Ask Your Question
0

cannot list user using --project in CLI

asked 2018-03-08 14:53:00 -0500

robertluwang gravatar image

I setup RDO pike on centos7 vm node, found issue on openstack CLI when list user using --project,

[(keystone_admin)]$ openstack project create myproject
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 6af42e05c20c46a697aaa56dd599ea55 |
| is_domain   | False                            |
| name        | myproject                        |
| parent_id   | default                          |
+-------------+----------------------------------+
[(keystone_admin)]$ openstack user create myuser --password demo --project myproject
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 6af42e05c20c46a697aaa56dd599ea55 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | bf4777a9db764497b35bd082038204a3 |
| name                | myuser                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

it is empty,

[(keystone_admin)]$ openstack user list --project myproject

However, from user detail it is with correct project id,

[(keystone_admin)]$ openstack user show myuser
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 6af42e05c20c46a697aaa56dd599ea55 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | bf4777a9db764497b35bd082038204a3 |
| name                | myuser                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

The negative impact is I cannot switch to new user myuser,

[(keystone_admin)]$ cat keystonerc_myuser
unset OS_SERVICE_TOKEN
export OS_USERNAME=myuser
export OS_PASSWORD='demo'
export OS_AUTH_URL=http://172.25.250.20:5000/v3
export PS1='[\u@\h \W(keystone_myuser)]\$ '

export OS_PROJECT_NAME=myproject
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3

[ (keystone_admin)]$ source keystonerc_myuser
[ (keystone_myuser)]$ nova list
ERROR (Unauthorized): The request you have made requires authentication. (HTTP 401) (Request-ID: req-c2569ca2-12fa-4461-b26b-3520b00d7e0b)
[ (keystone_myuser)]$ openstack user list
The request you have made requires authentication. (HTTP 401) (Request-ID: req-f2b24475-d757-4b88-857b-3945025f19f6)

I did same thing in dashboard without issue.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2018-03-08 16:17:23 -0500

robertluwang gravatar image

updated 2018-03-08 16:20:30 -0500

Found my issue is missing role assignment when creating new user for v3.0,

openstack role add --user myuser --project myproject _member_

then user list is working fine,

[(keystone_admin)]$ openstack user list --project myproject
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 9f62cae683d14837ad79c05df6970395 | myuser |
+----------------------------------+--------+

[(keystone_admin)]$ source keystonerc_myuser
[(keystone_myuser)]$ nova list
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+
edit flag offensive delete link more

Comments

interesting so V2 no role assignment no issue. V3 issue. Excellent.

rlpple gravatar imagerlpple ( 2018-03-08 16:33:20 -0500 )edit
0

answered 2018-03-08 15:12:15 -0500

rlpple gravatar image

Tried your steps on my undercloud node for Newton and then modified my rc file to read this (I used my ip not yours :) ) and it worked fine.
I believe the error is caused by using the V3 API and not the V2.
Try the below.

# Clear any old environment that may conflict.
for key in $( set | awk '{FS="="}  /^OS_/ {print $1}' ); do unset $key ; done
NOVA_VERSION=1.1
export NOVA_VERSION
OS_PASSWORD=demo
export OS_PASSWORD
OS_AUTH_URL=http://172.25.250.20:5000/v2.0
export OS_AUTH_URL
OS_USERNAME=myuser
OS_TENANT_NAME=myproject
COMPUTE_API_VERSION=1.1
OS_BAREMETAL_API_VERSION=1.15
OS_NO_CACHE=True
OS_CLOUDNAME=undercloud
OS_IMAGE_API_VERSION=1
export OS_USERNAME
export OS_TENANT_NAME
export COMPUTE_API_VERSION
export OS_BAREMETAL_API_VERSION
export OS_NO_CACHE
export OS_CLOUDNAME
export OS_IMAGE_API_VERSION
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2018-03-08 14:53:00 -0500

Seen: 33 times

Last updated: Mar 08