OpenStack Identity (keystone)

Index problem with keystone & %(tenant_id)s

Asked by Jarmo Viinikanoja

/var/log/glance# TENANT=eb7e0c10a99446cfa14c244374549e9d keystone --token ADMIN --endpoint http://10.0.0.31:35357/v2.0/ endpoint-create --region RegionOne --service_id=4eee2c1038d842799b984479ad57c82e --publicurl='http://10.0.0.31:8776/v1/%(tenant_id)s' --internalurl='http://10.0.0.31:8776/v1/%(tenant_id)s' --adminurl='http://10.0.0.31:8776/v1/%(tenant_id)s'
+-------------+----------------------------------------+
| Property | Value |
+-------------+----------------------------------------+
| adminurl | http://10.0.0.31:8776/v1/%(tenant_id)s |
| id | c41bd45e11804a18a22890d052f49e91 |
| internalurl | http://10.0.0.31:8776/v1/%(tenant_id)s |
| publicurl | http://10.0.0.31:8776/v1/%(tenant_id)s |
| region | RegionOne |
| service_id | 4eee2c1038d842799b984479ad57c82e |
+-------------+----------------------------------------+

If I have understood right where it outputs %(tenant_id)s it should be giving eb7e0c10a99446cfa14c244374549e9d but it aint... Same happens

:/var/log/glance# keystone --token ADMIN --endpoint http://10.0.0.31:35357/v2.0/ endpoint-create --region RegionOne --service_id=4eee2c1038d842799b984479ad57c82e --publicurl='http://10.0.0.31:8776/v1/%(tenant_id)s' --internalurl='http://10.0.0.31:8776/v1/%(tenant_id)s' --adminurl='http://10.0.0.31:8776/v1/%(tenant_id)s'
+-------------+----------------------------------------+
| Property | Value |
+-------------+----------------------------------------+
| adminurl | http://10.0.0.31:8776/v1/%(tenant_id)s |
| id | caf45ea4f98044e4855d24a6482cb541 |
| internalurl | http://10.0.0.31:8776/v1/%(tenant_id)s |
| publicurl | http://10.0.0.31:8776/v1/%(tenant_id)s |
| region | RegionOne |
| service_id | 4eee2c1038d842799b984479ad57c82e |
+-------------+----------------------------------------+

Where I think out put should be like http://10.0.0.31/v1/ (tenant_id)s without % marks, but still they are there? So what is wrong with --publicurl='http://10.0.0.31:8776/v1/%(tenant_id)s' syntax? I'm using ubuntu 12.04

Same is happening here:

keystone --token 012345SECRET99TOKEN012345 \
--endpoint http://192.168.206.130:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=272efad2d1234376cbb911c1e5a5a6ed \
--publicurl 'http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s' \
--adminurl 'http://127.0.0.1:8080/' \
--internalurl 'http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s'

-->

+-------------+---------------------------------------------+
| Property | Value |
+-------------+---------------------------------------------+
| adminurl | http://127.0.0.1:8080/ |
| id | 7cec7bd0a47c4526b8d0031962272675 |
| internalurl | http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s |
| publicurl | http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s |
| region | RegionOne |
| service_id | 5fcbeb555b704f849452e188b0b00cec |
+-------------+---------------------------------------------+

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Identity (keystone) Edit question
Assignee:
No assignee Edit question
Solved by:
David Butler
Solved:
Last query:
Last reply:
Revision history for this message
Shannon McFarland (shmcfarl) said : 		#1

I am having the exact same issue. What is odd is that in the documentation (http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html) they have you use this syntax but just before they create the nova volume endpoint they define "TENANT=" and then enter the endpoint-create command. In their output it looks right but I think the variable should have been defined early perhaps. I have tried with and without and neither work.

When I try to curl or token-get against Keystone I get either a NO JSON object could be decoded or a "resource not found".

Keystone was running prior to creating these endpoints and now it seems it is dead. Log shows:

(root): 2012-04-27 07:25:01,894 ERROR argument of type 'NoneType' is not iterable
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 184, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.7/dist-packages/keystone/service.py", line 249, in authenticate
    if 'passwordCredentials' in auth:
TypeError: argument of type 'NoneType' is not iterable

Revision history for this message
David Butler (david-butler) said : 		#2

I have the same proble when I follow the openstack-essex 25-04-12 install and deploy manual (http://docs.openstack.org/trunk/openstack-compute/install/content/). I get a simialr error when using the curl command:

$ curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://192.168.200.130:35357/v2.0/tokens | python -mjson.tool
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 303 0 188 100 115 1344 822 --:--:-- --:--:-- --:--:-- 1352
{
    "error": {
        "code": 500,
        "message": "An unexpected error prevented the server from fulfilling your request. 'NoneType' object has no attribute 'replace'",
        "title": "Internal Server Error"
    }
}

A

Revision history for this message
Best David Butler (david-butler) said : 		#3

For me the problem with the using %(tenat_id)s in keystone was due to older version of python (and nova) in the Ubuntu software repositories when I first installed Ubtuntu 12.04 and the openstack software.

This was fixed by:

$ sudo apt-get update
$ sudo apt-get dist-upgrade
$ sudo apt-get upgrade

Both python and nova were upgraded.

I then entered the service endpoints exactly as shown in http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html, using %(tenant_id)s, e.g:
It was not necessary to define $TENANT or substitute tenant_id with code numbers for the 2 service tenant, e.g.
$ keystone --token 012345SECRET99TOKEN012345 \
--endpoint http://192.168.206.130:35357/v2.0/ \
endpoint-create \
 --region RegionOne \
 --service_id=abc0f03c02904c24abdcc3b7910e2eed \
 --publicurl='http://192.168.206.130:8774/v2/%(tenant_id)s' \
 --internalurl='http://192.168.206.130:8774/v2/%(tenant_id)s' \
 --adminurl='http://192.168.206.130:8774/v2/%(tenant_id)s'

After reading through http://www.gossamer-threads.com/lists/openstack/dev/10816 , I also added the following line in my keystone.conf. Although the template_file line may not be needed.

[catalog]
driver = keystone.catalog.backends.sql.Catalog
template_file = /etc/keystone/default_catalog.templates

I was then able to see the endpoints for both service tenants using the curl command:

curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://192.168.206.130:35357/v2.0/tokens | python -mjson.tool
Listed the endpoints for the openstsckDemo tenant, with the service tenant id code:

                "endpoints": [
                    {
                        "adminURL": "http://192.168.206.130:8774/v2/abcd12345678912345678912345",
                        "internalURL": "http://192.168.206.130:8774/v2/abcd12345678912345678912345",
                        "publicURL": "http://192.168.206.130:8774/v2/abcd12345678912345678912345",
                        "region": "RegionOne"
                    }
                ],
                "endpoints_links": [],
                "name": "nova",
                "type": "compute"

$ curl -d '{"auth": {"tenantName": "service", "passwordCredentials":{"username": "nova", "password": "novapasword"}}}' -H "Content-type: application/json" http://192.168.206.130:35357/v2.0/tokens | python -mjson.tool
Listed the endpoints for the service tenant, with the service tenant id code:

                "endpoints": [
                    {
                        "adminURL": "http://192.168.206.130:8774/v2/efghij12345678912345678912345",
                        "internalURL": "http://192.168.206.130:8774/v2/efghij12345678912345678912345",
                        "publicURL": "http://192.168.206.130:8774/v2/efghij12345678912345678912345",
                        "region": "RegionOne"
                    }
                ],
                "endpoints_links": [],
                "name": "nova",
                "type": "compute"
            },

I was then able to authenticate glance add commands wihtout getting an error.

Revision history for this message
Jarmo Viinikanoja (jarmo-viinikanoja) said : 		#4

Thanks David Butler, that solved my question.

Revision history for this message
Nelson Mimura Gonzalez (nelsonspbr) said : 		#5

Hi guys, I had a similar problem following the Essex installation instructions available at [1] for creating endpoints, but in the end I realized I had forgotten to add information about the "adminurl" field, thus obtaining the response:

{
    "error": {
        "code": 500,
        "message": "An unexpected error prevented the server from fulfilling your request. 'NoneType' object has no attribute 'replace'",
        "title": "Internal Server Error"
    }
}

It is useful, nonetheless, to run nova and other commands using the debug flag to check if you are just forgetting to pass information when registering your endpoints or if your authentication information is invalid.

[1] http://docs.openstack.org/essex/openstack-compute/install/apt/content/keystone-service-endpoint-create.html