[英]Unauthorized error when using OpenStack API, can't get authentication token from keystone
I want to use the RESTful API, eg 我想使用RESTful API,例如
https://nova.rc.nectar.org.au:8774/v1.1/1f283209946f428998e8d3930bb038d1
But can not get the authentication token. 但是无法获取身份验证令牌。
I tried the following command to get it (I don't have admin access): 我尝试了以下命令来获取它(我没有管理员访问权限):
curl -d '{"auth":{"passwordCredentials":{"username": "miranda.zhang", "password": "mypass"}}}' -H "Content-type: application/json" https://keystone.rc.nectar.org.au:5000/v2.0/tokens
But still get 但还是得到
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
I've also had a look at the python-keystoneclient I tried to install it 我也看过我尝试安装的python-keystoneclient
python setup.py install
But it returns error 但它返回错误
Traceback (most recent call last):
File "setup.py", line 18, in <module>
import setuptools
ImportError: No module named setuptools
Here is the openrc.sh file generated by my cloud provider , which does not seem to help. 这是我的云提供商生成的openrc.sh文件 ,似乎没有帮助。
#!/bin/bash
# With the addition of Keystone, to use an openstack cloud you should
# authenticate against keystone, which returns a **Token** and **Service
# Catalog**. The catalog contains the endpoint for all services the
# user/tenant has access to - including nova, glance, keystone, swift.
#
# *NOTE*: Using the 2.0 *auth api* does not mean that compute api is 2.0. We
# will use the 1.1 *compute api*
export OS_AUTH_URL=https://keystone.rc.nectar.org.au:5000/v2.0/
# With the addition of Keystone we have standardized on the term **tenant**
# as the entity that owns the resources.
export OS_TENANT_ID=1f283209946f428998e8d3930bb038d1
export OS_TENANT_NAME="pt-1114"
# In addition to the owning entity (tenant), openstack stores the entity
# performing the action as the **user**.
export OS_USERNAME="miranda.zhang"
# With Keystone you pass the keystone password.
echo "Please enter your OpenStack Password: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT
Reference: 参考:
I tried Barak's suggestion to include tenant name, but still get the following: 我尝试了Barak的建议以包括租户名称,但仍然得到以下信息:
HTTP/1.1 401 Unauthorized
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 114
Date: Sun, 29 Dec 2013 08:54:28 GMT
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
I have installed the keystone client with Barak's help: 我已经在Barak的帮助下安装了Keystone客户端:
sudo apt-get install python-setuptools
sudo easy_install pip
sudo pip install python-keystoneclient
But using it like this: 但是像这样使用它:
keystone --os-tenant-name pt-1114 --os-username USERNAME --os-password PASSWORD --os-auth-url https://keystone.rc.nectar.org.au:5000/v2.0/tokens -os-identity-api-version 2.0 --debug token-get
I got this error, while token-get
is clearly a valid option. 我收到此错误,而
token-get
显然是有效的选择。
usage: keystone [--version] [--timeout <seconds>]
[--os-username <auth-user-name>]
[--os-password <auth-password>]
[--os-tenant-name <auth-tenant-name>]
[--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>]
[--os-region-name <region-name>]
[--os-identity-api-version <identity-api-version>]
[--os-token <service-token>]
[--os-endpoint <service-endpoint>]
[--os-cacert <ca-certificate>] [--insecure]
[--os-cert <certificate>] [--os-key <key>] [--os-cache]
[--force-new-token] [--stale-duration <seconds>]
<subcommand> ...
keystone: error: argument <subcommand>: invalid choice: '2.0' (choose from 'catalog', 'ec2-credentials-create', 'ec2-credentials-delete', 'ec2-credentials-get', 'ec2-credentials-list', 'endpoint-create', 'endpoint-delete', 'endpoint-get', 'endpoint-list', 'password-update', 'role-create', 'role-delete', 'role-get', 'role-list', 'service-create', 'service-delete', 'service-get', 'service-list', 'tenant-create', 'tenant-delete', 'tenant-get', 'tenant-list', 'tenant-update', 'token-get', 'user-create', 'user-delete', 'user-get', 'user-list', 'user-password-update', 'user-role-add', 'user-role-list', 'user-role-remove', 'user-update', 'discover', 'bootstrap', 'bash-completion', 'help', 'bash_completion')
I just realized that my existing password for login the web portal won't work as 我只是意识到我现有的用于登录Web门户的密码无法正常工作
To access the Nectar Cloud using the OpenStack API you will need to generate a password.
要使用OpenStack API访问Nectar Cloud,您将需要生成一个密码。 By doing so any existing password will be forgotten.
这样一来,所有现有密码都将被忘记。 To generate a new password click "Reset Password" button.
要生成新密码,请单击“重置密码”按钮。
Problem solved. 问题解决了。
You are missing the tenant name in the json block. 您在json块中缺少租户名称。 Here is a working curl request:
这是一个有效的curl请求:
curl -i 'http://192.168.9.70:5000/v2.0/tokens' -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "TENANT", "passwordCredentials": {"username": "USERNAME", "password": "PASSWORD"}}}'
I suggest you install the keystone client using pip: 我建议您使用pip安装Keystone客户端:
sudo apt-get install pip
sudo pip install python-keystoneclient
Then run any keystone command with the '--debug' option to see the actual json. 然后使用'--debug'选项运行任何梯形失真校正命令,以查看实际的json。
See the below code as an example: 请参见以下代码作为示例:
- Using curl command:
使用curl命令:
curl http://<controller_ip>:5000/v2.0/tokens \
-X POST \
-d '{"auth":{"tenantName":"demo", "passwordCredentials":{"username":"demo", "password":"*****"}}}' \
-H "Content-type: application/json" | python -m json.tool
here python -m json.tool is used to print the output in json readable format. 这里python -m json.tool用于以json可读格式输出输出。
- Using Python API
使用Python API
url="<controller_ip>:5000"
params='{"auth":{"tenantName":"demo", "passwordCredentials":{"username":"demo", "password":"*****"}}}'
headers={"Content-Type": "application/json"}
conn=httplib.HTTPConnection(url)
conn.request("POST", "/v2.0/tokens", params,headers)
response=conn.getresponse()
data=response.read()
verify_services=json.loads(data)
auth_token=verify_services ['access']['token']['id']
print("Token=%s\n" % auth_token)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.