<div dir="ltr">Hi guys, i just tried what Daneyon Hansen said, and it works!!!! So... there's a problem when using keystone+cinder+PKI in Grizzly. Anyway there's one more thing i still have to fix "<strong>Error: </strong>
[Errno 111] Connection refused" when trying to create a new volume from the dashboard, i've no problems creating them from the shell. Thanks!</div><div class="gmail_extra"><br><br><div class="gmail_quote">
2013/5/3 Juan Suero <span dir="ltr"><<a href="mailto:juan.suero@gmail.com" target="_blank">juan.suero@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><div><div><div>hey this might not help you but i had similar problems. dashboard would not work. it would authenticate me but not show me resources and such....<br></div>i traced it down to similar authentication problem to cinder<br>
</div>the how to i was following did not put the cinder user as an admin of the service tenant if i recall correctly.<br></div>manually making that association fixed that issue for me.<br></div>e.g. putting cinder in the admin role in teh service tenant.<br>
<div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, May 3, 2013 at 1:11 PM, Daneyon Hansen (danehans) <span dir="ltr"><<a href="mailto:danehans@cisco.com" target="_blank">danehans@cisco.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="font-size:14px;font-family:Calibri,sans-serif;word-wrap:break-word">
<div>
<div>
<div><br>
</div>
<div>Keystone.conf</div>
<div><br>
</div>
<div>
<div>[ssl]</div>
<div>enable = False</div>
</div>
<div><br>
</div>
<div>
<div>[signing]</div>
<div>token_format = UUID</div>
</div>
<div><br>
</div>
<div>service keystone restart</div>
<div><br>
</div>
<div>
<div>Regards,</div>
<div>Daneyon Hansen</div>
<div>Software Engineer</div>
<div>Email: <a href="mailto:danehans@cisco.com" target="_blank">danehans@cisco.com</a></div>
<div>Phone: <a href="tel:303-718-0400" value="+13037180400" target="_blank">303-718-0400</a></div>
<div><a href="http://about.me/daneyon_hansen" target="_blank">http://about.me/daneyon_hansen</a></div>
</div>
</div>
</div>
<div><br>
</div>
<span>
<div style="border-right:medium none;padding-right:0in;padding-left:0in;padding-top:3pt;text-align:left;font-size:11pt;border-bottom:medium none;font-family:Calibri;border-top:#b5c4df 1pt solid;padding-bottom:0in;border-left:medium none">
<span style="font-weight:bold">From: </span>Juan José Pavlik Salles <<a href="mailto:jjpavlik@gmail.com" target="_blank">jjpavlik@gmail.com</a>><br>
<span style="font-weight:bold">Date: </span>Friday, May 3, 2013 10:26 AM<br>
<span style="font-weight:bold">To: </span>"<a href="mailto:openstack-operators@lists.openstack.org" target="_blank">openstack-operators@lists.openstack.org</a>" <<a href="mailto:openstack-operators@lists.openstack.org" target="_blank">openstack-operators@lists.openstack.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [Openstack-operators] Authentication problems with cinder<br>
</div><div><div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">Thanks Jay!!! That makes sense. I'm using Grizzly, is there any way to disable the PKI??? It worked once, but suddenly stopped, and i don't know why. I just installed cinder again but the problem still there...</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2013/5/3 Jay Pipes <span dir="ltr"><<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
We saw this exact same error when deploying Keystone +<br>
Cinder/Nova/Glance with PKI in Folsom.<br>
<br>
I presume you are using Grizzly, since I see you are also using memcache<br>
with PKI, which does not work in Folsom, AFAIK.<br>
<br>
The "solution" to the problem for us was to simply issue a restart of<br>
the cinder-api/nova-api-os-compute/glance-api services, and the service<br>
user would then begin to work again. I believe it has something to do<br>
with the service user not being able to retrieve the token revocation<br>
list from the Keystone server after some time period. For us, it was<br>
usually around 24 hours between requisite restarts.<br>
<br>
I've cc'd Adam Donnison to have a look at this as well.<br>
<br>
Best,<br>
-jay<br>
<div>
<div><br>
On 05/02/2013 03:01 PM, Juan José Pavlik Salles wrote:<br>
> Hi guys, i don't want to be annoying but i'm still having this problem.<br>
> I don't understand this (from /var/log/cinder/cinder-api.log):<br>
><br>
> 2013-04-30 20:00:42 DEBUG [keystoneclient.middleware.auth_token]<br>
> Token validation failure.<br>
> Traceback (most recent call last):<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 688, in _validate_user_token<br>
> verified = self.verify_signed_token(user_token)<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1043, in verify_signed_token<br>
> if self.is_signed_token_revoked(signed_text):<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1007, in is_signed_token_revoked<br>
> revocation_list = self.token_revocation_list<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1079, in token_revocation_list<br>
> self.token_revocation_list = self.fetch_revocation_list()<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1109, in fetch_revocation_list<br>
> return self.cms_verify(data['signed'])<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1038, in cms_verify<br>
> raise err<br>
> CalledProcessError: Command 'openssl' returned non-zero exit status 4<br>
</div>
</div>
> *2013-04-30 20:00:42 DEBUG [keystoneclient.middleware.auth_token]<br>
> Marking token<br>
> *MIIMbwYJKoZIhvcNAQcCoIIMYDCCDFwCAQExCTAHBgUrDgMCGjCCC0gGCSqGSIb3DQEHAaCCCzkEggs1eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNC0zMFQyMDowMDo0Mi40MDYzNTMiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTAxVDIwOjAwOjQyWiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVsbCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiNmFhM2JmMWFiNjgwNDAyMTg4NzNhNzgyZjkwY2ZmYTciLCAibmFtZSI6ICJhZG1pbiJ9fSwgInNlcnZpY2VDYXRhbG9nIjogW3siZW5kcG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzE3Mi4xOS4xMzYuMTE6ODc3NC92Mi82YWEzYmYxYWI2ODA0MDIxODg3M2E3ODJmOTBjZmZhNyIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly8xNzIuMTkuMTM2LjEwOjg3NzQvdjIvNmFhM2JmMWFiNjgwNDAyMTg4NzNhNzgyZjkwY2ZmYTciLCAiaWQiOiAiMjYxNzgzOTEyNzVhNDJjZmEzY<br>
> ...<br>
> i4xOS4xMzYuMTA6NTAwMC92Mi4wIn1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogImlkZW50aXR5IiwgIm5hbWUiOiAia2V5c3RvbmUifV0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJhZG1pbiIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQiOiAiM2Y4MjY3M2I1ZmUwNDExYWI1ZmQ4MjE2YmRiNjkzYzYiLCAicm9sZXMiOiBbeyJuYW1lIjogIktleXN0b25lU2VydmljZUFkbWluIn0sIHsibmFtZSI6ICJLZXlzdG9uZUFkbWluIn0sIHsibmFtZSI6ICJhZG1pbiJ9XSwgIm5hbWUiOiAiYWRtaW4ifSwgIm1ldGFkYXRhIjogeyJpc19hZG1pbiI6IDAsICJyb2xlcyI6IFsiNjY2NmZhOTkwNzhhNGYwN2EwNzBlN2U4NThjMzJmMDIiLCAiMzZiYmE5ZWYwMTc4NDQ4YzhhNjU0Yjc1ZmViM2EwZjQiLCAiYTI1NTgxZGQzNDcwNDYwYjkxZWNhYTI5ZWNhNzIwNWMiXX19fTGB-zCB-AIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVVbnNldDEOMAwGA1UEBxMFVW5zZXQxDjAMBgNVBAoTBVVuc2V0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCbzuXTFZ8vZ2h4VnLUvdrzn5HCJdeEI5KkpLLHLkVvjrYwPm6NC+sRvDZ0Mg2MCMHtt1eK4o0GRBtmq8sTtUGqHuT5Ns41whp+r+diTGNfkW6mOaJBwpQhxbjXiTGcCHWJni3RkDTDinY-O7Zto3ct0etVmxvE62lqSFSQUKoyAg==<br>
> *as unauthorized in memcache*<br>
> *2013-04-30 20:00:42 WARNING [keystoneclient.middleware.auth_token]<br>
> Authorization failed for token*<br>
> MIIMbwYJKoZIhvcNAQcCoIIMYDCCDFwCAQExCTAHBgUrDgMCGjCCC0gGCSqGSIb3DQEHAaCCCzkEggs1eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNC0zMFQyMDowMDo0Mi40MDYzNTMiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTAxVDIwOjAwOjQyWiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVsbCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiNmFhM2JmMWFiNjgwNDAyMTg4NzNhNzgyZjkwY2ZmYTciLCAibmFtZSI6ICJhZG1pbiJ9fSwgInNlcnZpY2VDYXRhbG9nIjogW3siZW5kcG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzE3Mi4xOS4xMzYuMTE6ODc3NC92Mi82YWEzYmYxYWI2ODA0MDIxODg3M2E3ODJmOTBjZmZhNyIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly8xNzIuMTkuMTM2LjEwOjg3NzQvdjIvNmFhM2JmMWFiNjgwNDAyMTg4NzNhNzgyZjkwY2ZmYTciLCAiaWQiOiAiMjYxNzgzOTEyNzVhNDJjZmEzYjc4NmFiMTUxYzhmOGEiLCAicHVibGljVVJMIjogImh0dHA6Ly8xNzIuMTkuMTM2LjExOjg3NzQvdjIvNmFhM2JmMWFiNjgwNDAyMTg4NzNhNzgyZjkwY2ZmYTcifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiY29tcHV0ZSIsICJuY<br>
> ...<br>
> dmljZXMvQ2xvdWQifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiZWMyIiwgIm5hbWUiOiAiZWMyIn0sIHsiZW5kcG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzE3Mi4xOS4xMzYuMTA6ODA4MC92MSIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly8xNzIuMTkuMTM2LjExOjgwODAvdjEvQVVUSF82YWEzYmYxYWI2ODA0MDIxODg3M2E3ODJmOTBjZmZhNyIsICJpZCI6ICI2NTkxMTExNGMzNjM0MWExOTAwNmMzMjhjNmQwYTJhZSIsICJwdWJsaWNVUkwiOiAiaHR0cDovLzE3Mi4xOS4xMzYuMTA6ODA4MC92MS9BVVRIXzZhYTNiZjFhYjY4MDQwMjE4ODczYTc4MmY5MGNmZmE3In1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogIm9iamVjdC1zdG9yZSIsICJuYW1lIjogInN3aWZ0In0sIHsiZW5kcG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzE3Mi4xOS4xMzYuMTE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly8xNzIuMTkuMTM2LjEwOjUwMDAvdjIuMCIsICJpZCI6ICIwZjkzODlkMDQ4NWU0ZjJmOWY3ODc0YzQxMTgxYmQyOCIsICJwdWJsaWNVUkwiOiAiaHR0cDovLzE3Mi4xOS4xMzYuMTA6NTAwMC92Mi4wIn1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogImlkZW50aXR5IiwgIm5hbWUiOiAia2V5c3RvbmUifV0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJhZG1pb<br>
iIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQiOiAiM2Y4MjY3M2I1ZmUwNDExYWI1ZmQ4MjE2YmRiNjkzYzYiLCAicm9sZXMiOiBbeyJuYW1lIjogIktleXN0b25lU2VydmljZUFkbWluIn0sIHsibmFtZSI6ICJLZXlzdG9uZUFkbWluIn0sIHsibmFtZSI6ICJhZG1pbiJ9XSwgIm5hbWUiOiAiYWRtaW4ifSwgIm1ldGFkYXRhIjogeyJpc19hZG1pbiI6IDAsICJyb2xlcyI6IFsiNjY2NmZhOTkwNzhhNGYwN2EwNzBlN2U4NThjMzJmMDIiLCAiMzZiYmE5ZWYwMTc4NDQ4YzhhNjU0Yjc1ZmViM2EwZjQiLCAiYTI1NTgxZGQzNDcwNDYwYjkxZWNhYTI5ZWNhNzIwNWMiXX19fTGB-zCB-AIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVVbnNldDEOMAwGA1UEBxMFVW5zZXQxDjAMBgNVBAoTBVVuc2V0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCbzuXTFZ8vZ2h4VnLUvdrzn5HCJdeEI5KkpLLHLkVvjrYwPm6NC+sRvDZ0Mg2MCMHtt1eK4o0GRBtmq8sTtUGqHuT5Ns41whp+r+diTGNfkW6mOaJBwpQhxbjXiTGcCHWJni3RkDTDinY-O7Zto3ct0etVmxvE62lqSFSQUKoyAg==<br>
> *2013-04-30 20:00:42 INFO [keystoneclient.middleware.auth_token]<br>
> Invalid user token - rejecting request*<br>
> *<br>
<div>> *<br>
> It seems that cinder can't recognise my auth_token so it tries to ban<br>
> it. Does anybody have any idea about this? Thanks!!!<br>
><br>
><br>
> 2013/4/30 Juan José Pavlik Salles <<a href="mailto:jjpavlik@gmail.com" target="_blank">jjpavlik@gmail.com</a><br>
</div>
> <mailto:<a href="mailto:jjpavlik@gmail.com" target="_blank">jjpavlik@gmail.com</a>>><br>
<div>><br>
> I ran tcpdump on my cinder node (172.19.136.245) and this is what i saw:<br>
><br>
> From 172.19.136.10 i ran "cinder --os-username=admin<br>
> --os-tenant-name=admin --os-password=zGp05Nsa<br>
> --os-auth-url=<a href="http://172.19.136.1:35357/v2.0" target="_blank">http://172.19.136.1:35357/v2.0</a> list":<br>
><br>
> After getting a valid token from keystone.<br>
><br>
> -----Request from cinder-client to cinder-api:<br>
><br>
> GET /v1/6aa3bf1ab68040218873a782f90cffa7/volumes/detail HTTP/1.1<br>
</div>
> Host: <a href="http://172.19.136.245:8776" target="_blank">172.19.136.245:8776</a> <<a href="http://172.19.136.245:8776" target="_blank">http://172.19.136.245:8776</a>><br>
<div>> X-Auth-Project-Id: admin<br>
> Accept-Encoding: gzip, deflate, compress<br>
> Content-Length: 0<br>
> Accept: application/json<br>
> User-Agent: python-cinderclient<br>
> X-Auth-Token: MIIMbwYJKoZIhvcNAQcCoIIMY.....oiRM1nsw==<br>
><br>
> -----Request from cinder-api to keystone:<br>
><br>
> GET /v2.0/tokens/revoked HTTP/1.1<br>
</div>
> Host: <a href="http://172.19.136.11:35357" target="_blank">172.19.136.11:35357</a> <<a href="http://172.19.136.11:35357" target="_blank">http://172.19.136.11:35357</a>><br>
<div>
<div>> Accept-Encoding: identity<br>
> Content-type: application/json<br>
> Accept: application/json<br>
> X-Auth-Token:<br>
> MIIMKAYJKoZIhvcNAQcCoIIMGTCCDBUCAQExCTAHBgUrDgMCGjCCCwEGCS...eufVytyk=<br>
><br>
> -----Answer from keystone to cinder-api:<br>
><br>
> HTTP/1.1 200 OK<br>
> Vary: X-Auth-Token<br>
> Content-Type: application/json<br>
> Content-Length: 612<br>
> Date: Tue, 30 Apr 2013 19:55:04 GMT<br>
><br>
> {"signed": "-----BEGIN<br>
> CMS-----\nMIIBkAYJKoZIhvcNAQcCoIIBgTCCAX0CAQExCTAHBgUrDgMCGjBrBgkqhkiG9w0B\nBwGgXgRceyJyZXZva2VkIjogW3siZXhwaXJlcyI6ICIyMDEzLTA0LTMwVDIwOjQy\nOjQ3WiIsICJpZCI6ICJhMDRhMjAwZGZlZTI2NjNkNDNjN2UyNzkzZTU3YWE1OCJ9\nXX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAM\nBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1w\nbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAE4mgl+c2wGz0+71j\n5Am0KCI+lKHtYJppPtBvVDJ194J1hgMEMz7Yxlqtn1qMoJm3o5fCTl8pU3IszX/f\nb36zOZCrRXTCqgb32O7HfhPKT+N8kqZxMvtDTzv+3uQOC0xw7cAh+sNPgG1EHrL3\nIO8cMEUJqOkXjhwQPKXSqYVrwg4=\n-----END<br>
> CMS-----\n"}<br>
><br>
><br>
> -----Answer from cinder-api to cinder-client:<br>
><br>
> HTTP/1.1 401 Unauthorized<br>
> Www-Authenticate: Keystone uri='<a href="http://172.19.136.11:35357" target="_blank">http://172.19.136.11:35357</a>'<br>
> Content-Length: 276<br>
> Content-Type: text/plain; charset=UTF-8<br>
> Date: Tue, 30 Apr 2013 19:55:04 GMT<br>
><br>
> 401 Unauthorized<br>
><br>
> This server could not verify that you are authorized to access the<br>
> document you requested. Either you supplied the wrong credentials<br>
> (e.g., bad password), or your browser does not understand how to<br>
> supply the credentials required.<br>
><br>
> Authentication required<br>
><br>
><br>
> Is there any chance that cinder-api is breaking up my token??<br>
><br>
><br>
><br>
> 2013/4/30 Juan José Pavlik Salles <<a href="mailto:jjpavlik@gmail.com" target="_blank">jjpavlik@gmail.com</a><br>
</div>
</div>
> <mailto:<a href="mailto:jjpavlik@gmail.com" target="_blank">jjpavlik@gmail.com</a>>><br>
<div>
<div>><br>
> I can get valid credentials with this line:<br>
><br>
> root@heladera:/etc/cinder# cinder --os-username=admin<br>
> --os-tenant-name=admin --os-password=XXX<br>
> --os-auth-url=<a href="http://172.19.136.1:35357/v2.0" target="_blank">http://172.19.136.1:35357/v2.0</a> credentials<br>
> +------------------+----------------------------------------------------------------------------------------+<br>
> | User Credentials |<br>
> Value |<br>
> +------------------+----------------------------------------------------------------------------------------+<br>
> | id |<br>
> 3f82673b5fe0411ab5fd8216bdb693c6 |<br>
> | name |<br>
> admin |<br>
> | roles | [{u'name': u'KeystoneServiceAdmin'},<br>
> {u'name': u'KeystoneAdmin'}, {u'name': u'admin'}] |<br>
> | roles_links |<br>
> [] |<br>
> | username |<br>
> admin |<br>
> +------------------+----------------------------------------------------------------------------------------+<br>
> +-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br>
> | Token |<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> Value<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> |<br>
> +-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br>
> | expires |<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> 2013-05-01T18:47:48Z<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> |<br>
> | id |<br>
> MIIMbwYJKoZIhvcNAQcCoIIMYDCCDFwCAQEx...tcWW6xvpLgWsr3A== |<br>
> | issued_at |<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> 2013-04-30T18:47:48.512440<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> |<br>
> | tenant |<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> {u'id':<br>
> u'6aa3bf1ab68040218873a782f90cffa7', u'enabled': True,<br>
> u'description': None, u'name': u'admin'}<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> |<br>
> +-----------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br>
><br>
> So, it must be something that happens AFTER getting the<br>
> credentials, something involving the cinder api. I'm not sure<br>
> how the authentication process work but this is what i think:<br>
><br>
> 1-cinder client request for an auth token<br>
> 2-keystone validates the credentials, creates the token and<br>
> sends it back to the client<br>
> 3-the cinder client uses the received token to connect against<br>
> the cinder api<br>
> 4-the cinder api validates the token against ¿keystone? Here is<br>
> where the problem might be.<br>
> 5-somehow the api can't validate the token and rejects me.<br>
><br>
> I'm running out of ideas.<br>
><br>
><br>
><br>
> 2013/4/30 Juan José Pavlik Salles <<a href="mailto:jjpavlik@gmail.com" target="_blank">jjpavlik@gmail.com</a><br>
</div>
</div>
> <mailto:<a href="mailto:jjpavlik@gmail.com" target="_blank">jjpavlik@gmail.com</a>>><br>
<div>
<div>><br>
> When i try to list the volumes this is what i see in the<br>
> cinder api logs file:<br>
><br>
> 2013-04-30 17:43:07 DEBUG<br>
> [keystoneclient.middleware.auth_token] Authenticating user token<br>
> 2013-04-30 17:43:07 DEBUG<br>
> [keystoneclient.middleware.auth_token] Removing headers from<br>
> request environment:<br>
> X-Identity-Status,X-Domain-Id,X-Domain-Name,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-User-Id,X-User-Name,X-User-Domain-Id,X-User-Domain-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant-Id,X-Tenant-Name,X-Tenant,X-Role<br>
> 2013-04-30 17:43:07 ERROR [keystoneclient.common.cms]<br>
> Verify error: Verification failure<br>
><br>
> 140606277047968:error:0407006A:rsa<br>
> routines:RSA_padding_check_PKCS1_type_1:block type is not<br>
> 01:rsa_pk1.c:100:<br>
> 140606277047968:error:04067072:rsa<br>
> routines:RSA_EAY_PUBLIC_DECRYPT:padding check<br>
> failed:rsa_eay.c:721:<br>
> 140606277047968:error:2E09A09E:CMS<br>
> routines:CMS_SignerInfo_verify_content:verification<br>
> failure:cms_sd.c:900:<br>
> 140606277047968:error:2E09D06D:CMS<br>
> routines:CMS_verify:content verify error:cms_smime.c:425:<br>
><br>
> 2013-04-30 17:43:07 DEBUG<br>
> [keystoneclient.middleware.auth_token] Token validation failure.<br>
> Traceback (most recent call last):<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 688, in _validate_user_token<br>
> verified = self.verify_signed_token(user_token)<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1043, in verify_signed_token<br>
> if self.is_signed_token_revoked(signed_text):<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1007, in is_signed_token_revoked<br>
> revocation_list = self.token_revocation_list<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1079, in token_revocation_list<br>
> self.token_revocation_list = self.fetch_revocation_list()<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1109, in fetch_revocation_list<br>
> return self.cms_verify(data['signed'])<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1038, in cms_verify<br>
> raise err<br>
> CalledProcessError: Command 'openssl' returned non-zero exit<br>
> status 4<br>
> 2013-04-30 17:43:07 DEBUG<br>
> [keystoneclient.middleware.auth_token] Marking token<br>
> MIIMbwYJKoZIhvcNA ... Od7Wrw6Aw== as unauthorized in memcache<br>
> 2013-04-30 17:43:07 WARNING<br>
> [keystoneclient.middleware.auth_token] Authorization failed<br>
> for token MIIMbwYJKoZIhvcNA ... Od7Wrw6Aw==<br>
> 2013-04-30 17:43:07 INFO<br>
> [keystoneclient.middleware.auth_token] Invalid user token -<br>
> rejecting request<br>
> 2013-04-30 17:43:07 DEBUG<br>
> [keystoneclient.middleware.auth_token] Authenticating user token<br>
> 2013-04-30 17:43:07 DEBUG<br>
> [keystoneclient.middleware.auth_token] Removing headers from<br>
> request environment:<br>
> X-Identity-Status,X-Domain-Id,X-Domain-Name,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-User-Id,X-User-Name,X-User-Domain-Id,X-User-Domain-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant-Id,X-Tenant-Name,X-Tenant,X-Role<br>
> 2013-04-30 17:43:07 ERROR [keystoneclient.common.cms]<br>
> Verify error: Verification failure<br>
><br>
> 140558031275680:error:0407006A:rsa<br>
> routines:RSA_padding_check_PKCS1_type_1:block type is not<br>
> 01:rsa_pk1.c:100:<br>
> 140558031275680:error:04067072:rsa<br>
> routines:RSA_EAY_PUBLIC_DECRYPT:padding check<br>
> failed:rsa_eay.c:721:<br>
> 140558031275680:error:2E09A09E:CMS<br>
> routines:CMS_SignerInfo_verify_content:verification<br>
> failure:cms_sd.c:900:<br>
> 140558031275680:error:2E09D06D:CMS<br>
> routines:CMS_verify:content verify error:cms_smime.c:425:<br>
><br>
> 2013-04-30 17:43:07 DEBUG<br>
> [keystoneclient.middleware.auth_token] Token validation failure.<br>
> Traceback (most recent call last):<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 688, in _validate_user_token<br>
> verified = self.verify_signed_token(user_token)<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1043, in verify_signed_token<br>
> if self.is_signed_token_revoked(signed_text):<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1007, in is_signed_token_revoked<br>
> revocation_list = self.token_revocation_list<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1079, in token_revocation_list<br>
> self.token_revocation_list = self.fetch_revocation_list()<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1109, in fetch_revocation_list<br>
> return self.cms_verify(data['signed'])<br>
> File<br>
> "/usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py",<br>
> line 1038, in cms_verify<br>
> raise err<br>
> CalledProcessError: Command 'openssl' returned non-zero exit<br>
> status 4<br>
> 2013-04-30 17:43:07 DEBUG<br>
> [keystoneclient.middleware.auth_token] Marking token<br>
> MIIMbwYJKoZIhvcNA ... YAUt8D2KYQw== as unauthorized in memcache<br>
> 2013-04-30 17:43:07 WARNING<br>
> [keystoneclient.middleware.auth_token] Authorization failed<br>
> for token MIIMbwYJKoZIhvcNA ... YAUt8D2KYQw==<br>
> 2013-04-30 17:43:07 INFO<br>
> [keystoneclient.middleware.auth_token] Invalid user token -<br>
> rejecting request<br>
><br>
> MAYBE... somehow HAproxy is changing something in the header<br>
> but i don't think so. This is the haproxy configuration for<br>
> the cinder API:<br>
><br>
> listen nova-api-cinder <a href="http://172.19.136.1:8776" target="_blank">
172.19.136.1:8776</a><br>
</div>
</div>
> <<a href="http://172.19.136.1:8776" target="_blank">http://172.19.136.1:8776</a>><br>
<div>> balance roundrobin<br>
> option tcplog<br>
> server heladera <a href="http://172.19.136.245:8776" target="_blank">
172.19.136.245:8776</a><br>
</div>
> <<a href="http://172.19.136.245:8776" target="_blank">http://172.19.136.245:8776</a>> check<br>
<div>><br>
> I don't understand why is the Verification Failure, and why<br>
> i have openssl involve in my authentication, I didn't change<br>
> anything in the cinder api-paste.ini file, besides the<br>
> auth_host and service_host.<br>
><br>
><br>
> 2013/4/30 Juan José Pavlik Salles <<a href="mailto:jjpavlik@gmail.com" target="_blank">jjpavlik@gmail.com</a><br>
</div>
> <mailto:<a href="mailto:jjpavlik@gmail.com" target="_blank">jjpavlik@gmail.com</a>>><br>
<div>><br>
> Hi Jay, you are right, i'm trying to balance API calls<br>
> with HAProxy. I installed HAproxy on 172.19.136.1 and<br>
> configured all the openstack services to make the calls<br>
> to that IP, then i use HAproxy to redirect the API calls<br>
> to the real API servers (172.19.136.10 and<br>
> 172.19.136.11), this is my configuration:<br>
><br>
> I've these 4 nodes:<br>
><br>
</div>
> 172.19.136.245 <<a href="http://172.19.136.245" target="_blank">http://172.19.136.245</a>>:<br>
> -Cinder<br>
><br>
> 172.19.136.10 <<a href="http://172.19.136.10" target="_blank">http://172.19.136.10</a>>:<br>
<div>> -Keystone<br>
> -Glance (glance, api, registry)<br>
> -Nova (compute, scheduler, etc)<br>
><br>
</div>
> 172.19.136.11 <<a href="http://172.19.136.11" target="_blank">http://172.19.136.11</a>>:<br>
<div>> -Keystone<br>
> -Glance (glance, api, registry)<br>
> -Nova (compute, scheduler, etc)<br>
><br>
</div>
> 172.19.136.2 / 172.19.136.1 <<a href="http://172.19.136.1" target="_blank">http://172.19.136.1</a>>:<br>
<div>> -Quantum server<br>
> -RabbitMQ<br>
> -MySQL<br>
> -HAProxy (Listening on 172.19.136.1 for all the API<br>
> calls, and balancing them to either 172.19.136.10 or<br>
> 172.19.136.11, it also listens for cinder api calls and<br>
> redirects them to 172.19.136.245)<br>
><br>
> I didn't change all the endpoints yet, but all of them<br>
> should redirect to 172.19.136.1, maybe that's the<br>
> problem. What do you think?<br>
><br>
> This configuration might look odd or strange, but i'm<br>
> trying to build a redundant and scalable cloud (like in<br>
> this article<br>
> <a href="http://www.mirantis.com/blog/software-high-availability-load-balancing-openstack-cloud-api-servic/" target="_blank">
http://www.mirantis.com/blog/software-high-availability-load-balancing-openstack-cloud-api-servic/</a>).<br>
> Thanks!!!<br>
><br>
><br>
> 2013/4/30 Jay Pipes <<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a><br>
</div>
> <mailto:<a href="mailto:jaypipes@gmail.com" target="_blank">jaypipes@gmail.com</a>>><br>
<div>
<div>><br>
> On 04/29/2013 04:56 PM, Juan José Pavlik Salles wrote:<br>
> > Hi, i have spent the last days trying to solve<br>
> this problem. I can't<br>
> > list my cinder volumes from my shell:<br>
> ><br>
> > root@locro:~# cinder --os-username=admin<br>
> --os-tenant-name=admin<br>
> > --os-password=XXX<br>
> --os-auth-url=<a href="http://172.19.136.1:35357/v2.0" target="_blank">http://172.19.136.1:35357/v2.0</a> --debug<br>
> list<br>
> ><br>
> > REQ: curl -i <a href="http://172.19.136.1:35357/v2.0/tokens" target="_blank">
http://172.19.136.1:35357/v2.0/tokens</a><br>
> -X POST -H<br>
> > "Content-Type: application/json" -H "Accept:<br>
> application/json" -H<br>
> > "User-Agent: python-cinderclient" -d '{"auth":<br>
> {"tenantName": "admin",<br>
> > "passwordCredentials": {"username": "admin",<br>
> "password": "zGp05Nsa"}}}'<br>
> ><br>
> > RESP: [200] {'date': 'Mon, 29 Apr 2013 17:24:44<br>
> GMT', 'content-type':<br>
> > 'application/json', 'content-length': '7096',<br>
> 'vary': 'X-Auth-Token'}<br>
> > RESP BODY: {"access": {"token": {"issued_at":<br>
> > "2013-04-29T17:24:44.044013", "expires":<br>
> "2013-04-30T17:24:43Z", "id":<br>
> > "MIIMaQYJKoZIhvcNAQcC...", "tenant":<br>
> {"description": null, "enabled":<br>
> > true, "id": "6aa3bf1ab68040218873a782f90cffa7",<br>
> "name": "admin"}},<br>
> > "serviceCatalog": [{"endpoints": [{"adminURL":<br>
> ><br>
> "<a href="http://172.19.136.11:8774/v2/6aa3bf1ab68040218873a782f90cffa7" target="_blank">http://172.19.136.11:8774/v2/6aa3bf1ab68040218873a782f90cffa7</a>",<br>
> > "region": "RegionOne", "internalURL":<br>
> ><br>
> "<a href="http://172.19.136.10:8774/v2/6aa3bf1ab68040218873a782f90cffa7" target="_blank">http://172.19.136.10:8774/v2/6aa3bf1ab68040218873a782f90cffa7</a>",<br>
> "id":<br>
> > "26178391275a42cfa3b786ab151c8f8a", "publicURL":<br>
> ><br>
> "<a href="http://172.19.136.11:8774/v2/6aa3bf1ab68040218873a782f90cffa7" target="_blank">http://172.19.136.11:8774/v2/6aa3bf1ab68040218873a782f90cffa7</a>"}],<br>
> > "endpoints_links": [], "type": "compute", "name":<br>
> "nova"}, {"endpoints":<br>
> > [{"adminURL": "<a href="http://172.19.136.11:9696/" target="_blank">http://172.19.136.11:9696/</a>",<br>
> "region": "RegionOne",<br>
> > "internalURL": "<a href="http://172.19.136.11:9696/" target="_blank">http://172.19.136.11:9696/</a>", "id":<br>
> > "1d0f394d83804ecaaa5ba708ccf0417b", "publicURL":<br>
> > "<a href="http://172.19.136.11:9696/" target="_blank">http://172.19.136.11:9696/</a>"}], "endpoints_links":<br>
> [], "type":<br>
> > "network", "name": "quantum"}, {"endpoints":<br>
> [{"adminURL":<br>
> > "<a href="http://172.19.136.10:9292/v2" target="_blank">http://172.19.136.10:9292/v2</a>", "region":<br>
> "RegionOne", "internalURL":<br>
> > "<a href="http://172.19.136.11:9292/v2" target="_blank">http://172.19.136.11:9292/v2</a>", "id":<br>
> > "11f37a313bad47f28b846cb9b94d458c", "publicURL":<br>
> > "<a href="http://172.19.136.11:9292/v2" target="_blank">http://172.19.136.11:9292/v2</a>"}],<br>
> "endpoints_links": [], "type":<br>
> > "image", "name": "glance"}, {"endpoints":<br>
> [{"adminURL":<br>
> ><br>
> "<a href="http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7" target="_blank">http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7</a>",<br>
> > "region": "RegionOne", "internalURL":<br>
> ><br>
> "<a href="http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7" target="_blank">http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7</a>",<br>
> "id":<br>
> > "1ebe70478edd45d087263a4dc457f03a", "publicURL":<br>
> ><br>
> "<a href="http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7" target="_blank">http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7</a>"}],<br>
> > "endpoints_links": [], "type": "volume", "name":<br>
> "cinder"},<br>
> > {"endpoints": [{"adminURL":<br>
> "<a href="http://172.19.136.11:8773/services/Admin" target="_blank">http://172.19.136.11:8773/services/Admin</a>",<br>
> > "region": "RegionOne", "internalURL":<br>
> > "<a href="http://172.19.136.10:8773/services/Cloud" target="_blank">http://172.19.136.10:8773/services/Cloud</a>", "id":<br>
> > "4fd5bcbee3584c2b883b08f22f81de54", "publicURL":<br>
> > "<a href="http://172.19.136.10:8773/services/Cloud" target="_blank">http://172.19.136.10:8773/services/Cloud</a>"}],<br>
> "endpoints_links": [],<br>
> > "type": "ec2", "name": "ec2"}, {"endpoints":<br>
> [{"adminURL":<br>
> > "<a href="http://172.19.136.10:8080/v1" target="_blank">http://172.19.136.10:8080/v1</a>", "region":<br>
> "RegionOne", "internalURL":<br>
> ><br>
> "<a href="http://172.19.136.11:8080/v1/AUTH_6aa3bf1ab68040218873a782f90cffa7" target="_blank">http://172.19.136.11:8080/v1/AUTH_6aa3bf1ab68040218873a782f90cffa7</a>",<br>
> > "id": "65911114c36341a19006c328c6d0a2ae", "publicURL":<br>
> ><br>
> "<a href="http://172.19.136.10:8080/v1/AUTH_6aa3bf1ab68040218873a782f90cffa7" target="_blank">http://172.19.136.10:8080/v1/AUTH_6aa3bf1ab68040218873a782f90cffa7</a>"}],<br>
> > "endpoints_links": [], "type": "object-store",<br>
> "name": "swift"},<br>
> > {"endpoints": [{"adminURL":<br>
> "<a href="http://172.19.136.11:35357/v2.0" target="_blank">http://172.19.136.11:35357/v2.0</a>", "region":<br>
> > "RegionOne", "internalURL":<br>
> "<a href="http://172.19.136.10:5000/v2.0" target="_blank">http://172.19.136.10:5000/v2.0</a>", "id":<br>
> > "0f9389d0485e4f2f9f7874c41181bd28", "publicURL":<br>
> > "<a href="http://172.19.136.10:5000/v2.0" target="_blank">http://172.19.136.10:5000/v2.0</a>"}],<br>
> "endpoints_links": [], "type":<br>
> > "identity", "name": "keystone"}], "user":<br>
> {"username": "admin",<br>
> > "roles_links": [], "id":<br>
> "3f82673b5fe0411ab5fd8216bdb693c6", "roles":<br>
> > [{"name": "KeystoneServiceAdmin"}, {"name":<br>
> "KeystoneAdmin"}, {"name":<br>
> > "admin"}], "name": "admin"}, "metadata":<br>
> {"is_admin": 0, "roles":<br>
> > ["6666fa99078a4f07a070e7e858c32f02",<br>
> "36bba9ef0178448c8a654b75feb3a0f4",<br>
> > "a25581dd3470460b91ecaa29eca7205c"]}}}<br>
> ><br>
> > REQ: curl -i<br>
> ><br>
> <a href="http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7/volumes/detail" target="_blank">
http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7/volumes/detail</a><br>
> > -X GET -H "X-Auth-Project-Id: admin" -H "User-Agent:<br>
> > python-cinderclient" -H "Accept: application/json"<br>
> -H "X-Auth-Token:<br>
> > MIIMaQYJKoZIhvcNAQcCo..."<br>
> ><br>
> > RESP: [401] {'date': 'Mon, 29 Apr 2013 17:24:44<br>
> GMT', 'content-length':<br>
> > '276', 'content-type': 'text/plain;<br>
> charset=UTF-8', 'www-authenticate':<br>
> > "Keystone uri='<a href="http://172.19.136.1:35357" target="_blank">http://172.19.136.1:35357</a>'"}<br>
> > RESP BODY: 401 Unauthorized<br>
><br>
> From the above, the authentication URI that you are<br>
> supplying to<br>
> cinderclient is <a href="http://172.19.136.1:35357" target="_blank">
http://172.19.136.1:35357</a>, which is<br>
> not the same as what<br>
> is returned in the service catalog above, which has<br>
> the internalURL for<br>
> the identity endpoint as <a href="http://172.19.136.10:5000/v2.0" target="_blank">
http://172.19.136.10:5000/v2.0</a>.<br>
><br>
> Is this intended?<br>
><br>
> -jay<br>
><br>
><br>
> _______________________________________________<br>
> OpenStack-operators mailing list<br>
> <a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
</div>
</div>
> <mailto:<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a>><br>
<div>
<div>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Pavlik Juan José<br>
><br>
><br>
><br>
><br>
> --<br>
> Pavlik Juan José<br>
><br>
><br>
><br>
><br>
> --<br>
> Pavlik Juan José<br>
><br>
><br>
><br>
><br>
> --<br>
> Pavlik Juan José<br>
><br>
><br>
><br>
><br>
> --<br>
> Pavlik Juan José<br>
><br>
><br>
> _______________________________________________<br>
> OpenStack-operators mailing list<br>
> <a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
><br>
<br>
_______________________________________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Pavlik Juan José </div>
</div>
</div>
</div></div></span>
</div>
<br>_______________________________________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Pavlik Juan José
</div>