[英]OpenStack sdk won't use keystone v3?
TL;DR: I'm trying to use the OpenStack SDK to connect to an OpenStack cloud that only offers Keystone v3 authentication. TL; DR:我正在尝试使用OpenStack SDK连接到仅提供Keystone v3身份验证的OpenStack云。 The SDK keeps trying to connect to the Keystone v2.0 endpoint. SDK一直尝试连接到Keystone v2.0端点。
I have a clouds.yaml
file that look like this: 我有一个clouds.yaml
文件,如下所示:
clouds:
mycloud:
auth:
username: admin
project_name: admin
password: "secret"
auth_url: "https://mycloud.example.com:13000"
region: "os1"
identity_api_version: 3
interface: public
You'll note that I've set identity_api_version
to 3
, because our OpenStack environment does not have a legacy v2.0 endpoint. 您会注意到,我已经将identity_api_version
设置为3
,因为我们的OpenStack环境没有旧版v2.0端点。
If I try to access the openstack environment like this: 如果我尝试像这样访问openstack环境:
>>> import openstack
>>> conn = openstack.connect(cloud='mycloud')
>>> conn.list_flavors()
It fails with the following traceback: 它失败并显示以下回溯:
Traceback (most recent call last):
[...]
File "/my/project/post-deploy/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 869, in request
raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.NotFound: (https://mycloud.example.com:13000/v2.0/tokens): The resource could not be found. (HTTP 404) (Request-ID: req-30ec6dc4-f401-41f1-b560-c967d1d32281)
On the other hand, the standard openstack
cli works just fine: 另一方面,标准的openstack
cli可以正常工作:
$ openstack --os-cloud mycloud flavor list
+---------+------------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+---------+------------+-----+------+-----------+-------+-----------+
| 9cc9... | m1.xlarge | 16 | 10 | 0 | 8 | True |
| c3df... | m1.tiny | 1 | 10 | 0 | 1 | True |
| c64e... | m1.small | 2 | 10 | 0 | 1 | True |
+---------+------------+-----+------+-----------+-------+-----------+
I'm using version: 我正在使用版本:
>>> openstack.version.__version__
'0.19.0'
Why is the openstack sdk trying to connect to the v2.0 endpoint? 为什么OpenStack SDK尝试连接到v2.0端点?
Update 更新资料
The full traceback: 完整的回溯:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/my/project/.venv/lib/python2.7/site-packages/openstack/cloud/openstackcloud.py", line 1891, in list_flavors
'/flavors/detail', params=dict(is_public='None')),
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 328, in get
return self.request(url, 'GET', **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/_adapter.py", line 145, in request
**kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 136, in submit_function
return self.submit_task(task)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 125, in submit_task
return self.run_task(task=task)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 157, in run_task
return self._run_task(task)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 177, in _run_task
return task.wait()
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 79, in wait
self._traceback)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 87, in run
self.done(self.main())
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 59, in main
return self._main(*self.args, **self.kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 213, in request
return self.session.request(url, method, **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 684, in request
auth_headers = self.get_auth_headers(auth)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 1071, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 95, in get_headers
token = self.get_token(session)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 88, in get_token
return self.get_access(session).auth_token
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 134, in get_access
self.auth_ref = self.get_auth_ref(session)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py", line 208, in get_auth_ref
return self._plugin.get_auth_ref(session, **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/v2.py", line 63, in get_auth_ref
authenticated=False, log=False)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 1019, in post
return self.request(url, 'POST', **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 869, in request
raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.NotFound: (https://mycloud.example.com:13000/v2.0/tokens): The resource could not be found. (HTTP 404) (Request-ID: req-812aa7ac-d5bb-4fcb-a1f6-6124f5c7f982)
It turns out that in order to successfully use the v3 API, your clouds.yaml
needs to include domain information. 事实证明,为了成功使用v3 API,您的clouds.yaml
需要包含域信息。 That is, instead of the example shown in the question, I needed: 也就是说,我需要代替问题中显示的示例:
clouds:
mycloud:
auth:
username: admin
project_name: admin
password: "secret"
auth_url: "https://mycloud.example.com:13000"
user_domain_name: Default
project_domain_name: Default
region: "os1"
identity_api_version: 3
interface: public
Apparently the command line tools provide defaults for these values, which is why they worked just fine while using the sdk directly would fail. 显然,命令行工具为这些值提供了默认值,这就是为什么当直接使用sdk会失败时它们仍然可以正常工作的原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.