OpenStack SDK将不会使用Keystone v3?
[英]OpenStack sdk won't use keystone v3?
问题描述
TL;DR: I'm trying to use the OpenStack SDK to connect to an OpenStack cloud that only offers Keystone v3 authentication. 
TL; DR:我正在尝试使用OpenStack SDK连接到仅提供Keystone v3身份验证的OpenStack云。 The SDK keeps trying to connect to the Keystone v2.0 endpoint. SDK一直尝试连接到Keystone v2.0端点。
I have a clouds.yaml file that look like this: 我有一个clouds.yaml文件,如下所示:
clouds:
mycloud:
auth:
username: admin
project_name: admin
password: "secret"
auth_url: "https://mycloud.example.com:13000"
region: "os1"
identity_api_version: 3
interface: public
You'll note that I've set identity_api_version to 3 , because our OpenStack environment does not have a legacy v2.0 endpoint. 您会注意到,我已经将identity_api_version设置为3 ,因为我们的OpenStack环境没有旧版v2.0端点。
If I try to access the openstack environment like this: 如果我尝试像这样访问openstack环境:
>>> import openstack
>>> conn = openstack.connect(cloud='mycloud')
>>> conn.list_flavors()
It fails with the following traceback: 它失败并显示以下回溯:
Traceback (most recent call last):
[...]
File "/my/project/post-deploy/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 869, in request
raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.NotFound: (https://mycloud.example.com:13000/v2.0/tokens): The resource could not be found. (HTTP 404) (Request-ID: req-30ec6dc4-f401-41f1-b560-c967d1d32281)
On the other hand, the standard openstack cli works just fine: 另一方面,标准的openstack cli可以正常工作:
$ openstack --os-cloud mycloud flavor list
+---------+------------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+---------+------------+-----+------+-----------+-------+-----------+
| 9cc9... | m1.xlarge | 16 | 10 | 0 | 8 | True |
| c3df... | m1.tiny | 1 | 10 | 0 | 1 | True |
| c64e... | m1.small | 2 | 10 | 0 | 1 | True |
+---------+------------+-----+------+-----------+-------+-----------+
I'm using version: 我正在使用版本:
>>> openstack.version.__version__
'0.19.0'
Why is the openstack sdk trying to connect to the v2.0 endpoint? 为什么OpenStack SDK尝试连接到v2.0端点?
Update 更新资料
The full traceback: 完整的回溯:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/my/project/.venv/lib/python2.7/site-packages/openstack/cloud/openstackcloud.py", line 1891, in list_flavors
'/flavors/detail', params=dict(is_public='None')),
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 328, in get
return self.request(url, 'GET', **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/_adapter.py", line 145, in request
**kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 136, in submit_function
return self.submit_task(task)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 125, in submit_task
return self.run_task(task=task)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 157, in run_task
return self._run_task(task)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 177, in _run_task
return task.wait()
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 79, in wait
self._traceback)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 87, in run
self.done(self.main())
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 59, in main
return self._main(*self.args, **self.kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 213, in request
return self.session.request(url, method, **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 684, in request
auth_headers = self.get_auth_headers(auth)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 1071, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 95, in get_headers
token = self.get_token(session)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 88, in get_token
return self.get_access(session).auth_token
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 134, in get_access
self.auth_ref = self.get_auth_ref(session)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py", line 208, in get_auth_ref
return self._plugin.get_auth_ref(session, **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/v2.py", line 63, in get_auth_ref
authenticated=False, log=False)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 1019, in post
return self.request(url, 'POST', **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 869, in request
raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.NotFound: (https://mycloud.example.com:13000/v2.0/tokens): The resource could not be found. (HTTP 404) (Request-ID: req-812aa7ac-d5bb-4fcb-a1f6-6124f5c7f982)
1 个解决方案
解决方案1
0 已采纳 2018-12-05 12:00:28
It turns out that in order to successfully use the v3 API, your clouds.yaml needs to include domain information. 事实证明,为了成功使用v3 API,您的clouds.yaml需要包含域信息。 That is, instead of the example shown in the question, I needed: 也就是说,我需要代替问题中显示的示例:
clouds:
mycloud:
auth:
username: admin
project_name: admin
password: "secret"
auth_url: "https://mycloud.example.com:13000"
user_domain_name: Default
project_domain_name: Default
region: "os1"
identity_api_version: 3
interface: public
Apparently the command line tools provide defaults for these values, which is why they worked just fine while using the sdk directly would fail. 显然,命令行工具为这些值提供了默认值,这就是为什么当直接使用sdk会失败时它们仍然可以正常工作的原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.