← Back to team overview

openstack team mailing list archive

Re: Missing(?) keystone service catalog

 

(Replying to list this time... Is there a reason why the reply-to isn't set
to the list?!)

Is this really the case? Why does service-list require the admin port?

Running against TryStack (note that I don't supply a tenant):

$ curl -k -X 'POST' -v https://nova-api.trystack.org:5443/v2.0/tokens -d
'{"aut
h":{"passwordCredentials":{"username": <username>,
"password":<password>}}}' -H 'Content-type: application/json'


{"access": {"token": {"expires": "2012-05-04T23:01:56.797115", "id":
<token>, "tenant": {"id": <tenant>, "name": <username>
}}, "serviceCatalog": [{"endpoints": [{"adminURL": "
https://nova-api.trystack.or
g:9774/v1.1/929", "region": "RegionOne", "internalURL": "
https://nova-api.trysta
ck.org:9774/v1.1/<tenent>", "publicURL": "
https://nova-api.trystack.org:9774/v1.1/929
"}], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "
https://GL <https://gl/>
ANCE_API_IS_NOT_DISCLOSED/v1.1/ <tenent> ", "region": "RegionOne",
"internalURL": "http
s://GLANCE_API_IS_NOT_DISCLOSED/v1.1/ <tenent> ", "publicURL": "
https://GLANCE_API_IS_N <https://glance_api_is_n/>
OT_DISCLOSED/v1.1/ <tenent> "}], "type": "image", "name": "glance"},
{"endpoints": [{"a
dminURL": "https://nova-api.trystack.org:5443/v2.0";, "region": "RegionOne",
"int
ernalURL": "https://keystone.thefreecloud.org:5000/v2.0";, "publicURL":
"https://
keystone.thefreecloud.org:5000/v2.0"}], "type": "identity", "name":
"keystone"}]
, "user": {"id": <userid>, "roles": [{"tenantId":  <tenent> , "id": "2",
"name": "Member
"}], "name": <username>}}}

On Fri, May 4, 2012 at 1:08 AM, Dolph Mathews <dolph.mathews@xxxxxxxxx>wrote:

> "service-list" calls the admin API (port 35357), but the auth_url you
> provided was port 5000. I don't think the current keystoneclient is smart
> enough to try and switch to the correct endpoint. If you have an admin
> role, switching to port 35357 should work for you.
>
> Additionally, you won't get a service catalog without also providing a
> tenant, so that behavior is by design as well. Try --os_tenant_name or
> --os_tenant_id if using the client, or providing "tenantName" or "tenantId"
> in your "auth" object for curl.
>
> -Dolph
>
> On Wed, May 2, 2012 at 11:38 PM, Nick Lothian <nick.lothian@xxxxxxxxx>wrote:
>
>> I'm having some trouble using the Keystone API.
>>
>> When I run
>>
>> keystone --os_username=admin --os_password=password --os_auth_url=
>> http://192.168.1.50:5000/v2.0/ service-list
>>
>> I get the following:
>>
>> No handlers could be found for logger "keystoneclient.v2_0.client"
>> Unable to communicate with identity service: 404 Not Found
>>
>> The resource could not be found.
>>
>>    . (HTTP 404)
>>
>>
>> The keystone log shows the following:
>>
>> (eventlet.wsgi.server): 2012-05-03 14:03:12,840 DEBUG wsgi write
>> 192.168.1.50 - - [03/May/2012 14:03:12] "GET /v2.0/OS-KSADM/services
>> HTTP/1.1" 404 176 0.008028
>>
>>
>> Additionally, if I use curl to call the keystone API directly (as
>> documented at http://keystone.openstack.org/api_curl_examples.html#id4)
>> my whole serviceCatalog section is empty ("serviceCatalog": {})
>>
>> I am using a default devstack installation.
>>
>> What am I missing?
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>

Follow ups

References