Using keystone (queens) I don't know how to set up oslo config properly #6
Comments
|
Hi @oriolrius Please can you confirm if your config file contains "auth_pot = 80" as seen above or if it is "auth_port = 80". If you config file does not contain this typo or if fixing the typo does not work please let me know and I'll spin up a Queens keystone server and do some troubleshooting to identify the root cause. Best Regards, Rob |
|
Solved my syntax error, thanks Rob. But anyway the result and behavior
is the, I mean the same error at the end. Ideas?
Regards.
Oriol
…------ Original Message ------
From: "Robert Putt" <notifications@github.com>
To: "Rackspace-DOT/flask_keystone" <flask_keystone@noreply.github.com>
Cc: "Oriol Rius" <oriol.rius@gmail.com>; "Mention"
<mention@noreply.github.com>
Sent: 2018-04-19 19:29:06
Subject: Re: [Rackspace-DOT/flask_keystone] Using keystone (queens) I
don't know how to set up oslo config properly (#6)
Hi @oriolrius <https://github.com/oriolrius>
Please can you confirm if your config file contains "auth_pot = 80" as
seen above or if it is "auth_port = 80". If you config file does not
contain this typo or if fixing the typo does not work please let me
know and I'll spin up a Queens keystone server and do some
troubleshooting to identify the root cause.
Best Regards,
Rob
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABj2UTo_nLSomeTesvAXR8zbLzXlEYbaks5tqMligaJpZM4TcIZz>.
|
|
Hi @oriolrius, Please can you clarify...
This should hopefully help me narrow down the problem. Best Regards, Rob |
|
Hi Rob, thanks for your feedback. After trying changes you recommended
the error is the same and what I have is:
test.py:
`from flask import Flask
from flask_keystone import FlaskKeystone
from flask_oslolog import OsloLog
key = FlaskKeystone()
log = OsloLog()
def create_app(app_name):
app = Flask(__name__)
key.init_app(app)
log.init_app(app)
return app
if __name__ == "__main__": # pragma: nocover
app = create_app(app_name=__name__)
app.run(host="0.0.0.0", port=5000)`
oslo_config.ini:
`[DEFAULT]
debug=True
log_file=flask.log
auth_strategy=keystone
[keystone_authtoken]
www_authenticate_uri=http://localhost/v3
identity_uri=http://localhost/v3
auth_url=http://localhost/v3
auth_port=80
project_domain_name=Default
project_name=services
user_domain_name=Default
password=x
username=root
auth_type=password
region_name=system
admin_password=root
admin_user=root
auth_version=3.0
auth_protocol=http
[rax_access]
roles = your_keystone_role:your_flask_role`
I use the command: python test.py --config-file oslo_config.ini
and log output after requesting / is:
`2018-04-20 00:33:18.300 19197 WARNING keystonemiddleware.auth_token [-]
AuthToken middleware is set with
keystone_authtoken.service_token_roles_required set to False. This is
backwards compatible but deprecated behaviour. Please set this to True.
2018-04-20 00:33:18.301 19197 WARNING keystonemiddleware.auth_token [-]
Use of the auth_admin_prefix, auth_host, auth_port, auth_protocol,
identity_uri, admin_token, admin_user, admin_password, and
admin_tenant_name configuration options was deprecated in the Mitaka
release in favor of an auth_plugin and its related options. This class
may be removed in a future release.
2018-04-20 00:33:18.301 19197 WARNING keystonemiddleware.auth_token [-]
Configuring admin URI using auth fragments was deprecated in the Kilo
release, and will be removed in the Newton release, use 'identity_uri\
instead.
2018-04-20 00:33:18.303 19197 WARNING keystonemiddleware.auth_token [-]
Configuring www_authenticate_uri to point to the public identity
endpoint is required; clients may not be able to authenticate against an
admin endpoint
2018-04-20 00:33:18.307 19197 INFO werkzeug [-] * Running on
http://0.0.0.0:5000/ (Press CTRL+C to quit)
2018-04-20 00:33:23.041 19197 WARNING keystonemiddleware.auth_token [-]
Using the in-process token cache is deprecated as of the 4.2.0 release
and may be removed in the 5.0.0 release or the 'O' development cycle.
The in-process cache causes inconsistent results and high memory usage.
When the feature is removed the auth_token middleware will not cache
tokens by default which may result in performance issues. It is
recommended to use memcache for the auth_token token cache by setting
the memcached_servers option.
2018-04-20 00:33:23.044 19197 CRITICAL keystonemiddleware.auth_token [-]
Unable to validate token: Unable to establish connection to
https://127.0.0.1:35357: HTTPSConnectionPool(host='127.0.0.1',
port=35357): Max retries exceeded with url: / (Caused by
NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object
at 0x7faff9a74a90>: Failed to establish a new connection: [Errno 111]
Connection refused',)): ConnectFailure: Unable to establish connection
to https://127.0.0.1:35357: HTTPSConnectionPool(host='127.0.0.1',
port=35357): Max retries exceeded with url: / (Caused by
NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object
at 0x7faff9a74a90>: Failed to establish a new connection: [Errno 111]
Connection refused',))
2018-04-20 00:33:23.044 19197 INFO flask_oslolog.middleware [-]
127.0.0.1 - - "GET /" status: 503 len: 212
2018-04-20 00:33:23.045 19197 INFO werkzeug [-] 127.0.0.1 - -
[20/Apr/2018 00:33:23] "GET / HTTP/1.1" 503 -`
…------ Original Message ------
From: "Robert Putt" <notifications@github.com>
To: "Rackspace-DOT/flask_keystone" <flask_keystone@noreply.github.com>
Cc: "Oriol Rius" <oriol.rius@gmail.com>; "Mention"
<mention@noreply.github.com>
Sent: 2018-04-19 23:47:37
Subject: Re: [Rackspace-DOT/flask_keystone] Using keystone (queens) I
don't know how to set up oslo config properly (#6)
Hi @oriolrius <https://github.com/oriolrius>,
Please can you clarify...
Are you using Flask_Keystone in conjunction with Flask_OsloLog
https://github.com/Rackspace-DOT/flask_oslolog ?Are you calling your
Python Flask App with the --config-file argument and the path to your
config file? < if not it will default to the default config defined in
keystoneauth1 package opts, which looks similar to the values outputted
in your log.Did the log output change at all after updating your config
file?
This should hopefully help me narrow down the problem.
Best Regards,
Rob
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABj2UTwKPKszzisEC8iQxBCI3UnPvqyUks5tqQX5gaJpZM4TcIZz>.
|
|
Hi @oriolrius Thanks for the info & patience, I will spin up a test environment tomorrow and checkout these symptoms and either create a fix or advise further. Best Regards, Rob |
|
Hi @oriolrius, Just a quick update, I can confirm I am able to replicate the issue with a Queens Keystone installation, I will investigate accordingly and report back. Best Regards, Rob |
|
Hi @oriolrius, Unfortunately it looks like we got the documentation in the README.md file incorrect... Please can you try updating your app to look something like the following: It seems the config file in the args is not parsed by default with Oslo Config and it must be initiated as so, also it appears Flask_OsloLog is a requirement to use Flask_Keystone, and must be initiated before Flask_Keystone. After running this app such as python init.py --config-file /Users/robe8437/Documents/Python/workspace/queens_flask_keystone/config 2018-04-20 14:38:35.818 28418 WARNING oslo_config.cfg [-] Option "auth_plugin" from group "keystone_authtoken" is deprecated. Use option "auth_type" from group "keystone_authtoken". We can get a token from our Queen's keystone instance... openstack token issue and make a CURL request... curl -X GET \
If we use an incorrect or no token... curl -X GET http://localhost:8080 and we can see the requests in the Flask application's log... 2018-04-20 14:39:25.579 28421 INFO werkzeug [-] 127.0.0.1 - - [20/Apr/2018 14:39:25] "GET / HTTP/1.1" 200 - Here is my config file... [keystone_authtoken] Please let me know if this fixes it and I will update the documentation / examples accordingly. Best Regards, Rob |
|
Great, now it works!!!! a lot of thanks XD
I appreciate your support, a lot of thanks.
Oriol
…------ Original Message ------
From: "Robert Putt" <notifications@github.com>
To: "Rackspace-DOT/flask_keystone" <flask_keystone@noreply.github.com>
Cc: "Oriol Rius" <oriol.rius@gmail.com>; "Mention"
<mention@noreply.github.com>
Sent: 2018-04-20 15:42:38
Subject: Re: [Rackspace-DOT/flask_keystone] Using keystone (queens) I
don't know how to set up oslo config properly (#6)
Hi @oriolrius <https://github.com/oriolrius>,
Unfortunately it looks like we got the documentation in the README.md
file incorrect... Please can you try updating your app to look
something like the following:
import os
from flask import Flask
from flask import Blueprint
from flask_keystone import FlaskKeystone
from flask_oslolog import OsloLog
from oslo_config import cfg
key = FlaskKeystone()
log = OsloLog()
my_bp = Blueprint("my_bp", __name__)
@my_bp.route('/')
def index():
return "Hello World"
def create_app(app_name):
config_file = os.environ.get(
"MY_APP_CONFIG",
"/etc/my_app/my_app.conf")
conf = cfg.CONF
conf(default_config_files=[config_file])
app = Flask(app_name)
log.init_app(app)
key.init_app(app)
app.register_blueprint(my_bp)
return app
if __name__ == "__main__":
app = create_app(app_name=__name__)
app.run(host='0.0.0.0', port=8080, threaded=True, debug=True)
It seems the config files is not parsed by default with Oslo Config and
it must be initiated as so, also it appears Flask_OsloLog is a
requirement to use Flask_Keystone.
After running this app such as
python init.py --config-file
/Users/robe8437/Documents/Python/workspace/queens_flask_keystone/config
2018-04-20 14:38:35.818 28418 WARNING oslo_config.cfg [-] Option
"auth_plugin" from group "keystone_authtoken" is deprecated. Use option
"auth_type" from group "keystone_authtoken".
2018-04-20 14:38:35.827 28418 WARNING keystonemiddleware.auth_token [-]
Configuring www_authenticate_uri to point to the public identity
endpoint is required; clients may not be able to authenticate against
an admin endpoint
2018-04-20 14:38:35.841 28418 INFO werkzeug [-] * Running on
http://0.0.0.0:8080/ (Press CTRL+C to quit)
2018-04-20 14:38:35.842 28418 INFO werkzeug [-] * Restarting with stat
2018-04-20 14:38:36.613 28421 WARNING oslo_config.cfg [-] Option
"auth_plugin" from group "keystone_authtoken" is deprecated. Use option
"auth_type" from group "keystone_authtoken".
2018-04-20 14:38:36.623 28421 WARNING keystonemiddleware.auth_token [-]
Configuring www_authenticate_uri to point to the public identity
endpoint is required; clients may not be able to authenticate against
an admin endpoint
2018-04-20 14:38:36.634 28421 WARNING werkzeug [-] * Debugger is
active!
2018-04-20 14:38:36.647 28421 INFO werkzeug [-] * Debugger PIN:
243-941-897
We can get a token from our Queen's keystone instance...
openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-04-20T14:35:16+0000 |
| id |
gAAAAABa2eyUmyPXmCrp-71hgqNPvsymlJBJlyRAoan84hm7iew7Ml8EBIKvbEmRTjlhR9OjyLD4GG6akee4x9TqCddxGuA5y9u1c7Pk9s9CmHagDhj2rEQNilATtw8T5YVoK6PbHl4aLEgznAL9lZG13MEzR2GKSkYBG5rWFpknNivwaX057zQ
|
| project_id | 7940dda1c763402c8f38a27bac33e5aa |
| user_id | 92beef137dac45299f75243affacfd6a |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
and make a CURL request...
curl -X GET \
>http://localhost:8080/
>-H 'x-auth-token:
>gAAAAABa2eyUmyPXmCrp-71hgqNPvsymlJBJlyRAoan84hm7iew7Ml8EBIKvbEmRTjlhR9OjyLD4GG6akee4x9TqCddxGuA5y9u1c7Pk9s9CmHagDhj2rEQNilATtw8T5YVoK6PbHl4aLEgznAL9lZG13MEzR2GKSkYBG5rWFpknNivwaX057zQ'
>Hello World
>
If we use an incorrect or no token...
curl -X GET http://localhost:8080
{"error": {"code": 401, "title": "Unauthorized", "message": "The
request you have made requires authentication."}}
and we can see the requests in the Flask application's log...
2018-04-20 14:39:25.579 28421 INFO werkzeug [-] 127.0.0.1 - -
[20/Apr/2018 14:39:25] "GET / HTTP/1.1" 200 -
2018-04-20 14:39:59.349 28421 INFO werkzeug [-] 127.0.0.1 - -
[20/Apr/2018 14:39:59] "GET / HTTP/1.1" 401 -
Here is my config file...
[keystone_authtoken]
auth_plugin = password
auth_url = http://********:80/
username = admin
user_domain_id = default
password = *******
project_name = admin
project_domain_id = default
Please let me know if this fixes it and I will update the documentation
/ examples accordingly.
Best Regards,
Rob
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABj2US0D21zOWYc7QOGQjFyNNtz_oIFvks5tqeXOgaJpZM4TcIZz>.
|
|
Thanks for confirming this functions as expected, I'll update the README.md to reflect this implementation rather than the current sample. |
|
README.md is still incorrect, @robputt's instructions above are still required for flask_keystone to work. |
Hi, firstly thanks for your project it seems really interesting I'm just trying to set up the "hello world". Having keystone (queens) running on localhost port 80 and working properly with python-keystoneclient, using the REST API and CLI. I don't find the way to configure oslo.config properly.
Current oslo config configuration that I use:
`[DEFAULT]
auth_strategy=keystone
[keystone_authtoken]
www_authenticate_uri= http://localhost/v3
identity_uri = http://localhost/v3
auth_url = http://localhost/v3
auth_pot = 80
project_domain_name = Default
project_name = services
user_domain_name = Default
password = xxx
username = root
auth_type = password
region_name = system
interface = internal
admin_password = xxx
admin_user = root
[rax_access]
roles = your_keystone_role:your_flask_role`
My flask server has only this code:
`from flask import Flask
from flask_keystone import FlaskKeystone
key = FlaskKeystone()
def create_app(app_name):
app = Flask(name)
key.init_app(app)
if name == "main": # pragma: nocover
app = create_app(app_name=name)
app.run(host="0.0.0.0", port=5000)`
and I run the server using, just: python test.py
When I try to use a valid token in my query it says:
2018-04-19 18:35:58.936 10435 WARNING keystonemiddleware.auth_token [-] Using the in-process token cache is deprecated as of the 4.2.0 release and may be removed in the 5.0.0 release or the 'O' development cycle. The in-process cache causes inconsistent results and high memory usage. When the feature is removed the auth_token middleware will not cache tokens by default which may result in performance issues. It is recommended to use memcache for the auth_token token cache by setting the memcached_servers option. 2018-04-19 18:35:58.939 10435 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Unable to establish connection to https://127.0.0.1:35357: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f2cc10f6c90>: Failed to establish a new connection: [Errno 111] Connection refused',)): ConnectFailure: Unable to establish connection to https://127.0.0.1:35357: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f2cc10f6c90>: Failed to establish a new connection: [Errno 111] Connection refused',)) 2018-04-19 18:35:58.940 10435 INFO werkzeug [-] 127.0.0.1 - - [19/Apr/2018 18:35:58] "GET / HTTP/1.1" 503 -I don't know how to configure oslo properly, it always fails and try to connect to admin port when my admin port is 80 not 35357.
A lot of thanks in advance for your help.
Best regards.
Oriol
The text was updated successfully, but these errors were encountered: