比照官方文档进行keystone部署,验证生成token,在adminTenant中成功,但在openstakDemo中失败
http://docs.openstack.org/es易做图/openstack-compute/install/apt/content/verifying-identity-install.html完全按照官方文档进行操作的。
我查看了keystone数据库的tenant表
+---------------+----------------------------------------------------+
| name | extra |
+---------------+----------------------------------------------------+
| openstackDemo | {"enabled": true, "description": "Default Tenant"} |
| service | {"enabled": true, "description": "Service Tenant"} |
+---------------+----------------------------------------------------+
并没有adminTenant却成功了,实际存在的openstackDemo却失败了。
$ curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.2.15.15:35357/v2.0/tokens | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 304 0 188 100 116 778 480 --:--:-- --:--:-- --:--:-- 780
{
"error": {
"code": 500,
"message": "An unexpected error prevented the server from fulfilling your request. 'NoneType' object has no attribute 'replace'",
"title": "Internal Server Error"
}
}
如何解决?
--------------------编程问答-------------------- 补充一下:
在keystone数据库的token表中,虽然显示的失败,但在token中是有记录的。id 和expire易做图tra域看起来很正常,extra域的记录为:
{"metadata": {"roles": ["7357707b5552435b915ce3660b035c17"]}, "user": {"email": null, "enabled": true, "id": "ca470ec95a494c01a167daf10c8ce968", "name": "adminUser", "tenantId": "4082c6a9dd844f1fbf2e4dde00f84713"}, "tenant": {"enabled": true, "id": "4082c6a9dd844f1fbf2e4dde00f84713", "name": "openstackDemo", "description": "Default Tenant"}} --------------------编程问答-------------------- For me the problem with the using %(tenat_id)s in keystone was due to older version of python (and nova) in the Ubuntu software repositories when I first installed Ubtuntu 12.04 and the openstack software.
This was fixed by:
$ sudo apt-get update
$ sudo apt-get dist-upgrade
$ sudo apt-get upgrade
Both python and nova were upgraded.
I then entered the service endpoints exactly as shown in http://docs.openstack.org/trunk/openstack-compute/install/content/keystone-service-endpoint-create.html, using %(tenant_id)s, e.g:
It was not necessary to define $TENANT or substitute tenant_id with code numbers for the 2 service tenant, e.g.
$ keystone --token 012345SECRET99TOKEN012345 \
--endpoint http://192.168.206.130:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=abc0f03c02904c24abdcc3b7910e2eed \
--publicurl='http://192.168.206.130:8774/v2/%(tenant_id)s' \
--internalurl='http://192.168.206.130:8774/v2/%(tenant_id)s' \
--adminurl='http://192.168.206.130:8774/v2/%(tenant_id)s'
After reading through http://www.gossamer-threads.com/lists/openstack/dev/10816 , I also added the following line in my keystone.conf. Although the template_file line may not be needed.
[catalog]
driver = keystone.catalog.backends.sql.Catalog
template_file = /etc/keystone/default_catalog.templates
I was then able to see the endpoints for both service tenants using the curl command:
curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://192.168.206.130:35357/v2.0/tokens | python -mjson.tool
Listed the endpoints for the openstsckDemo tenant, with the service tenant id code:
"endpoints": [
{
"adminURL": "http://192.168.206.130:8774/v2/abcd12345678912345678912345",
"internalURL": "http://192.168.206.130:8774/v2/abcd12345678912345678912345",
"publicURL": "http://192.168.206.130:8774/v2/abcd12345678912345678912345",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "nova",
"type": "compute"
$ curl -d '{"auth": {"tenantName": "service", "passwordCredentials":{"username": "nova", "password": "novapasword"}}}' -H "Content-type: application/json" http://192.168.206.130:35357/v2.0/tokens | python -mjson.tool
Listed the endpoints for the service tenant, with the service tenant id code:
"endpoints": [
{
"adminURL": "http://192.168.206.130:8774/v2/efghij12345678912345678912345",
"internalURL": "http://192.168.206.130:8774/v2/efghij12345678912345678912345",
"publicURL": "http://192.168.206.130:8774/v2/efghij12345678912345678912345",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "nova",
"type": "compute"
},
I was then able to authenticate glance add commands wihtout getting an error.
补充:云计算 , OpenStack