[Openstack] keystone: change from fernet tokens to uuid

magicboiz at hotmail.com magicboiz at hotmail.com
Fri May 20 16:18:45 UTC 2016


Hi Adam

What do you mean with "upgrade the Fuel code to use the V3 Keystone 
API"?? Afaik I'm running the latest FUEL distro released, which is fuel 
8.0....is there any new version available?

On 20/05/16 17:16, Adam Young wrote:
> On 05/20/2016 06:14 AM, magicboiz at hotmail.com wrote:
>> Hi
>>
>> I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL 
>> works with fernet tokens. Because I have an old app which only works 
>> with UUID, I have changed /etc/keyston/keyston.conf
>>
>> from:
>> [token]
>>          provider = keystone.token.providers.fernet.Provider
>>
>> to:
>> [token]
>>          provider = keystone.token.providers.uuid.Provider
>>
>> But now, I'm facing a strange behavior:
>>
>> as admin user, executing a simple "keystone user-list" doesn't work 
>> and shows this error:
>> /.................
>> RESP BODY: {"error": {"message": "Non-default domain is not supported 
>> (Disable debug mode to suppress these details.)", "code": 401, 
>> "title": "Unauthorized"}}
>> //.................//
>>
>> /Executing "openstack user list" also gets the same error:
>> /Non-default domain is not supported (Disable debug mode to suppress 
>> these details.) (HTTP 401) (Request-ID: 
>> req-8285b64d-353a-4188-949f-679bbfaa1114)/
>>
>> Also from Horizon dashboard, I cannot retrieve the user list.....
>
> PLeaase upgrade the Fuel code to use the V3 Keystone API.  It looks 
> like Fernet was forgiving on something it should not have been.  The 
> "non-default-domain" error is due to passing a non default domain 
> along with a V2 token.
>
>
>>
>>
>> But the funny/strange thing is that executing the same command 
>> through V3 indentity admin interface (/export 
>> OS_IDENTITY_API_VERSION=3/) it works:
>>
>> /root at node-1:~# openstack user list
>> +----------------------------------+-------------------+
>> | ID                               | Name              |
>> +----------------------------------+-------------------+
>> | 06c80b0440034f49a674bd0ef56385e1 | heat_admin        |
>> | 1b5ae288f1494efd91aa67cadd290939 | sahara            |
>> | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn          |
>> | 4722750675d6416082be67a7cf9b03c3 | murano            |
>> | 6b020f2c8328430b9bc71400e8a8b661 | cinder            |
>> | 958dd93f02614f38b4575c05833b0884 | heat              |
>> | 97c015a3d9b2432090992027fdb16e44 | ceilometer        |
>> | 9fb385d757324bc0a62b502f4c3ae67c | swift             |
>> | cc1395223fd74ea2aa59242fccb279de | admin             |
>> | dc325906c9b6446a801a9d4914472b51 | neutron           |
>> | df265ea710294923991a5d10006dd9cb | nova              |
>> | ebcf0d3439c143d098d95212fa587b6a | glance            |
>> | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user   |
>> +----------------------------------+-------------------+
>> /
>>
>> Anyone could help me?
>>
>> thanks in advance.
>> J
>>
>>
>> _______________________________________________
>> Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     :openstack at lists.openstack.org
>> Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160520/e6809d16/attachment.html>


More information about the Openstack mailing list