There are basically two rules at work: 1) an existing token takes precedence over username+password credentials. 2) CLI options take precedence over configuration from the environment.
In Folsom, these options look like: (existing token) --os-token / OS_SERVICE_TOKEN --os-endpoint / OS_SERVICE_ENDPOINT (credentials) --os-username / OS_USERNAME --os-password / OS_PASSWORD --os-tenant-name / OS_TENANT_NAME --os-auth-url / OS_AUTH_URL (there are also a few other options like region, api version, etc) Rule 1 is universally applied before rule 2, which means the token + endpoint from the environment is taking precedence over username + password from the CLI. IMO, it's a bug that rule 2 isn't applied before rule 1. -Dolph On Wed, Oct 31, 2012 at 3:32 PM, Joshua Harlow <harlo...@yahoo-inc.com>wrote: > I think the overall issue is connected to > https://bugs.launchpad.net/keystone/+bug/962600 > > Right? Seems like that is still happening :-( > > From: Ahmed Al-Mehdi <ah...@coraid.com> > Date: Wednesday, October 31, 2012 1:15 PM > To: Dolph Mathews <dolph.math...@gmail.com> > Cc: Joseph Heck <joe.h...@nebula.com>, "openstack@lists.launchpad.net" < > openstack@lists.launchpad.net> > > Subject: Re: [Openstack] Verification of Keystone Installation fails > > Hi Dolph, > > Awesome, that worked. Thank you very much. Just out of curiosity, what > was the exact conflict? Between which environment variable and option > passed to the CLI? > > Regards, > Ahmed. > > > From: Dolph Mathews <dolph.math...@gmail.com> > Date: Wednesday, October 31, 2012 10:46 AM > To: Ahmed Al-Mehdi <ah...@coraid.com> > Cc: "openstack@lists.launchpad.net" <openstack@lists.launchpad.net>, > Joseph Heck <joe.h...@nebula.com> > Subject: Re: [Openstack] Verification of Keystone Installation fails > > I was able to reproduce by defining SERVICE_ENDPOINT and SERVICE_TOKEN in > my own environment, which appear to be overriding the credentials provided > on the CLI -- I don't think that's the intended behavior. > > If you unset them, you should be able to verify the install. > > If you skip verifying keystone and something is wrong with it, you'll > likely find out pretty quick when another service calls keystone for the > first time :) > > -Dolph > > > On Wed, Oct 31, 2012 at 12:22 PM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: > >> Hi Dolph, >> >> Thank you very much for helping me on this issue. Following is the >> environment variables related to openstack: >> >> root@bodega:~# env | egrep "OS_|SERVICE_" >> SERVICE_ENDPOINT=http://10.176.20.158:35357/v2.0/ >> SERVICE_TOKEN=012345SECRET99TOKEN012345 >> root@bodega:~# ifconfig eth0 >> eth0 Link encap:Ethernet HWaddr 00:1e:67:06:1b:67 >> inet addr:10.176.20.158 Bcast:10.176.255.255 Mask:255.255.0.0 >> inet6 addr: fe80::21e:67ff:fe06:1b67/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:12760203 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:203944 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:1044985224 (1.0 GB) TX bytes:22642912 (22.6 MB) >> Interrupt:16 Memory:b2000000-b2020000 >> root@bodega:~# >> >> I am attaching keystone.conf file. >> >> Would you happen to know if there is a high level document document on >> keystone (more than just a user guide, but a architectural/functional doc, >> but not a API doc). Something similar to >> http://docs.openstack.org/trunk/openstack-identity/admin/os-identity-starter-guide-trunk.pdf >> but >> updated. >> >> Does my current issue prohibit me from progressing forward with the next >> steps in the install document, setting up glance, nova, etc.? >> >> Regards, >> Ahmed. >> >> >> >> From: Dolph Mathews <dolph.math...@gmail.com> >> Date: Wednesday, October 31, 2012 9:44 AM >> To: Ahmed Al-Mehdi <ah...@coraid.com> >> Cc: "openstack@lists.launchpad.net" <openstack@lists.launchpad.net> >> Subject: Re: [Openstack] Verification of Keystone Installation fails >> >> The error you're seeing is actually client-side, so there won't be >> anything in keystone's logs. It indicates that you're not actually >> authenticating with keystone (and instead bypassing authentication using >> --token and --endpoint, for example) ... however, that's obviously not the >> case, as you're explicitly providing --os-username, etc. >> >> Unfortunately, I'm not able to reproduce this issue. Can you share your >> OS_* environment variables? I suspect something there >> is unexpectedly overriding what you're providing on the CLI... which would >> be a legitimate bug. >> >> Thanks, >> >> -Dolph >> >> >> On Wed, Oct 31, 2012 at 2:08 AM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: >> >>> Hello, >>> >>> I followed the steps in the "OpenStack Install Deploy for Ubuntu" manual >>> to install Keystone. However, when I issue the commands in section >>> "Verifying the Identity Service Installation" ( >>> http://docs.openstack.org/trunk/openstack-compute/install/apt/content/verifying-identity-install.html >>> ), >>> I am getting the following error: >>> >>> # keystone --os-username=admin --os-password=admin --os-auth-url= >>> http://10.176.20.158:35357/v2.0 token-get >>> 'Client' object has no attribute 'service_catalog' >>> >>> I don't see any additional info in keystone.log. Can someone please >>> help me. >>> >>> Thank you, >>> Ahmed. >>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >>> >> >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp