<html><body>
<p><font size="2" face="sans-serif">Hi Bruno,</font><br>
<br>
<font size="2" face="sans-serif">Please follow this link: <a href="http://docs.openstack.org/developer/ceilometer/configuration.html#keystone-middleware-authentication">http://docs.openstack.org/developer/ceilometer/configuration.html#keystone-middleware-authentication</a></font><br>
<br>
<font size="2" face="sans-serif">Generally, you just need add some entries in ceilometer.conf like this:</font><br>
<font size="2" face="sans-serif">[keystone_authtoken]</font><br>
<font size="2" face="sans-serif">signing_dir = /var/cache/ceilometer</font><br>
<font size="2" face="sans-serif">admin_tenant_name = service</font><br>
<font size="2" face="sans-serif">admin_password = passw0rd</font><br>
<font size="2" face="sans-serif">admin_user = ceilometer</font><br>
<font size="2" face="sans-serif">auth_protocol = http</font><br>
<br>
<font size="2" face="sans-serif">Thanks & Best regards,<br>
Fei Long Wang (Íõ·ÉÁú)<br>
--------------------------------------------------<br>
Scrum Master, Cloud Solutions and OpenStack Development<br>
Tel: 8610-82450513 | T/L: 905-0513 <br>
Email: flwang@cn.ibm.com<br>
China Systems & Technology Laboratory in Beijing<br>
--------------------------------------------------<br>
</font><br>
<br>
<img width="16" height="16" src="cid:1__=C7BBF1EADFBEC0958f9e8a93df938@cn.ibm.com" border="0" alt="Inactive hide details for Bruno Oliveira ---05/27/2013 10:14:48 PM---Hello stackers, I'm having a really hard time setting up c"><font size="2" color="#424282" face="sans-serif">Bruno Oliveira ---05/27/2013 10:14:48 PM---Hello stackers, I'm having a really hard time setting up ceilometer-api so I thought</font><br>
<br>
<font size="1" color="#5F5F5F" face="sans-serif">From: </font><font size="1" face="sans-serif">Bruno Oliveira <brunnop.oliveira@gmail.com></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">To: </font><font size="1" face="sans-serif">OpenStack <openstack@lists.launchpad.net>, </font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Date: </font><font size="1" face="sans-serif">05/27/2013 10:14 PM</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Subject: </font><font size="1" face="sans-serif">[Openstack] [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Sent by: </font><font size="1" face="sans-serif">"Openstack" <openstack-bounces+flwang=cn.ibm.com@lists.launchpad.net></font><br>
<hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br>
<br>
<br>
<tt><font size="2">Hello stackers,<br>
<br>
I'm having a really hard time setting up ceilometer-api so I thought<br>
if I could ask you guys for some enlightment.<br>
<br>
I can clearly see data being pulled in the screens that are running<br>
/ceilometer-collector, ./ceilometer-agent-compute ,./ceilometer-agent-central<br>
<br>
Even the screen running ceilometer-api-server starts with no problem.<br>
<br>
But I cannot reach the api at all via curl. Neither by using its<br>
actual port (8777)<br>
nor using the port set in the virtual host of apache. All I'm getting<br>
is auth error<br>
<br>
$ curl </font></tt><tt><font size="2"><a href="http://127.0.0.1:8777">http://127.0.0.1:8777</a></font></tt><tt><font size="2"> OR $ curl </font></tt><tt><font size="2"><a href="http://127.0.0.1:9090">http://127.0.0.1:9090</a></font></tt><tt><font size="2"><br>
=============================================<br>
<html><br>
<head><br>
<title>401 Unauthorized</title><br>
</head><br>
<body><br>
<h1>401 Unauthorized</h1><br>
This server could not verify that you are authorized to access the<br>
document you requested. Either you supplied the wrong credentials<br>
(e.g., bad password), or your browser does not understand how to<br>
supply the credentials required.<br /><br /><br>
Authentication required<br>
=============================================<br>
<br>
<br>
On top of that, the only thing I had to do in a non-standard basis, was to<br>
setup ceilometer virtual host to answer request on port 9090 of apache<br>
instead of the default 80 (since horizon is bind to it).<br>
<br>
<br>
Here's a copy of my running ceilometer.conf<br>
=====================================<br>
/etc/ceilometer/ceilometer.conf<br>
=====================================<br>
[DEFAULT]<br>
os_username=ceilometer<br>
os_password=MYSECRET<br>
os_tenant_name=admin<br>
os_auth_url=http://localhost:5000/v2.0<br>
signing_dirname = /tmp/keystone-signing-ceilometer<br>
metering_api_port=8777<br>
auth_strategy=keystone<br>
nova_control_exchange=nova<br>
hypervisor_inspector=libvirt<br>
libvirt_type=kvm<br>
glance_control_exchange=glance<br>
quantum_control_exchange=quantum<br>
debug=true<br>
verbose=true<br>
(...)<br>
*logging writing parameters here*<br>
(...)<br>
log_dir=/var/log/ceilometer<br>
rpc_backend=ceilometer.openstack.common.rpc.impl_kombu<br>
rabbit_host=localhost<br>
rabbit_port=5672<br>
rabbit_userid=guest<br>
rabbit_password=ficrowstran02<br>
rabbit_retry_backoff=2<br>
rabbit_max_retries=0<br>
database_connection=mongodb://localhost:27017/ceilometer<br>
sql_connection_debug=0<br>
cinder_control_exchange=cinder<br>
enable_v1_api=true<br>
<br>
[rpc_notifier2]<br>
<br>
[matchmaker_redis]<br>
<br>
[publisher_meter]<br>
metering_secret=METERING_SECRET<br>
<br>
[keystone_authtoken]<br>
auth_host = localhost<br>
auth_port = 5000<br>
admin_user = ceilometer<br>
admin_password = MYSECRET<br>
admin_tenant_name = admin<br>
auth_uri = </font></tt><tt><font size="2"><a href="http://localhost:5000/v2.0/">http://localhost:5000/v2.0/</a></font></tt><tt><font size="2"><br>
=====================================<br>
<br>
<br>
The "ceilometer" user pointed at "admin_user" under the<br>
"[keystone_authtoken]" section, as well as in "os_username" under the<br>
"[DEFAULT]" section,<br>
was created in keystone and it'sbind to the admin tenant.<br>
<br>
<br>
$ keystone tenant-get admin<br>
+-------------+----------------------------------+<br>
| Property | Value |<br>
+-------------+----------------------------------+<br>
| description | |<br>
| enabled | True |<br>
| id | 670f5dd4070d44b6a8308277a236d1af |<br>
| name | admin |<br>
+-------------+----------------------------------+<br>
<br>
$ keystone user-get ceilometer<br>
+----------+----------------------------------+<br>
| Property | Value |<br>
+----------+----------------------------------+<br>
| email | ceilometer@example.com |<br>
| enabled | True |<br>
| id | a98ec068f5f349439acef431e826d7ff |<br>
| name | ceilometer |<br>
| tenantId | 670f5dd4070d44b6a8308277a236d1af |<br>
+----------+----------------------------------+<br>
<br>
<br>
Finally, here's the ceilometer site running on apache. the user<br>
and group 'stackadmin' are valid users indeed in the machine<br>
<br>
$ id stackadmin<br>
<br>
uid=1000(stackadmin) gid=1000(stackadmin)<br>
groups=1000(stackadmin),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(libvirtd),113(lpadmin),114(sambashare<br>
<br>
<br>
=====================================<br>
/etc/apache2/sites-available/ceilometer<br>
=====================================<br>
<VirtualHost *:9090><br>
WSGIDaemonProcess ceilometer user=stackadmin group=stackadmin threads=5<br>
WSGIScriptAlias / /opt/stack/ceilometer/ceilometer/api/app.wsgi<br>
SetEnv APACHE_RUN_USER stackadmin<br>
SetEnv APACHE_RUN_GROUP stackadmin<br>
WSGIProcessGroup ceilometer<br>
ErrorLog /var/log/apache2/ceilometer_error.log<br>
LogLevel warn<br>
CustomLog /var/log/apache2/ceilometer_access.log combined<br>
</VirtualHost><br>
=====================================<br>
<br>
<br>
Despite of everything, I keep getting that "401 Unauthorized"<br>
auth error.<br>
<br>
Do you guys have any suggestions of what I can try to fix it ?<br>
<br>
Thank you all.<br>
<br>
--<br>
<br>
Bruno de Oliveira<br>
Developer, System Analyst<br>
<br>
_______________________________________________<br>
Mailing list: </font></tt><tt><font size="2"><a href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a></font></tt><tt><font size="2"><br>
Post to : openstack@lists.launchpad.net<br>
Unsubscribe : </font></tt><tt><font size="2"><a href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a></font></tt><tt><font size="2"><br>
More help : </font></tt><tt><font size="2"><a href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a></font></tt><tt><font size="2"><br>
<br>
</font></tt><br>
</body></html>