Hi, I am trying to develop an application which would auto-provision nodes on Rackspace compute cloud. But the versions (First-Gen and Next-Gen) are conflicting.
I am facing 2 issues - If we use first generation provider metadata or name (cloudserver-us), the authentication fails. If we use next generation provider metadata or name (rackspace-cloudserver-us), authentication works, but the internal query is hitting the cloudServerOpenStack module, and not the cloudServers module of Rackspace. Explanation - Authentication with Curl, Explanation of Case 1, Explanation of case 2. (with relevant code snippets and comments) 1. Authentication from Curl, and endpoints - After requesting the authentication from Rackspace using the curl requests (From http://docs.rackspace.com/servers/api/v1.0/cs-devguide/content/auth.html), I got a response with endpoint details in it. - Request curl -s https://identity.api.rackspacecloud.com/v2.0/tokens -X 'POST' \ -d '{"auth":{"passwordCredentials":{"username":"***", "password":"***"}}}' \ -H "Content-Type: application/json" | python -m json.tool Note: The v1.0 documentation refers to a v2.0 authentication method. - Response ... { "endpoints": [ { "publicURL": "https://servers.api.rackspacecloud.com/v1.0/825653";, "tenantId": "825653", "versionId": "1.0", "versionInfo": "https://servers.api.rackspacecloud.com/v1.0";, "versionList": "https://servers.api.rackspacecloud.com/"; } ], "name": "cloudServers", "type": "compute" } } ... { "endpoints": [ ... { "publicURL": "https://ord.servers.api.rackspacecloud.com/v2/825653";, "region": "ORD", "tenantId": "825653", "versionId": "2", "versionInfo": "https://ord.servers.api.rackspacecloud.com/v2";, "versionList": "https://ord.servers.api.rackspacecloud.com/"; }, ... ], "name": "cloudServersOpenStack", "type": "compute" }, } Common Scenario Code Snippets - private Properties overrides = null; overrides.setProperty(KeystoneProperties.CREDENTIAL_TYPE, CredentialTypes.PASSWORD_CREDENTIALS); ... // FirstGen ProviderMetadata CloudServersUSProviderMetadata firstGenProviderMetadata = CloudServersUSProviderMetadata.builder().build(); // NextGen ProviderMetadata org.jclouds.rackspace.cloudservers.us.CloudServersUSProviderMetadata nextGenProviderMetadata = org.jclouds.rackspace.cloudservers.us.CloudServersUSProviderMetadata.builder().build(); ... // Create Nodes in Group Set<? extends NodeMetadata> nodes = compute.createNodesInGroup(NAME, 1, template); 2. Case 1 - If I keep the ProviderMetadata as first gen, i.e. ContextBuilder builder = ContextBuilder.newBuilder(firstGenProviderMetadata).credentials(USERNAME, PASSWORD).overrides(overrides); jclouds internally still uses v1.1 method to authenticate the user, as seen in the Exception stack. (Username, password removed). Caused by: org.jclouds.http.HttpResponseException: request: POST https://auth.api.rackspacecloud.com/v1.1/auth HTTP/1.1 [{"credentials":{"username":"***","key":"***"}}] failed with response: HTTP/1.1 401 Unauthorized at org.jclouds.cloudservers.handlers.ParseCloudServersErrorFromHttpResponse.handleError(ParseCloudServersErrorFromHttpResponse.java:51) ... 52 more But as explained above, the documentation says authentication would now use a v2 API. 3. Case 2 - If I keep the ProviderMetadata as next gen, i.e. ContextBuilder builder = ContextBuilder.newBuilder(nextGenProviderMetadata).credentials(USERNAME, PASSWORD).overrides(overrides); This causes the internal exception of policy. Caused by: org.jclouds.http.HttpResponseException: command: GET https://ord.servers.api.rackspacecloud.com/v2/825653/servers/detail HTTP/1.1 failed with response: HTTP/1.1 403 Forbidden; content: [{"forbidden": {"message": "Policy doesn't allow compute:get_all to be performed.", "code": 403}}] at org.jclouds.openstack.nova.v2_0.handlers.NovaErrorHandler.handleError(NovaErrorHandler.java:83) ... 24 more I verified this error with curl request too - Varads-MacBook:~ varadmeru$ curl -s https://ord.servers.api.rackspacecloud.com/v2/825653/servers/detail \ > -H "X-Auth-Token:8a320075315a47ca81e1ac70f1fa9bf9" | python -m json.tool { "forbidden": { "code": 403, "message": "Policy doesn't allow compute:get_all to be performed." } } As seen above, this URL is for the CloudServersOpenStack endpoint, and not to the cloudServers end-point, in which we want to create nodes. Please let me know a solution of 1 of the cases. I am also looking into the code, for finding the relevant code snippets. Thanks in advance. Regards, Varad ----------------- Varad Meru Software Development Engineer, Orzota, Inc. (www.orzota.com)
