-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot Get Openstack Identity v3 Calls Working #3758
Comments
Are you able to reproduce this using a DevStack setup (ideally Kilo)? If so, could you paste here the code you are using and I will try to reproduce from there and see what's going wrong. |
I appreciate the help. I am traveling right now so I do my have code. However I am connecting to a devstack server using irb. In addition I went against a year old open stack server. Both had similar results. I connected with Fog::Identity::Openstack.new attr. Attr had the username, password, region and URL to connect. Then I would call the projects collection identity.projects, which would fail. With excon debug on I would see the auth calls using v3 and the project call would be v2. I will send the code immediately. |
Using irb, I do the following steps: ENV['EXCON_DEBUG']=true
v3_attr = {
openstack_api_key: 'XXXXXXX',
openstack_userid: '9e170d146aab4760a516734e85f9886c',
openstack_region: 'RegionOne',
openstack_auth_url: 'http://XXX.XXX.XXX.XXX:5000/v3/auth/tokens'
}
v3_identity = Fog::Identity::OpenStack.new v3_attr
v3_identity.projects The project call returns a 404 HTTP error, because it is going to /v2.0/projects and not /v3/projects. In lib/fog/openstack core at line 364, the identity_url is set to the URL provided in the response to the second call of /v3/auth/tokens. It parses out the admin interface and uses it for follow-on calls, which use port 35357 and is pointing to v2.0 of the API. {
"endpoints": [
{
"region_id": "RegionOne",
"url": "http://XXX.XXX.XXX.XXX:5000/v2.0",
"region": "RegionOne",
"interface": "internal",
"id": "559862fa0cb54f60ab60efa2cd37a61a"
},
{
"region_id": "RegionOne",
"url": "http://XXX.XXX.XXX.XXX:35357/v2.0",
"region": "RegionOne",
"interface": "admin",
"id": "585611435cce434e82e7adda92a76d38"
},
{
"region_id": "RegionOne",
"url": "http://XXX.XXX.XXX.XXX:5000/v2.0",
"region": "RegionOne",
"interface": "public",
"id": "703cd0cc08b047ab9eeab982d767b38e"
}
],
"type": "identity",
"id": "676cb039d4234ab1ab1d08fe8d34e816",
"name": "keystone"
} I was looking at identity_v2 authentication process and it seems it would get me access to v3 of OpenStack, specially line 107 of lib/fog/openstack/identity_v2.rb, but I do not know why the authentication process was changed for v3. Any help is appreciated. |
As a note, I have tried this against a fresh install of the latest Devstack and a one year old version of Openstack. |
It's hard to determine which version of a service is in the catalog without calling the endpoint URL to get the metadata each time, which adds yet another call into an already chatty process. |
I'm seeing the exact same issue here - are you planning on addressing @dhague ? I may have some time to make a code change next week if not :) |
See: http://docs.openstack.org/developer/keystone/http-api.html#i-am-a-deployer We need to change the logic in the OpenStack core so it doesn't regex out a version number from the auth URL: https://github.com/fog/fog/blob/master/lib/fog/openstack/core.rb#L167 |
@seanhandley I am busy on other stuff for the next few weeks, but I do have it in my backlog to properly interrogate the metadata on the endpoint to get the API version instead of just regex-matching the URL |
Ok @dhague - sounds good. |
I had the same behaviour, please check if #3806 mitigates the problem. |
Closing in favor of fog/fog-openstack#54 |
I am trying to use identity v3, but it defaults back to v2. We pass in the /v3/auth/tokens URL and it authenticates correctly, but all calls go to the older v2 URL. During debugging, we turned on EXCON_DEBUG and noticed the code is switching to v2 based on the endpoints provided in server response. In the response there is no v3 endpoints. In the v2 code, @openstack_management_url is set to use the authentication URL as a base, which seems to drive future calls to v2 resources. Is there anything we need to do to get v3 identity to work properly?
The text was updated successfully, but these errors were encountered: