search

tdviet / fedcloudclient

EGI FedCloud Client
https://fedcloudclient.fedcloud.eu
MIT License
8 stars 10 forks source link

CHECKIN_PROVIDER and --checkin-provider don't work #4

Closed marcvs closed 3 years ago

marcvs commented 3 years ago 
marcus@nemo:~/tmp/fedcloudclient$ echo $CHECKIN_PROVIDER
egi
marcus@nemo:~/tmp/fedcloudclient$ fedcloud openstack image list --site IISAS-FedCloud --vo covid19.eosc-synergy.eu --checkin-provider egi
Error: An access token is needed for the operation. You can also give refresh token + client ID + client secret for generating token on the fly or use oidc-agent

Also: telling people to provide the refresh token on the commandline is not a good idea.

marcvs commented 3 years ago

Using OIDC_AGENT_ACCOUNT changes the error a bit, but seems not to work:

marcus@nemo:~/tmp/fedcloudclient$ export OIDC_AGENT_ACCOUNT=egi
marcus@nemo:~/tmp/fedcloudclient$ fedcloud openstack image list --site IISAS-FedCloud --vo covid19.eosc-synergy.eu 
Site: IISAS-FedCloud, VO: covid19.eosc-synergy.eu
Error code:  1
Error message:  Could not find Identity Provider: egi. (HTTP 404) (Request-ID: req-f3bb3cf9-26b7-4762-b969-84a31ac37e27)

marcus@nemo:~/tmp/fedcloudclient$ export OIDC_AGENT_ACCOUNT=https://aai.egi.eu/oidc
marcus@nemo:~/tmp/fedcloudclient$ fedcloud openstack image list --site IISAS-FedCloud --vo covid19.eosc-synergy.eu 
ERROR oidc-agent: OIDC_REMOTE_SOCK env var not set
Error: An access token is needed for the operation. You can also give refresh token + client ID + client secret for generating token on the fly or use oidc-agent
marcvs commented 3 years ago

Also related: I see some errors saying

ERROR oidc-agent: OIDC_REMOTE_SOCK env var not set

This one is not always available.

tdviet commented 3 years ago

The error message is issued by liboidc-agent-py. The same error message if account does not exist https://github.com/indigo-dc/liboidc-agent-py/issues/6

tdviet commented 3 years ago

marcus@nemo:~/tmp/fedcloudclient$ echo $CHECKIN_PROVIDER

This parameter is for setting OIDC provider in Openstack keystone. The default value is "egi.eu". See https://docs.egi.eu/providers/cloud-compute/openstack/#keystone-federation-support to see how the value is defined

marcvs commented 3 years ago

Ok, understand. I'll ceck with liboidc then.