Re: [Openstack] keystone: change from fernet tokens to uuid
Hi yes, I've configured Horizon to use V3 identity endpoint. And after applying latests updates from liberty, everything works as expected (v2 o v3), so I guess it was some kind of bug Thanks for your help. J. On 23/05/16 09:44, Eugen Block wrote: Hi Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone" without loosing any data (current users, roles, permissions, etc)?? I wouldn't guarantee that nothing happens to your database (if you're unsure make a backup), but I have executed this command without any impact on my database. Based on your statement executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works I would suggest to follow Adam's advice to use V3 API. Regards, Eugen Zitat von magicb...@hotmail.com: Hi Eugen I have admin_token set, but token_provider isn't set. Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone" without loosing any data (current users, roles, permissions, etc)?? J. On 20/05/16 12:42, Eugen Block wrote: Hi, I had a similar issue, in Liberty I used uuid tokens, then I upgraded to Mitaka and also switched to fernet tokens. Because of some kind of inconsistency I wanted to switch back to uuid. Do you have an admin_token set in your keystone.conf? I compared my current conf file to the liberty conf and I can't see another difference except admin_token and token_provider. I followed [1] to get keystone to work with uuid tokens in Liberty. If I understand correctly, you'll have to populate the keystone database "su -s /bin/sh -c "keystone-manage db_sync" keystone" and enable the required services. In my case, I managed to switch back to uuid, but in the meantime I'm back to fernet tokens. Hope this helps! [1] http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components Regards, Eugen Zitat von magicb...@hotmail.com: Hi I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works with fernet tokens. Because I have an old app which only works with UUID, I have changed /etc/keyston/keyston.conf from: [token] provider = keystone.token.providers.fernet.Provider to: [token] provider = keystone.token.providers.uuid.Provider But now, I'm facing a strange behavior: as admin user, executing a simple "keystone user-list" doesn't work and shows this error: /. RESP BODY: {"error": {"message": "Non-default domain is not supported (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized"}} //.// /Executing "openstack user list" also gets the same error: /Non-default domain is not supported (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-8285b64d-353a-4188-949f-679bbfaa1114)/ Also from Horizon dashboard, I cannot retrieve the user list. But the funny/strange thing is that executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works: /root@node-1:~# openstack user list +--+---+ | ID | Name | +--+---+ | 06c80b0440034f49a674bd0ef56385e1 | heat_admin| | 1b5ae288f1494efd91aa67cadd290939 | sahara| | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn | | 4722750675d6416082be67a7cf9b03c3 | murano| | 6b020f2c8328430b9bc71400e8a8b661 | cinder| | 958dd93f02614f38b4575c05833b0884 | heat | | 97c015a3d9b2432090992027fdb16e44 | ceilometer| | 9fb385d757324bc0a62b502f4c3ae67c | swift | | cc1395223fd74ea2aa59242fccb279de | admin | | dc325906c9b6446a801a9d4914472b51 | neutron | | df265ea710294923991a5d10006dd9cb | nova | | ebcf0d3439c143d098d95212fa587b6a | glance| | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user | +--+---+ / Anyone could help me? thanks in advance. J ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
Hi Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone" without loosing any data (current users, roles, permissions, etc)?? I wouldn't guarantee that nothing happens to your database (if you're unsure make a backup), but I have executed this command without any impact on my database. Based on your statement executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works I would suggest to follow Adam's advice to use V3 API. Regards, Eugen Zitat von magicb...@hotmail.com: Hi Eugen I have admin_token set, but token_provider isn't set. Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone" without loosing any data (current users, roles, permissions, etc)?? J. On 20/05/16 12:42, Eugen Block wrote: Hi, I had a similar issue, in Liberty I used uuid tokens, then I upgraded to Mitaka and also switched to fernet tokens. Because of some kind of inconsistency I wanted to switch back to uuid. Do you have an admin_token set in your keystone.conf? I compared my current conf file to the liberty conf and I can't see another difference except admin_token and token_provider. I followed [1] to get keystone to work with uuid tokens in Liberty. If I understand correctly, you'll have to populate the keystone database "su -s /bin/sh -c "keystone-manage db_sync" keystone" and enable the required services. In my case, I managed to switch back to uuid, but in the meantime I'm back to fernet tokens. Hope this helps! [1] http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components Regards, Eugen Zitat von magicb...@hotmail.com: Hi I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works with fernet tokens. Because I have an old app which only works with UUID, I have changed /etc/keyston/keyston.conf from: [token] provider = keystone.token.providers.fernet.Provider to: [token] provider = keystone.token.providers.uuid.Provider But now, I'm facing a strange behavior: as admin user, executing a simple "keystone user-list" doesn't work and shows this error: /. RESP BODY: {"error": {"message": "Non-default domain is not supported (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized"}} //.// /Executing "openstack user list" also gets the same error: /Non-default domain is not supported (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-8285b64d-353a-4188-949f-679bbfaa1114)/ Also from Horizon dashboard, I cannot retrieve the user list. But the funny/strange thing is that executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works: /root@node-1:~# openstack user list +--+---+ | ID | Name | +--+---+ | 06c80b0440034f49a674bd0ef56385e1 | heat_admin| | 1b5ae288f1494efd91aa67cadd290939 | sahara| | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn | | 4722750675d6416082be67a7cf9b03c3 | murano| | 6b020f2c8328430b9bc71400e8a8b661 | cinder| | 958dd93f02614f38b4575c05833b0884 | heat | | 97c015a3d9b2432090992027fdb16e44 | ceilometer| | 9fb385d757324bc0a62b502f4c3ae67c | swift | | cc1395223fd74ea2aa59242fccb279de | admin | | dc325906c9b6446a801a9d4914472b51 | neutron | | df265ea710294923991a5d10006dd9cb | nova | | ebcf0d3439c143d098d95212fa587b6a | glance| | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user | +--+---+ / Anyone could help me? thanks in advance. J ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -- Eugen Block voice : +49-40-559 51 75 NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 Postfach 61 03 15 D-22423 Hamburg e-mail : ebl...@nde.ag Vorsitzende des Aufsichtsrates: Angelika Mozdzen Sitz und Registergericht: Hamburg, HRB 90934 Vorstand: Jens-U. Mozdzen USt-IdNr. DE 814 013 983 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
On 05/20/2016 12:18 PM, magicb...@hotmail.com wrote: Hi Adam What do you mean with "upgrade the Fuel code to use the V3 Keystone API"?? Afaik I'm running the latest FUEL distro released, which is fuel 8.0is there any new version available? Not you, the Fuel developers. On 20/05/16 17:16, Adam Young wrote: On 05/20/2016 06:14 AM, magicb...@hotmail.com wrote: Hi I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works with fernet tokens. Because I have an old app which only works with UUID, I have changed /etc/keyston/keyston.conf from: [token] provider = keystone.token.providers.fernet.Provider to: [token] provider = keystone.token.providers.uuid.Provider But now, I'm facing a strange behavior: as admin user, executing a simple "keystone user-list" doesn't work and shows this error: /. RESP BODY: {"error": {"message": "Non-default domain is not supported (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized"}} //.// /Executing "openstack user list" also gets the same error: /Non-default domain is not supported (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-8285b64d-353a-4188-949f-679bbfaa1114)/ Also from Horizon dashboard, I cannot retrieve the user list. PLeaase upgrade the Fuel code to use the V3 Keystone API. It looks like Fernet was forgiving on something it should not have been. The "non-default-domain" error is due to passing a non default domain along with a V2 token. But the funny/strange thing is that executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works: /root@node-1:~# openstack user list +--+---+ | ID | Name | +--+---+ | 06c80b0440034f49a674bd0ef56385e1 | heat_admin| | 1b5ae288f1494efd91aa67cadd290939 | sahara| | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn | | 4722750675d6416082be67a7cf9b03c3 | murano| | 6b020f2c8328430b9bc71400e8a8b661 | cinder| | 958dd93f02614f38b4575c05833b0884 | heat | | 97c015a3d9b2432090992027fdb16e44 | ceilometer| | 9fb385d757324bc0a62b502f4c3ae67c | swift | | cc1395223fd74ea2aa59242fccb279de | admin | | dc325906c9b6446a801a9d4914472b51 | neutron | | df265ea710294923991a5d10006dd9cb | nova | | ebcf0d3439c143d098d95212fa587b6a | glance| | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user | +--+---+ / Anyone could help me? thanks in advance. J ___ Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to :openstack@lists.openstack.org Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to :openstack@lists.openstack.org Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
Hi Adam What do you mean with "upgrade the Fuel code to use the V3 Keystone API"?? Afaik I'm running the latest FUEL distro released, which is fuel 8.0is there any new version available? On 20/05/16 17:16, Adam Young wrote: On 05/20/2016 06:14 AM, magicb...@hotmail.com wrote: Hi I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works with fernet tokens. Because I have an old app which only works with UUID, I have changed /etc/keyston/keyston.conf from: [token] provider = keystone.token.providers.fernet.Provider to: [token] provider = keystone.token.providers.uuid.Provider But now, I'm facing a strange behavior: as admin user, executing a simple "keystone user-list" doesn't work and shows this error: /. RESP BODY: {"error": {"message": "Non-default domain is not supported (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized"}} //.// /Executing "openstack user list" also gets the same error: /Non-default domain is not supported (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-8285b64d-353a-4188-949f-679bbfaa1114)/ Also from Horizon dashboard, I cannot retrieve the user list. PLeaase upgrade the Fuel code to use the V3 Keystone API. It looks like Fernet was forgiving on something it should not have been. The "non-default-domain" error is due to passing a non default domain along with a V2 token. But the funny/strange thing is that executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works: /root@node-1:~# openstack user list +--+---+ | ID | Name | +--+---+ | 06c80b0440034f49a674bd0ef56385e1 | heat_admin| | 1b5ae288f1494efd91aa67cadd290939 | sahara| | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn | | 4722750675d6416082be67a7cf9b03c3 | murano| | 6b020f2c8328430b9bc71400e8a8b661 | cinder| | 958dd93f02614f38b4575c05833b0884 | heat | | 97c015a3d9b2432090992027fdb16e44 | ceilometer| | 9fb385d757324bc0a62b502f4c3ae67c | swift | | cc1395223fd74ea2aa59242fccb279de | admin | | dc325906c9b6446a801a9d4914472b51 | neutron | | df265ea710294923991a5d10006dd9cb | nova | | ebcf0d3439c143d098d95212fa587b6a | glance| | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user | +--+---+ / Anyone could help me? thanks in advance. J ___ Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to :openstack@lists.openstack.org Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
Hi Eugen I have admin_token set, but token_provider isn't set. Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone" without loosing any data (current users, roles, permissions, etc)?? J. On 20/05/16 12:42, Eugen Block wrote: Hi, I had a similar issue, in Liberty I used uuid tokens, then I upgraded to Mitaka and also switched to fernet tokens. Because of some kind of inconsistency I wanted to switch back to uuid. Do you have an admin_token set in your keystone.conf? I compared my current conf file to the liberty conf and I can't see another difference except admin_token and token_provider. I followed [1] to get keystone to work with uuid tokens in Liberty. If I understand correctly, you'll have to populate the keystone database "su -s /bin/sh -c "keystone-manage db_sync" keystone" and enable the required services. In my case, I managed to switch back to uuid, but in the meantime I'm back to fernet tokens. Hope this helps! [1] http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components Regards, Eugen Zitat von magicb...@hotmail.com: Hi I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works with fernet tokens. Because I have an old app which only works with UUID, I have changed /etc/keyston/keyston.conf from: [token] provider = keystone.token.providers.fernet.Provider to: [token] provider = keystone.token.providers.uuid.Provider But now, I'm facing a strange behavior: as admin user, executing a simple "keystone user-list" doesn't work and shows this error: /. RESP BODY: {"error": {"message": "Non-default domain is not supported (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized"}} //.// /Executing "openstack user list" also gets the same error: /Non-default domain is not supported (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-8285b64d-353a-4188-949f-679bbfaa1114)/ Also from Horizon dashboard, I cannot retrieve the user list. But the funny/strange thing is that executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works: /root@node-1:~# openstack user list +--+---+ | ID | Name | +--+---+ | 06c80b0440034f49a674bd0ef56385e1 | heat_admin| | 1b5ae288f1494efd91aa67cadd290939 | sahara| | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn | | 4722750675d6416082be67a7cf9b03c3 | murano| | 6b020f2c8328430b9bc71400e8a8b661 | cinder| | 958dd93f02614f38b4575c05833b0884 | heat | | 97c015a3d9b2432090992027fdb16e44 | ceilometer| | 9fb385d757324bc0a62b502f4c3ae67c | swift | | cc1395223fd74ea2aa59242fccb279de | admin | | dc325906c9b6446a801a9d4914472b51 | neutron | | df265ea710294923991a5d10006dd9cb | nova | | ebcf0d3439c143d098d95212fa587b6a | glance| | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user | +--+---+ / Anyone could help me? thanks in advance. J ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
On 05/20/2016 06:14 AM, magicb...@hotmail.com wrote: Hi I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works with fernet tokens. Because I have an old app which only works with UUID, I have changed /etc/keyston/keyston.conf from: [token] provider = keystone.token.providers.fernet.Provider to: [token] provider = keystone.token.providers.uuid.Provider But now, I'm facing a strange behavior: as admin user, executing a simple "keystone user-list" doesn't work and shows this error: /. RESP BODY: {"error": {"message": "Non-default domain is not supported (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized"}} //.// /Executing "openstack user list" also gets the same error: /Non-default domain is not supported (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-8285b64d-353a-4188-949f-679bbfaa1114)/ Also from Horizon dashboard, I cannot retrieve the user list. PLeaase upgrade the Fuel code to use the V3 Keystone API. It looks like Fernet was forgiving on something it should not have been. The "non-default-domain" error is due to passing a non default domain along with a V2 token. But the funny/strange thing is that executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works: /root@node-1:~# openstack user list +--+---+ | ID | Name | +--+---+ | 06c80b0440034f49a674bd0ef56385e1 | heat_admin| | 1b5ae288f1494efd91aa67cadd290939 | sahara| | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn | | 4722750675d6416082be67a7cf9b03c3 | murano| | 6b020f2c8328430b9bc71400e8a8b661 | cinder| | 958dd93f02614f38b4575c05833b0884 | heat | | 97c015a3d9b2432090992027fdb16e44 | ceilometer| | 9fb385d757324bc0a62b502f4c3ae67c | swift | | cc1395223fd74ea2aa59242fccb279de | admin | | dc325906c9b6446a801a9d4914472b51 | neutron | | df265ea710294923991a5d10006dd9cb | nova | | ebcf0d3439c143d098d95212fa587b6a | glance| | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user | +--+---+ / Anyone could help me? thanks in advance. J ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
Hi, I had a similar issue, in Liberty I used uuid tokens, then I upgraded to Mitaka and also switched to fernet tokens. Because of some kind of inconsistency I wanted to switch back to uuid. Do you have an admin_token set in your keystone.conf? I compared my current conf file to the liberty conf and I can't see another difference except admin_token and token_provider. I followed [1] to get keystone to work with uuid tokens in Liberty. If I understand correctly, you'll have to populate the keystone database "su -s /bin/sh -c "keystone-manage db_sync" keystone" and enable the required services. In my case, I managed to switch back to uuid, but in the meantime I'm back to fernet tokens. Hope this helps! [1] http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components Regards, Eugen Zitat von magicb...@hotmail.com: Hi I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works with fernet tokens. Because I have an old app which only works with UUID, I have changed /etc/keyston/keyston.conf from: [token] provider = keystone.token.providers.fernet.Provider to: [token] provider = keystone.token.providers.uuid.Provider But now, I'm facing a strange behavior: as admin user, executing a simple "keystone user-list" doesn't work and shows this error: /. RESP BODY: {"error": {"message": "Non-default domain is not supported (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized"}} //.// /Executing "openstack user list" also gets the same error: /Non-default domain is not supported (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-8285b64d-353a-4188-949f-679bbfaa1114)/ Also from Horizon dashboard, I cannot retrieve the user list. But the funny/strange thing is that executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works: /root@node-1:~# openstack user list +--+---+ | ID | Name | +--+---+ | 06c80b0440034f49a674bd0ef56385e1 | heat_admin| | 1b5ae288f1494efd91aa67cadd290939 | sahara| | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn | | 4722750675d6416082be67a7cf9b03c3 | murano| | 6b020f2c8328430b9bc71400e8a8b661 | cinder| | 958dd93f02614f38b4575c05833b0884 | heat | | 97c015a3d9b2432090992027fdb16e44 | ceilometer| | 9fb385d757324bc0a62b502f4c3ae67c | swift | | cc1395223fd74ea2aa59242fccb279de | admin | | dc325906c9b6446a801a9d4914472b51 | neutron | | df265ea710294923991a5d10006dd9cb | nova | | ebcf0d3439c143d098d95212fa587b6a | glance| | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user | +--+---+ / Anyone could help me? thanks in advance. J -- Eugen Block voice : +49-40-559 51 75 NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 Postfach 61 03 15 D-22423 Hamburg e-mail : ebl...@nde.ag Vorsitzende des Aufsichtsrates: Angelika Mozdzen Sitz und Registergericht: Hamburg, HRB 90934 Vorstand: Jens-U. Mozdzen USt-IdNr. DE 814 013 983 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] keystone: change from fernet tokens to uuid
Hi I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works with fernet tokens. Because I have an old app which only works with UUID, I have changed /etc/keyston/keyston.conf from: [token] provider = keystone.token.providers.fernet.Provider to: [token] provider = keystone.token.providers.uuid.Provider But now, I'm facing a strange behavior: as admin user, executing a simple "keystone user-list" doesn't work and shows this error: /. RESP BODY: {"error": {"message": "Non-default domain is not supported (Disable debug mode to suppress these details.)", "code": 401, "title": "Unauthorized"}} //.// /Executing "openstack user list" also gets the same error: /Non-default domain is not supported (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-8285b64d-353a-4188-949f-679bbfaa1114)/ Also from Horizon dashboard, I cannot retrieve the user list. But the funny/strange thing is that executing the same command through V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works: /root@node-1:~# openstack user list +--+---+ | ID | Name | +--+---+ | 06c80b0440034f49a674bd0ef56385e1 | heat_admin| | 1b5ae288f1494efd91aa67cadd290939 | sahara| | 2c71b7342bfe421abdb1af34a05988ac | heat-cfn | | 4722750675d6416082be67a7cf9b03c3 | murano| | 6b020f2c8328430b9bc71400e8a8b661 | cinder| | 958dd93f02614f38b4575c05833b0884 | heat | | 97c015a3d9b2432090992027fdb16e44 | ceilometer| | 9fb385d757324bc0a62b502f4c3ae67c | swift | | cc1395223fd74ea2aa59242fccb279de | admin | | dc325906c9b6446a801a9d4914472b51 | neutron | | df265ea710294923991a5d10006dd9cb | nova | | ebcf0d3439c143d098d95212fa587b6a | glance| | fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user | +--+---+ / Anyone could help me? thanks in advance. J ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack