Thanks a lot John for your response. The issue was were working with keystone server which is SSL enabled and we need to configure Barbican to provide clients side certificate.
Thanks and Regards, Asha Seshagiri On Tue, Apr 7, 2015 at 6:26 PM, John Wood <[email protected]> wrote: > Hello Asha, > > Please following the steps in the pending CR [1]. That configures v3 > usage with Keystone, and if you use the Docker Keystone instance mentioned, > it syncs the passwords with it as well. Note the need to execute the setup > script noted to configure Keystone properly as well. > > Thanks, > John > > [1] > https://review.openstack.org/#/c/169114/2/doc/source/setup/keystone.rst > > From: Asha Seshagiri <[email protected]> > Date: Tuesday, April 7, 2015 at 2:49 PM > To: John Wood <[email protected]> > Cc: openstack-dev <[email protected]>, "Reller, Nathan > S." <[email protected]>, Douglas Mendizabal < > [email protected]>, "[email protected]" <[email protected]>, > Paul Kehrer <[email protected]>, Adam Harwell < > [email protected]>, Alexis Lee <[email protected]> > Subject: Re: Barbican : Unable to authenticate with keystone V3 for > Barbican curl command > > Thanks a lot John for your help and response. > > I had followed the same set of instructions as given in the link 1 > initially changing the version to v3 , it did not work and hence followed > with link 2 and is not working though. > > The link 1 provided below points to keystone v2 changes with barbican > and not v3 > [1] http://docs.openstack.org/developer/barbican/setup/keystone.html . > But in this link 2 for Integration keystone V3 with barbican we have to > modify both the configuriation files > *barbican-api-paste.ini and barbican-admin-paste.ini* files . There are > some changes in the filter and pipline names names tied with v3 > > pipeline = keystone_v3_authtoken context apiapp > ..... > [filter:keystone_v3_authtoken] > > [2] > https://github.com/cloudkeep/barbican/wiki/Integration-with-Keystone-V3-API > > Could you please confirm that we need to follow the link 1 changing the > version from v2 to v3 with only modification in *barbican-api-paste.ini > file and not **barbican-admin-paste.ini so that I can start looking into > the issue with the changes mentioned in link1 alone.* > > Thanks and Regards, > Asha Seshagiri > > On Tue, Apr 7, 2015 at 2:08 PM, John Wood <[email protected]> wrote: > >> Hello Asha, >> >> We are in the process of migrating our documentation to Sphinx, so I’d >> suggest following this link for Keystone configuration options [1]. >> >> I’d also note that a CR is pending with a bit more details to setup via >> a Docker Keystone here [2]. >> >> Thanks, >> John >> >> >> [1] http://docs.openstack.org/developer/barbican/setup/keystone.html >> [2] https://review.openstack.org/#/c/169114/ >> >> From: Asha Seshagiri <[email protected]> >> Date: Tuesday, April 7, 2015 at 1:34 PM >> To: openstack-dev <[email protected]> >> Cc: John Wood <[email protected]>, "Reller, Nathan S." < >> [email protected]>, Douglas Mendizabal < >> [email protected]>, "[email protected]" <[email protected]>, >> Paul Kehrer <[email protected]>, Adam Harwell < >> [email protected]>, Alexis Lee <[email protected]> >> Subject: Barbican : Unable to authenticate with keystone V3 for Barbican >> curl command >> >> Hi All , >> >> Could anyone please help me on this integration issue. >> I am unable to authenticate with keystone V3 for Barbican curl command >> .I have followed the procedure given in the following link : >> >> >> https://github.com/cloudkeep/barbican/wiki/Integration-with-Keystone-V3-API >> >> I was unable to authenticate with the keystone V3 even though the right >> token was provided in the curl command >> Please find the command to get the token and the curl command to post the >> secret . >> >> [root@keystone-versiontest ~]# openstack --insecure token issue *(Command >> to get token from keystone v3)* >> +------------+----------------------------------+ >> | Field | Value | >> +------------+----------------------------------+ >> | expires | 2015-04-07T18:26:13.835641Z | >> |* id | f28b93f27cce4bc09f9ac50d84bde736 |* >> | project_id | 9d37f9ecc481422aa8ab53674cb82410 | >> | user_id | e7d02ed8e7e64b01a1d66bb86ffa90d8 | >> +------------+----------------------------------+ >> >> [root@keystone-versiontest ~]# curl -X POST -H >> 'content-type:application/json' -H 'X-Project-Id:12345' \ >> > -H "X-Auth-Token:*f28b93f27cce4bc09f9ac50d84bde736*" -d '{"payload": >> "my-secret-here", "payload_content_type": "text/plain"}' >> http://localhost:9311/v1/secrets >> *Authentication required*[root@keystone-versiontest ~]# >> >> The contents of the admin.opensrc file is as given below : >> >> [root@keystone-versiontest ~]# cat admin.openrc >> export OS_USERNAME=admin >> export OS_TENANT_NAME=admin >> export OS_PASSWORD=admin >> export OS_AUTH_URL=https://169.54.204.69:35357/v3 >> export OS_REGION_NAME=RegionOne >> export OS_IDENTITY_API_VERSION=3 >> export OS_USER_DOMAIN_ID=default >> export OS_PROJECT_DOMAIN_ID=default >> >> >> And also I have attached the barbican-api-paste.ini and >> barbican-admin-paste.ini files. >> >> I would like to know why the curl command for posting the secret is not >> geting authenticated with Keystone V3 >> >> Any help would highly be appreciated. >> -- >> *Thanks and Regards,* >> *Asha Seshagiri* >> > > > > -- > *Thanks and Regards,* > *Asha Seshagiri* > -- *Thanks and Regards,* *Asha Seshagiri*
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
