Using OpenStack CLI With MFA
Problem
- OpenStack CLI fails with the following after enabling multi-factor authentication (MFA) for a local user.
$ openstack server listNot all required auth rules were satisfied: [['totp', 'password']]- OpenStack CLI needs to work for local users with MFA enabled.
Environment
- Platform9 Managed OpenStack - All Versions
- Keystone
- OpenStack CLI
Procedure
- Create the following OpenRC file – substituting the variables with your user information (i.e. enter your username and password, along with the applicable region and project).
export OS_AUTH_URL=https://<DU>/keystone/v3export OS_REGION_NAME="<REGION>"export OS_PROJECT_NAME="<PROJECT>"export OS_PROJECT_DOMAIN_NAME="default"export OS_USERNAME="<USER>"export OS_PASSWORD="<PASSWORD>"read -p "Please enter MFA Token: " OS_TOTP_PASSCODEexport OS_TOTP_PASSCODE=$OS_TOTP_PASSCODEexport OS_TOKEN=$(curl -s -i -H "Content-Type: application/json" -d '{"auth":{"identity":{"methods":["password","totp"],"password":{"user":{"name":"'"$OS_USERNAME"'","domain":{"id":"default"},"password":"'"$OS_PASSWORD"'"}},"totp":{"user":{"name":"'"$OS_USERNAME"'","domain":{"id":"default"},"passcode":"'"$OS_TOTP_PASSCODE"'"}}},"scope":{"project":{"name":"'"$OS_PROJECT_NAME"'","domain":{"id":"default"}}}}}' -X POST $OS_AUTH_URL/auth/tokens | awk '/X-Subject-Token:/{printf $2}' | tr -dc '[:print:]')export OS_AUTH_TYPE="v3token"- Source the OpenRC file, and use the OpenStack CLI as you would normally.
source openrcAdditional Information
Was this page helpful?