Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

broken auth_url #492

Open
rokroskar opened this issue Jun 11, 2019 · 16 comments
Open

broken auth_url #492

rokroskar opened this issue Jun 11, 2019 · 16 comments

Comments

@rokroskar
Copy link

It seems that the examples/suggested configs where the openstack_auth_path is set to <host-url>/v3/auth/tokens don't work with the current version of fog. Using GitLab 11.9.12 for example, the auth url incorrectly becomes <host-url>/v3/auth/tokens/auth/tokens. GitLab appears to be using fog 1.0.8: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21788/diffs#21fb5836b499a2be648386aac055d2e069160d6c_247_246

@nsteinmetz
Copy link

Hi @rokroskar,

I have the same issue, did you find a way to get it working ?

Thanks!

I opened also https://gitlab.com/gitlab-org/gitlab/issues/208825

@rokroskar
Copy link
Author

Hi @nsteinmetz, the solution is just to strip out /auth/tokens at the end of openstack_auth_url.

Hope that helps!

@nsteinmetz
Copy link

nsteinmetz commented Mar 3, 2020

Seems the bug changed a bit since yours in fact.

Seems now the /v2/tokens is added automatically so I can't use a V3 endpoint whereas OVH (my openstack provider) will shut down V2 endpoint by end of the month...

@rokroskar
Copy link
Author

Surely they didn't downgrade from v3 api to v2? A silly thought but maybe worth trying - you have a / after v3 in your example in the gitlab issue - did you try it without? I.e. https://auth.cloud.ovh.net/v3 instead of https://auth.cloud.ovh.net/v3/?

@nsteinmetz
Copy link

@rokroskar I tried indeed but forgot to mention it - and it fails too.

It leads to path => "/v3/v2.0/tokens"

@axi
Copy link

axi commented May 20, 2020

Hi, @nsteinmetz did you managed to find a solution ? I'm having the same problem.
Ovh replanned the v2 shutdown to 23 june 2020...
Thanks

@nsteinmetz
Copy link

Hi @axi

I switched to S3 endpoints on OVH instead of swift for the time being.

The issue on gitlab side is in backlog but no progress for a month.

@ShamoX
Copy link
Contributor

ShamoX commented May 20, 2020

To use v3 authentication endpoint on OVH :

If you add tenant_id the library automatically switch to token V2 (because tenant_id is a token v2 key), see here.

I use OVH for several month like that and it works for me.

@nsteinmetz
Copy link

nsteinmetz commented May 20, 2020

@ShamoX thanks for the tip !

This works like a charm:

gitlab_rails['backup_upload_connection'] = {
  'provider' => 'OpenStack',
  'openstack_username' => 'XXX',
  'openstack_api_key' => 'XXX',
  'openstack_auth_url' => 'https://auth.cloud.ovh.net',
  'openstack_region' => 'XXX'
}

@axi
Copy link

axi commented May 20, 2020

thanks both @nsteinmetz & @ShamoX, it's working !

@achevalet
Copy link

Hi, I have quite the same issue even with correct settings.
Might it be because v3 endpoints are not listed in the catalog?

| keystone                   | identity                | RegionOne
|                            |                         |   internal: http://myopenstack-private.com:5000/v2.0
|                            |                         | RegionOne
|                            |                         |   public: https://myopenstack:5000/v2.0
|                            |                         | RegionOne
|                            |                         |   admin: http://myopenstack-private:35357/v2.0

I can authenticate just fine:


@auth_v3 = {
        openstack_auth_url: 'https://myopenstack.com:5000',
        openstack_username: 'myuser',
        openstack_api_key: 'mypassword',
        openstack_project_name: 'myproject',
        openstack_domain_name: 'mydomain',
        openstack_endpoint_type: 'publicURL',
}

> keystone = Fog::OpenStack::Identity.new(@auth_v3)
 => #<Fog::OpenStack::Identity::V3::Real:23684020 @openstack_auth_url="https://myopenstack.com:5000" ...

> keystone.auth_token
 => "mytoken"

But then all URLs are broken:

> keystone.list_projects
Fog::OpenStack::Identity::NotFound: Expected([200]) <=> Actual(404 Not Found)
excon.error.response
  :body          => "{\"error\": {\"message\": \"The resource could not be found.\", \"code\": 404, \"title\": \"Not Found\"}}"
  :path          => "/v2.0/v3/projects"
...

> keystone.list_domains
Fog::OpenStack::Identity::NotFound: Expected([200]) <=> Actual(404 Not Found)
excon.error.response
  :body          => "{\"error\": {\"message\": \"The resource could not be found.\", \"code\": 404, \"title\": \"Not Found\"}}"
  :path          => "/v2.0/v3/domains"

@nsteinmetz
Copy link

@achevalet it seems indeed that v3 endpoints are not available in your case based on what you provide. You should use a V2 auth schema then.

@achevalet
Copy link

Actually V3 is enabled but not listed in the catalog. I have to use V3, I cannot connect with V2.

@nsteinmetz
Copy link

So contact your provider for more info about this I would say :)

@achevalet
Copy link

I tried, but the answer was "this is just normal and all other sdk or clients support it" :)
It was actually solved by #268 on older versions, not sure where it breaks now.
btw, I will try again to have v3 listed in the catalog..

@achevalet
Copy link

To avoid using v2 endpoints, it looks like I need to enter in the else here despite the catalog is not empty.
Could we force @openstack_management_url = @openstack_auth_url when we have authenticated with v3 and the endpoints returned are v2?

achevalet pushed a commit to achevalet/fog-openstack that referenced this issue Jul 20, 2020
It covers the cases where we can authenticate with keystone v3 but the endpoint returned in the catalog is v2
see fog#492
achevalet pushed a commit to achevalet/fog-openstack that referenced this issue Jul 20, 2020
It covers the cases where we can authenticate with keystone v3 but the endpoint returned in the catalog is v2
see fog#492
achevalet pushed a commit to achevalet/fog-openstack that referenced this issue Jul 20, 2020
It covers the cases where we can authenticate with keystone v3 but the endpoint returned in the catalog is v2
see fog#492
achevalet pushed a commit to achevalet/fog-openstack that referenced this issue Jul 20, 2020
It covers the cases where we can authenticate with keystone v3 but the endpoint returned in the catalog is v2
see fog#492
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants