TL; DR:我正在尝试使用OpenStack SDK连接到仅提供Keystone v3身份验证的OpenStack云。 SDK一直尝试连接到Keystone v2.0端点。
我有一个clouds.yaml
文件,看起来像这样:
clouds:
mycloud:
auth:
username: admin
project_name: admin
password: "secret"
auth_url: "https://mycloud.example.com:13000"
region: "os1"
identity_api_version: 3
interface: public
您会注意到,我已将
identity_api_version
设置为3
,因为OpenStack环境没有旧版v2.0端点。
如果我尝试像这样访问openstack环境:
>>> import openstack
>>> conn = openstack.connect(cloud='mycloud')
>>> conn.list_flavors()
它失败并显示以下回溯:
Traceback (most recent call last):
[...]
File "/my/project/post-deploy/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 869, in request
raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.NotFound: (https://mycloud.example.com:13000/v2.0/tokens): The resource could not be found. (HTTP 404) (Request-ID: req-30ec6dc4-f401-41f1-b560-c967d1d32281)
另一方面,标准
openstack
cli可以正常工作:$ openstack --os-cloud mycloud flavor list
+---------+------------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+---------+------------+-----+------+-----------+-------+-----------+
| 9cc9... | m1.xlarge | 16 | 10 | 0 | 8 | True |
| c3df... | m1.tiny | 1 | 10 | 0 | 1 | True |
| c64e... | m1.small | 2 | 10 | 0 | 1 | True |
+---------+------------+-----+------+-----------+-------+-----------+
我正在使用版本:
>>> openstack.version.__version__
'0.19.0'
为什么OpenStack SDK尝试连接到v2.0端点?
更新资料
完整的回溯:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/my/project/.venv/lib/python2.7/site-packages/openstack/cloud/openstackcloud.py", line 1891, in list_flavors
'/flavors/detail', params=dict(is_public='None')),
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 328, in get
return self.request(url, 'GET', **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/_adapter.py", line 145, in request
**kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 136, in submit_function
return self.submit_task(task)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 125, in submit_task
return self.run_task(task=task)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 157, in run_task
return self._run_task(task)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 177, in _run_task
return task.wait()
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 79, in wait
self._traceback)
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 87, in run
self.done(self.main())
File "/my/project/.venv/lib/python2.7/site-packages/openstack/task_manager.py", line 59, in main
return self._main(*self.args, **self.kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 213, in request
return self.session.request(url, method, **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 684, in request
auth_headers = self.get_auth_headers(auth)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 1071, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 95, in get_headers
token = self.get_token(session)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 88, in get_token
return self.get_access(session).auth_token
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 134, in get_access
self.auth_ref = self.get_auth_ref(session)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py", line 208, in get_auth_ref
return self._plugin.get_auth_ref(session, **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/identity/v2.py", line 63, in get_auth_ref
authenticated=False, log=False)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 1019, in post
return self.request(url, 'POST', **kwargs)
File "/my/project/.venv/lib/python2.7/site-packages/keystoneauth1/session.py", line 869, in request
raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.NotFound: (https://mycloud.example.com:13000/v2.0/tokens): The resource could not be found. (HTTP 404) (Request-ID: req-812aa7ac-d5bb-4fcb-a1f6-6124f5c7f982)
最佳答案
事实证明,为了成功使用v3 API,您的clouds.yaml
需要包括域信息。也就是说,我需要代替问题中显示的示例:
clouds:
mycloud:
auth:
username: admin
project_name: admin
password: "secret"
auth_url: "https://mycloud.example.com:13000"
user_domain_name: Default
project_domain_name: Default
region: "os1"
identity_api_version: 3
interface: public
显然,命令行工具为这些值提供了默认值,这就是为什么当直接使用sdk会失败时它们仍然可以正常工作的原因。
关于python - OpenStack SDK将不会使用Keystone v3?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/53141473/