Trying to figure out if this is a bug in ECP support within novaclient, or if I am misconfiguring something. Any feedback helps!
We have keystone configured to use a separate Shibboleth server for auth (with an ECP endpoint). Federated users with the _member_ role on a project can boot VMs using "openstack server create", but attempts to use "nova boot" (novaclient) are blocked by this error: $ nova list ERROR (AttributeError): 'Namespace' object has no attribute 'os_user_id' To auth, we have users generate a token with unscoped saml: export OS_AUTH_TYPE=v3unscopedsaml unset OS_AUTH_STRATEGY export OS_IDENTITY_PROVIDER=testshib export OS_PROTOCOL=saml2 export OS_IDENTITY_PROVIDER_URL=https://shibboleth-server/ECP unset OS_TOKEN export OS_TOKEN=$( openstack token issue -c id -f value --debug ) unset OS_PASSWORD if [ -z $OS_TOKEN ]; then echo -e "\nERROR: Bad authentication" unset OS_TOKEN else echo -e "\nAuthenticated." fi unset OS_USER_DOMAIN_NAME export OS_AUTH_TYPE=v3token Cheers, -E -- Evan F. Bollig, PhD Scientific Computing Consultant, Application Developer | Scientific Computing Solutions (SCS) Minnesota Supercomputing Institute | msi.umn.edu University of Minnesota | umn.edu boll0...@umn.edu | 612-624-1447 | Walter Lib Rm 556 _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
