Keystone token issue auth

I am trying to get Qbert api going by following this doc [https://docs.platform9.com/kubernetes/qbert-api]. The example suggests that I need to generate an access token via Keystone, so I went to this doc [https://docs.platform9.com/kubernetes/keystone-identity-api] and used the docker option to interact with Keystone.

I reformatted my pf9-openstack.rc file to be docker compliant and ran docker run --env-file .\pf9-openstack.rc -it platform9/openstack-cli. This put me at an openstack prompt (openstack). Then I attempted to interact with keystone by running token issue but got a response of The request you have made requires authentication. (HTTP 401).

Where have I gone wrong?

I gave up on Docker and switched to Windows WSL, to follow the ubuntu docs. Now I am getting the following when running the ‘pip install --upgrade --requirement …’ command to install CLIs.

ERROR: Command errored out with exit status 1:
     command: /home/ddieruf/.virtualenvs/os_cli/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-br47so70/netifaces_f917e4dfd9ea4d938a2f678a495d7efd/setup.py'"'"'; __file__='"'"'/tmp/pip-install-br47so70/netifaces_f917e4dfd9ea4d938a2f678a495d7efd/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-7f4vfz1b/install-record.txt --single-version-externally-managed --compile --install-headers /home/ddieruf/.virtualenvs/os_cli/include/site/python3.8/netifaces
         cwd: /tmp/pip-install-br47so70/netifaces_f917e4dfd9ea4d938a2f678a495d7efd/
    Complete output (20 lines):
    running install
    running build
    running build_ext
    checking for getifaddrs...found.
    checking for getnameinfo...found.
    checking for IPv6 socket IOCTLs...not found.
    checking for optional header files...netash/ash.h netatalk/at.h netax25/ax25.h neteconet/ec.h netipx/ipx.h netpacket/packet.h netrose/rose.h linux/atm.h linux/llc.h linux/tipc.h linux/dn.h.
    checking whether struct sockaddr has a length field...no.
    checking which sockaddr_xxx structs are defined...at ax25 in in6 ipx un rose ash ec ll atmpvc atmsvc dn llc.
    checking for routing socket support...no.
    checking for sysctl(CTL_NET...) support...no.
    checking for netlink support...yes.
    will use netlink to read routing table
    building 'netifaces' extension
    x86_64-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DNETIFACES_VERSION=0.10.6 -DHAVE_GETIFADDRS=1 -DHAVE_GETNAMEINFO=1 -DHAVE_NETASH_ASH_H=1 -DHAVE_NETATALK_AT_H=1 -DHAVE_NETAX25_AX25_H=1 -DHAVE_NETECONET_EC_H=1 -DHAVE_NETIPX_IPX_H=1 -DHAVE_NETPACKET_PACKET_H=1 -DHAVE_NETROSE_ROSE_H=1 -DHAVE_LINUX_ATM_H=1 -DHAVE_LINUX_LLC_H=1 -DHAVE_LINUX_TIPC_H=1 -DHAVE_LINUX_DN_H=1 -DHAVE_SOCKADDR_AT=1 -DHAVE_SOCKADDR_AX25=1 -DHAVE_SOCKADDR_IN=1 -DHAVE_SOCKADDR_IN6=1 -DHAVE_SOCKADDR_IPX=1 -DHAVE_SOCKADDR_UN=1 -DHAVE_SOCKADDR_ROSE=1 -DHAVE_SOCKADDR_ASH=1 -DHAVE_SOCKADDR_EC=1 -DHAVE_SOCKADDR_LL=1 -DHAVE_SOCKADDR_ATMPVC=1 -DHAVE_SOCKADDR_ATMSVC=1 -DHAVE_SOCKADDR_DN=1 -DHAVE_SOCKADDR_LLC=1 -DHAVE_PF_NETLINK=1 -I/home/ddieruf/.virtualenvs/os_cli/include -I/usr/include/python3.8 -c netifaces.c -o build/temp.linux-x86_64-3.8/netifaces.o
    netifaces.c:1:10: fatal error: Python.h: No such file or directory
        1 | #include <Python.h>
          |          ^~~~~~~~~~
    compilation terminated.
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /home/ddieruf/.virtualenvs/os_cli/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-br47so70/netifaces_f917e4dfd9ea4d938a2f678a495d7efd/setup.py'"'"'; __file__='"'"'/tmp/pip-install-br47so70/netifaces_f917e4dfd9ea4d938a2f678a495d7efd/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-7f4vfz1b/install-record.txt --single-version-externally-managed --compile --install-headers /home/ddieruf/.virtualenvs/os_cli/include/site/python3.8/netifaces Check the logs for full command output.

I ended up bypassing the suggested install script as well as the virtualenv and installing the entire openstack cli locally.

sudo apt-get install python3-dev
sudo apt-get install python3-pip
sudo pip3 install python-openstackclient

Also to note I installed python 3 and made it the primary runner.
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10

BUT! With all that said, I ended up bypassing the cli altogether and using the API directly…

First I confirmed my connection to the keystone server by running

curl -g -i -X GET https://<MY_AUTH_SERVERL>.platform9.io/keystone/v3 \
  -H "Accept: application/json" \
  -H "User-Agent: openstacksdk/0.56.0 keystoneauth1/4.3.1 python-requests/2.25.1 CPython/3.8.5"

This gave me back an HTTP 200 with details about my openstack environment.

{
	"version": {
		"status": "stable",
		"updated": "2019-01-22T00:00:00Z",
		"media-types": [
			{
				"base": "application/json",
				"type": "application/vnd.openstack.identity-v3+json"
			}
		],
		"id": "v3.12",
		"links": [
			{
				"href": "https://<MY_AUTH_SERVERL>.platform9.io/keystone/v3/",
				"rel": "self"
			}
		]
	}
}

So now the moment of truth. I am going to authenticate with keystone

curl -g -i -X POST https://<MY_AUTH_SERVERL>.platform9.io/keystone/v3/auth/tokens \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{"auth": {"identity": {"methods": ["password"],"password": {"user": {"name": "<MY_USERNAME>", "domain": {"name": "Default"}, "password": "<MY_PASSWORD>"}}}}}'

And the response

{"error":{"code":401,"message":"The request you have made requires authentication.","title":"Unauthorized"}}

I’m right back to the beginning error. :frowning: . Clearly I am providing the wrong credentials. I am using my Platform9 login creds and things aren’t lining up. Are there different creds I should be using?

To circle back with this. Here are the values that ultimately worked to generate a token.

export OS_USERNAME=<MY_ACCOUNT_EMAIL>
export OS_TENANT_NAME=service
export OS_PROJECT_NAME=service
export OS_PASSWORD="<MY_PASSWORD>"
export OS_REGION_NAME="RegionOne"
export OS_AUTH_URL=https://<MY_AUTH_SERVERL>.platform9.io/keystone/v3
export OS_AUTH_TYPE=password
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_IDENTITY_API_VERSION=3