEBUG wsgi write
>>> 192.168.1.50 - - [03/May/2012 14:03:12] "GET /v2.0/OS-KSADM/services
>>> HTTP/1.1" 404 176 0.008028
>>>
>>>
>>> Additionally, if I use curl to call the keystone API directly (as
>>> documented at http://keystone.openstack.org/api_curl_examples.html#id4)
>>> my whole serviceCatalog section is empty ("serviceCatalog": {})
>>>
>>> I am using a default devstack installation.
>>>
>>> What am I missing?
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack at lists.launchpad.net
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120504/dbd78da8/attachment.html>


More information about the Openstack mailing list