Replied inline. On Thu, May 3, 2012 at 6:08 PM, Nick Lothian <nick.loth...@gmail.com> wrote:
> (Replying to list this time... Is there a reason why the reply-to isn't > set to the list?!) > > Is this really the case? Why does service-list require the admin port? > GET /services requires admin privileges because it's really a CRUD operation on a small portion of the service catalog equation. End users can simply auth and get endpoints for the services they have access to. > > Running against TryStack (note that I don't supply a tenant): > I'm assuming your user account has a default tenant defined in keystone... because you don't explicitly provide a tenant, keystone can assume you want to use your default tenant, and provide the corresponding service catalog. Alternatively, you can call GET /tenants, select an alternative (if any), and explicitly auth for another tenant. > > $ curl -k -X 'POST' -v https://nova-api.trystack.org:5443/v2.0/tokens -d > '{"aut > h":{"passwordCredentials":{"username": <username>, > "password":<password>}}}' -H 'Content-type: application/json' > > > {"access": {"token": {"expires": "2012-05-04T23:01:56.797115", "id": > <token>, "tenant": {"id": <tenant>, "name": <username> > }}, "serviceCatalog": [{"endpoints": [{"adminURL": " > https://nova-api.trystack.or > g:9774/v1.1/929", "region": "RegionOne", "internalURL": " > https://nova-api.trysta > ck.org:9774/v1.1/<tenent>", "publicURL": " > https://nova-api.trystack.org:9774/v1.1/929 > "}], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": " > https://GL <https://gl/> > ANCE_API_IS_NOT_DISCLOSED/v1.1/ <tenent> ", "region": "RegionOne", > "internalURL": "http > s://GLANCE_API_IS_NOT_DISCLOSED/v1.1/ <tenent> ", "publicURL": " > https://GLANCE_API_IS_N <https://glance_api_is_n/> > OT_DISCLOSED/v1.1/ <tenent> "}], "type": "image", "name": "glance"}, > {"endpoints": [{"a > dminURL": "https://nova-api.trystack.org:5443/v2.0";, "region": > "RegionOne", "int > ernalURL": "https://keystone.thefreecloud.org:5000/v2.0";, "publicURL": > "https:// > keystone.thefreecloud.org:5000/v2.0"}], "type": "identity", "name": > "keystone"}] > , "user": {"id": <userid>, "roles": [{"tenantId": <tenent> , "id": "2", > "name": "Member > "}], "name": <username>}}} > > On Fri, May 4, 2012 at 1:08 AM, Dolph Mathews <dolph.math...@gmail.com>wrote: > >> "service-list" calls the admin API (port 35357), but the auth_url you >> provided was port 5000. I don't think the current keystoneclient is smart >> enough to try and switch to the correct endpoint. If you have an admin >> role, switching to port 35357 should work for you. >> >> Additionally, you won't get a service catalog without also providing a >> tenant, so that behavior is by design as well. Try --os_tenant_name or >> --os_tenant_id if using the client, or providing "tenantName" or "tenantId" >> in your "auth" object for curl. >> >> -Dolph >> >> On Wed, May 2, 2012 at 11:38 PM, Nick Lothian <nick.loth...@gmail.com>wrote: >> >>> I'm having some trouble using the Keystone API. >>> >>> When I run >>> >>> keystone --os_username=admin --os_password=password --os_auth_url= >>> http://192.168.1.50:5000/v2.0/ service-list >>> >>> I get the following: >>> >>> No handlers could be found for logger "keystoneclient.v2_0.client" >>> Unable to communicate with identity service: 404 Not Found >>> >>> The resource could not be found. >>> >>> . (HTTP 404) >>> >>> >>> The keystone log shows the following: >>> >>> (eventlet.wsgi.server): 2012-05-03 14:03:12,840 DEBUG wsgi write >>> 192.168.1.50 - - [03/May/2012 14:03:12] "GET /v2.0/OS-KSADM/services >>> HTTP/1.1" 404 176 0.008028 >>> >>> >>> Additionally, if I use curl to call the keystone API directly (as >>> documented at http://keystone.openstack.org/api_curl_examples.html#id4) >>> my whole serviceCatalog section is empty ("serviceCatalog": {}) >>> >>> I am using a default devstack installation. >>> >>> What am I missing? >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >>> >> > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
