I'm new to OpenStack clients and APIs
Today I was trying to connect to Keystone, And create a Client object like this:
from keystoneauth1.identity import v3
from keystoneclient.exceptions import ClientException
from keystoneauth1.session import Session
from keystoneclient.v3.client import Client
def keystone_client(version=(3, ), auth_url=None, user_id=None, password=None, project_id=None):
auth = v3.Password(auth_url=auth_url,
user_id=user_id,
password=password,
project_id=project_id)
sess = Session(auth=auth)
try:
return Client(session=sess)
except ClientException as e:
print(e) # TODO: USE LOGGING
When I try to use the client with admin user credentials, and fetch users list, project list, any of keystone functionality like :
client = keystone_client(...)
clinet.services.list()
client.users.list()
First, this line in the client source code in a try-except block encounters exception and logs the bellow warning message
LOG.warning('Failed to contact the endpoint at %s for discovery. Fallback '
'to using that endpoint as the base url.', url)
Then finally throws a bunch of time out exceptions, traceback:
Failed to contact the endpoint at https://example:5000 for discovery. Fallback to using that endpoint as the base url.
Traceback (most recent call last):
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
conn = connection.create_connection(
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/urllib3/util/connection.py", line 84, in create_connection
raise err
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/urllib3/util/connection.py", line 74, in create_connection
sock.connect(sa)
TimeoutError: [Errno 110] Connection timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3.8/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib/python3.8/http/client.py", line 950, in send
self.connect()
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/urllib3/connection.py", line 187, in connect
conn = self._new_conn()
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7ffa929afb80>: Failed to establish a new connection: [Errno 110] Connection timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 726, in urlopen
retries = retries.increment(
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/urllib3/util/retry.py", line 446, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='example', port=5000): Max retries exceeded with url: /users (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7ffa929afb80>: Failed to establish a new connection: [Errno 110] Connection timed out'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneauth1/session.py", line 1012, in _send_request
resp = self.session.request(method, url, **kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='example', port=5000): Max retries exceeded with url: /users (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7ffa929afb80>: Failed to establish a new connection: [Errno 110] Connection timed out'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/debtcollector/renames.py", line 43, in decorator
return wrapped(*args, **kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneclient/v3/users.py", line 132, in list
return super(UserManager, self).list(
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneclient/base.py", line 86, in func
return f(*args, **new_kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneclient/base.py", line 448, in list
list_resp = self._list(url_query, self.collection_key)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneclient/base.py", line 141, in _list
resp, body = self.client.get(url, **kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneauth1/adapter.py", line 395, in get
return self.request(url, 'GET', **kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneauth1/adapter.py", line 554, in request
resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneauth1/adapter.py", line 257, in request
return self.session.request(url, method, **kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneauth1/session.py", line 921, in request
resp = send(**kwargs)
File "/home/arthur/codes/dir/test/venv/lib/python3.8/site-packages/keystoneauth1/session.py", line 1028, in _send_request
raise exceptions.ConnectFailure(msg)
keystoneauth1.exceptions.connection.ConnectFailure: Unable to establish connection to http://example:5000/users?: HTTPConnectionPool(host='example', port=5000): Max retries exceeded with url: /users (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7ffa929afb80>: Failed to establish a new connection: [Errno 110] Connection timed out'))
All of the functions including that user listing works fine in both Keystone Identity raw API and the OpenStack command-line client. It seems that the python-keystone-client looks into the service catalog and figure out which end-point it should use, but finally, that endpoint it decides to use is an internal endpoint, and not supposed to be used directly.
Anyone else had this problem?
There is an argument named 'interface' which gets 'public', 'internal' and 'admin' as its value. Which in order to prevent Keystone client to try private endpoints, it should be passed like this:
client = Client(session, interface='public')