Ask Your Question
0

OS_SERVICE_ENDPOINT vs OS_AUTH_URL [closed]

asked 2014-05-28 10:28:52 -0600

black sensei gravatar image

updated 2014-05-28 10:29:26 -0600

Hello I have been following a the pdf documentation for ubuntu 12.04/14/04 downloaded from openstack site using ubuntu 14.04. I have been following till the poing of the chapter 3 Configure the identity service where it's about creating an administrative user page 25. 

keystone user-create --name=admin --pass=myadminpass --email=myadmin@email.com

it throws this following error:

Expecting an auth URL via either --os-auth-url or env[OS_AUTH_URL]

But up to that page there has never been any reference to OS_AUTH_URL variable. Only known to that point are 

OS_SERVICE_TOKEN=mytoken
OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

For search some use http://controller:5000/v2.0 for OS_AUTH_URL. So which one to use. I am not sure whether it's an oversight from the documenters or I was supposed to have known that part. For the mean time I just need a way to continue my setup. There seem to be other variables like : OS_TENANT_NAME , OS_USERNAME , OS_PASSWORD, OS_AUTH_URL .

Kindly show me the way forward.

Thanks

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by SamYaple
close date 2014-05-30 12:21:21.217725

add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-05-28 11:39:09 -0600

SamYaple gravatar image

I can see how that is a bit confusing.

Keystone has two ways of authenticating.

  • The first one uses the traditional username/password combination:

keystone --os-username <auth-user-name> --os-password <auth-password> --os-tenant-name <auth-tenant-name> --os-auth-url <auth-url>

  • The second one authenticates with a token. Technically it is bypassing authentication entirely. It is typically used to setup the initial users and for recovery purposes:

keystone --os-token <service-token> --os-endpoint <service-endpoint>

Notice auth-url is used for the username/password/tenant, while endpoint is paired with the token authentication.

edit flag offensive delete link more

Comments

Hello Thanks for the prompt response. However my method is also bypassing the use of username and password but still it requires somehow the presence of the authentication url. So without that set either in the environment variable there is no way of moving from keystone user-create command point.

black sensei gravatar imageblack sensei ( 2014-05-28 11:45:13 -0600 )edit

Check your enviroment. What variables do you have set? If you have certain ones set it will try and use that form of authentication.

SamYaple gravatar imageSamYaple ( 2014-05-28 13:09:08 -0600 )edit

I had these 2 exactly as documented: OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT

black sensei gravatar imageblack sensei ( 2014-05-28 13:34:58 -0600 )edit

Just those two, no other enviroment variables?

SamYaple gravatar imageSamYaple ( 2014-05-28 13:40:22 -0600 )edit

Yes those two only. Because those are the environment mentioned in the documentation at that point

black sensei gravatar imageblack sensei ( 2014-05-28 14:23:49 -0600 )edit
see more comments

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-05-28 10:28:52 -0600

Seen: 1,636 times

Last updated: May 28 '14

Related questions

keystone throwing error with username password but works with os-token [closed]

how to disable the -boot strict=on for qemu

missing value auth-url required for auth plugin password

os-auth-url or env[OS_AUTH_URL]

deleted the identity service

kyestone endpoint-create error [closed]

How to map a user to a domain other than Federated domain?

Openstack RBAC policy change

"An error occurred authenticating. Please try again later." on authentication with ldap configuration. [closed]

Authorization failed: Cannot authenticate without an auth_url