<div dir="ltr">Thanks, Adam. I see how to enable SSL in keystone. My problem's with devstack at the moment. devstack is setting up keystone to run in http mode (no ssl), but neutron is trying to connect using https. I can switch neutron to use https, but then other services set up by devstack fail to connect using http. Sigh. I'll see what's required to get neutron to use http, not https.<div>
<br></div><div>--</div><div>Noel</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Nov 19, 2013 at 1:01 PM, Adam Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div class="im">
<div>On 11/19/2013 03:31 PM, Noel
Burton-Krahn wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I've just started getting this error during
devstack's stack.sh:
<div><br>
</div>
<div> ERROR: Unauthorized (HTTP 401)<br>
</div>
<div><br>
</div>
<div>It looks like nova is sending an HTTPS request to keystone,
but keystone is expecting HTTP. Everything was working around
last Friday. Did something change recently? How can I
convince keystone to use HTTPS?</div>
</div>
</blockquote></div>
Two ways: the weak way is to enable it using the keystone-manage
ssl-setup. The cool and froody way is to run Keystone behind HTTPD.<br>
<br>
<br>
<br>
<a href="http://andymc-stack.co.uk/2013/06/apache2-mod_wsgi-openstack-pt1-keystone/" target="_blank">http://andymc-stack.co.uk/2013/06/apache2-mod_wsgi-openstack-pt1-keystone/</a><br>
<br>
<blockquote type="cite"><div class="im">
<div dir="ltr">
<div>
<div><br>
</div>
<div><br>
</div>
<div>stack@ubuntu$ . openrc admin</div>
<div>stack@ubuntu$ nova flavor-create m1.nano 42 64 0 1</div>
<div>ERROR: Unauthorized (HTTP 401)</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>
==> log/screens/screen-key.2013-11-19-193839.log <==</div>
<div>tu - - [19/Nov/2013 20:24:57] code 400, message Bad
HTTP/0.9 request type
('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x0\</div>
<div>2R\x8b\xc9\x19M\x013\x01')</div>
<div>ubuntu - - [19/Nov/2013 20:24:57]
<a href="mailto:%5EV%5EC%5E@%5C314%5E@%5E@%5C310%5ECR%5C213%5C311%5EYM3%5EK%5C227%25w.rS%5C253X%5C266%5C374%5EE%5C351%5C312%7D%5C2536" target="_blank">"^V^C^@\314^@^@\310^CR\213\311^YM3^K\227%w.rS\253X\266\374^E\351\312}\2536"</a>
400 -</div>
<div>(eventlet.wsgi.server): 2013-11-19 20:24:57,656 INFO log
write (17168) accepted ('192.168.122.251', 50630)</div>
<div><br>
</div>
</div>
<div>
<div><br>
</div>
</div>
<div>
<div>
<div>==> log/screens/screen-n-api.2013-11-19-193839.log
<==</div>
</div>
</div>
<div>2013-11-19 20:24:57.144 DEBUG
keystoneclient.middleware.auth_token [-] Authenticating user
token from (pid=28433) __cal\<br>
</div>
<div>
<div>l__
/opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:558</div>
<div>2013-11-19 20:24:57.144 DEBUG
keystoneclient.middleware.auth_token [-] Removing headers
from request environment: X-Ide\</div>
<div>ntity-Status,X-Domain-Id,X-Domain-Name,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-User-Id,\</div>
<div>X-User-Name,X-User-Domain-Id,X-User-Domain-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant-Id,X-Tenant-Name,X-Tenant,X-R\</div>
<div>ole from (pid=28433) _remove_auth_headers
/opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:617</div>
<div>2013-11-19 20:24:57.144 INFO
requests.packages.urllib3.connectionpool [-] Starting new
HTTPS connection (1): 192.168.12\</div>
<div>2.251</div>
<div>2013-11-19 20:24:57.152 WARNING
keystoneclient.middleware.auth_token [-] Retrying on HTTP
connection exception: [Errno \</div>
<div>1] _ssl.c:504: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol</div>
</div>
<div><br>
</div>
<div>
<div>==> log/screens/screen-key.2013-11-19-193839.log
<==</div>
<div>ubuntu - - [19/Nov/2013 20:24:57] code 400, message Bad
HTTP/0.9 request type
('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x0\</div>
<div>2R\x8b\xc9\x19M\x013\x01')</div>
<div>ubuntu - - [19/Nov/2013 20:24:57]
<a href="mailto:%5EV%5EC%5E@%5C314%5E@%5E@%5C310%5ECR%5C213%5C311%5EYM3%5EK%5C227%25w.rS%5C253X%5C266%5C374%5EE%5C351%5C312%7D%5C2536" target="_blank">"^V^C^@\314^@^@\310^CR\213\311^YM3^K\227%w.rS\253X\266\374^E\351\312}\2536"</a>
400 -</div>
<div>(eventlet.wsgi.server): 2013-11-19 20:24:57,656 INFO log
write (17168) accepted ('192.168.122.251', 50630)</div>
<div><br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div><pre>_______________________________________________
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>