Ask Your Question

Token authentication, asking for username/password

asked 2016-11-03 03:13:30 -0500

updated 2016-11-03 03:16:33 -0500

I would like to perform authentication to identity using token as described in authenticating-with-a-token.

1- I used the admin token from the [identity] section in main keystone config. file:

export OS_URL=http://X.X.237.59:35357/v2.0  
export OS_TOKEN=<token>

I got missing parameter message:

# openstack image list

Missing parameter(s): Set a username with --os-username, OS_USERNAME, or auth.username Set an authentication URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name

But if I provide the missing parameters (it requires each one of them):

export OS_USERNAME=admin
export OS_PROJECT_NAME=admin
export OS_AUTH_URL=http://X.X.237.59:35357/v2.0

It asks for a password:

openstack image list 

Which is not the wanted behavior, I want to use token instead of the username/password as per the document provided above.

2- I issued a new admin token:

openstack --os-auth-url http://X.X.237.59:5000/v3/ --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue

 +------------+----------------------------------+ | Field      | Value                  
 +------------+----------------------------------+ | expires    |
 2016-11-03T08:58:24.535532Z      | |
 id         | <new-admin-token> | |
 project_id |
 a9445e1e82d04787a0b218aed7fb07a4 | |
 user_id    |
 96e803d5a36c400a902b1255457fc8da |

And tested with the new token (I am not sure if this test is an altenative hypothesis to the first issue).

# export OS_TOKEN=<new-admin-token>
# openstack image list

The resource could not be found. (HTTP 404) (Request-ID: req-3a8404b4-ed57-4136-a0af-918384812ae9)

Any hint on how to authenticate using token NOT username/password?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-11-03 07:31:32 -0500

volenbovsky gravatar image

updated 2016-11-03 07:48:35 -0500

(edited) Hi, in case of using token - you need to specify service URL, because Keystone service catalog is bypassed So you need to use --os-url <url> where URL is corresponding to OpenStack service you are using, that you can see using 'openstack catalog list' I think you tried that in what you specified in 1., but I have tried on my system and it works

[stack@localhost ~(keystone_admin)]$ export OS_URL= [stack@localhost ~(keystone_admin)]$ export OS_TOKEN=12485c18a5ff47b487acc05e772e7985 [stack@localhost ~(keystone_admin)]$ unset OS_PASSWORD [stack@localhost ~(keystone_admin)]$ openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 7d4ea035-52c5-4b61-b8cb-9c672afa4dc8 | cirros | active | +--------------------------------------+--------+--------+

Maybe you can unset some variables for try ;) - it should

  1. It sounds suspicious that you tried /v3 (=Keystone API v3), while in other cases you try /v2 (openstack --os-auth-url http://X.X.237.59:5000/v3/) I think that is scenario of scoped token, but you can can have an unscoped one by using ( (and well, keystone token issue should work for you)

BR, Konstantin

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-11-03 03:13:30 -0500

Seen: 10,374 times

Last updated: Nov 03 '16