<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">ok, nailed it. My bad.<br>
<br>
I had misconfigured the quantum_admin_password key in the
nova.conf file of the controller.<br>
<br>
thanks all.<br>
<br>
(this made me search for a week...)<br>
<br>
<br>
<br>
<br>
Le 28/04/2013 19:45, Michaël Van de Borne a écrit :<br>
</div>
<blockquote cite="mid:517D6021.5050506@cetic.be" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">I think I'm getting closer here.
Whenever a VM requests metadata, the quantum-metadata-agent
tries to authenticate to keystone.<br>
correct credentials for my config are<br>
admin_tenant_name = service<br>
admin_user = quantum<br>
admin_password = grizzly<br>
<br>
<br>
<b>BUT</b><br>
in the keystone log, I can see this<br>
<br>
2013-04-28 19:36:33 DEBUG [keystone.common.wsgi]
******************** REQUEST BODY ********************<br>
2013-04-28 19:36:33 DEBUG [keystone.common.wsgi] {"auth":
{"tenantName": "service", "passwordCredentials": {"username":
"quantum", "password": "<b>password</b>"}}}<br>
2013-04-28 19:36:33 DEBUG [keystone.common.wsgi] <br>
2013-04-28 19:36:33 DEBUG [keystone.common.wsgi] arg_dict: {}<br>
2013-04-28 19:36:33 WARNING [keystone.common.wsgi]
Authorization failed. Invalid user / password from
192.168.203.103<br>
<br>
<br>
Means that whatever the password I configured in
/etc/quantum/metadata_agent.ini, the one that is sent to
keystone is "password".<br>
<br>
How can it be? is it a bug? has it been stored persistently in
the DB? and how can I change that?<br>
<br>
thanks,<br>
<br>
m.<br>
<br>
<br>
<pre class="moz-signature" cols="72">Michaël Van de Borne
R&D Engineer, SOA team, CETIC
Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.cetic.be">www.cetic.be</a>, rue des Frères Wright, 29/3, B-6041 Charleroi
</pre>
Le 28/04/2013 10:35, Michaël Van de Borne a écrit :<br>
</div>
<blockquote cite="mid:517CDF5F.5020607@cetic.be" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix"> Hi,<br>
<br>
1. yes.<br>
2. yes. Moreover, I have to kill it manually and delete the
pid file and then restart l3-agent, cause otherwise it stays
alive. No error in its log file.<br>
3. yes. Here are the corresponding keys for this shared
secret:<br>
<br>
# on the controller node<br>
root@leonard:~# cat /etc/nova/nova.conf | grep secret<br>
quantum_metadata_proxy_shared_secret=grizzly<br>
# on the network node<br>
root@rajesh:/var/log/quantum# cat
/etc/quantum/metadata_agent.ini | grep secret<br>
metadata_proxy_shared_secret=grizzly<br>
<br>
By the way, I tried to mismatch the secret, and I got an error
saying that the secrets did not match. So I guess the error
(unauthorized) I'm getting isn't related to the secret.<br>
<br>
any other idea?<br>
<br>
thanks<br>
<br>
<br>
<br>
Le 28/04/2013 07:28, Gary Kotton a écrit :<br>
</div>
<blockquote cite="mid:517CB38B.40306@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
On 04/27/2013 12:44 PM, Michaël Van de Borne wrote:
<blockquote cite="mid:517B9DF2.5050204@cetic.be" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Anybody has an idea about why
the nova metadata server rejects the VM requests?<br>
</div>
</blockquote>
<br>
Hi,<br>
Just a few questions:-<br>
1. Can you please check /etc/quantum/metadata_agent.ini to see
that you have the correct quantum keystone credential
configured?<br>
</blockquote>
<blockquote cite="mid:517CB38B.40306@redhat.com" type="cite"> 2.
Can you please make sure that you are running the quantum
metadata proxy.<br>
</blockquote>
<blockquote cite="mid:517CB38B.40306@redhat.com" type="cite"> 3.
In nova.conf can you please see that
"service_quantum_metadata_proxy = True" is set.<br>
</blockquote>
Thanks<br>
<blockquote cite="mid:517CB38B.40306@redhat.com" type="cite">
Gary<br>
<br>
<blockquote cite="mid:517B9DF2.5050204@cetic.be" type="cite">
<div class="moz-cite-prefix"> <br>
<br>
<br>
Le 26/04/2013 15:58, Michaël Van de Borne a écrit :<br>
</div>
<blockquote cite="mid:517A8818.2080404@cetic.be" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Hi there,<br>
<br>
I've installed Grizzly on 3 servers:<br>
compute (howard)<br>
controller (leonard)<br>
network (rajesh)).<br>
<br>
Namespaces are ON<br>
Overlapping IPs are ON<br>
<br>
When booting, my VMs can reach the metadata server (on the
controller node), but it responds a "500 Internal Server
Error"<br>
<br>
<b>Here is the error from the log of nova-api:</b><br>
2013-04-26 15:35:28.149 19902 INFO
nova.metadata.wsgi.server [-] (19902) accepted
('192.168.202.105', 54871)<br>
<br>
2013-04-26 15:35:28.346 ERROR nova.network.quantumv2
[req-52ffc3ae-a15e-4bf4-813c-6596618eb430 None None]
_get_auth_token() failed<br>
2013-04-26 15:35:28.346 19902 TRACE nova.network.quantumv2
Traceback (most recent call last):<br>
2013-04-26 15:35:28.346 19902 TRACE
nova.network.quantumv2 File
"/usr/lib/python2.7/dist-packages/nova/network/quantumv2/__init__.py",
line 40, in _get_auth_token<br>
2013-04-26 15:35:28.346 19902 TRACE
nova.network.quantumv2 httpclient.authenticate()<br>
2013-04-26 15:35:28.346 19902 TRACE
nova.network.quantumv2 File
"/usr/lib/python2.7/dist-packages/quantumclient/client.py",
line 193, in authenticate<br>
2013-04-26 15:35:28.346 19902 TRACE
nova.network.quantumv2
content_type="application/json")<br>
2013-04-26 15:35:28.346 19902 TRACE
nova.network.quantumv2 File
"/usr/lib/python2.7/dist-packages/quantumclient/client.py",
line 131, in _cs_request<br>
2013-04-26 15:35:28.346 19902 TRACE
nova.network.quantumv2 raise
exceptions.Unauthorized(message=body)<br>
2013-04-26 15:35:28.346 19902 TRACE nova.network.quantumv2
Unauthorized: {"error": {"message": "The request you have
made requires authentication.", "code": 401, "title": "Not
Authorized"}}<br>
2013-04-26 15:35:28.346 19902 TRACE nova.network.quantumv2
<br>
2013-04-26 15:35:28.347 ERROR nova.api.metadata.handler
[req-52ffc3ae-a15e-4bf4-813c-6596618eb430 None None]
Failed to get metadata for instance id:
05141f81-04cc-4493-86da-d2c05fd8a2f9<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler Traceback (most recent call
last):<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/api/metadata/handler.py",
line 179, in _handle_instance_id_request<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler remote_address)<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/api/metadata/handler.py",
line 90, in get_metadata_by_instance_id<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler instance_id, address)<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/api/metadata/base.py",
line 417, in get_metadata_by_instance_id<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler return
InstanceMetadata(instance, address)<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/api/metadata/base.py",
line 143, in __init__<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler conductor_api=capi)<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/network/quantumv2/api.py",
line 359, in get_instance_nw_info<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler result =
self._get_instance_nw_info(context, instance, networks)<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/network/quantumv2/api.py",
line 367, in _get_instance_nw_info<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler nw_info =
self._build_network_info_model(context, instance,
networks)<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/network/quantumv2/api.py",
line 777, in _build_network_info_model<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler client =
quantumv2.get_client(context, admin=True)<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/network/quantumv2/__init__.py",
line 67, in get_client<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler return
_get_client(token=token)<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/network/quantumv2/__init__.py",
line 49, in _get_client<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler token = _get_auth_token()<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/network/quantumv2/__init__.py",
line 43, in _get_auth_token<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler
LOG.exception(_("_get_auth_token() failed"))<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/contextlib.py", line 24, in __exit__<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler self.gen.next()<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/nova/network/quantumv2/__init__.py",
line 40, in _get_auth_token<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler httpclient.authenticate()<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/quantumclient/client.py",
line 193, in authenticate<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler
content_type="application/json")<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler File
"/usr/lib/python2.7/dist-packages/quantumclient/client.py",
line 131, in _cs_request<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler raise
exceptions.Unauthorized(message=body)<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler Unauthorized: {"error":
{"message": "The request you have made requires
authentication.", "code": 401, "title": "Not Authorized"}}<br>
2013-04-26 15:35:28.347 19902 TRACE
nova.api.metadata.handler <br>
2013-04-26 15:35:28.349 19902 INFO nova.api.ec2 [-]
0.198106s 192.168.202.105 GET
/2009-04-04/meta-data/instance-id None:None 500
[Python-httplib2/0.7.2 (gzip)] text/plain text/plain<br>
2013-04-26 15:35:28.349 19902 INFO
nova.metadata.wsgi.server [-] 10.0.0.4,192.168.202.105
"GET /2009-04-04/meta-data/instance-id HTTP/1.1" status:
500 len: 229 time: 0.1988521<br>
<br>
<br>
<b>On the network node, here is the config file for
metadata agent:</b><br>
root@rajesh:/var/log/quantum# cat
/etc/quantum/metadata_agent.ini <br>
[DEFAULT]<br>
debug = True<br>
auth_url = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://192.168.203.103:35357/v2.0">http://192.168.203.103:35357/v2.0</a><br>
auth_region = RegionOne<br>
admin_tenant_name = service<br>
admin_user = quantum<br>
admin_password = grizzly<br>
nova_metadata_ip = 192.168.202.103<br>
nova_metadata_port = 8775<br>
metadata_proxy_shared_secret = grizzly<br>
<br>
<br>
<b>Here are the metadata keys from the nova.conf of the
controller node:</b><br>
service_quantum_metadata_proxy=true<br>
quantum_metadata_proxy_shared_secret=grizzly<br>
<br>
<br>
<b>I tried to curl the controller node like this:</b><br>
root@leonard:~# curl -H "x-instance-id:
05141f81-04cc-4493-86da-d2c05fd8a2f9" -H
"x-instance-id-signature:
1de544a5fc4c1b8d5fb37441bf4c1360ab63336b58dfb3f4b78d290c5268b4e5"
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://192.168.202.103:8775/2009-04-04/meta-data/instance-id">http://192.168.202.103:8775/2009-04-04/meta-data/instance-id</a><br>
<html><br>
<head><br>
<title>500 Internal Server Error</title><br>
</head><br>
<body><br>
<h1>500 Internal Server Error</h1><br>
An unknown error has occurred. Please try your request
again.<br /><br /><br>
<br>
<br>
<br>
<b>I should add that the quantum-ns-proxy log file on the
network node remains empty.</b><br>
<br>
<br>
<br>
<b>Here is the metadata </b><b>agent log:</b><br>
2013-04-26 15:37:16 WARNING
[quantum.agent.metadata.agent] Remote metadata server
experienced an internal server error.<br>
<br>
<br>
any clue why the request to metadata server cannot be
authorized?<br>
<br>
<br>
thanks,<br>
<br>
yours,<br>
<br>
mike<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Michaël Van de Borne
R&D Engineer, SOA team, CETIC
Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.cetic.be">www.cetic.be</a>, rue des Frères Wright, 29/3, B-6041 Charleroi
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
Post to : <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
More help : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
Post to : <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
More help : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
Post to : <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
More help : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
Post to : <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a>
More help : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
More help : <a class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
</body>
</html>