Openstack client auth problem

hi,
I have an openstack testbe according to https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/install-openstack.html

and it is up&running.

I’m trying to use the openstack client following https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/configure-openstack.html
but every command doens’t work

ubuntu@juju:~$ source openrc
ubuntu@juju:~$ openstack endpoint list --interface admin --debug
START with options: endpoint list --interface admin --debug
options: Namespace(access_key=’’, access_secret=‘’, access_token='’, access_token_endpoint=’’, access_token_type=’’, application_credential_id=’’, application_credential_name=’’, application_credential_secret=‘’, auth_methods=’’, auth_type=‘password’, auth_url=‘https://172.17.3.70:5000/v3’, cacert=’/home/ubuntu/root_ca.x509’, cert=’’, client_id=’’, client_secret='’, cloud=’’, code=’’, consumer_key=’’, consumer_secret=‘’, debug=True, default_domain=‘default’, default_domain_id=’’, default_domain_name=’’, deferred_help=False, discovery_endpoint=’’, domain_id=’’, domain_name=’’, endpoint=’’, identity_provider=’’, identity_provider_url=’’, insecure=None, interface=‘public’, key=’’, log_file=None, openid_scope=’’, os_beta_command=False, os_compute_api_version=’’, os_identity_api_version=‘3’, os_image_api_version=’’, os_network_api_version=’’, os_object_api_version=’’, os_project_id=None, os_project_name=None, os_volume_api_version=’’, passcode=’’, password='’, project_domain_id=’’, project_domain_name=‘admin_domain’, project_id=’’, project_name=‘admin’, protocol=’’, redirect_uri=’’, region_name=‘RegionOne’, remote_project_domain_id=’’, remote_project_domain_name=’’, remote_project_id=’’, remote_project_name=’’, service_provider=’’, service_provider_endpoint=’’, service_provider_entity_id=’’, system_scope=’’, timing=False, token=‘’, trust_id=’’, user_domain_id=’’, user_domain_name=‘admin_domain’, user_id=’’, username=‘admin’, verbose_level=3, verify=None)
Auth plugin password selected
auth_config_hook(): {‘api_timeout’: None, ‘verify’: True, ‘cacert’: ‘/home/ubuntu/root_ca.x509’, ‘cert’: None, ‘key’: None, ‘baremetal_status_code_retries’: ‘5’, ‘baremetal_introspection_status_code_retries’: ‘5’, ‘image_status_code_retries’: ‘5’, ‘disable_vendor_agent’: {}, ‘interface’: ‘public’, ‘floating_ip_source’: ‘neutron’, ‘image_api_use_tasks’: False, ‘image_format’: ‘qcow2’, ‘message’: ‘’, ‘network_api_version’: ‘2’, ‘object_store_api_version’: ‘1’, ‘secgroup_source’: ‘neutron’, ‘status’: ‘active’, ‘auth’: {‘user_domain_name’: ‘admin_domain’, ‘project_domain_name’: ‘admin_domain’, ‘project_name’: ‘admin’}, ‘verbose_level’: 3, ‘deferred_help’: False, ‘debug’: True, ‘region_name’: ‘RegionOne’, ‘default_domain’: ‘default’, ‘timing’: False, ‘auth_url’: ‘https://172.17.3.70:5000/v3’, ‘username’: ‘admin’, ‘password’: '
’, ‘beta_command’: False, ‘identity_api_version’: ‘3’, ‘auth_type’: ‘password’, ‘networks’: []}
defaults: {‘api_timeout’: None, ‘verify’: True, ‘cacert’: None, ‘cert’: None, ‘key’: None, ‘auth_type’: ‘password’, ‘baremetal_status_code_retries’: 5, ‘baremetal_introspection_status_code_retries’: 5, ‘image_status_code_retries’: 5, ‘disable_vendor_agent’: {}, ‘interface’: None, ‘floating_ip_source’: ‘neutron’, ‘image_api_use_tasks’: False, ‘image_format’: ‘qcow2’, ‘message’: ‘’, ‘network_api_version’: ‘2’, ‘object_store_api_version’: ‘1’, ‘secgroup_source’: ‘neutron’, ‘status’: ‘active’}
cloud cfg: {‘api_timeout’: None, ‘verify’: True, ‘cacert’: ‘/home/ubuntu/root_ca.x509’, ‘cert’: None, ‘key’: None, ‘baremetal_status_code_retries’: ‘5’, ‘baremetal_introspection_status_code_retries’: ‘5’, ‘image_status_code_retries’: ‘5’, ‘disable_vendor_agent’: {}, ‘interface’: ‘public’, ‘floating_ip_source’: ‘neutron’, ‘image_api_use_tasks’: False, ‘image_format’: ‘qcow2’, ‘message’: ‘’, ‘network_api_version’: ‘2’, ‘object_store_api_version’: ‘1’, ‘secgroup_source’: ‘neutron’, ‘status’: ‘active’, ‘auth’: {‘user_domain_name’: ‘admin_domain’, ‘project_domain_name’: ‘admin_domain’, ‘project_name’: ‘admin’}, ‘verbose_level’: 3, ‘deferred_help’: False, ‘debug’: True, ‘region_name’: ‘RegionOne’, ‘default_domain’: ‘default’, ‘timing’: False, ‘auth_url’: ‘https://172.17.3.70:5000/v3’, ‘username’: ‘admin’, ‘password’: ‘’, ‘beta_command’: False, ‘identity_api_version’: ‘3’, ‘auth_type’: ‘password’, ‘networks’: []}
compute API version 2.1, cmd group openstack.compute.v2
identity API version 3, cmd group openstack.identity.v3
image API version 2, cmd group openstack.image.v2
network API version 2, cmd group openstack.network.v2
object_store API version 1, cmd group openstack.object_store.v1
volume API version 3, cmd group openstack.volume.v3
command: endpoint list -> openstackclient.identity.v3.endpoint.ListEndpoint (auth=True)
Auth plugin password selected
auth_config_hook(): {‘api_timeout’: None, ‘verify’: True, ‘cacert’: ‘/home/ubuntu/root_ca.x509’, ‘cert’: None, ‘key’: None, ‘baremetal_status_code_retries’: ‘5’, ‘baremetal_introspection_status_code_retries’: ‘5’, ‘image_status_code_retries’: ‘5’, ‘disable_vendor_agent’: {}, ‘interface’: ‘public’, ‘floating_ip_source’: ‘neutron’, ‘image_api_use_tasks’: False, ‘image_format’: ‘qcow2’, ‘message’: ‘’, ‘network_api_version’: ‘2’, ‘object_store_api_version’: ‘1’, ‘secgroup_source’: ‘neutron’, ‘status’: ‘active’, ‘auth’: {‘user_domain_name’: ‘admin_domain’, ‘project_domain_name’: ‘admin_domain’, ‘project_name’: ‘admin’}, ‘additional_user_agent’: [(‘osc-lib’, ‘2.0.0’)], ‘verbose_level’: 3, ‘deferred_help’: False, ‘debug’: True, ‘region_name’: ‘RegionOne’, ‘default_domain’: ‘default’, ‘timing’: False, ‘auth_url’: ‘https://172.17.3.70:5000/v3’, ‘username’: ‘admin’, ‘password’: '
’, ‘beta_command’: False, ‘identity_api_version’: ‘3’, ‘auth_type’: ‘password’, ‘networks’: []}
Using auth plugin: password
Using parameters {‘auth_url’: ‘https://172.17.3.70:5000/v3’, ‘project_name’: ‘admin’, ‘project_domain_name’: ‘admin_domain’, ‘username’: ‘admin’, ‘user_domain_name’: ‘admin_domain’, ‘password’: ‘***’}
Get auth_ref
REQ: curl -g -i --cacert “/home/ubuntu/root_ca.x509” -X GET https://172.17.3.70:5000/v3 -H “Accept: application/json” -H “User-Agent: openstacksdk/0.46.0 keystoneauth1/4.0.0 python-requests/2.22.0 CPython/3.8.5”
Starting new HTTPS connection (1): 172.17.3.70:5000
https://172.17.3.70:5000 “GET /v3 HTTP/1.1” 200 252
RESP: [200] Connection: Keep-Alive Content-Length: 252 Content-Type: application/json Date: Thu, 21 Jan 2021 17:02:39 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.41 (Ubuntu) Vary: X-Auth-Token x-openstack-request-id: req-272bbc8f-0b51-4575-8e0c-89baf8ea0f18
RESP BODY: {“version”: {“id”: “v3.14”, “status”: “stable”, “updated”: “2020-04-07T00:00:00Z”, “links”: [{“rel”: “self”, “href”: “https://172.17.3.70:5000/v3/”}], “media-types”: [{“base”: “application/json”, “type”: “application/vnd.openstack.identity-v3+json”}]}}
GET call to https://172.17.3.70:5000/v3 used request id req-272bbc8f-0b51-4575-8e0c-89baf8ea0f18
Making authentication request to https://172.17.3.70:5000/v3/auth/tokens
https://172.17.3.70:5000 “POST /v3/auth/tokens HTTP/1.1” 401 109
Request returned failure status: 401
The request you have made requires authentication. (HTTP 401) (Request-ID: req-c7bdff17-8ca0-45f2-ab58-935b1f11a5b5)
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/cliff/app.py”, line 393, in run_subcommand
self.prepare_to_run_command(cmd)
File “/usr/lib/python3/dist-packages/osc_lib/shell.py”, line 493, in prepare_to_run_command
self.client_manager.auth_ref
File “/usr/lib/python3/dist-packages/osc_lib/clientmanager.py”, line 202, in auth_ref
self._auth_ref = self.auth.get_auth_ref(self.session)
File “/usr/lib/python3/dist-packages/keystoneauth1/identity/generic/base.py”, line 208, in get_auth_ref
return self._plugin.get_auth_ref(session, **kwargs)
File “/usr/lib/python3/dist-packages/keystoneauth1/identity/v3/base.py”, line 183, in get_auth_ref
resp = session.post(token_url, json=body, headers=headers,
File “/usr/lib/python3/dist-packages/keystoneauth1/session.py”, line 1131, in post
return self.request(url, ‘POST’, **kwargs)
File “/usr/lib/python3/dist-packages/keystoneauth1/session.py”, line 968, in request
raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-c7bdff17-8ca0-45f2-ab58-935b1f11a5b5)
clean_up ListEndpoint: The request you have made requires authentication. (HTTP 401) (Request-ID: req-c7bdff17-8ca0-45f2-ab58-935b1f11a5b5)
END return value: 1

user and password are ok, It seems to me a token problem when curl invokes the api, maybe have to insert some new variable into openrc?