1

Openstack noob here. I have setup an Ubuntu VM with DevStack, and am trying to authenticate with Keystone to obtain a token to be used for subsequent Openstack API calls. The identity endpoint shown on the “API Access” page in Horizon is: http://<DEVSTACK_IP>/identity.

When I post the below JSON payload to this endpoint, I get the error get_version_v3() got an unexpected keyword argument 'auth’. 

{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "name": "admin",
                    "domain": {
                        "name": "Default"
                    },
                    "password": “AdminPassword”
                }
            }
        }
    }
}

Based on the Openstack docs, I should be hitting http://<DEVSTACK_IP>/v3/auth/tokens to obtain a token, but when I hit that endpoint, I get 404 Not Found.

I'm currently using Postman for testing this, but will eventually be doing programmatically.

Does anybody have any experience with authenticating against the Openstack API that can help?

grizzthedj
  • 7,131
  • 16
  • 42
  • 62

1 Answers1

3

Not sure whether you want to do it in a python way, but if you do, here is a way to do it:

from keystoneauth1.identity import v3
from keystoneauth1 import session

v3_auth = v3.Password(auth_url=V3_AUTH_URL,
                      username=USERNAME,
                      password=PASSWORD,
                      project_name=PROJECT_NAME,
                      project_domain_name="default",
                      user_domain_name="default")

v3_ses = session.Session(auth=v3_auth)
auth_token = v3_ses.get_token()

And you V3_AUTH_URL should be http://<DEVSTACK_IP>:5000/v3 since keystone is using port 5000 as a default.

If you do have a multi-domain devstack, you can change the domains, otherwise, they should be default

Just in case you don't have the client library installed: pip install python-keystoneclient

Here is a good doc for you to read about it: https://docs.openstack.org/keystoneauth/latest/using-sessions.html

HTH

Lucas H. Xu
  • 909
  • 1
  • 11
  • 23
  • I just did `telnet localhost 5000` on the devstack VM, and nothing is listening on this port. Perhaps the Keystone service is not running? Is there a way I can check? – grizzthedj Sep 28 '17 at 16:56
  • it should be running by default if you are using Ubuntu. Try `service keystone status` or `ps -ef | grep keystone` see whether it is running. Maybe the devstack is not installed correctly. Are you be able to log in through the dashboard? – Lucas H. Xu Sep 28 '17 at 17:06
  • It seems to be running. I see a master and 2 worker processes running. I am able to login to the dashboard, and create instances, networks and volumes without issue. – grizzthedj Sep 28 '17 at 17:14
  • Yeah, if you are able to login to the dashboard, that means your keystone service is up and running. Keystone team is working on changing the auth_url to `/identity` but I believe in the meantime, using the `5000` should work in `v3` and It works for me (just tried). – Lucas H. Xu Sep 28 '17 at 17:29
  • Another possibility is that your Devstack is hosted on a private network. I added `HOST_IP` in the `local.conf` when I configured my devstack so I can have public service endpoints for keystone, nova, and etc. – Lucas H. Xu Sep 28 '17 at 17:36
  • I got this working with `python-keystoneclient` after changing the HOST_IP in `local.conf`. Thanks for your response! – grizzthedj Sep 29 '17 at 13:10
  • glad that this is helpful! – Lucas H. Xu Sep 29 '17 at 14:29