No worries, that's what a second set of eyes is for!<div><br></div><div>By specifying a token and endpoint, you're bypassing the authentication process that your curl command is performing.</div><div><br></div><div>
You can test authentication with the keystone client using:</div><div><br></div><div dir="ltr">$ keystone --os-username=adminUser --os-password=secretword --os-tenant-name=adminTenant --os-authurl=<font color="#000000" style="line-height:normal;background-color:rgba(255,255,255,0)"><a href="http://10.0.2.15:35357/v2.0/tokens" target="_blank" style="line-height:normal;background-color:rgba(255,255,255,0)">http://10.0.2.15:35357/v2.0</a> token-get</font></div>
<div dir="ltr"><font><span style="line-height:normal"><br></span></font></div><div dir="ltr"><font color="#000000" style="background-color:rgba(255,255,255,0)"></font><font><span style="line-height:normal">But as Anne pointed out, you don't have a tenant named "adminTenant". You'll also need to make sure you've granted a role to your user on the specified tenant for authorization to succeed. You can remove the tenant name argument from the token-get call to test authentication without authorization (therefore without requiring anything but a valid user in your keystone install).</span></font></div>
<div dir="ltr"><font><span style="line-height:normal"><br></span></font></div><div dir="ltr"><font><span style="line-height:normal">-Dolph<span></span><br></span></font><br>On Tuesday, October 2, 2012, Ahmed Al-Mehdi wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div style="direction:ltr;font-size:x-small;font-family:Tahoma">
<div>Hi Dolph<a></a>,</div>
<div> </div>
<div>Very sorry about that. With the correct token, calling keystone from the cli<a></a> is working. However, the curl command is failing. Will this cause an issue down the line as I start to install glance and nova?</div>
<div> </div>
<div> </div>
<div>#> keystone --token 012345SECRET99TOKEN012345<a></a> --endpoint <a href="http://10.0.2.15:35357/v2.0" target="_blank">
http://10.0.2.15:35357/v2.0</a> tenant-list<br>
+----------------------------------+---------------+---------+<br>
| id | name | enabled |<br>
+----------------------------------+---------------+---------+<br>
| 07a44f9d55694d638f41bc160c14b42e<a></a> | openstackDemo<a></a> | True |<br>
| 0e4cc20586ae42329db51e0c6f807731<a></a> | service | True |<br>
+----------------------------------+---------------+---------+<br>
</div>
<div>#> curl -d '{"auth": {"tenantName<a></a>": "adminTenant<a></a>", "passwordCredentials<a></a>": {"username": "adminUser<a></a>", "password": "secretword<a></a>"}}}' -H "Content-type: application/json<a></a>"
<a href="http://10.0.2.15:35357/v2.0/tokens" target="_blank">http://10.0.2.15:35357/v2.0/tokens</a> | python -mjson.tool<a></a><br>
% Total % Received % Xferd<a></a> Average Speed Time Time<a></a> Time<a></a> Current<br>
Dload<a></a> Upload Total Spent Left Speed<br>
100 231 0 116 100 115 2771 2747 --:--:-- --:--:-- --:--:-- 3052<br>
{<br>
"error": {<br>
"code": 401,<br>
"message": "The request you have made requires authentication.",<br>
"title": "Not Authorized"<br>
}<br>
}</div>
<div> </div>
<div>Regards,</div>
<div>Ahmed.</div>
<div> </div>
<div> </div>
<div>
<hr>
</div>
<div><font color="#000000" face="Tahoma"><b>From:</b> Dolph Mathews [<a href="javascript:_e({}, 'cvml', 'dolph.mathews@gmail.com');" target="_blank">dolph.mathews@gmail.com</a><a></a>]<br>
<b>Sent:</b> Tuesday, October 02, 2012 12:12 PM<br>
<b>To:</b> Ahmed Al-Mehdi<a></a><br>
<b>Cc:</b> heckj<a></a>; <a href="javascript:_e({}, 'cvml', 'openstack@lists.launchpad.net');" target="_blank">openstack@lists.launchpad.net</a><a></a><br>
<b>Subject:</b> Re: [Openstack<a></a>] Enabling logging in keystone.<br>
</font><br>
</div>
<div></div>
<div>You're missing a "5" on the admin_token<a></a> you've specified on the command line.
<div><br>
</div>
<div><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><a></a><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">012345SECRET99TOKEN01234</span> (your CLI<a></a>
arg<a></a>)</span></div>
<div><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><a></a><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">012345SECRET99TOKEN012345</span> (</span><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">keystone.conf</span><a></a>)</span><font color="#222222" face="arial, sans-serif"><br clear="all">
</font>
<div><br>
</div>
-Dolph<a></a><br>
<br>
<br>
<div>On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi<a></a> <span dir="ltr">
<<a>ahmed@coraid.com</a><a></a>></span> wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex">
Hi Joe,<br>
<br>
I have put the conf file (renamed to ahmed_keystone.conf<a></a>) into gist.<br>
<br>
git://<a href="http://gist.github.com/3821846.git" target="_blank">gist.github.com/3821846.git</a><br>
<br>
Please let me know if you have any issues accessing the file.<br>
<br>
Thank you very much for helping me out. I have a feeling the issue might be in the python script to populate keystone. When I previously input the data manually, I got keystone configured properly.<br>
<br>
Regards,<br>
<div>Ahmed.<br>
<br>
<br>
________________________________________<br>
From: heckj<a></a> [<a>heckj@mac.com</a><a></a>]<br>
</div>
Sent: Tuesday, October 02, 2012 10:56 AM<br>
<div>
<div>To: Ahmed Al-Mehdi<a></a><br>
Cc: <a>openstack@lists.launchpad.net</a><a></a><br>
Subject: Re: [Openstack<a></a>] Enabling logging in keystone.<br>
<br>
Ahmed - can you put your keystone.conf<a></a> into a paste or gist and share it with me? I'd be happy to help you debug this.<br>
<br>
I'm assuming you're running keystone on the system with the IP address 10.0.2.15, correct?<br>
<br>
-joe<a></a><br>
<br>
On Oct 2, 2012, at 10:45 AM, Ahmed Al-Mehdi<a></a> <<a>ahmed@coraid.com</a><a></a>> wrote:<br>
<br>
> Hi Joe,<br>
><br>
> I noticed I did not put the port number in the URL, now I am getting a more meaningful error:<br>
><br>
> #> keystone --token 012345SECRET99TOKEN01234<a></a> --endpoint <a href="http://10.0.2.15:35357/v2.0" target="_blank">
http://10.0.2.15:35357/v2.0</a> tenant-list<br>
> No handlers could be found for logger "keystoneclient.client<a></a>"<br>
> Unable to authorize user<br>
><br>
> Regards,<br>
> Ahmed.<br>
><br>
> ________________________________________<br>
> From: openstack-bounces+ahmed<a></a>=<a>coraid.com@lists.launchpad.net</a><a></a> [openstack-bounces+ahmed<a></a>=<a>coraid.com@lists.launchpad.net</a><a></a>] On Behalf
Of Ahmed Al-Mehdi<a></a> [<a>ahmed@coraid.com</a><a></a>]<br>
> Sent: Tuesday, October 02, 2012 10:30 AM<br>
> To: heckj<a></a><br>
> Cc: <a>openstack@lists.launchpad.net</a><a></a><br>
> Subject: Re: [Openstack<a></a>] Enabling logging in keystone.<br>
><br>
> Hi Joe,<br>
><br>
> Unfortunately before I read your response I re-installed my Ubuntu<a></a> server. I repeated the same steps mentioned in the OpenStack<a></a> document "Deploy and Install OpenStack<a></a> - RedHat<a></a> Ubuntu<a></a>" and also used the script mentioned
in it (<a href="https://github.com/nimbis/keystone-init/blob/master/keystone-init.py" target="_blank">https://github.com/nimbis/keystone-init/blob/master/keystone-init.py</a>) to populate keystone. I reboot the server prior to running your suggested command
and now running into a different issue, which I feel maybe due to not starting some service. Btw, my host OS is Ubuntu<a></a> 12.04 (32 bit) running inVirtualBox<a></a>.<br>
><br>
> Currently I am getting the following error:<br>
><br>
> #> keystone --token 012345SECRET99TOKEN01234<a></a> --endpoint <a href="http://10.0.2.15/v2.0" target="_blank">
http://10.0.2.15/v2.0</a> tenant-lis</div></div></blockquote></div></div></div></div>
</div>
</blockquote></div><br><br>-- <br><div><br></div>-Dolph<br>