Nova image- This at http://Bugs.launchpad.net/nova/and attach the Nova API log if possible . <class'glanceclient.exc.HTTPInternalServerError'( request-id:req-5c463162-0e93-4114-93e0-19134f77439e)
How to change Keystone API V2 to v3posted on November -, theby Gopalakrishnan S0commentsthe Keystone Identity Service allows clients to obtain tokens so can be used to access OpenStack cloud Serv Ices. This document isIntended forSoftware developers interestedinchDeveloping applications that utilize the Keystone Identity Service API forAuthentication. The OpenStack Identity API isImplementedusingA RESTful Web serviceInterface. All requests to authenticate and operate against the OpenStack Identity API should be performedusingSSL over HTTP (HTTPS) on TCP port443. Keystone V3 Advantages1) authentication isTotally pluggable. You can write our own custom Auth method. Beause of ThisExtensible Auth method, now Keystone supports OAUTH1, Federation (Federation isNot fully done)2) Authorization:v2 iseither "admin" or none. In V3 you can control who can call each method. (Provided you define your own policy file)3) Separate drivers forAssignments and Identity4) RichSetof APIs. There is lot more API available than V2.0. Also There is no vendor specic extension. If you check v2.0, most of the role APIs is Rackspace Extensionsbefore proceed to migrate Keystone V2 to V3, you must check previous s Ervices is working fine. Use the following commands to verify the list of services works. How to change Keystone API V2 to V3?[[Email protected]~ (keystone_admin)]# Keystone user-listwarning:bypassing AuthenticationusingA token &endpoint (authentication credentials is being ignored).+ ———————————-+ ———— + ——— + ———————-+| ID | name | Enabled | Email |+ ———————————-+ ———— + ——— + ———————-+| ed03407c56054729bee58be7f7710786 | admin | True | [Email protected] | | 3b52f88a70f149a791e295b1859ae8f4 | Ceilometer | True | [Email protected] |[[Email protected]~ (keystone_admin)]# Nova service-List+ —————— + ——— –+ ———-+ ——— + ——-+ —————————-+ ————— –+| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |+ —————— + ——— –+ ———-+ ——— + ——-+ —————————-+ ————— –+| Nova-consoleauth | Packstack |Internal| Enabled | Up | the- A-13t10: $:52.000000| –| | Nova-scheduler | Packstack |Internal| Enabled | Up | the- A-13t10: $:50.000000| –| | Nova-conductor | Packstack |Internal| Enabled | Up | the- A-13t10: $:54.000000| –| | Nova-compute | Packstack | Nova | Enabled | Up | the- A-13t10: $:51.000000| –| | Nova-cert | Packstack |Internal| Enabled | Up | the- A-13t10: $:52.000000| –| | Nova-console | Packstack |Internal| Enabled | Up | the- A-13t10: $:51.000000| –|+ —————— + ——— –+ ———-+ ——— + ——-+ —————————-+ ————— –+[[Email protected]~ (keystone_admin)]# glance image-List+ ———————————— –+--–+ ————-+ —————— + ———-+--–+| ID | Name | Disk Format | Container Format | Size | Status |+ ———————————— –+--–+ ————-+ —————— + ———-+--–+| f4c137ca-8dd8-47f3-be70-106eac2f241f | Cirros | Qcow2 | Bare |13147648| Active |+ ———————————— –+--–+ ————-+ —————— + ———-+--–+If All the services is working fine then proceed to migrate endpoint URLs to V3inchyour Keystone databases. Login your MySQL server and change endpoint Urls.mysql>Use Keystone; Reading Table Information forCompletion of table and column namesyou can turn off ThisFeature toGetA quicker startup with-adatabase Changedmysql>Select InterfaceUrl fromEndpoint E, service swhereS.ID=E.SERVICE_ID and S.type="Identity";+ ——— –+ ———————————-+|Interface| URL |+ ——— –+ ———————————-+| admin | http//192.168.1.133:35357/v2.0 ||Internal| http//192.168.1.133:5000/v2.0 || Public| http//192.168.1.133:5000/v2.0 |+ ——— –+ ———————————-+3Rowsinch Set(0.01sec) Get the identity service Idmysql>SelectId fromServicewhereType="Identity";+ ———————————-+| ID |+ ———————————-+| E32101fdfe4145d1a6a22351b41d88e5 |+ ———————————-+1Rowinch Set(0.00sec) use ThisQuery to replace URLs asPer service IDwhere thePortsmysql> Update EndpointSetUrl= "http://192.168.1.196:5000/v3″where url= "http://192.168.1.196: 5000/v2.0″and service_id= "76e23f322c2a48d18293db89dbca9e70″;Query OK,2Rows Affected (0.00sec) Rows matched:2Changed:2Warnings:0 Use ThisQuery to replace35357Portsmysql> Update EndpointSetUrl= "http://192.168.1.196:35357/v3″where url= "http://192.168.1.196: 35357/v2.0″and service_id= "76e23f322c2a48d18293db89dbca9e70″;Query OK,1Row affected (0.00sec) Rows matched:1Changed:1Warnings:0thats all, can verify the changed Urls.mysql>Select InterfaceUrl fromEndpoint E, service swhereS.ID=E.SERVICE_ID and S.type="Identity";+ ——— –+ —————————— –+|Interface| URL |+ ——— –+ —————————— –+| admin | http//192.168.1.133:35357/v3 ||Internal| http//192.168.1.133:5000/v3 || Public| http//192.168.1.133:5000/v3 |+ ——— –+ —————————— –+3Rowsinch Set(0.00sec) MySQL>upgrade Keystone Policy Filepolicy isJust aSetof rules combined by Or/and logic. It should become more readableinchFuture releases, the Openstack Identity v3 API, provided by Keystone, offers features, were lackinginchThe previous version. Among these features, it introduces the concept of domains, allowing isolation of projects and users. For instance, a administrator allowed to create projects and usersinchA given domain, may not has any rightinchAnother one. While these features look very exciting, some configuration needs to is done to has a working Identity V3 service with Do Mains properlySet. Download Policy.v3cloudsample.json filewget https://Github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.jsonmv/etc/keystone/policy.json/etc/keystone/POLICY.JSON.V2MV Policy.v3cloudsample.json/etc/keystone/policy.jsonchown keystone.keystone policy.jsonupdate Keystone Endpoint environment.export os_username=Adminexport Os_tenant_name=Adminexport Os_password=<password>Export Os_auth_url=http://192.168.1.133:5000/v3Export Service_endpoint=http://192.168.1.133:35357/v3Export Service_token=C50f58a02dde43f286517af102786be0restart OpenStack Services/etc/init.d/openstack-Keystone Restarttroubleshootingif You received "Horizon unauthorized (HTTP401) "errors, can revert back Policy.json v2 file andTryTo restart services. How to Enable Multi Domains on OpenStack Horizonhorizon supports Multi Domains asWell. You need to add only a few changes to local_setting. Apply the correct Policy.json file forKEYSTONE.VI/etc/openstack-dashboard/Local_settingsuncommand the following settings. Openstack_api_versions={"Identity":3}openstack_keystone_multidomain_support=Trueopenstack_keystone_url= "http://192.168.1.133:5000/v3 "Save Local_settings and restart openstack-Dashboard./ETC/INIT.D/HTTPD restart
ERROR (clientexception)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
