Using the keystone client is currently quite painful for fuel. For example getting tokens from a fuel env when auth required (which is needed if we want to use curl or other clients) is currently quite a mess.
In order to get a token you can > python <<EOF > from fuelclient.client import Client > print Client().auth_token > EOF or attempt to use the keystone client cat /etc/fuel/client/config.yaml > > SERVER_ADDRESS: "10.108.0.2" > SERVER_PORT: "8000" > KEYSTONE_USER: "admin" > KEYSTONE_PASS: "admin" > KEYSTONE_PORT: "5000" export OS_AUTH_URL="http://10.108.0.2:8000/keystone/v2.0" # where did the auth url come from ? [1] # alternatly its also at http://10.108.0.2:5000/v2.0/ export OS_USERNAME="admin" export OS_PASSWORD="admin" export OS_TENANT_NAME="admin" keystone token-get > > WARNING:keystoneclient.httpclient:Failed to retrieve management_url from token > +-----------+----------------------------------+ > | Property | Value | > +-----------+----------------------------------+ > | expires | 2014-10-21T00:08:52Z | > | id | 4acbc25ee95947e9adeafedecc2f8e31 | > | tenant_id | 8bd09f40faec4112864b23c6a03ac3bd | > | user_id | ca080c124b8943678e0f1edc6a92b8e2 | > +-----------+----------------------------------+ [1] https://github.com/stackforge/fuel-web/blob/master/fuelclient/fuelclient/client.py#L55 As we extend our usage of keystone to include other data in the endpoints / catalog, it becomes more and more relevant for us to consume the auth information the same way as is done for the other openstack clients. To this end, I think we should be using the same parameters and patterns as in openstack. This will help admins be familiar with openstack tools, and enable us to use the same methods across multiple clients. Fuel client should be changed to take the same options --os-username, --os-password, etc... as well as accept the environment variables that correlate with them, This would also allow us to bring openrc onto the fuel master, and unify getting credentials to the various clients. Later on, I think we should be adding the fuel url to the endpoint's data so that we can use the client only with the auth url like the openstack clients. It would also allow us to set the fuel endpoint in deployed clouds so that the fuel node could be easily found later. -- Andrew Mirantis Ceph community _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev