[openstack-dev] [Congress] Congress horizon plugin - congressclient/congress API auth issue - help

Tim Hinrichs tim at styra.com
Thu Jul 21 16:26:47 UTC 2016 

So clearly an authentication problem then.

Anusha, do you have any ideas?  (Aimee, I think Anusha has worked with
Keystone authentication most recently, so she's your best bet.)

Tim

On Thu, Jul 21, 2016 at 8:59 AM Aimee Ukasick <aimeeu.opensource at gmail.com>
wrote:

> The  Policy/Data Sources web page throws the same errors. I am
> planning to recheck direct API calls using v3 auth today or tomorrow.
>
> aimee
>
> On Thu, Jul 21, 2016 at 10:49 AM, Tim Hinrichs <tim at styra.com> wrote:
> > Hi Aimee,
> >
> > Do the other APIs work?  That is, is it a general problem
> authenticating, or
> > is the problem limited to list_policies?
> >
> > Tim
> >
> > On Wed, Jul 20, 2016 at 3:54 PM Aimee Ukasick <
> aimeeu.opensource at gmail.com>
> > wrote:
> >>
> >> Hi all,
> >>
> >> I've been working on Policy UI (Horizon): Unable to get policies
> >> list (devstack) (https://bugs.launchpad.net/congress/+bug/1602837)
> >> for the past 3 days. Anusha is correct - it's an authentication
> >> problem, but I have not been able to fix it.
> >>
> >> I grabbed the relevant code in congress.py from Anusha's horizon
> >> plugin model patchset (https://review.openstack.org/#/c/305063/3) and
> >> added try/catch blocks, logging statements (with error because I
> >> haven't figured out how to set the horizon log level).
> >>
> >>
> >> I am testing the code on devstack, which I cloned on 19 July 2016.
> >>
> >> With both v2 and v3 auth, congressclient.v1.client is created.
> >> The failure happens trying to call
> >> congressclient.v1.client.Client.list_policies().
> >> When using v2 auth, the error message is "Unable to get policies list:
> >> The resource could not be found"
> >> When using v3 auth, the error message is "Cannot authorize API client"
> >>
> >> I am assuming that congressclient.v1.client.Client is
> >>
> >>
> https://github.com/openstack/python-congressclient/blob/master/congressclient/v1/client.py
> >> and that client.list_policy() calls list_policy()in the
> >> python-congressclient
> >> which in turn calls the Congress API. Is this correct?
> >>
> >> Any ideas why with v3 auth, the python-congressclient cannot authorize
> the
> >> call to the API?
> >>
> >> I looked at other horizon plugin models (ceilometer, neutron, nova,
> >> cerberus, cloudkitty, trove, designate, manila) to see how they created
> >> the client. While the code to create a client is not identical,
> >> it is vastly different from the code to create a client
> >> in contrib/horizon/congress.py.
> >>
> >> Thanks in advance for any pointers.
> >>
> >> aimee
> >>
> >> Aimee Ukasick (aimeeu)
> >>
> >> v2 log:
> >> 2016-07-20 22:13:56.501455
> >> 2016-07-20 22:14:30.238233 ***** view.get_data calling policies =
> >> congress.policies_list(self.request) *****
> >> 2016-07-20 22:14:30.238318 ***** self.request.path=
> >> /dashboard/admin/policies/
> >> 2016-07-20 22:14:30.238352 ***** congress.policies_list(request)
> >> BEGIN*****
> >> 2016-07-20 22:14:30.238376 ***** calling client =
> >> congressclient(request)*****
> >> 2016-07-20 22:14:30.238399 ***** congress.congressclient BEGIN*****
> >> 2016-07-20 22:14:30.238454 ***** auth_url=
> http://192.168.56.103/identity
> >> 2016-07-20 22:14:30.238479 ***** calling get_keystone_session *****
> >> 2016-07-20 22:14:30.238505 ***** congress.get_keystone_session BEGIN
> >> auth_url *****http://192.168.56.103/identity
> >> 2016-07-20 22:14:30.238554 ***** path= /identity
> >> 2016-07-20 22:14:30.238578 ***** using V2 plugin to authenticate*****
> >> 2016-07-20 22:14:30.238630 ***** v2 auth.get_auth_state=
> >> 2016-07-20 22:14:30.238656 None
> >> 2016-07-20 22:14:30.238677 ***** finished using V2 plugin to
> >> authenticate*****
> >> 2016-07-20 22:14:30.238698 ***** creating session with auth *****
> >> 2016-07-20 22:14:30.244407 ***** congress.get_keystone_session END*****
> >> 2016-07-20 22:14:30.244462 ***** regtion_name= RegionOne
> >> 2016-07-20 22:14:30.244491 ***** calling
> congress_client.Client(**kwargs)
> >> 2016-07-20 22:14:30.247830 ***** congress.congressclient END*****
> >> 2016-07-20 22:14:30.247902 ***** calling policies_list =
> >> client.list_policy()*****
> >> 2016-07-20 22:14:30.248012 DEBUG:keystoneauth.identity.v2:Making
> >> authentication request to http://192.168.56.103/identity/tokens
> >> 2016-07-20 22:14:30.255023 DEBUG:keystoneauth.session:Request returned
> >> failure status: 404
> >> 2016-07-20 22:14:30.257546 Unable to get policies list: The resource
> >> could not be found.
> >>
> >>
> >> v3 log:
> >> 2016-07-20 22:09:22.912969
> >> 2016-07-20 22:09:31.907119 ***** view.get_data calling policies =
> >> congress.policies_list(self.request) *****
> >> 2016-07-20 22:09:31.907973 ***** self.request.path=
> >> /dashboard/admin/policies/
> >> 2016-07-20 22:09:31.908122 ***** congress.policies_list(request)
> >> BEGIN*****
> >> 2016-07-20 22:09:31.908250 ***** calling client =
> >> congressclient(request)*****
> >> 2016-07-20 22:09:31.908386 ***** congress.congressclient BEGIN*****
> >> 2016-07-20 22:09:31.909034 ***** auth_url=
> http://192.168.56.103/identity
> >> 2016-07-20 22:09:31.909217 ***** calling get_keystone_session *****
> >> 2016-07-20 22:09:31.909356 ***** congress.get_keystone_session BEGIN
> >> auth_url *****http://192.168.56.103/identity
> >> 2016-07-20 22:09:31.909527 ***** path= /identity
> >> 2016-07-20 22:09:31.909795 ***** using V3 plugin to authenticate*****
> >> 2016-07-20 22:09:31.910042 auth_url=http://192.168.56.103/identity
> >> 2016-07-20 22:09:31.910175 token=d46339f2d0b5455db54909d6ed95a9cc
> >> 2016-07-20 22:09:31.910301 project_name=alt_demo
> >> 2016-07-20 22:09:31.910426 domain_name=Default
> >> 2016-07-20 22:09:31.910676 project_domain_name=default
> >> 2016-07-20 22:09:31.910866 ***** v3 auth.get_auth_state=
> >> 2016-07-20 22:09:31.910992 None
> >> 2016-07-20 22:09:31.914053 ***** finished using V3 plugin to
> >> authenticate*****
> >> 2016-07-20 22:09:31.914100 ***** creating session with auth *****
> >> 2016-07-20 22:09:31.922260 ***** congress.get_keystone_session END*****
> >> 2016-07-20 22:09:31.922542 ***** regtion_name= RegionOne
> >> 2016-07-20 22:09:31.922676 ***** calling
> congress_client.Client(**kwargs)
> >> 2016-07-20 22:09:31.922822 ***** congress.congressclient END*****
> >> 2016-07-20 22:09:31.922949 ***** calling policies_list =
> >> client.list_policy()*****
> >> 2016-07-20 22:09:31.924732 Unable to get policies list: Cannot
> >> authorize API client.
> >>
> >>
> __________________________________________________________________________
> >> OpenStack Development Mailing List (not for usage questions)
> >> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160721/bfd683f7/attachment.html>

More information about the OpenStack-dev mailing list