Open orkungedik opened 6 years ago
I guess the URL for the identity service in the token catalog is missing the /V3 suffix.
Hi Auhlig,
I replaced variables in keystone.conf;
admin_endpoint = http://10.35.45.105/identity
public_endpoint = http://10.35.45.105/identity
with
admin_endpoint = http://10.35.45.105/identity/v3
public_endpoint = http://10.35.45.105/identity/v3
But nothing have been changed on OpenStack4J call. System still generates same URL ("/identity/projects") as previous. On the other hand, after I changed variables on keystone.conf, I am not able to execute "openstack project list" command at the OS terminal, because of the system try to get data from "http://10.0.0.1/identity/v3/v3/auth/tokens" with double "/v3".
PS: I was able to execute "openstack project list" command before I modify keystone.conf with adding "/v3"
Do you have further suggestion?
Best regards,
Orkun Gedik
I awared that if I have been authenticated by the code, below and do not set default project to the admin user on OpenStack console, system call correct "/identity/v3/projects" URL.
_openstackclientv3 = OSFactory.builderV3()
.endpoint("http://10.0.0.1/identity/v3")
.credentials("admin","password",Identifier.byName("default"))
.authenticate();
But this time, it generates HTTP 403 authorization error, even though the credentials are correct.
What may cause the problem?
Best regards, Orkun Gedik
The URL you provide initially is only used for authentication. After that the URL of the identity service in the token catalog is used. It should be http(s)://<fqdn>:<port>/v3
. There's still something wrong with that.
Hi Auhlig,
I double check the configuration, but I couldn't find a configuration problem on Devstack. I am able to call the following command without any problem on Phyton CLI. Something going wrong with with/after the authentication on Openstack4J while calling remote function on Openstack API interface;
Environment: export OS_IDENTITY_API_VERSION=3 export OS_PASSWORD=password export OS_AUTH_TYPE=password export OS_AUTH_URL=http://10.0.0.1/identity/v3 export OS_USERNAME=admin
Command openstack project list
Additionally, no need to authenticate on Phyton classes with project id or scope id as required on OpenStack4J.
I can send you --debug output to you if you would like.
Best regards,
Orkun Gedik
No luck;
2017-11-13 17:52:52 DEBUG PoolingHttpClientConnectionManager:326 - Connection released: [id: 0][route: {}->http://10.35.45.105:80][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20] 2017-11-13 17:52:52 DEBUG i18n:50 - Interceptor Context: org.jboss.resteasy.core.interception.jaxrs.ClientReaderInterceptorContext, Method : proceed 2017-11-13 17:52:52 DEBUG i18n:983 - MessageBodyReader: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey 2017-11-13 17:52:52 DEBUG i18n:55 - MessageBodyReader: com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider
2017-11-13 17:52:57 DEBUG HttpExecutor:50 - Executing Request: http://10.35.45.105/identity -> /projects
2017-11-13 17:52:57 DEBUG i18n:117 - Interceptor Context: org.jboss.resteasy.core.interception.jaxrs.ClientWriterInterceptorContext, Method : proceed 2017-11-13 17:52:57 DEBUG i18n:1961 - MessageBodyWriter: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey 2017-11-13 17:52:57 DEBUG i18n:123 - MessageBodyWriter: com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider 2017-11-13 17:52:57 DEBUG RequestAddCookies:123 - CookieSpec selected: default 2017-11-13 17:52:57 DEBUG RequestAuthCache:77 - Auth cache not set in the context
Unit and integration tests are green. So I don't think it's a general issue and the root cause must be in your setup. Again: Take a look at the service catalog you receive on initial authentication. I guess the URL pointing to keystone is wrong. Or maybe you have multiple keystone services defined there. That might also confuse our discovery.
Hi,
There are no multiple keystone service running on Devstack. I got a point by debugging your code. My question ins; why you get endpoint info from "keystone catalog", instead of "token.endpoint" in resolveV3 method?
public String findURLV3(URLResolverParams p) {
if (p.type == null) {
return p.token.getEndpoint();
}
Key key = Key.of(p.token.getCacheIdentifier(), p.type, p.perspective, p.region);
String url = CACHE.get(key);
if (url != null)
return url;
url = resolveV3(p);
If the code block resolve URL from catalog information, it is not able to read correct endpoint provided by "authenticate" method as below;
_openstackclientv3 = OSFactory.builderV3()
.endpoint(getEndPoint())
.credentials(getUsername(),getPassword(),Identifier.byId("default"))
.scopeToDomain(Identifier.byId("default"))
.authenticate();
Do you have any suggestion about the case?
Best regards, Orkun Gedik
The endpoint you're referring to is only used for initial authentication. If successful, you get a token that contains a service catalog. The catalog contains the services you can use in the current auth scope. If you invoke a method, the corresponding services will try to find it's backend URL from the catalog. Identity is no exception here. As mentioned in your previous comments, this works and returns an endpoint for keystone. Since the URL is not correct, this suggests it's not correct in your catalog. OpenStack4j is doing nothing wrong here. Again, take a look at your service catalog and check the endpoint.
Hello, I'm having the same exact problem, is there a solution please?
Hi @kthirirania,
You need to modify keystone.conf as below; admin_endpoint = http://< openstackhostname>/identity public_endpoint = http://< openstackhostname>/identity
Then restart the keystone service.
If it not works, start "mysql" command on "stack" user at OS level. Then
use keystone; select interface, url from endpoint e, service s where s.id=e.service_id and s.type="identity"; select id from service where type="identity";
Get identity value. Then apply it.
update endpoint set url="http://< openstackhostname>/identity/v3" where url="http://< openstackhostname>/identity" and service_id="
Best regards,
Orkun Gedik
Thank you, it worked in the beginning , but it made conflicts in DevStack I wasn't able to create new instances
I'm having the same exact problem, do you have resolved it?
Hi,
Framework calls "/identity/projects" instead of "/identity/v3/projects" URL while pulling project list on Devstack. As a result of it, Code generates "HTTP/404" error;
Please find the code below;
_openstackclientv3 = OSFactory.builderV3() .endpoint("http://10.0.0.1/identity/v3") .credentials("admin","password",Identifier.byName("default")) .authenticate();
List<? extends Project> projectList = _openstackclientv3.identity().projects().list();
What may cause the problem?
Thank you for your support. Orkun Gedik