[Openstack] Enabling logging in keystone.

Dolph Mathews dolph.mathews at gmail.com
Tue Oct 2 21:19:50 UTC 2012 

No worries, that's what a second set of eyes is for!

By specifying a token and endpoint, you're bypassing the authentication
process that your curl command is performing.

You can test authentication with the keystone client using:

$ keystone --os-username=adminUser --os-password=secretword
--os-tenant-name=adminTenant
--os-authurl=http://10.0.2.15:35357/v2.0<http://10.0.2.15:35357/v2.0/tokens>
 token-get

But as Anne pointed out, you don't have a tenant named "adminTenant".
You'll also need to make sure you've granted a role to your user on the
specified tenant for authorization to succeed. You can remove the tenant
name argument from the token-get call to test authentication without
authorization (therefore without requiring anything but a valid user in
your keystone install).

-Dolph

On Tuesday, October 2, 2012, Ahmed Al-Mehdi wrote:

>  Hi Dolph,
>
> Very sorry about that.  With the correct token, calling keystone from
> the cli is working.    However, the curl command is failing.  Will this
> cause an issue down the line as I start to install glance and nova?
>
>
> #> keystone --token 012345SECRET99TOKEN012345 --endpoint
> http://10.0.2.15:35357/v2.0 tenant-list
> +----------------------------------+---------------+---------+
> |                id                |      name     | enabled |
> +----------------------------------+---------------+---------+
> | 07a44f9d55694d638f41bc160c14b42e | openstackDemo |   True  |
> | 0e4cc20586ae42329db51e0c6f807731 |    service    |   True  |
> +----------------------------------+---------------+---------+
>  #> curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":
> {"username": "adminUser", "password": "secretword"}}}' -H "Content-type:
> application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
>                                  Dload  Upload   Total   Spent    Left
> Speed
> 100   231    0   116  100   115   2771   2747 --:--:-- --:--:-- --:--:--
> 3052
> {
>     "error": {
>         "code": 401,
>         "message": "The request you have made requires authentication.",
>         "title": "Not Authorized"
>     }
> }
>
> Regards,
> Ahmed.
>
>
>  ------------------------------
>  *From:* Dolph Mathews [dolph.mathews at gmail.com <javascript:_e({},
> 'cvml', 'dolph.mathews at gmail.com');>]
> *Sent:* Tuesday, October 02, 2012 12:12 PM
> *To:* Ahmed Al-Mehdi
> *Cc:* heckj; openstack at lists.launchpad.net <javascript:_e({}, 'cvml',
> 'openstack at lists.launchpad.net');>
> *Subject:* Re: [Openstack] Enabling logging in keystone.
>
>  You're missing a "5" on the admin_token you've specified on the command
> line.
>
>  012345SECRET99TOKEN01234 (your CLI arg)
> 012345SECRET99TOKEN012345 (keystone.conf)
>
>  -Dolph
>
>
> On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi <ahmed at coraid.com> wrote:
>
> Hi Joe,
>
> I have put the conf file (renamed to ahmed_keystone.conf)  into gist.
>
> git://gist.github.com/3821846.git
>
> Please let me know if you have any issues accessing the file.
>
> Thank you very much for helping me out.  I have a feeling the issue might
> be in the python script to populate keystone. When I previously input the
> data manually, I got keystone configured properly.
>
> Regards,
> Ahmed.
>
>
> ________________________________________
> From: heckj [heckj at mac.com]
>  Sent: Tuesday, October 02, 2012 10:56 AM
>  To: Ahmed Al-Mehdi
> Cc: openstack at lists.launchpad.net
> Subject: Re: [Openstack] Enabling logging in keystone.
>
> Ahmed - can you put your keystone.conf into a paste or gist and share it
> with me? I'd be happy to help you debug this.
>
> I'm assuming you're running keystone on the system with the IP address
> 10.0.2.15, correct?
>
> -joe
>
> On Oct 2, 2012, at 10:45 AM, Ahmed Al-Mehdi <ahmed at coraid.com> wrote:
>
> > Hi Joe,
> >
> > I noticed I did not put the port number in the URL, now I am getting a
> more meaningful error:
> >
> > #> keystone --token 012345SECRET99TOKEN01234 --endpoint
> http://10.0.2.15:35357/v2.0  tenant-list
> > No handlers could be found for logger "keystoneclient.client"
> > Unable to authorize user
> >
> > Regards,
> > Ahmed.
> >
> > ________________________________________
> > From: openstack-bounces+ahmed=coraid.com at lists.launchpad.net[openstack-bounces+ahmed
> =coraid.com at lists.launchpad.net] On Behalf Of Ahmed Al-Mehdi [
> ahmed at coraid.com]
> > Sent: Tuesday, October 02, 2012 10:30 AM
> > To: heckj
> > Cc: openstack at lists.launchpad.net
> > Subject: Re: [Openstack] Enabling logging in keystone.
> >
> > Hi Joe,
> >
> > Unfortunately before I read your response I re-installed my Ubuntuserver.  I repeated the same steps mentioned in the OpenStackdocument "Deploy and Install OpenStack- RedHatUbuntu"
> and also used the script mentioned in it  (
> https://github.com/nimbis/keystone-init/blob/master/keystone-init.py) to
> populate keystone.  I reboot the server prior to running your suggested
> command and now running into a different issue, which I feel maybe due to
> not starting some service.  Btw, my host OS is Ubuntu 12.04 (32 bit)
> running inVirtualBox.
> >
> > Currently I am getting the following error:
> >
> > #> keystone --token 012345SECRET99TOKEN01234 --endpoint
> http://10.0.2.15/v2.0 tenant-lis
>
>

-- 

-Dolph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121002/57904808/attachment.html>

More information about the Openstack mailing list