Getting project id list

[orkungedik]

Hi,

Framework calls "/identity/projects" instead of "/identity/v3/projects" URL while pulling project list on Devstack. As a result of it, Code generates "HTTP/404" error;

2017-11-09 16:30:58 DEBUG headers:268 - >> GET /identity/projects HTTP/1.1
2017-11-09 16:30:58 DEBUG headers:271 - >> X-Auth-Token: gAAAAABaBFiF23ocQqebLuHvqoosk_rQnnQY7DZsrFr-Z7avkF6ASckUmdGpI9EryR-aMoY6KB1husyvnlcyT700dnKkALvVEItX5Uw2I5dZbkTJskh62jRlrwpGl4lKTK9dPfxwcN6EhvSBQK5xlE7AXr5wTS1gxV0WEx5Zd-pWsj0STmYJxvw
2017-11-09 16:30:58 DEBUG headers:271 - >> User-Agent: OpenStack4j / OpenStack Client
2017-11-09 16:30:58 DEBUG headers:271 - >> Host: 10.0.0.1
2017-11-09 16:30:58 DEBUG headers:271 - >> Connection: Keep-Alive
2017-11-09 16:30:58 DEBUG wire:63 - << "HTTP/1.1 404 Not Found[\r][\n]"
2017-11-09 16:30:58 DEBUG wire:63 - << "Date: Thu, 09 Nov 2017 13:30:52 GMT[\r][\n]"
2017-11-09 16:30:58 DEBUG wire:63 - << "Server: Apache/2.4.18 (Ubuntu)[\r][\n]"
2017-11-09 16:30:58 DEBUG wire:63 - << "Vary: X-Auth-Token[\r][\n]"
2017-11-09 16:30:58 DEBUG wire:63 - << "Content-Type: application/json[\r][\n]"
2017-11-09 16:30:58 DEBUG wire:63 - << "Content-Length: 134[\r][\n]"
2017-11-09 16:30:58 DEBUG wire:63 - << "Connection: close[\r][\n]"

Please find the code below;

_openstackclientv3 = OSFactory.builderV3() .endpoint("http://10.0.0.1/identity/v3") .credentials("admin","password",Identifier.byName("default")) .authenticate();

List<? extends Project> projectList = _openstackclientv3.identity().projects().list();

What may cause the problem?

Thank you for your support. Orkun Gedik

[auhlig]

I guess the URL for the identity service in the token catalog is missing the /V3 suffix.

[orkungedik]

Hi Auhlig,

I replaced variables in keystone.conf;

admin_endpoint = http://10.35.45.105/identity
public_endpoint = http://10.35.45.105/identity

with

admin_endpoint = http://10.35.45.105/identity/v3
public_endpoint = http://10.35.45.105/identity/v3

But nothing have been changed on OpenStack4J call. System still generates same URL ("/identity/projects") as previous. On the other hand, after I changed variables on keystone.conf, I am not able to execute "openstack project list" command at the OS terminal, because of the system try to get data from "http://10.0.0.1/identity/v3/v3/auth/tokens" with double "/v3".

PS: I was able to execute "openstack project list" command before I modify keystone.conf with adding "/v3"

Do you have further suggestion?

Best regards,

Orkun Gedik

[orkungedik]

I awared that if I have been authenticated by the code, below and do not set default project to the admin user on OpenStack console, system call correct "/identity/v3/projects" URL.

_openstackclientv3 = OSFactory.builderV3()
 .endpoint("http://10.0.0.1/identity/v3")
 .credentials("admin","password",Identifier.byName("default"))
 .authenticate();

But this time, it generates HTTP 403 authorization error, even though the credentials are correct.

What may cause the problem?

Best regards, Orkun Gedik

[auhlig]

The URL you provide initially is only used for authentication. After that the URL of the identity service in the token catalog is used. It should be http(s)://<fqdn>:<port>/v3. There's still something wrong with that.

[orkungedik]

Hi Auhlig,

I double check the configuration, but I couldn't find a configuration problem on Devstack. I am able to call the following command without any problem on Phyton CLI. Something going wrong with with/after the authentication on Openstack4J while calling remote function on Openstack API interface;

Environment: export OS_IDENTITY_API_VERSION=3 export OS_PASSWORD=password export OS_AUTH_TYPE=password export OS_AUTH_URL=http://10.0.0.1/identity/v3 export OS_USERNAME=admin

Command openstack project list

Additionally, no need to authenticate on Phyton classes with project id or scope id as required on OpenStack4J.

I can send you --debug output to you if you would like.

Best regards,

Orkun Gedik

[orkungedik]

No luck;

2017-11-13 17:52:52 DEBUG PoolingHttpClientConnectionManager:326 - Connection released: [id: 0][route: {}->http://10.35.45.105:80][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20] 2017-11-13 17:52:52 DEBUG i18n:50 - Interceptor Context: org.jboss.resteasy.core.interception.jaxrs.ClientReaderInterceptorContext, Method : proceed 2017-11-13 17:52:52 DEBUG i18n:983 - MessageBodyReader: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey 2017-11-13 17:52:52 DEBUG i18n:55 - MessageBodyReader: com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider

2017-11-13 17:52:57 DEBUG HttpExecutor:50 - Executing Request: http://10.35.45.105/identity -> /projects

2017-11-13 17:52:57 DEBUG i18n:117 - Interceptor Context: org.jboss.resteasy.core.interception.jaxrs.ClientWriterInterceptorContext, Method : proceed 2017-11-13 17:52:57 DEBUG i18n:1961 - MessageBodyWriter: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey 2017-11-13 17:52:57 DEBUG i18n:123 - MessageBodyWriter: com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider 2017-11-13 17:52:57 DEBUG RequestAddCookies:123 - CookieSpec selected: default 2017-11-13 17:52:57 DEBUG RequestAuthCache:77 - Auth cache not set in the context

[auhlig]

Unit and integration tests are green. So I don't think it's a general issue and the root cause must be in your setup. Again: Take a look at the service catalog you receive on initial authentication. I guess the URL pointing to keystone is wrong. Or maybe you have multiple keystone services defined there. That might also confuse our discovery.

[orkungedik]

Hi,

There are no multiple keystone service running on Devstack. I got a point by debugging your code. My question ins; why you get endpoint info from "keystone catalog", instead of "token.endpoint" in resolveV3 method?

    public String findURLV3(URLResolverParams p) {

        if (p.type == null) {
            return p.token.getEndpoint();
        }

        Key key = Key.of(p.token.getCacheIdentifier(), p.type, p.perspective, p.region);

        String url = CACHE.get(key);

        if (url != null)
            return url;

        url = resolveV3(p);

If the code block resolve URL from catalog information, it is not able to read correct endpoint provided by "authenticate" method as below;

_openstackclientv3 = OSFactory.builderV3()
.endpoint(getEndPoint())
.credentials(getUsername(),getPassword(),Identifier.byId("default"))
 .scopeToDomain(Identifier.byId("default"))
.authenticate();

Do you have any suggestion about the case?

Best regards, Orkun Gedik

[auhlig]

The endpoint you're referring to is only used for initial authentication. If successful, you get a token that contains a service catalog. The catalog contains the services you can use in the current auth scope. If you invoke a method, the corresponding services will try to find it's backend URL from the catalog. Identity is no exception here. As mentioned in your previous comments, this works and returns an endpoint for keystone. Since the URL is not correct, this suggests it's not correct in your catalog. OpenStack4j is doing nothing wrong here. Again, take a look at your service catalog and check the endpoint.

[kthirirania]

Hello, I'm having the same exact problem, is there a solution please?

[orkungedik]

Hi @kthirirania,

You need to modify keystone.conf as below; admin_endpoint = http://< openstackhostname>/identity public_endpoint = http://< openstackhostname>/identity

Then restart the keystone service.

If it not works, start "mysql" command on "stack" user at OS level. Then

use keystone; select interface, url from endpoint e, service s where s.id=e.service_id and s.type="identity"; select id from service where type="identity";

Get identity value. Then apply it.

update endpoint set url="http://< openstackhostname>/identity/v3" where url="http://< openstackhostname>/identity" and service_id="";

Best regards,

Orkun Gedik

[kthirirania]

Thank you, it worked in the beginning , but it made conflicts in DevStack I wasn't able to create new instances

[wizardyjh]

I'm having the same exact problem, do you have resolved it?