[Openstack] [keystone] can't not use file-based backend for catalog

Li, Chen chen.li at intel.com
Thu Mar 6 02:26:30 UTC 2014


That's the most strange part.

If I'm using
    [catalog]
    driver = keystone.catalog.backends.sql.Catalog

Everything is fine.

While I'm using file-based backend, even I'm using
    env |grep SERVICE
    SERVICE_ENDPOINT=http://host-keystone:35357/v2.0
    SERVICE_TOKEN=ADMIN

I get nothing from command "keystone endpoint-list"....


From: Remo Mattei [mailto:remo at italy1.com]
Sent: Thursday, March 06, 2014 10:22 AM
To: Li, Chen
Cc: openstack at lists.openstack.org
Subject: Re: [Openstack] [keystone] can't not use file-based backend for catalog

Well looks like it does send the endpoints back to you from keystone. but looks like it's using a token.
can you try a different user? Not sure if that user had access to the endpoints. Just a suggestions.

Remo
On Mar 5, 2014, at 6:15 PM, Li, Chen <chen.li at intel.com<mailto:chen.li at intel.com>> wrote:



keystone --debug endpoint-list

REQ: curl -i -X POST http://host-keystone:5000/v2.0/tokens -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient"
REQ BODY: {"auth": {"tenantName": "test", "passwordCredentials": {"username": "lichen", "password": "lichen"}}}

RESP: [200] {'date': 'Thu, 06 Mar 2014 02:14:28 GMT', 'content-type': 'application/json', 'content-length': '1897', 'vary': 'X-Auth-Token'}
RESP BODY: {"access": {"token": {"issued_at": "2014-03-06T02:14:28.417502", "expires": "2014-03-07T02:14:28Z", "id": "1a4f03fbec6a41ddbff76afe9d238f83", "tenant": {"description": null, "enabled": true, "id": "1e57be810f854bcdb73901567140ac48", "name": "test"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://host-cinder:8776/v1/1e57be810f854bcdb73901567140ac48", "region": "RegionOne", "publicURL": "http://host-cinder:8776/v1/1e57be810f854bcdb73901567140ac48", "internalURL": "http://host-cinder:8776/v1/1e57be810f854bcdb73901567140ac48"}], "endpoints_links": [], "type": "volume", "name": "Volume Service"}, {"endpoints": [{"adminURL": "http://host-glance:9292/v1", "region": "RegionOne", "publicURL": "http://host-glance:9292/v1", "internalURL": "http://host-glance:9292/v1"}], "endpoints_links": [], "type": "image", "name": "Image Service"}, {"endpoints": [{"adminURL": "http://host-nova:8774/v1.1/1e57be810f854bcdb73901567140ac48", "region": "RegionOne", "publicURL": "http://host-nova:8774/v1.1/1e57be810f854bcdb73901567140ac48", "internalURL": "http://host-nova:8774/v1.1/1e57be810f854bcdb73901567140ac48"}], "endpoints_links": [], "type": "compute", "name": "Compute Service"}, {"endpoints": [{"adminURL": "http://host-neutron:9696/", "region": "RegionOne", "publicURL": "http://host-neutron:9696/", "internalURL": "http://host-neutron:9696/"}], "endpoints_links": [], "type": "network", "name": "Network Service"}, {"endpoints": [{"adminURL": "http://host-keystone:35357/v2.0", "region": "RegionOne", "publicURL": "http://host-keystone:5000/v2.0", "internalURL": "http://host-keystone:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "Identity Service"}], "user": {"username": "lichen", "roles_links": [], "id": "dad121e464174060a4eb46c5fed019bf", "roles": [{"name": "admin"}], "name": "lichen"}, "metadata": {"is_admin": 0, "roles": ["1c3535acf43345acaa23b6b0c6955dfd"]}}}

REQ: curl -i -X GET http://host-keystone:35357/v2.0/endpoints -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: 1a4f03fbec6a41ddbff76afe9d238f83"
RESP: [200] {'date': 'Thu, 06 Mar 2014 02:14:28 GMT', 'content-type': 'application/json', 'content-length': '17', 'vary': 'X-Auth-Token'}
RESP BODY: {"endpoints": []}



From: Remo Mattei [mailto:remo at italy1.com]
Sent: Thursday, March 06, 2014 10:13 AM
To: Li, Chen
Cc: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: [Openstack] [keystone] can't not use file-based backend for catalog

Try to add -debug and see what it says..

Ciao

On Mar 5, 2014, at 6:08 PM, Li, Chen <chen.li at intel.com<mailto:chen.li at intel.com>> wrote:



Hi list,

I'm working under CentOS 6.4 + Havana.

I want to use the file based backend for keystone catalog.
But, after I configured that, when I run command "keystone service list" and "keystone endpoint-list", I get nothing.

Anyone know why this happened ???

I used to be successfully to this on Grizzly.


Thanks.
-chen

Here is my /etc/keystone/keystone.conf:
        [DEFAULT]
         [sql]
        connection = mysql://keystone:keystone@host-db/keystone

         [identity]

         [credential]

         [trust]

         [os_inherit]

         [catalog]
        driver = keystone.catalog.backends.templated.TemplatedCatalog
        template_file = /etc/keystone/default_catalog.templates

         [endpoint_filter]

         [token]
        driver = keystone.token.backends.memcache.Token

         [cache]
         [policy]
         [ec2]
         [assignment]
         [oauth1]
         [ssl]
         [signing]
        token_format = UUID

         [ldap]

         [auth]
        methods = external,password,token,oauth1
        password = keystone.auth.plugins.password.Password
        token = keystone.auth.plugins.token.Token
        oauth1 = keystone.auth.plugins.oauth1.OAuth

         [paste_deploy]



Here is my /etc/keystone/default_catalog.templates:
catalog.RegionOne.identity.publicURL = http://host-keystone:$(public_port)s/v2.0
catalog.RegionOne.identity.adminURL = http://host-keystone:$(admin_port)s/v2.0
catalog.RegionOne.identity.internalURL = http://host-keystone:$(public_port)s/v2.0
catalog.RegionOne.identity.name = Identity Service

catalog.RegionOne.compute.publicURL = http://host-nova:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.adminURL = http://host-nova:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.internalURL = http://host-nova:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.name = Compute Service

catalog.RegionOne.volume.publicURL = http://host-cinder:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.adminURL = http://host-cinder:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.internalURL = http://host-cinder:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.name = Volume Service


catalog.RegionOne.image.publicURL = http://host-glance:9292/v1
catalog.RegionOne.image.adminURL = http://host-glance:9292/v1
catalog.RegionOne.image.internalURL = http://host-glance:9292/v1
catalog.RegionOne.image.name = Image Service

catalog.RegionOne.network.publicURL = http://host-neutron:9696/
catalog.RegionOne.network.adminURL = http://host-neutron:9696/
catalog.RegionOne.network.internalURL = http://host-neutron:9696/
catalog.RegionOne.network.name = Network Service

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack


!DSPAM:1,5317d969231126667580840!

!DSPAM:1,5317db11233031001746282!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140306/3c975e0e/attachment.html>


More information about the Openstack mailing list