Openstack RC file downloaded in LDAP environment did not support domain setting
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
New
|
Undecided
|
Unassigned |
Bug Description
Enabled Read-only LDAP backend, and accessed horizon using the LDAP user and domain named domain1.
But I found the function of Project->Access & Security->API Acess-> Download Openstack RC File did not support domain setting now.
Using download RC file, since it does not include domain information, can not access project and got an error as below.
[liwbj@zcu13 ~]$ ./openrcv3-ldap
Please enter your OpenStack Password:
[liwbj@zcu13 ~]$ nova list
ERROR (BadRequest): KS-EE09F51 Expecting to find domain in project - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400)
the downloaed rc file:
#!/bin/bash
# To use an OpenStack cloud you need to authenticate against the Identity
# service named keystone, which returns a **Token** and **Service Catalog**.
# The catalog contains the endpoints for all services the user/tenant has
# access to - such as Compute, Image Service, Identity, Object Storage, Block
# Storage, and Networking (code-named nova, glance, keystone, swift,
# cinder, and neutron).
#
# *NOTE*: Using the 2.0 *Identity API* does not necessarily mean any other
# OpenStack API is version 2.0. For example, your cloud provider may implement
# Image API v1.1, Block Storage API v2, and Compute API v2.0. OS_AUTH_URL is
# only for the Identity API served through keystone.
export OS_AUTH_URL=http://
# With the addition of Keystone we have standardized on the term **tenant**
# as the entity that owns the resources.
export OS_TENANT_
export OS_TENANT_
export OS_PROJECT_
# In addition to the owning entity (tenant), OpenStack stores the entity
# performing the action as the **user**.
export OS_USERNAME="admin"
# With Keystone you pass the keystone password.
echo "Please enter your OpenStack Password: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=
# If your configuration has multiple regions, we set that information here.
# OS_REGION_NAME is optional and only valid in certain environments.
export OS_REGION_
# Don't leave a blank variable, unset it if it was empty
if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
I dont have that much idea on domains unfortunately, but I think that to use domain you need to use the v3 endpoint right?
If not, nova fails I think for my local tests, so this means that we should change the whole thing to use the v3 auth url if enabled + domain I guess?