Cisco Openstack

Keystone Puppet Module Token Failure

Bug #1207010 reported by Daneyon Hansen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cisco Openstack
Fix Released
Low
Daneyon Hansen
Cisco Openstack g.2
Grizzly
Fix Released
Low
Daneyon Hansen
Cisco Openstack g.2

Bug Description

The Keystone provider and type does not handle token based keystone client authentication properly. As you can see below, the token-get command does not include the --os-username --os-password auth flags. These flags are not needed when using keystone client username/password based authnetication, but are required when SERVICE_TOKEN and SERVICE_ENDPOINT are set in the OS auth file. When SERVICE_TOKEN and SERVICE_ENDPOINT are set in the auth file, the keystone client prefers them (token auth) over username/password authentication.

debug: Puppet::Type::Keystone_user::ProviderKeystone: Executing '/usr/bin/keystone --os-auth-url http://192.168.220.41:35357/v2.0/ token-get'
err: /Stage[main]/Nova::Keystone::Auth/Keystone_user[nova]: Could not evaluate: Execution of '/usr/bin/keystone --os-auth-url http://192.168.220.41:35357/v2.0/ token-get' returned 1: Configuration error: Client configured to run without a service catalog. Run the client using --os-auth-url or OS_AUTH_URL, instead of --os-endpoint or OS_SERVICE_ENDPOINT, for example.
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

keystone --os-tenant-name=admin --os-username=admin --os-password=Cisco123 --os-auth-url=http://192.168.220.41:35357/v2.0/ token-get
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| expires | 2013-08-01T17:05:02Z |
| id | 7bf6602da8664096b0d013ac3c949f6b |
| tenant_id | 9ec0f9e262d54ddca9baa5e91e687bf6 |
| user_id | b70d506bb4cc4ea5965fbf4de4618951 |
+-----------+----------------------------------+

Revision history for this message
Mark T. Voelker (mvoelker) wrote :

I think this got resolved upstream, didn't it? Perhaps:
https://review.openstack.org/#/c/37415/

Changed in openstack-cisco:
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Mark T. Voelker (mvoelker) wrote :

Whoops, bad paste. I meant:
https://review.openstack.org/#/c/39566/

Changed in openstack-cisco:
status: Triaged → Fix Committed
assignee: Dan Bode (bodepd) → Daneyon Hansen (danehans)
Revision history for this message
Daneyon Hansen (danehans) wrote :

Yes, this bug is now resolved.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.