failed to get client via admin_token?

Asked by xyj

I set admin_token=ADMIN in keystone.conf

from keystoneclient.v2_0 import client
keystone = client.Client(token="ADMIN" , auth_url="http://0.0.0.0:35357/v2.0")

Traceback (most recent call last):
  File "key_client.py", line 13, in <module>
    keystone = client.Client(token="ADMIN" , auth_url=auth_url)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/v2_0/client.py", line 80, in __init__
    self.authenticate()
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/v2_0/client.py", line 102, in authenticate
    return_raw=True)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/v2_0/tokens.py", line 37, in authenticate
    return self._create('/tokens', params, "access", return_raw=return_raw)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/base.py", line 82, in _create
    resp, body = self.api.post(url, body=body)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/client.py", line 169, in post
    return self._cs_request(url, 'POST', **kwargs)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/client.py", line 156, in _cs_request
    self.authenticate()
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/v2_0/client.py", line 102, in authenticate
    return_raw=True)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/v2_0/tokens.py", line 37, in authenticate
    return self._create('/tokens', params, "access", return_raw=return_raw)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/base.py", line 82, in _create
    resp, body = self.api.post(url, body=body)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/client.py", line 169, in post
    return self._cs_request(url, 'POST', **kwargs)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/client.py", line 150, in _cs_request
    **kwargs)
  File "/home/mon/source_code/keystone/.venv/src/python-keystoneclient/keystoneclient/client.py", line 130, in request
    raise exceptions.from_response(resp, body)
keystoneclient.exceptions.Unauthorized: The request you have made requires authentication. (HTTP 401)

-------------------------------
client = client.Client(username="admin", password="secrete", auth_url="http://0.0.0.0:35357/v2.0")
however, it works.

Now I'm in e4. In e2 they both work.

I tracked the request to token/backends/kvs.py-->Token-->get_token()--->token=self.db.get("token-%s" % token_id),
logged something out, token_id is "ADMIN", self.db is {}.

self.db is the INMEDB in common/kvs.py, however I didn't find it was filled with anything.

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Identity (keystone) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Joseph Heck (heckj) said :
#1

You probably don't want the auth_url to be 0.0.0.0 - that's commonly used to mean listen on all ports, but I don't know what it will do when you ask for that as an IP address on the TCP stack. I'd recommend instead:

"http://127.0.0.1:35357/v2.0"

The keystone client code is undergoing some shifting of parameters, and with a recent re-write of auth_token, you can now used username & password to connect and auth as admin as well as the admin token. The code you want to look at for debugging is the python-keystoneclient code, as that looks to be what you're importing and using. It's easy to get those "managers" confused with the manager code in the keystone service, but they're very different critters.

Here's what I do when I want to use the admin token directly through the client:

from keystoneclient.v2_0 import client as keystone_client
admin_endpoint = 'http://127.0.0.1:5000/v2.0'
public_endpoint = 'http://127.0.0.1:35357/v2.0'
admin_token = 'ADMIN' # or whatever it is
my_client = keystone_client.Client(endpoint=admin_endpoint,
                                     auth_url=public_endpoint,
                                     token=admin_token)

which works fine with e4/trunk

Revision history for this message
xyj (xyj-asmy) said :
#2

Thanks for your detailed answer, but I still failed to authenticate.
Now I use usename and password instead.
Maybe I should update my keystone.

Can you help with this problem?

Provide an answer of your own, or ask xyj for more information if necessary.

To post a message you must log in.