Re: [Openstack] keystone: change from fernet tokens to uuid
Hi
yes, I've configured Horizon to use V3 identity endpoint. And after
applying latests updates from liberty, everything works as expected (v2
o v3), so I guess it was some kind of bug
Thanks for your help.
J.
On 23/05/16 09:44, Eugen Block wrote:
Hi
Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone"
without loosing any data (current users, roles, permissions, etc)??
I wouldn't guarantee that nothing happens to your database (if you're
unsure make a backup), but I have executed this command without any
impact on my database.
Based on your statement
executing the same command through V3 indentity admin interface
(/export OS_IDENTITY_API_VERSION=3/) it works
I would suggest to follow Adam's advice to use V3 API.
Regards,
Eugen
Zitat von magicb...@hotmail.com:
Hi Eugen
I have admin_token set, but token_provider isn't set.
Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone"
without loosing any data (current users, roles, permissions, etc)??
J.
On 20/05/16 12:42, Eugen Block wrote:
Hi,
I had a similar issue, in Liberty I used uuid tokens, then I
upgraded to Mitaka and also switched to fernet tokens. Because of
some kind of inconsistency I wanted to switch back to uuid.
Do you have an admin_token set in your keystone.conf?
I compared my current conf file to the liberty conf and I can't see
another difference except admin_token and token_provider.
I followed [1] to get keystone to work with uuid tokens in Liberty.
If I understand correctly, you'll have to populate the keystone
database "su -s /bin/sh -c "keystone-manage db_sync" keystone" and
enable the required services.
In my case, I managed to switch back to uuid, but in the meantime
I'm back to fernet tokens.
Hope this helps!
[1]
http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components
Regards,
Eugen
Zitat von magicb...@hotmail.com:
Hi
I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL
works with fernet tokens. Because I have an old app which only
works with UUID, I have changed /etc/keyston/keyston.conf
from:
[token]
provider = keystone.token.providers.fernet.Provider
to:
[token]
provider = keystone.token.providers.uuid.Provider
But now, I'm facing a strange behavior:
as admin user, executing a simple "keystone user-list" doesn't work
and shows this error:
/.
RESP BODY: {"error": {"message": "Non-default domain is not
supported (Disable debug mode to suppress these details.)", "code":
401, "title": "Unauthorized"}}
//.//
/Executing "openstack user list" also gets the same error:
/Non-default domain is not supported (Disable debug mode to
suppress these details.) (HTTP 401) (Request-ID:
req-8285b64d-353a-4188-949f-679bbfaa1114)/
Also from Horizon dashboard, I cannot retrieve the user list.
But the funny/strange thing is that executing the same command
through V3 indentity admin interface (/export
OS_IDENTITY_API_VERSION=3/) it works:
/root@node-1:~# openstack user list
+--+---+
| ID | Name |
+--+---+
| 06c80b0440034f49a674bd0ef56385e1 | heat_admin|
| 1b5ae288f1494efd91aa67cadd290939 | sahara|
| 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
| 4722750675d6416082be67a7cf9b03c3 | murano|
| 6b020f2c8328430b9bc71400e8a8b661 | cinder|
| 958dd93f02614f38b4575c05833b0884 | heat |
| 97c015a3d9b2432090992027fdb16e44 | ceilometer|
| 9fb385d757324bc0a62b502f4c3ae67c | swift |
| cc1395223fd74ea2aa59242fccb279de | admin |
| dc325906c9b6446a801a9d4914472b51 | neutron |
| df265ea710294923991a5d10006dd9cb | nova |
| ebcf0d3439c143d098d95212fa587b6a | glance|
| fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
+--+---+
/
Anyone could help me?
thanks in advance.
J
___
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
Hi
Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone"
without loosing any data (current users, roles, permissions, etc)??
I wouldn't guarantee that nothing happens to your database (if you're
unsure make a backup), but I have executed this command without any
impact on my database.
Based on your statement
executing the same command through V3 indentity admin interface
(/export OS_IDENTITY_API_VERSION=3/) it works
I would suggest to follow Adam's advice to use V3 API.
Regards,
Eugen
Zitat von magicb...@hotmail.com:
Hi Eugen
I have admin_token set, but token_provider isn't set.
Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone"
without loosing any data (current users, roles, permissions, etc)??
J.
On 20/05/16 12:42, Eugen Block wrote:
Hi,
I had a similar issue, in Liberty I used uuid tokens, then I
upgraded to Mitaka and also switched to fernet tokens. Because of
some kind of inconsistency I wanted to switch back to uuid.
Do you have an admin_token set in your keystone.conf?
I compared my current conf file to the liberty conf and I can't see
another difference except admin_token and token_provider.
I followed [1] to get keystone to work with uuid tokens in Liberty.
If I understand correctly, you'll have to populate the keystone
database "su -s /bin/sh -c "keystone-manage db_sync" keystone" and
enable the required services.
In my case, I managed to switch back to uuid, but in the meantime
I'm back to fernet tokens.
Hope this helps!
[1]
http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components
Regards,
Eugen
Zitat von magicb...@hotmail.com:
Hi
I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL
works with fernet tokens. Because I have an old app which only
works with UUID, I have changed /etc/keyston/keyston.conf
from:
[token]
provider = keystone.token.providers.fernet.Provider
to:
[token]
provider = keystone.token.providers.uuid.Provider
But now, I'm facing a strange behavior:
as admin user, executing a simple "keystone user-list" doesn't
work and shows this error:
/.
RESP BODY: {"error": {"message": "Non-default domain is not
supported (Disable debug mode to suppress these details.)",
"code": 401, "title": "Unauthorized"}}
//.//
/Executing "openstack user list" also gets the same error:
/Non-default domain is not supported (Disable debug mode to
suppress these details.) (HTTP 401) (Request-ID:
req-8285b64d-353a-4188-949f-679bbfaa1114)/
Also from Horizon dashboard, I cannot retrieve the user list.
But the funny/strange thing is that executing the same command
through V3 indentity admin interface (/export
OS_IDENTITY_API_VERSION=3/) it works:
/root@node-1:~# openstack user list
+--+---+
| ID | Name |
+--+---+
| 06c80b0440034f49a674bd0ef56385e1 | heat_admin|
| 1b5ae288f1494efd91aa67cadd290939 | sahara|
| 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
| 4722750675d6416082be67a7cf9b03c3 | murano|
| 6b020f2c8328430b9bc71400e8a8b661 | cinder|
| 958dd93f02614f38b4575c05833b0884 | heat |
| 97c015a3d9b2432090992027fdb16e44 | ceilometer|
| 9fb385d757324bc0a62b502f4c3ae67c | swift |
| cc1395223fd74ea2aa59242fccb279de | admin |
| dc325906c9b6446a801a9d4914472b51 | neutron |
| df265ea710294923991a5d10006dd9cb | nova |
| ebcf0d3439c143d098d95212fa587b6a | glance|
| fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
+--+---+
/
Anyone could help me?
thanks in advance.
J
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
--
Eugen Block voice : +49-40-559 51 75
NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77
Postfach 61 03 15
D-22423 Hamburg e-mail : ebl...@nde.ag
Vorsitzende des Aufsichtsrates: Angelika Mozdzen
Sitz und Registergericht: Hamburg, HRB 90934
Vorstand: Jens-U. Mozdzen
USt-IdNr. DE 814 013 983
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
On 05/20/2016 12:18 PM, magicb...@hotmail.com wrote:
Hi Adam
What do you mean with "upgrade the Fuel code to use the V3 Keystone
API"?? Afaik I'm running the latest FUEL distro released, which is
fuel 8.0is there any new version available?
Not you, the Fuel developers.
On 20/05/16 17:16, Adam Young wrote:
On 05/20/2016 06:14 AM, magicb...@hotmail.com wrote:
Hi
I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL
works with fernet tokens. Because I have an old app which only works
with UUID, I have changed /etc/keyston/keyston.conf
from:
[token]
provider = keystone.token.providers.fernet.Provider
to:
[token]
provider = keystone.token.providers.uuid.Provider
But now, I'm facing a strange behavior:
as admin user, executing a simple "keystone user-list" doesn't work
and shows this error:
/.
RESP BODY: {"error": {"message": "Non-default domain is not
supported (Disable debug mode to suppress these details.)", "code":
401, "title": "Unauthorized"}}
//.//
/Executing "openstack user list" also gets the same error:
/Non-default domain is not supported (Disable debug mode to suppress
these details.) (HTTP 401) (Request-ID:
req-8285b64d-353a-4188-949f-679bbfaa1114)/
Also from Horizon dashboard, I cannot retrieve the user list.
PLeaase upgrade the Fuel code to use the V3 Keystone API. It looks
like Fernet was forgiving on something it should not have been. The
"non-default-domain" error is due to passing a non default domain
along with a V2 token.
But the funny/strange thing is that executing the same command
through V3 indentity admin interface (/export
OS_IDENTITY_API_VERSION=3/) it works:
/root@node-1:~# openstack user list
+--+---+
| ID | Name |
+--+---+
| 06c80b0440034f49a674bd0ef56385e1 | heat_admin|
| 1b5ae288f1494efd91aa67cadd290939 | sahara|
| 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
| 4722750675d6416082be67a7cf9b03c3 | murano|
| 6b020f2c8328430b9bc71400e8a8b661 | cinder|
| 958dd93f02614f38b4575c05833b0884 | heat |
| 97c015a3d9b2432090992027fdb16e44 | ceilometer|
| 9fb385d757324bc0a62b502f4c3ae67c | swift |
| cc1395223fd74ea2aa59242fccb279de | admin |
| dc325906c9b6446a801a9d4914472b51 | neutron |
| df265ea710294923991a5d10006dd9cb | nova |
| ebcf0d3439c143d098d95212fa587b6a | glance|
| fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
+--+---+
/
Anyone could help me?
thanks in advance.
J
___
Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to :openstack@lists.openstack.org
Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to :openstack@lists.openstack.org
Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
Hi Adam
What do you mean with "upgrade the Fuel code to use the V3 Keystone
API"?? Afaik I'm running the latest FUEL distro released, which is fuel
8.0is there any new version available?
On 20/05/16 17:16, Adam Young wrote:
On 05/20/2016 06:14 AM, magicb...@hotmail.com wrote:
Hi
I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL
works with fernet tokens. Because I have an old app which only works
with UUID, I have changed /etc/keyston/keyston.conf
from:
[token]
provider = keystone.token.providers.fernet.Provider
to:
[token]
provider = keystone.token.providers.uuid.Provider
But now, I'm facing a strange behavior:
as admin user, executing a simple "keystone user-list" doesn't work
and shows this error:
/.
RESP BODY: {"error": {"message": "Non-default domain is not supported
(Disable debug mode to suppress these details.)", "code": 401,
"title": "Unauthorized"}}
//.//
/Executing "openstack user list" also gets the same error:
/Non-default domain is not supported (Disable debug mode to suppress
these details.) (HTTP 401) (Request-ID:
req-8285b64d-353a-4188-949f-679bbfaa1114)/
Also from Horizon dashboard, I cannot retrieve the user list.
PLeaase upgrade the Fuel code to use the V3 Keystone API. It looks
like Fernet was forgiving on something it should not have been. The
"non-default-domain" error is due to passing a non default domain
along with a V2 token.
But the funny/strange thing is that executing the same command
through V3 indentity admin interface (/export
OS_IDENTITY_API_VERSION=3/) it works:
/root@node-1:~# openstack user list
+--+---+
| ID | Name |
+--+---+
| 06c80b0440034f49a674bd0ef56385e1 | heat_admin|
| 1b5ae288f1494efd91aa67cadd290939 | sahara|
| 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
| 4722750675d6416082be67a7cf9b03c3 | murano|
| 6b020f2c8328430b9bc71400e8a8b661 | cinder|
| 958dd93f02614f38b4575c05833b0884 | heat |
| 97c015a3d9b2432090992027fdb16e44 | ceilometer|
| 9fb385d757324bc0a62b502f4c3ae67c | swift |
| cc1395223fd74ea2aa59242fccb279de | admin |
| dc325906c9b6446a801a9d4914472b51 | neutron |
| df265ea710294923991a5d10006dd9cb | nova |
| ebcf0d3439c143d098d95212fa587b6a | glance|
| fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
+--+---+
/
Anyone could help me?
thanks in advance.
J
___
Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to :openstack@lists.openstack.org
Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
Hi Eugen
I have admin_token set, but token_provider isn't set.
Can I run "su -s /bin/sh -c "keystone-manage db_sync" keystone" without
loosing any data (current users, roles, permissions, etc)??
J.
On 20/05/16 12:42, Eugen Block wrote:
Hi,
I had a similar issue, in Liberty I used uuid tokens, then I upgraded
to Mitaka and also switched to fernet tokens. Because of some kind of
inconsistency I wanted to switch back to uuid.
Do you have an admin_token set in your keystone.conf?
I compared my current conf file to the liberty conf and I can't see
another difference except admin_token and token_provider.
I followed [1] to get keystone to work with uuid tokens in Liberty. If
I understand correctly, you'll have to populate the keystone database
"su -s /bin/sh -c "keystone-manage db_sync" keystone" and enable the
required services.
In my case, I managed to switch back to uuid, but in the meantime I'm
back to fernet tokens.
Hope this helps!
[1]
http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components
Regards,
Eugen
Zitat von magicb...@hotmail.com:
Hi
I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL
works with fernet tokens. Because I have an old app which only works
with UUID, I have changed /etc/keyston/keyston.conf
from:
[token]
provider = keystone.token.providers.fernet.Provider
to:
[token]
provider = keystone.token.providers.uuid.Provider
But now, I'm facing a strange behavior:
as admin user, executing a simple "keystone user-list" doesn't work
and shows this error:
/.
RESP BODY: {"error": {"message": "Non-default domain is not supported
(Disable debug mode to suppress these details.)", "code": 401,
"title": "Unauthorized"}}
//.//
/Executing "openstack user list" also gets the same error:
/Non-default domain is not supported (Disable debug mode to suppress
these details.) (HTTP 401) (Request-ID:
req-8285b64d-353a-4188-949f-679bbfaa1114)/
Also from Horizon dashboard, I cannot retrieve the user list.
But the funny/strange thing is that executing the same command
through V3 indentity admin interface (/export
OS_IDENTITY_API_VERSION=3/) it works:
/root@node-1:~# openstack user list
+--+---+
| ID | Name |
+--+---+
| 06c80b0440034f49a674bd0ef56385e1 | heat_admin|
| 1b5ae288f1494efd91aa67cadd290939 | sahara|
| 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
| 4722750675d6416082be67a7cf9b03c3 | murano|
| 6b020f2c8328430b9bc71400e8a8b661 | cinder|
| 958dd93f02614f38b4575c05833b0884 | heat |
| 97c015a3d9b2432090992027fdb16e44 | ceilometer|
| 9fb385d757324bc0a62b502f4c3ae67c | swift |
| cc1395223fd74ea2aa59242fccb279de | admin |
| dc325906c9b6446a801a9d4914472b51 | neutron |
| df265ea710294923991a5d10006dd9cb | nova |
| ebcf0d3439c143d098d95212fa587b6a | glance|
| fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
+--+---+
/
Anyone could help me?
thanks in advance.
J
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
On 05/20/2016 06:14 AM, magicb...@hotmail.com wrote:
Hi
I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works
with fernet tokens. Because I have an old app which only works with
UUID, I have changed /etc/keyston/keyston.conf
from:
[token]
provider = keystone.token.providers.fernet.Provider
to:
[token]
provider = keystone.token.providers.uuid.Provider
But now, I'm facing a strange behavior:
as admin user, executing a simple "keystone user-list" doesn't work
and shows this error:
/.
RESP BODY: {"error": {"message": "Non-default domain is not supported
(Disable debug mode to suppress these details.)", "code": 401,
"title": "Unauthorized"}}
//.//
/Executing "openstack user list" also gets the same error:
/Non-default domain is not supported (Disable debug mode to suppress
these details.) (HTTP 401) (Request-ID:
req-8285b64d-353a-4188-949f-679bbfaa1114)/
Also from Horizon dashboard, I cannot retrieve the user list.
PLeaase upgrade the Fuel code to use the V3 Keystone API. It looks like
Fernet was forgiving on something it should not have been. The
"non-default-domain" error is due to passing a non default domain along
with a V2 token.
But the funny/strange thing is that executing the same command through
V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it
works:
/root@node-1:~# openstack user list
+--+---+
| ID | Name |
+--+---+
| 06c80b0440034f49a674bd0ef56385e1 | heat_admin|
| 1b5ae288f1494efd91aa67cadd290939 | sahara|
| 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
| 4722750675d6416082be67a7cf9b03c3 | murano|
| 6b020f2c8328430b9bc71400e8a8b661 | cinder|
| 958dd93f02614f38b4575c05833b0884 | heat |
| 97c015a3d9b2432090992027fdb16e44 | ceilometer|
| 9fb385d757324bc0a62b502f4c3ae67c | swift |
| cc1395223fd74ea2aa59242fccb279de | admin |
| dc325906c9b6446a801a9d4914472b51 | neutron |
| df265ea710294923991a5d10006dd9cb | nova |
| ebcf0d3439c143d098d95212fa587b6a | glance|
| fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
+--+---+
/
Anyone could help me?
thanks in advance.
J
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] keystone: change from fernet tokens to uuid
Hi,
I had a similar issue, in Liberty I used uuid tokens, then I upgraded
to Mitaka and also switched to fernet tokens. Because of some kind of
inconsistency I wanted to switch back to uuid.
Do you have an admin_token set in your keystone.conf?
I compared my current conf file to the liberty conf and I can't see
another difference except admin_token and token_provider.
I followed [1] to get keystone to work with uuid tokens in Liberty. If
I understand correctly, you'll have to populate the keystone database
"su -s /bin/sh -c "keystone-manage db_sync" keystone" and enable the
required services.
In my case, I managed to switch back to uuid, but in the meantime I'm
back to fernet tokens.
Hope this helps!
[1]
http://docs.openstack.org/liberty/install-guide-obs/keystone-install.html#install-and-configure-components
Regards,
Eugen
Zitat von magicb...@hotmail.com:
Hi
I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL
works with fernet tokens. Because I have an old app which only works
with UUID, I have changed /etc/keyston/keyston.conf
from:
[token]
provider = keystone.token.providers.fernet.Provider
to:
[token]
provider = keystone.token.providers.uuid.Provider
But now, I'm facing a strange behavior:
as admin user, executing a simple "keystone user-list" doesn't work
and shows this error:
/.
RESP BODY: {"error": {"message": "Non-default domain is not
supported (Disable debug mode to suppress these details.)", "code":
401, "title": "Unauthorized"}}
//.//
/Executing "openstack user list" also gets the same error:
/Non-default domain is not supported (Disable debug mode to suppress
these details.) (HTTP 401) (Request-ID:
req-8285b64d-353a-4188-949f-679bbfaa1114)/
Also from Horizon dashboard, I cannot retrieve the user list.
But the funny/strange thing is that executing the same command
through V3 indentity admin interface (/export
OS_IDENTITY_API_VERSION=3/) it works:
/root@node-1:~# openstack user list
+--+---+
| ID | Name |
+--+---+
| 06c80b0440034f49a674bd0ef56385e1 | heat_admin|
| 1b5ae288f1494efd91aa67cadd290939 | sahara|
| 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
| 4722750675d6416082be67a7cf9b03c3 | murano|
| 6b020f2c8328430b9bc71400e8a8b661 | cinder|
| 958dd93f02614f38b4575c05833b0884 | heat |
| 97c015a3d9b2432090992027fdb16e44 | ceilometer|
| 9fb385d757324bc0a62b502f4c3ae67c | swift |
| cc1395223fd74ea2aa59242fccb279de | admin |
| dc325906c9b6446a801a9d4914472b51 | neutron |
| df265ea710294923991a5d10006dd9cb | nova |
| ebcf0d3439c143d098d95212fa587b6a | glance|
| fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
+--+---+
/
Anyone could help me?
thanks in advance.
J
--
Eugen Block voice : +49-40-559 51 75
NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77
Postfach 61 03 15
D-22423 Hamburg e-mail : ebl...@nde.ag
Vorsitzende des Aufsichtsrates: Angelika Mozdzen
Sitz und Registergericht: Hamburg, HRB 90934
Vorstand: Jens-U. Mozdzen
USt-IdNr. DE 814 013 983
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[Openstack] keystone: change from fernet tokens to uuid
Hi
I've deployed FUEL 8.0 (liberty) on my lab and noticed that FUEL works
with fernet tokens. Because I have an old app which only works with
UUID, I have changed /etc/keyston/keyston.conf
from:
[token]
provider = keystone.token.providers.fernet.Provider
to:
[token]
provider = keystone.token.providers.uuid.Provider
But now, I'm facing a strange behavior:
as admin user, executing a simple "keystone user-list" doesn't work and
shows this error:
/.
RESP BODY: {"error": {"message": "Non-default domain is not supported
(Disable debug mode to suppress these details.)", "code": 401, "title":
"Unauthorized"}}
//.//
/Executing "openstack user list" also gets the same error:
/Non-default domain is not supported (Disable debug mode to suppress
these details.) (HTTP 401) (Request-ID:
req-8285b64d-353a-4188-949f-679bbfaa1114)/
Also from Horizon dashboard, I cannot retrieve the user list.
But the funny/strange thing is that executing the same command through
V3 indentity admin interface (/export OS_IDENTITY_API_VERSION=3/) it works:
/root@node-1:~# openstack user list
+--+---+
| ID | Name |
+--+---+
| 06c80b0440034f49a674bd0ef56385e1 | heat_admin|
| 1b5ae288f1494efd91aa67cadd290939 | sahara|
| 2c71b7342bfe421abdb1af34a05988ac | heat-cfn |
| 4722750675d6416082be67a7cf9b03c3 | murano|
| 6b020f2c8328430b9bc71400e8a8b661 | cinder|
| 958dd93f02614f38b4575c05833b0884 | heat |
| 97c015a3d9b2432090992027fdb16e44 | ceilometer|
| 9fb385d757324bc0a62b502f4c3ae67c | swift |
| cc1395223fd74ea2aa59242fccb279de | admin |
| dc325906c9b6446a801a9d4914472b51 | neutron |
| df265ea710294923991a5d10006dd9cb | nova |
| ebcf0d3439c143d098d95212fa587b6a | glance|
| fc804ae3614349ea80f844bc7f102a59 | fuel_stats_user |
+--+---+
/
Anyone could help me?
thanks in advance.
J
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
