976842 – Extra character in the endpoint definition for swift

Bug 976842 - Extra character in the endpoint definition for swift

Summary: Extra character in the endpoint definition for swift

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	doc-Installation_and_Configuration_Guide
Sub Component:
Version:	3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	3.0
Assignee:	Stephen Gordon
QA Contact:	ecs-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-21 15:45 UTC by Attila Darazs
Modified:	2014-08-03 23:50 UTC (History)
CC List:	2 users (show)
Fixed In Version:	Red_Hat_OpenStack-Installation_and_Configuration_Guide-3-en-US-3-24
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:	Build: CSProcessor Builder Version 1.10 Build Name: 15807, Installation and Configuration Guide-3-1 Build Date: 12-06-2013 09:31:52 Topic ID: 16782-459264 [Latest]
Last Closed:	2014-08-03 23:50:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Attila Darazs 2013-06-21 15:45:43 UTC

Title: Configuring the Identity Service to work with the Object Storage Service

Describe the issue:
There's this command in the doc:

$ keystone endpoint-create --service_id <serviceid> \
    --publicurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s" \
    --adminurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s" \
    --internalurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s"

This creates and endpoint like this in keystone:
| dc78bb13406041d7b67a498e626f7717 | regionOne | http://10.34.60.70:8080/v1/AUTH_\%(tenant_id)s | http://10.34.60.70:8080/v1/AUTH_\%(tenant_id)s | http://10.34.60.70:8080/v1/AUTH_\%(tenant_id)s | ec2753c8d247419692c21e178702a915 |

Note that the % is still escaped, which results in error in the communication with swift:

# swift list
Account GET failed: http://10.34.60.70:8080/v1/AUTH_\0462cfe859364e2e92a1f78309576d02?format=json 403 Forbidden  [first 60 chars of response] <html><h1>Forbidden</h1><p>Access was denied to this resourc

Suggestions for improvement:
Remove the \ before the % character, it is not needed, at least with bash.

Also I think the correct adminurl doesn't have that AUTH part (checked how packstack does it, and it works).

So my recommendation is this:

$ keystone endpoint-create --service_id <serviceid> \
    --publicurl "http://IP:8080/v1/AUTH_%(tenant_id)s" \
    --adminurl "http://IP:8080/" \
    --internalurl "http://IP:8080/v1/AUTH_%(tenant_id)s"

Additional information:
I would also suggest replacing that random IP with the word "IP", as it is in other parts of the documents.

Comment 2 Stephen Gordon 2013-06-24 14:40:14 UTC

(In reply to Attila Darazs from comment #0)
> Title: Configuring the Identity Service to work with the Object Storage
> Service
> 
> Describe the issue:
> There's this command in the doc:
> 
> $ keystone endpoint-create --service_id <serviceid> \
>     --publicurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s" \
>     --adminurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s" \
>     --internalurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s"

Looking at the most up to date version I think Tim has replaced the % with a $, which means the escaping is required:

$ keystone endpoint-create --service_id <serviceid> \
    --publicurl "http://proxy_node_ip_address:8080/v1/AUTH_\$(tenant_id)s" \
    --adminurl "http://proxy_node_ip_address:8080/v1/AUTH_\$(tenant_id)s" \
    --internalurl "http://proxy_node_ip_address:8080/v1/AUTH_\$(tenant_id)s"

I've removed the AUTH section of the adminurl (note that the version is still required however) and replaced proxy_node_ip_address with IP.

"Configuring the Identity Service to work with the Object Storage Service" - ID: 16782 [rev: 469724]

Note You need to log in before you can comment on or make changes to this bug.