nova attach volume failed when using keystone v3 API token

Bug #1263876 reported by LiShaokai on 2013-12-24
This bug affects 3 people
Affects Status Importance Assigned to Milestone

Bug Description


1 . Get tokens of V3; POST

2. Use that token to attach a volume for a instance with the following request:


An Error occurred : 500 internal ERROR.
IF we use keystone v2 token, attach volume is ok.

V3 service catalog:

 [{u'endpoints': [{u'id': u'6c205a937fc94cd89ef6d25804631742',
                  u'interface': u'internal',
                  u'legacy_endpoint_id': u'52d0fe4693094e29a1f3737aa6a74024',
                  u'region': u'RegionOne',
                  u'url': u''},
                  {u'id': u'c289637b673643b69565a04ed1561a4c',
                  u'interface': u'public',
                  u'legacy_endpoint_id': u'52d0fe4693094e29a1f3737aa6a74024',
                  u'region': u'RegionOne',
                  u'url': u''},
                  {u'id': u'f23ede3238974e0685b5e478971a566d',
                   u'interface': u'admin',
                   u'legacy_endpoint_id': u'52d0fe4693094e29a1f3737aa6a74024',
                   u'region': u'RegionOne',
                  u'url': u''}],
                  u'id': u'9206e300379a448592df585587c68a40',
                  u'type': u'volume'}]

V2 service catalog:

 [{u'endpoints': [{u'adminURL': u'',
               u'id': u'6c205a937fc94cd89ef6d25804631742',
               u'internalURL': u'',
              u'publicURL': u'',
              u'region': u'RegionOne'}]

So below code is the break in keystone V3: in cinderclient/, function url_for

in LINE 83, the length of matching_endpoints is 3, so that An AmbiguousEndpoints Exception are thrown.

     80 if not matching_endpoints:
     81 raise cinderclient.exceptions.EndpointNotFound()
     82 elif len(matching_endpoints) > 1:
     83 raise cinderclient.exceptions.AmbiguousEndpoints(
     84 endpoints=matching_endpoints)
     85 else:
     86 return matching_endpoints[0][endpoint_type]


LiShaokai (lshaokai) on 2013-12-24
description: updated
description: updated
description: updated
tags: added: keystone
Brant Knudson (blk-u) wrote :

A note for whoever winds up fixing this - keystoneclient provides a keystoneclient.service_client.ServiceCatalog class[1] that provides support for both the v2 and v3 service catalogs.

It looks like cinderclient has its own version of this... maybe cinderclient should use the one from python-keystoneclient or copy keystoneclient's again.


Fix proposed to branch: master

Changed in python-cinderclient:
assignee: nobody → LiShaokai (lshaokai)
status: New → In Progress

Fix proposed to branch: master

Fix proposed to branch: master

Submitter: Jenkins
Branch: master

commit 1b0ea8768c9e1368e978a45b1bba125cd81e9b59
Author: Shao Kai Li <email address hidden>
Date: Wed Feb 19 00:34:30 2014 -0500

    Import access module from keystoneclient to handle V3 endpoints

    * will be used only by nova(, it will be removed if nova
    uses access instead of service_catalog. Then and will be removed from cinderclient if necessary.

    * Some unit tests are modified.

    * Because of JSON format's modification, functions that process cinder
    credentials and cinder endpoints are changed.

    * Add dependency for keystoneclient in requirements.txt.

    Change-Id: Icf7badfdddcf5f55536d95db7242aff58aa34b6e
    Closes-Bug: #1263876
    bp: service-catalog

Changed in python-cinderclient:
status: In Progress → Fix Committed
Andriy Yurchuk (ch00k) wrote :

Why is this only fixed in python-cinderclient? The bug states that a direct API request was sent to reproduce this.
I am having the exact same behavior - when I send an API request to attach a volume I get AmbiguousEndpoints exception. I think a fix must also be provided for the server-side code, not only client-side.

Andriy Yurchuk (ch00k) wrote :

Looks like there is already some work being done in this area:

Mike Spreitzer (mike-spreitzer) wrote :

This reminds me of bug 1289135

I am also hitting this.

cinder_api_insecure = True
cinder_catalog_info = volume:cinder:internalURL

New info : this works :
auth_uri =
auth_host =
auth_port = 5000

This doesn't work (raise AmbiguousEndpoints)
auth_uri =
auth_host =
auth_port = 35357

Changed in python-cinderclient:
milestone: none → 1.3.1
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints