Bug 976842 - Extra character in the endpoint definition for swift
Extra character in the endpoint definition for swift
Status: CLOSED CURRENTRELEASE
Product: Red Hat OpenStack
Classification: Red Hat
Component: doc-Installation_and_Configuration_Guide (Show other bugs)
3.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 3.0
Assigned To: Stephen Gordon
ecs-bugs
: Documentation
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-21 11:45 EDT by Attila Darazs
Modified: 2014-08-03 19:50 EDT (History)
2 users (show)

See Also:
Fixed In Version: Red_Hat_OpenStack-Installation_and_Configuration_Guide-3-en-US-3-24
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Build: CSProcessor Builder Version 1.10 Build Name: 15807, Installation and Configuration Guide-3-1 Build Date: 12-06-2013 09:31:52 Topic ID: 16782-459264 [Latest]
Last Closed: 2014-08-03 19:50:06 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Attila Darazs 2013-06-21 11:45:43 EDT
Title: Configuring the Identity Service to work with the Object Storage Service

Describe the issue:
There's this command in the doc:

$ keystone endpoint-create --service_id <serviceid> \
    --publicurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s" \
    --adminurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s" \
    --internalurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s"

This creates and endpoint like this in keystone:
| dc78bb13406041d7b67a498e626f7717 | regionOne | http://10.34.60.70:8080/v1/AUTH_\%(tenant_id)s | http://10.34.60.70:8080/v1/AUTH_\%(tenant_id)s | http://10.34.60.70:8080/v1/AUTH_\%(tenant_id)s | ec2753c8d247419692c21e178702a915 |

Note that the % is still escaped, which results in error in the communication with swift:

# swift list
Account GET failed: http://10.34.60.70:8080/v1/AUTH_\0462cfe859364e2e92a1f78309576d02?format=json 403 Forbidden  [first 60 chars of response] <html><h1>Forbidden</h1><p>Access was denied to this resourc

Suggestions for improvement:
Remove the \ before the % character, it is not needed, at least with bash.

Also I think the correct adminurl doesn't have that AUTH part (checked how packstack does it, and it works).

So my recommendation is this:

$ keystone endpoint-create --service_id <serviceid> \
    --publicurl "http://IP:8080/v1/AUTH_%(tenant_id)s" \
    --adminurl "http://IP:8080/" \
    --internalurl "http://IP:8080/v1/AUTH_%(tenant_id)s"

Additional information:
I would also suggest replacing that random IP with the word "IP", as it is in other parts of the documents.
Comment 2 Stephen Gordon 2013-06-24 10:40:14 EDT
(In reply to Attila Darazs from comment #0)
> Title: Configuring the Identity Service to work with the Object Storage
> Service
> 
> Describe the issue:
> There's this command in the doc:
> 
> $ keystone endpoint-create --service_id <serviceid> \
>     --publicurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s" \
>     --adminurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s" \
>     --internalurl "http://192.0.43.10:8080/v1/AUTH_\%(tenant_id)s"

Looking at the most up to date version I think Tim has replaced the % with a $, which means the escaping is required:

$ keystone endpoint-create --service_id <serviceid> \
    --publicurl "http://proxy_node_ip_address:8080/v1/AUTH_\$(tenant_id)s" \
    --adminurl "http://proxy_node_ip_address:8080/v1/AUTH_\$(tenant_id)s" \
    --internalurl "http://proxy_node_ip_address:8080/v1/AUTH_\$(tenant_id)s"

I've removed the AUTH section of the adminurl (note that the version is still required however) and replaced proxy_node_ip_address with IP.

"Configuring the Identity Service to work with the Object Storage Service" - ID: 16782 [rev: 469724]

Note You need to log in before you can comment on or make changes to this bug.