broken auth_url

[rokroskar]

It seems that the examples/suggested configs where the openstack_auth_path is set to <host-url>/v3/auth/tokens don't work with the current version of fog. Using GitLab 11.9.12 for example, the auth url incorrectly becomes <host-url>/v3/auth/tokens/auth/tokens. GitLab appears to be using fog 1.0.8: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21788/diffs#21fb5836b499a2be648386aac055d2e069160d6c_247_246

[nsteinmetz]

Hi @rokroskar,

I have the same issue, did you find a way to get it working ?

Thanks!

I opened also https://gitlab.com/gitlab-org/gitlab/issues/208825

[rokroskar]

Hi @nsteinmetz, the solution is just to strip out /auth/tokens at the end of openstack_auth_url.

Hope that helps!

[nsteinmetz]

Seems the bug changed a bit since yours in fact.

Seems now the /v2/tokens is added automatically so I can't use a V3 endpoint whereas OVH (my openstack provider) will shut down V2 endpoint by end of the month...

[rokroskar]

Surely they didn't downgrade from v3 api to v2? A silly thought but maybe worth trying - you have a / after v3 in your example in the gitlab issue - did you try it without? I.e. https://auth.cloud.ovh.net/v3 instead of https://auth.cloud.ovh.net/v3/?

[nsteinmetz]

@rokroskar I tried indeed but forgot to mention it - and it fails too.

It leads to path => "/v3/v2.0/tokens"

[axi]

Hi, @nsteinmetz did you managed to find a solution ? I'm having the same problem.
Ovh replanned the v2 shutdown to 23 june 2020...
Thanks

[nsteinmetz]

Hi @axi

I switched to S3 endpoints on OVH instead of swift for the time being.

The issue on gitlab side is in backlog but no progress for a month.

[ShamoX]

To use v3 authentication endpoint on OVH :

• auth_url: https://auth.cloud.ovh.net/
• username
• api_key
• project_id

If you add tenant_id the library automatically switch to token V2 (because tenant_id is a token v2 key), see here.

I use OVH for several month like that and it works for me.

[nsteinmetz]

@ShamoX thanks for the tip !

This works like a charm:

gitlab_rails['backup_upload_connection'] = {
  'provider' => 'OpenStack',
  'openstack_username' => 'XXX',
  'openstack_api_key' => 'XXX',
  'openstack_auth_url' => 'https://auth.cloud.ovh.net',
  'openstack_region' => 'XXX'
}

[axi]

thanks both @nsteinmetz & @ShamoX, it's working !

[achevalet]

Hi, I have quite the same issue even with correct settings.
Might it be because v3 endpoints are not listed in the catalog?

| keystone                   | identity                | RegionOne
|                            |                         |   internal: http://myopenstack-private.com:5000/v2.0
|                            |                         | RegionOne
|                            |                         |   public: https://myopenstack:5000/v2.0
|                            |                         | RegionOne
|                            |                         |   admin: http://myopenstack-private:35357/v2.0

I can authenticate just fine:

@auth_v3 = {
        openstack_auth_url: 'https://myopenstack.com:5000',
        openstack_username: 'myuser',
        openstack_api_key: 'mypassword',
        openstack_project_name: 'myproject',
        openstack_domain_name: 'mydomain',
        openstack_endpoint_type: 'publicURL',
}

> keystone = Fog::OpenStack::Identity.new(@auth_v3)
 => #<Fog::OpenStack::Identity::V3::Real:23684020 @openstack_auth_url="https://myopenstack.com:5000" ...

> keystone.auth_token
 => "mytoken"

But then all URLs are broken:

> keystone.list_projects
Fog::OpenStack::Identity::NotFound: Expected([200]) <=> Actual(404 Not Found)
excon.error.response
  :body          => "{\"error\": {\"message\": \"The resource could not be found.\", \"code\": 404, \"title\": \"Not Found\"}}"
  :path          => "/v2.0/v3/projects"
...

> keystone.list_domains
Fog::OpenStack::Identity::NotFound: Expected([200]) <=> Actual(404 Not Found)
excon.error.response
  :body          => "{\"error\": {\"message\": \"The resource could not be found.\", \"code\": 404, \"title\": \"Not Found\"}}"
  :path          => "/v2.0/v3/domains"

[nsteinmetz]

@achevalet it seems indeed that v3 endpoints are not available in your case based on what you provide. You should use a V2 auth schema then.

[achevalet]

Actually V3 is enabled but not listed in the catalog. I have to use V3, I cannot connect with V2.

[nsteinmetz]

So contact your provider for more info about this I would say :)

[achevalet]

I tried, but the answer was "this is just normal and all other sdk or clients support it" :)
It was actually solved by #268 on older versions, not sure where it breaks now.
btw, I will try again to have v3 listed in the catalog..

[achevalet]

To avoid using v2 endpoints, it looks like I need to enter in the else here despite the catalog is not empty.
Could we force @openstack_management_url = @openstack_auth_url when we have authenticated with v3 and the endpoints returned are v2?