See attached example.py for sample code and context.
Create a v2 client object:
* Use publicurl as the auth_url endpoint
* Use credentials that confer an admin role
Call client.tokens.authenticate() using any valid token/tenant_id.
The call fails when adminurl is unreachable.
Expectation is that publicurl would be used as the auth_url endpoint, however ...
From https://github.com/openstack/python-keystoneclient/blob/5a7f800e271695f21809d6251e91f6ac8e13ce23/keystoneclient/v2_0/tokens.py#L62-L69
# NOTE(jamielennox): try doing a regular admin query first. If there is
# no endpoint that can satisfy the request (eg an unscoped token) then
# issue it against the auth_url.
try:
token_ref = self._post(*args, **kwargs)
except exceptions.EndpointNotFound:
kwargs['endpoint_filter'] = {'interface': auth.AUTH_INTERFACE}
Our keystone adminurl is intentionally on a private network and *unreachable* from where example.py is running (in a VM).
After quite a while, an exception is raised (keystoneauth1.exceptions.ConnectFailure) and auth_url is never tried.
Meanwhile, a direct API call, skipping python-keystoneclient, works fine:
* POST to publicurl, /v2/tokens, from the same location/VM
* Use X-Auth-Token of someone with an admin role
* Pass in the same valid token/tenant_id as before.
Additionally, a CLI call such as "nova list" (using the same credentials and conferred admin role) also works.
Workaround: pass interface='public' to the Client constructor:
client = client.
Note that in the v2 and v3 documentation, interface isn't documented as a parameter:
http://
http://