EC2 + Keystone client missing attributes

My apologies for the confusion on the mailing list. Setting the OS_* variables should result in the following behavior:

Admin session (using SERVICE_TOKEN and SERVICE_ENDPOINT): http://paste.openstack.org/raw/12051/

EC2 user session (using --os_username, etc, created above): http://paste.openstack.org/raw/12050/

Ok, getting this when I run the following:

This is basically whats in devstack. Maybe its not right there.

$ keystone catalog --service ec2
'Client' object has no attribute 'service_catalog'

$ echo $?
1

$ env | grep --perl "^OS|^SERV"
SERVICE_PASSWORD=f3f0ffb9
OS_PASSWORD=ac31bec851146d3c7f00
OS_AUTH_URL=http://172.21.102.236:5000/v2.0
OS_USERNAME=demo
SERVICE_TENANT_NAME=service
OS_TENANT_NAME=demo
SERVICE_ENDPOINT=http://172.21.102.236:5000/v2.0
SERVICE_TOKEN=b5c9b627

Should that work??

Unfortunately, no. The SERVICE_TOKEN and SERVICE_ENDPOINT variables are taking precedence as the authentication method.

Try to clear those variables:

    $ export SERVICE_TOKEN=
    $ export SERVICE_ENDPOINT=

And then run it again:

    $ keystone catalog --service=ec2

Interesting. I will try this.

The connection between those variables and the above error seems pretty far off, seems like that error should mention that those shouldn't be set instead of no attribute?

Ok tried it, and it worked!
Error messages would be great there though.
Thx

I very much agree. The error message is indicative of a crash rather than proper detection of the failed state.

A better error message should give the user feedback about what authentication method has been provided, explain why that won't work, and suggest what will.

We might want to consider fixing this. Since others might run into this

I've keystone and all openstack essex components on one node. Compute nodes are on same network. I'm getting similar issue,

root@openstack-api:~# keystone catalog --service ec2
'Client' object has no attribute 'service_catalog'

root@openstack-api:~# env | grep --perl "^OS|^SERV"
SERVICE_ENDPOINT=http://10.43.45.13:35357/v2.0
SERVICE_TOKEN=openstack123

Here's how keystone.conf looks,
root@openstack-api:~# cat /etc/keystone/keystone.conf
[DEFAULT]
bind_host = 0.0.0.0
public_port = 5000
admin_port = 35357
admin_token = openstack123
compute_port = 8774
verbose = True
debug = True
log_config = /etc/keystone/logging.conf

# ================= Syslog Options ============================
# Send logs to syslog (/dev/log) instead of to file specified
# by `log-file`
use_syslog = False

# Facility to use. If unset defaults to LOG_USER.
# syslog_log_facility = LOG_LOCAL0

[sql]
connection = sqlite:////var/lib/keystone/keystone.db
idle_timeout = 200

[ldap]
#url = ldap://localhost
#tree_dn = dc=example,dc=com
#user_tree_dn = ou=Users,dc=example,dc=com
#role_tree_dn = ou=Roles,dc=example,dc=com
#tenant_tree_dn = ou=Groups,dc=example,dc=com
#user = dc=Manager,dc=example,dc=com
#password = freeipa4all
#suffix = cn=example,cn=com

[identity]
driver = keystone.identity.backends.sql.Identity

[catalog]
driver = keystone.catalog.backends.templated.TemplatedCatalog
template_file = /etc/keystone/default_catalog.templates

[token]
driver = keystone.token.backends.sql.Token

# Amount of time a token should remain valid (in seconds)
expiration = 86400

[policy]
driver = keystone.policy.backends.rules.Policy

[ec2]
driver = keystone.contrib.ec2.backends.sql.Ec2

[filter:debug]
paste.filter_factory = keystone.common.wsgi:Debug.factory

[filter:token_auth]
paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory

[filter:admin_token_auth]
paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory

[filter:xml_body]
paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory

[filter:json_body]
paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory

[filter:crud_extension]
paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory

[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory

[app:public_service]
paste.app_factory = keystone.service:public_app_factory

[app:admin_service]
paste.app_factory = keystone.service:admin_app_factory

[pipeline:public_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension public_service

[pipeline:admin_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service

[app:public_version_service]
paste.app_factory = keystone.service:public_version_app_factory

[app:admin_version_service]
paste.app_factory = keystone.service:admin_version_app_factory

[pipeline:public_version_api]
pipeline = xml_body public_version_service

[pipeline:admin_version_api]
pipeline = xml_body admin_version_service

[composite:main]
use = egg:Paste#urlmap
/v2.0 = public_api
/ = public_version_api

[composite:admin]
use = egg:Paste#urlmap
/v2.0 = admin_api
/ = admin_version_api

Am I doing something wrong above w.r.t keystone config? I'm able to list keystone tenants etc.
root@openstack-api:~# keystone tenant-list
+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| 3a28a12e35d64e79a121d8defccd6e2a | admin | True |
| 4679fb1b8dc140a7a03a7c9006328c85 | invisible_to_admin | True |
| 80d27567dfe6433081fc04c7143e1706 | demo | True |
| bfe83b75d39546a5b2a955ae51a13b43 | service | True |
+----------------------------------+--------------------+---------+
root@openstack-api:~#
root@openstack-api:~# keystone user-list
+----------------------------------+---------+------------------+--------+
| id | enabled | email | name |
+----------------------------------+---------+------------------+--------+
| 23fec02028db46b0b3c80937c75ec596 | True | <email address hidden> | demo |
| 6b4b940b2d334d9687dd4d25796e3270 | True | <email address hidden> | admin |
| b3a11fa70af94de69cb696fd76a5dd3d | True | <email address hidden> | nova |
| cc30bf3eea3543999860b32a36a8ccd8 | True | <email address hidden> | glance |
+----------------------------------+---------+------------------+--------+

Appreciate any help as I'm stuck here with simple one node install.

Already discussed many times, e.g.: http://<email address hidden>/msg10920.html

Thanks for the link Rafael.
I tried all alternatives suggested on the link but still no luck. I tried switching between sql vs templated backends. One thing on the link which mentioned to try out with usr/pass worked but for me too. But it shows empty service list,

root@openstack-api:~# keystone --os_username=admin --os_password=openstack123 --os_auth_url=http://10.43.45.13:35357/v2.0/ --os_tenant_id=3a28a12e35d64e79a121d8defccd6e2a service-list
+----+------+------+-------------+
| id | name | type | description |
+----+------+------+-------------+
+----+------+------+-------------+

I tried to unset SERVICE_ENDPOINT and SERVICE_TOKEN but that didn't help. Also ni this unsetting case, it gives different error,

root@openstack-api:~# unset SERVICE_ENDPOINT SERVICE_TOKEN
root@openstack-api:~# keystone --os_username=admin --os_password=openstack123 --os_auth_url=http://10.43.45.13:35357/v2.0/ --os_tenant_id=3a28a12e35d64e79a121d8defccd6e2a catalog --service ec2
No handlers could be found for logger "keystoneclient.client"
Authorization Failed: An unexpected error prevented the server from fulfilling your request. unsupported format character 'S' (0x53) at index 8 (HTTP 500)

for this context keystone.log shows these exceptions,

(root): 2012-05-08 18:55:29,271 ERROR unsupported format character 'S' (0x53) at index 8
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 184, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.7/dist-packages/keystone/service.py", line 292, in authenticate
    metadata=metadata_ref)
  File "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 48, in _wrapper
    return f(*args, **kw)
  File "/usr/lib/python2.7/dist-packages/keystone/catalog/backends/templated.py", line 116, in get_catalog
    o[region][service][k] = v % d
ValueError: unsupported format character 'S' (0x53) at index 8

I'm new to keystone so might be missing something obvious. Thanks a ton in advance.