[keystone] can't not use file-based backend for catalog

asked 2014-03-05 20:19:44 -0500

chen-li gravatar image

Hi list,

I’m working under CentOS 6.4 + Havana.

I want to use the file based backend for keystone catalog.

But, after I configured that, when I run command “keystone service list” and “keystone endpoint-list”, I get nothing.

Anyone know why this happened ???

I used to be successfully to this on Grizzly.



Here is my /etc/keystone/keystone.conf:

     connection = mysql://keystone:keystone@host-db/keystone





     driver = keystone.catalog.backends.templated.TemplatedCatalog
     template_file = /etc/keystone/default_catalog.templates


     driver = keystone.token.backends.memcache.Token

    token_format = UUID


     methods = external,password,token,oauth1
     password = keystone.auth.plugins.password.Password
     token = keystone.auth.plugins.token.Token
     oauth1 = keystone.auth.plugins.oauth1.OAuth


Here is my /etc/keystone/default_catalog.templates:

catalog.RegionOne.identity.publicURL = http://host-keystone:$(public_port)s/v2.0
catalog.RegionOne.identity.adminURL = http://host-keystone:$(admin_port)s/v2.0
catalog.RegionOne.identity.internalURL = http://host-keystone:$(public_port)s/v2.0
catalog.RegionOne.identity.name = Identity Service

catalog.RegionOne.compute.publicURL = http://host-nova:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.adminURL = http://host-nova:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.internalURL = http://host-nova:$(compute_port)s/v1.1/$(tenant_id)s
catalog.RegionOne.compute.name = Compute Service

catalog.RegionOne.volume.publicURL = http://host-cinder:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.adminURL = http://host-cinder:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.internalURL = http://host-cinder:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.name = Volume Service

catalog.RegionOne.image.publicURL = http://host-glance:9292/v1
catalog.RegionOne.image.adminURL = http://host-glance:9292/v1
catalog.RegionOne.image.internalURL = http://host-glance:9292/v1
catalog.RegionOne.image.name = Image Service

catalog.RegionOne.network.publicURL = http://host-neutron:9696/
catalog.RegionOne.network.adminURL = http://host-neutron:9696/
catalog.RegionOne.network.internalURL = http://host-neutron:9696/
catalog.RegionOne.network.name = Network Service

And output when I run keystone command with debug:

keystone --debug endpoint-list

REQ: curl -i -X POST http://host-keystone:5000/v2.0/tokens -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient"

REQ BODY: {"auth": {"tenantName": "test", "passwordCredentials": {"username": "lichen", "password": "lichen"}}}

RESP: [200] {'date': 'Thu, 06 Mar 2014 02:14:28 GMT', 'content-type': 'application/json', 'content-length': '1897', 'vary': 'X-Auth-Token'}

RESP BODY: {"access": {"token": {"issued_at": "2014-03-06T02:14:28.417502", "expires": "2014-03-07T02:14:28Z", "id": "1a4f03fbec6a41ddbff76afe9d238f83", "tenant": {"description": null, "enabled": true, "id": "1e57be810f854bcdb73901567140ac48", "name": "test"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://host-cinder:8776/v1/1e57be810f854bcdb73901567140ac48", "region": "RegionOne", "publicURL": "http://host-cinder:8776/v1/1e57be810f854bcdb73901567140ac48", "internalURL": "http://host-cinder:8776/v1/1e57be810f854bcdb73901567140ac48"}], "endpoints_links": [], "type": "volume", "name": "Volume Service"}, {"endpoints": [{"adminURL": "http://host-glance:9292/v1", "region": "RegionOne", "publicURL": "http://host-glance:9292/v1", "internalURL": "http://host-glance:9292/v1"}], "endpoints_links": [], "type": "image", "name": "Image Service"}, {"endpoints": [{"adminURL": "http://host-nova:8774/v1.1/1e57be810f854bcdb73901567140ac48", "region": "RegionOne", "publicURL": "http://host-nova:8774/v1.1/1e57be810f854bcdb73901567140ac48", "internalURL": "http://host-nova:8774/v1.1/1e57be810f854bcdb73901567140ac48"}], "endpoints_links": [], "type": "compute", "name": "Compute Service"}, {"endpoints": [{"adminURL": "http://host-neutron:9696/", "region": "RegionOne", "publicURL": "http://host-neutron:9696/", "internalURL": "http://host-neutron:9696/"}], "endpoints_links": [], "type": "network", "name": "Network Service"}, {"endpoints": [{"adminURL": "http://host-keystone:35357/v2.0", "region ...
edit retag flag offensive close merge delete


Can you try list_endpoints with ADMIN token? Keystone is reading the catalog otherwise you won't see the catalog in token response

Haneef Ali gravatar imageHaneef Ali ( 2014-03-05 21:33:11 -0500 )edit

Hi Haneef, I can see the catalogs in the first response too, and the user role is admin role, the keystone client should list the endpoints in response, i am wondering why we need to use the ADMIN_TOKEN instead? Could you help to explain the details? Thanks! Vic

9lives gravatar image9lives ( 2014-03-05 21:42:28 -0500 )edit

Thanks Haneef, I saw the admin role on the last lines from log ... "roles": [{"name": "admin"}], "name": "lichen"}, "metadata": {"is_admin": 0, "roles": ["1c3535acf43345acaa23b6b0c6955dfd"]}}} ... yes, from code i can the code is using the V3 way to get the endpoints in keystone/catalog/controller.py:254-258 ... @controller.protected() def get_endpoint(self, context, endpoint_id): ref = self.catalog_api.get_endpoint(endpoint_id) return EndpointV3.wrap_member(context, ref) ... Thanks for your help! Have a nice day. Vic

9lives gravatar image9lives ( 2014-03-07 00:54:36 -0500 )edit

1 answer

Sort by » oldest newest most voted

answered 2014-03-05 22:13:45 -0500

Sorry, I didn't see the admin role. But it has nothing to do with the admin role. Keystone v3 endpoint format is different. keystone v2 endpoint is considered as legacy endpoint in current version of code. legacy_end_point is supported only for sql driver and it won't work for templated dirver. You can file a defect incase you need that. getCatalog code follows differnt code path, that's why it works for token. You can look at the code at keystone/catalog/controller.py - It is in the method get_endpoints in the class Endpoint

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-03-05 20:19:44 -0500

Seen: 255 times

Last updated: Mar 05 '14