[Openstack-operators] Identity service installation - authorization problem

jonathan_gershater at trendmicro.com jonathan_gershater at trendmicro.com
Mon Mar 18 17:51:01 UTC 2013


Joe
Here is the output of the mysql query after the endpoint-list command failed

If I am not mistaken, the following is true

  *   401e7115c7744baea8bdbd5560252707 = is the identity services
  *   85d4f12015d244acaa1156f59c118f35 = is the admin url ID for the nova compute node –
  *   37461be338984ee380a389625992d622 = is the admin url ID for the nova volume service
  *   eca4477d4705441294337424bbb7bf06 = is the admin url ID for the image service
  *   abf973a6a42647779e425a553349e00e =  is the admin url ID for the ec2 compatibility service
  *   8e718ce9ad02400ab4e154a45c07a535 = is the admin url ID for the object storage service

is the null value in nova compute node entry from the keystone DB a problem? If yes how do I fix?
If not, any other clues ???

Thanks for all your help to a newbie!
Jonathan

# keystone endpoint-list
No handlers could be found for logger "keystoneclient.v2_0.client"
Authorization Failed: An unexpected error prevented the server from fulfilling your request. 'NoneType' object has no attribute 'replace' (HTTP 500)


mysql> select * from endpoint;
+----------------------------------+-----------+----------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id                               | region    | service_id                       | extra                                                                                                                                                                                              |
+----------------------------------+-----------+----------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 401e7115c7744baea8bdbd5560252707 | RegionOne | 6ed04aa7ec2f47648c65aa68b4869049 | {"adminurl": "http://10.202.183.111:35357/v2.0", "internalurl": "http://10.202.183.111:5000/v2.0", "publicurl": "http://10.202.183.111:5000/v2.0"}                                                 |
| 85d4f12015d244acaa1156f59c118f35 | RegionOne | 9baa57ddfefc4dacbb1aa98f85ac2c4c | {"adminurl": null, "internalurl": "http://10.202.183.111:8774/v2/%(tenant_id)s--adminurl=http://10.202.183.111:8774/v2/%(tenant_id)s", "publicurl": "http://10.202.183.111:8774/v2/%(tenant_id)s"} |
| 37461be338984ee380a389625992d622 | RegionOne | d5352eed37f54e1fb0513758b4d30318 | {"adminurl": "http://10.202.183.111:8776/v1/%(tenant_id)s", "internalurl": "http://10.202.183.111:8776/v1/%(tenant_id)s", "publicurl": "http://10.202.183.111:8776/v1/%(tenant_id)s"}              |
| eca4477d4705441294337424bbb7bf06 | RegionOne | 9a3e242a74284e56928a2cb797a728ec | {"adminurl": "http://10.202.183.111:9292", "internalurl": "http://10.202.183.111:9292", "publicurl": "http://10.202.183.111:9292"}                                                                 |
| abf973a6a42647779e425a553349e00e | RegionOne | 01f1ae7d6554405fb5be9680e9c992bb | {"adminurl": "http://10.202.183.111:8773/services/Admin", "internalurl": "http://10.202.183.111:8773/services/Cloud", "publicurl": "http://10.202.183.111:8773/services/Cloud"}                    |
| 8e718ce9ad02400ab4e154a45c07a535 | RegionOne | f6f5f15827184aecac096703dc3b472a | {"adminurl": "http://10.202.183.111:8888/v1", "internalurl": "http://10.202.183.111:8888/v1/AUTH_%(tenant_id)s", "publicurl": "http://10.202.183.111:8888/v1/AUTH_%(tenant_id)s"}                  |
+----------------------------------+-----------+----------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
6 rows in set (0.00 sec)


From: Joe Topjian <joe.topjian at cybera.ca<mailto:joe.topjian at cybera.ca>>
Date: Monday, March 18, 2013 7:10 AM
To: Jonathan Gershater <jonathan_gershater at trendmicro.com<mailto:jonathan_gershater at trendmicro.com>>
Cc: "openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>" <openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>>
Subject: Re: [Openstack-operators] Identity service installation - authorization problem

Hi Jonathan,

The last few lines of the error message look interesting:

 File "/usr/lib/python2.6/site-packages/keystone/catalog/backends/sql.py", line 160, in get_catalog
    admin_url = ep['adminurl'].replace('$(', '%(')
AttributeError: 'NoneType' object has no attribute 'replace'

Are you able to do a "keystone endpoint-list" and see if the Admin URL is correct for all endpoints? If that command fails, you can run the following MySQL query against the keystone database:

select * from endpoint

And review the "adminurl" data in the "extra" column.

Thanks,
Joe


On Fri, Mar 15, 2013 at 10:44 AM, jonathan_gershater at trendmicro.com<mailto:jonathan_gershater at trendmicro.com> <jonathan_gershater at trendmicro.com<mailto:jonathan_gershater at trendmicro.com>> wrote:
Hi
( first time user of openstack on Centos 6.4 with MySQL backend )

I am following these manual steps
http://docs.openstack.org/folsom/openstack-compute/install/yum/content/ch_installing-openstack-overview.html

I installed the identity service and appeared to have no problems.

I verify using these steps
http://docs.openstack.org/folsom/openstack-compute/install/yum/content/verifying-identity-install.html

Authentication is successful and returns
================================
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
| expires  |       2013-03-16T15:36:09Z       |
|    id    | 9457d8cb44514a6aba6b5ea77c45b18b |
| user_id  | 5eecad2d999f4f9388b2c65da88cead3 |
+----------+----------------------------------+

Authorization fails and returns:
=========================
root at openstack-controller ~]# keystone --os-username=admin --os-password=password --os-tenant-name=demo --os-auth-url=http://10.202.183.111:35357/v2.0 token-get
No handlers could be found for logger "keystoneclient.v2_0.client"
Authorization Failed: An unexpected error prevented the server from fulfilling your request. 'NoneType' object has no attribute 'replace' (HTTP 500)

And in the log file:
==============
File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 204, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.6/site-packages/keystone/service.py", line 340, in authenticate
    metadata=metadata_ref)
  File "/usr/lib/python2.6/site-packages/keystone/catalog/core.py", line 78, in get_catalog
    return self.driver.get_catalog(user_id, tenant_id, metadata)
  File "/usr/lib/python2.6/site-packages/keystone/catalog/backends/sql.py", line 160, in get_catalog
    admin_url = ep['adminurl'].replace('$(', '%(')
AttributeError: 'NoneType' object has no attribute 'replace'


Why is authorization failing ?

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.




_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators




--
Joe Topjian
Systems Administrator
Cybera Inc.

www.cybera.ca<http://www.cybera.ca>

Cybera is a not-for-profit organization that works to spur and support innovation, for the economic benefit of Alberta, through the use of cyberinfrastructure.

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130318/cb2f2028/attachment.html>


More information about the OpenStack-operators mailing list