我知道如何通过openstackCLI 通过用户凭证和令牌对 OpenStack 进行身份验证。现在我想知道如何使用应用程序凭据进行身份验证。
使用application_credentialor application_credentialsas auth_type/OS_AUTH_TYPE只会触发关于找不到像这样命名的插件的消息。
可悲的是,我找不到任何文档,甚至没有提到这一点。Keystone 客户端是否需要单独的身份验证插件?
CLI 版本为 5.4.0。
我在以下问题上遇到了困难:“将 Openstack 控制服务(如 Neurtron/Cinder/Glance/Keystone 服务器服务(neutron-API 等)和 Nova-api 等 nova 控制服务(除了nova-compute)? 我对 Openstack Kolla 项目进行了研究,但它无法帮助我吸收其背后的想法。
任何帮助,将不胜感激。问候
我有用户名和密码。我想验证令牌。首先,我向密码验证 api 发送了一个请求,keystone我得到了一个audit_id. 然后,我向令牌身份验证 api 发送请求。但响应如下。
"error":{"code":404,"message":"Could not recognize Fernet token","title":"Not Found"}
输入:
{
"auth": {
"identity": {
"methods": [
"token"
],
"password": {
"user": {
"domain": {
"id": "default"
},
"name": "my_username",
"password": "my_password"
}
},
"token": {
"id": "my_audit_id"
}
}
}
}
你好亲爱的社区,
在研究如何通过 OpenStack API 正确删除项目及其资源时,我只能在官方 python sdk project_purge.py ( docs ) 中找到提示。这里删除是针对“服务器、映像、卷、快照、备份”处理的,但不针对网络、子网、floating_ip、端口,它们链接到项目并且或多或少地相互依赖。
之后,如果陈旧资源未绑定到项目、用户等,是否会在一段时间后收集垃圾?
我已经到处寻找解决方案,似乎大多数人都遇到了服务根本没有运行或无法连接的问题,我没有遇到问题。
遵循 Ussuri OpenStack 版本的 Keystone 安装指南后,我收到此错误。
完整的错误是:
Failed to discover available identity versions when contacting http://xxx.xxx.xxx.xxx:5000/v3. Attempting to parse version from URL.
Unexpected exception for http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens: Failed to parse: http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens
这是由运行以下命令引起的:openstack domain create --description 'Example' example
如果我 curl /v3 URL,我得到:
{
"version": {
"id": "v3.14",
"status": "stable",
"updated": "2020-04-07T00:00:00Z",
"links": [
{
"rel": "self",
"href": "http://xxx.xxx.xxx.xxx:5000/v3/"
}
],
"media-types": [
{
"base": "application/json",
"type": "application/vnd.openstack.identity-v3+json"
}
]
}
}
当我尝试获取 /v3/auth/tokens URL 时,我得到了响应:
< HTTP/1.1 401 UNAUTHORIZED
< Date: Tue, 22 Sep 2020 17:21:26 GMT
< Server: Apache/2.4.37 (centos) OpenSSL/1.1.1c mod_wsgi/4.6.4 Python/3.6
< WWW-Authenticate: Keystone uri="http://xxx.xxx.xxx.xxx:5000/v3"
< Content-Length: 109
< Vary: X-Auth-Token
< x-openstack-request-id: req-3ac7aec3-1a0e-4fdd-a5ee-2ffecbd15151
< Content-Type: application/json
<
{"error":{"code":401,"message":"The request you have made requires authentication.","title":"Unauthorized"}}
在 /var/log/keystone/keystone.log 的 keystone.log 中,有一条消息说您发出的请求也需要身份验证。
与运行 openstack 命令相对应,我在日志中没有收到任何错误。
这也是我设置的 OpenStack 环境变量:
export OS_USERNAME=admin
export OS_PASSWORD="***"
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL="http://xxx.xxx.xxx.xxx:5000/v3"
export OS_IDENTITY_API_VERSION=3
密码中确实有一些标点符号,我想这可能是问题所在,但我不想不得不从头开始重新安装来测试一个长远的假设。
任何帮助是极大的赞赏。
以下是使用--debug标志运行 openstack 命令的输出:
START with options: domain create --debug --description Example example
options: Namespace(access_key='', access_secret='***', access_token='***', access_token_endpoint='', access_token_type='', application_credential_id='', application_credential_name='', application_credential_secret='***', auth_methods='', auth_type='', auth_url='http://xxx.xxx.xxx.xxx:5000/v3', cacert=None, cert='', client_id='', client_secret='***', cloud='', code='', consumer_key='', consumer_secret='***', debug=True, default_domain='default', default_domain_id='', default_domain_name='', deferred_help=False, discovery_endpoint='', domain_id='', domain_name='', endpoint='', identity_provider='', insecure=None, interface='public', key='', log_file=None, openid_scope='', os_beta_command=False, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='', os_network_api_version='', os_object_api_version='', os_project_id=None, os_project_name=None, os_volume_api_version='', passcode='', password='***', profile='', project_domain_id='', project_domain_name='default', project_id='', project_name='admin', protocol='', redirect_uri='', region_name='', remote_project_domain_id='', remote_project_domain_name='', remote_project_id='', remote_project_name='', service_provider='', system_scope='', timing=False, token='***', trust_id='', user_domain_id='', user_domain_name='default', user_id='', username='admin', verbose_level=3, verify=None)
Auth plugin password selected
auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert': None, 'cert': None, 'key': None, 'baremetal_status_code_retries': '5', 'baremetal_introspection_status_code_retries': '5', 'image_status_code_retries': '5', 'disable_vendor_agent': {}, 'interface': 'public', 'floating_ip_source': 'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '', 'network_api_version': '2', 'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status': 'active', 'auth': {'user_domain_name': 'default', 'project_domain_name': 'default', 'project_name': 'admin'}, 'verbose_level': 3, 'deferred_help': False, 'debug': True, 'default_domain': 'default', 'timing': False, 'auth_url': 'http://xxx.xxx.xxx.xxx:5000/v3', 'username': 'admin', 'password': '***', 'beta_command': False, 'identity_api_version': '3', 'region_name': '', 'auth_type': 'password', 'networks': []}
defaults: {'api_timeout': None, 'verify': True, 'cacert': None, 'cert': None, 'key': None, 'auth_type': 'password', 'baremetal_status_code_retries': 5, 'baremetal_introspection_status_code_retries': 5, 'image_status_code_retries': 5, 'disable_vendor_agent': {}, 'interface': None, 'floating_ip_source': 'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '', 'network_api_version': '2', 'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status': 'active'}
cloud cfg: {'api_timeout': None, 'verify': True, 'cacert': None, 'cert': None, 'key': None, 'baremetal_status_code_retries': '5', 'baremetal_introspection_status_code_retries': '5', 'image_status_code_retries': '5', 'disable_vendor_agent': {}, 'interface': 'public', 'floating_ip_source': 'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '', 'network_api_version': '2', 'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status': 'active', 'auth': {'user_domain_name': 'default', 'project_domain_name': 'default', 'project_name': 'admin'}, 'verbose_level': 3, 'deferred_help': False, 'debug': True, 'default_domain': 'default', 'timing': False, 'auth_url': 'http://xxx.xxx.xxx.xxx:5000/v3', 'username': 'admin', 'password': '***', 'beta_command': False, 'identity_api_version': '3', 'region_name': '', 'auth_type': 'password', 'networks': []}
compute API version 2.1, cmd group openstack.compute.v2
identity API version 3, cmd group openstack.identity.v3
image API version 2, cmd group openstack.image.v2
network API version 2, cmd group openstack.network.v2
object_store API version 1, cmd group openstack.object_store.v1
volume API version 3, cmd group openstack.volume.v3
neutronclient API version 2, cmd group openstack.neutronclient.v2
command: domain create -> openstackclient.identity.v3.domain.CreateDomain (auth=True)
Auth plugin password selected
auth_config_hook(): {'api_timeout': None, 'verify': True, 'cacert': None, 'cert': None, 'key': None, 'baremetal_status_code_retries': '5', 'baremetal_introspection_status_code_retries': '5', 'image_status_code_retries': '5', 'disable_vendor_agent': {}, 'interface': 'public', 'floating_ip_source': 'neutron', 'image_api_use_tasks': False, 'image_format': 'qcow2', 'message': '', 'network_api_version': '2', 'object_store_api_version': '1', 'secgroup_source': 'neutron', 'status': 'active', 'auth': {'user_domain_name': 'default', 'project_domain_name': 'default', 'project_name': 'admin'}, 'additional_user_agent': [('osc-lib', '2.0.0')], 'verbose_level': 3, 'deferred_help': False, 'debug': True, 'default_domain': 'default', 'timing': False, 'auth_url': 'http://xxx.xxx.xxx.xxx:5000/v3', 'username': 'admin', 'password': '***', 'beta_command': False, 'identity_api_version': '3', 'region_name': '', 'auth_type': 'password', 'networks': []}
Using auth plugin: password
Using parameters {'auth_url': 'http://xxx.xxx.xxx.xxx:5000/v3', 'project_name': 'admin', 'project_domain_name': 'default', 'username': 'admin', 'user_domain_name': 'default', 'password': '***'}
Get auth_ref
REQ: curl -g -i -X GET http://xxx.xxx.xxx.xxx:5000/v3 -H "Accept: application/json" -H "User-Agent: openstacksdk/0.46.0 keystoneauth1/4.0.0 python-requests/2.22.0 CPython/3.6.8"
Failed to discover available identity versions when contacting http://xxx.xxx.xxx.xxx:5000/v3. Attempting to parse version from URL.
Making authentication request to http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens
Unexpected exception for http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens: Failed to parse: http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/requests/models.py", line 379, in prepare_url
scheme, auth, host, port, path, query, fragment = parse_url(url)
File "/usr/lib/python3.6/site-packages/urllib3/util/url.py", line 398, in parse_url
return six.raise_from(LocationParseError(source_url), None)
File "<string>", line 3, in raise_from
urllib3.exceptions.LocationParseError: Failed to parse: http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1004, in _send_request
resp = self.session.request(method, url, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 519, in request
prep = self.prepare_request(req)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 462, in prepare_request
hooks=merge_hooks(request.hooks, self.hooks),
File "/usr/lib/python3.6/site-packages/requests/models.py", line 313, in prepare
self.prepare_url(url, params)
File "/usr/lib/python3.6/site-packages/requests/models.py", line 381, in prepare_url
raise InvalidURL(*e.args)
requests.exceptions.InvalidURL: Failed to parse: http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/cliff/app.py", line 393, in run_subcommand
self.prepare_to_run_command(cmd)
File "/usr/lib/python3.6/site-packages/osc_lib/shell.py", line 493, in prepare_to_run_command
self.client_manager.auth_ref
File "/usr/lib/python3.6/site-packages/osc_lib/clientmanager.py", line 202, in auth_ref
self._auth_ref = self.auth.get_auth_ref(self.session)
File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/generic/base.py", line 208, in get_auth_ref
return self._plugin.get_auth_ref(session, **kwargs)
File "/usr/lib/python3.6/site-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref
authenticated=False, log=False, **rkwargs)
File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1131, in post
return self.request(url, 'POST', **kwargs)
File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 913, in request
resp = send(**kwargs)
File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 1024, in _send_request
raise exceptions.UnknownConnectionError(msg, e)
keystoneauth1.exceptions.connection.UnknownConnectionError: Unexpected exception for http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens: Failed to parse: http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens
clean_up CreateDomain: Unexpected exception for http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens: Failed to parse: http://xxx.xxx.xxx.xxx:5000/v3/auth/tokens
END return value: 1
我还检查了 keystone wsgi 实例是否正在运行。一切似乎都已经到位,尽管我确定我错过了一些东西。我就是找不到。
我按照hastexo上的指南创建了一个 OpenStack Cloud。Keystone 服务和 应该在不同的机器上运行。但是,当我想在控制台中运行 glance-api 进行调试时,我遇到了以下错误:
错误:无法从配置文件 /etc/glance/glance-api-paste.ini 加载 glance-api-keystone。Got: ImportError('No module named keystone.middleware.auth_token',)
所以 Glance API 没有运行。我正在运行 Ubuntu 12.04 LTS 和 Openstack Essex。