<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi Doug<div><br></div><div>I send authentications from the admin user. In order for me to explain you better the issue i will paste here the phases that i am trying to do:</div><div><br></div><div>I use curl and send the admin user/password and ask for a token:</div><div><br></div><div>curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "admin_pass"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens</div><div><br></div><div>It returns this</div><div><br></div><div>{"access": {"token": {"issued_at": "2013-06-06T14:11:26.005501", "expires": "2013-06-07T14:11:26Z", "id": "MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE="}, "serviceCatalog": [], "user": {"username": "admin", "roles_links": [], "id": "0b14e1644ffa4336967087458cd85c56", "roles": [], "name": "admin"}, "metadata": {"is_admin": 0, "roles": []}}}</div><div><br></div><div>Then, i use curl again with the token that i just received with the following command</div><div><br></div><div><br><div><span style="font-family: Verdana, Arial, Helvetica; font-size: 10pt;">curl -k -D -H "X-Auth-Token: </span><span style="font-size: 12pt;">MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE=</span><span style="font-family: Verdana, Arial, Helvetica; font-size: 10pt;">" -X 'GET' -v </span><a href="http://localhost:8777/v2/meters" rel="nofollow" target="_blank" style="color: rgb(85, 26, 139); font-family: Verdana, Arial, Helvetica; font-size: small;">http://localhost:8777/v2/meters</a></div><div><br></div><div>The return value is this</div><div><br></div><div><div><i>* getaddrinfo(3) failed for X-Auth-Token:80</i></div><div><i>* Couldn't resolve host 'X-Auth-Token'</i></div><div><i>* Closing connection 0</i></div><div><i>curl: (6) Couldn't resolve host 'X-Auth-Token'</i></div><div><i>* About to connect() to localhost port 8777 (#1)</i></div><div><i>* Trying 127.0.0.1...</i></div><div><i>* Connected to localhost (127.0.0.1) port 8777 (#1)</i></div><div><i>> GET /v2/meters HTTP/1.1</i></div><div><i>> User-Agent: curl/7.29.0</i></div><div><i>> Host: localhost:8777</i></div><div><i>> Accept: */*</i></div><div><i>></i></div><div><i>* HTTP 1.0, assume close after body</i></div><div><i>< HTTP/1.0 401 Unauthorized</i></div><div><i>< Date: Thu, 06 Jun 2013 14:14:06 GMT</i></div><div><i>< Server: WSGIServer/0.1 Python/2.7.4</i></div><div><i>< WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'</i></div><div><i>< Content-Length: 381</i></div><div><i>< Content-Type: text/html; charset=UTF-8</i></div><div><i><</i></div><div><i><html></i></div><div><i> <head></i></div><div><i> <title>401 Unauthorized</title></i></div><div><i> </head></i></div><div><i> <body></i></div><div><i> <h1>401 Unauthorized</h1></i></div><div><i> This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br /></i></div><div><i>Authentication required</i></div><div><i><br></i></div><div><i><br></i></div><div><i> </body></i></div><div><i>* Closing connection 1</i></div></div><div><br></div><div>No data is returned in any case.</div><div><br></div><div>I manually installed 3 node openStack and <span style="font-size: 12pt;">ceilometer</span><span style="font-size: 12pt;"> </span><span style="font-size: 12pt;">, so i am not using devStack. </span></div><div><span style="font-size: 12pt;"><br></span></div><div><font size="3">Even when i try to send </font>manually<font size="3"> credentials of the admin user:</font></div><div><span style="font-size: 12pt;"><br></span></div><div><i>ceilometer --os-username admin --os-password password --os-tenant-name admin --os-auth-url http://localhost:5000/v2.0 resource-list</i></div><div><br></div><div>the result is this:</div><div><br></div><div><div><i>No handlers could be found for logger "ceilometerclient.common.http"</i></div><div><i>Invalid OpenStack Identity credentials.</i></div></div><div><br></div><div>Is there any possibility that keystone is not validating all the Tokens?</div><div><br></div><div><br></div><div>Claudio Marques</div><div><br><br><div><hr id="stopSpelling">Date: Thu, 6 Jun 2013 09:42:38 -0400<br>From: doug.hellmann@dreamhost.com<br>To: claudio@onesource.pt<br>CC: openstack@lists.launchpad.net<br>Subject: Re: [Openstack] Ceilometer-api Auth Error<br><br><div dir="ltr"><br><div class="ecxgmail_extra"><br><br><div class="ecxgmail_quote">On Thu, Jun 6, 2013 at 7:22 AM, Claudio Marques <span dir="ltr"><<a href="mailto:claudio@onesource.pt" target="_blank">claudio@onesource.pt</a>></span> wrote:<br>
<blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;"><div dir="ltr">Hi Stackers<div><br></div><div><br></div><div>Hi have a problem with ceilometer-api. I want access it via curl or http and every time i try to do it i simple get the same errors. </div>
<div><br></div><div>This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br>
</div><div><br></div><div>My ceilometer.conf file is like this:</div><div><br></div><div><div>[DEFAULT]</div><div>os_username=admin</div><div>os_password=admin_pass</div><div>os_tenant_name=admin</div><div>
os_auth_url=<a href="http://10.0.1.167:5000/v2.0/" target="_blank">http://10.0.1.167:5000/v2.0/</a></div><div>signing_dirname = /tmp/keystone-signing-ceilometer</div><div>metering_api_port=8777</div><div>auth_strategy=keystone</div>
<div>
nova_control_exchange=nova</div><div>hypervisor_inspector=libvirt</div><div>libvirt_type=qemu</div><div>glance_control_exchange=glance</div><div>quantum_control_exchange=quantum</div><div>debug=true</div><div>verbose=true</div>
<div><br></div><div>log_dir=/var/log/ceilometer</div><div>rpc_backend=ceilometer.openstack.common.rpc.impl_kombu</div><div>rabbit_host=localhost</div><div>rabbit_port=5672</div><div>rabbit_userid=guest</div><div>rabbit_password=guest</div>
<div>rabbit_retry_backoff=2</div><div>rabbit_max_retries=0</div><div>rabbit_use_ssl=False</div><div><br></div><div>database_connection=mongodb://<a href="http://10.0.1.25:27017/ceilometer" target="_blank">10.0.1.25:27017/ceilometer</a></div>
<div>sql_connection_debug=0</div><div>cinder_control_exchange=cinder</div><div>enable_v1_api=true</div><div><br></div><div>[keystone_authtoken]</div><div><br></div><div>auth_host = localhost</div><div>auth_port = 5000</div>
<div>admin_user = admin</div><div>admin_password = admin_pass</div><div>admin_tenant_name = admin</div><div>auth_uri = <a href="http://10.0.1.167:5000/v2.0/" target="_blank">http://10.0.1.167:5000/v2.0/</a></div><div><br>
</div></div><div>
What auth chould i pass in order to get metrics form ceilometer?</div></div></blockquote><div><br></div><div>The ceilometer API uses keystone authentication, just like the other OpenStack services. If you pass credentials for a regular user, you can see data about the tenant/project you're authenticating with. If you pass credentials for an admin user, you can see all data.</div>
<div><br></div><div>Doug</div><div> </div><blockquote class="ecxgmail_quote" style="border-left:1px #ccc solid;padding-left:1ex;"><div dir="ltr"><div><br></div><div>Thank's for any reply</div>
<div><br><div><div><div dir="ltr"><div><br></div></div></div>
<div dir="ltr"><br></div></div></div></div>
<br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div></div>
<br>_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp</div></div></div> </div></body>
</html>