forums

[Service change] Keystone service URL change - may require a "OpenStack RC File" refresh

    Overview


    NeCTAR has been transitioning to using the Keystone v3 APIs instead of the (deprecated) v2 APIs.  This change impacts on people who use various OpenStack command line clients and libraries to interact with NeCTAR services; i.e. clients like "swift", "nova", "openstack", "cinder" and so on. 


    Unfortunately, in the past few days, the OpenStack Dashboard has been issuing RC files with an incorrect Keystone URL. This has now started breaking commands.  There can be various symptoms, but typically the commands will fail with a message that includes this:


    https://keystone.rc.nectar.org.au:5000/tokens

     

    Notice that there is no "version" in the URL.  A correct URL looks like one of the following:

     

    https://keystone.rc.nectar.org.au:5000/v2.0/tokens
    https://keystone.rc.nectar.org.au:5000/v3/tokens

     

    where V3 is the preferred one.  (Apparently the V2 URLs will continue to work for a few months, though you would be advised to move away from them.)


    If you are affected by this, there are two things that you need to do to address the problem.


    Refresh your OpenStack RC file(s)


    OpenStack commands (typically) rely on information in environment variables.  You will typically set these environment variables by "sourcing" by an OpenStack RC file that you downloaded from the NeCTAR Dashboard some time in the past.  You need to get a fresh copy of that file because environment variable settings have changed


    Here's what to do:

    1. go the Dashboard, 

    2. select your project using the project selector (top left corner!)

    3. go to the "Compute > Access & Security"

    4. select the "API Access" pane

    5. click on the "Download OpenStack RC File"

    6. save the file.

    Next, compare the new file with the RC file that you are currently using, and merge additions and changes to the OS_* variable settings.  (We recommend that you do this manually using a text editor, in case you have put other information into your current RC file.)

    Now "source" the updated file and see your clients are now working correctly.

    Update old OpenStack clients and libraries

    Recent versions of all of the standard Openstack clients and client libraries are all capable of using the Keystone V3 APIs.  However, if you are using an old version, it is possible that it will not know how to use V3.  This will entail an upgrade to a newer version if you upgrade to using a new OpenStack RC file. 

    It is not possible to give an exhaustive list of which versions of which tools need to be upgraded, but here is a list of common clients and some versions that are known (or believed) to work with Keystone V3.

    python-aodhclient                              0.8.0
    python-ceilometerclient                      2.4.0
    python-cinderclient                            1.6.0, 1.11.0
    python-designateclient                       2.6.0
    python-glanceclient                           2.0.0, 2.6.0
    python-gnocchiclient                         3.1.1
    python-heatclient                              1.1.0
    python-keystoneclient                       2.3.1, 3.10.1
    python-mistralclient                           3.0.0
    python-muranoclient                          0.8.3, 0.11.1
    python-neutronclient                          4.1.1, 6.1.0
    python-novaclient                              3.3.1, 7.10.0
    python-openstackclient                      2.3.0, 3.8.1           // This is the "Swiss Army Knife" client.
    python-swiftclient                              3.0.0, 3.3.0
    python-troveclient                              2.8.0

    Notes:
    1. We would expect that any versions more recent than the above would also work with Keystone V3
    2. The above are NOT recommended versions.  They are just versions that work for a small sample of people.
    3. Some of the corresponding services are not available in NeCTAR (yet).
    4. You can still downgrade and use V2 APIs for now.


    Login to post a comment