<div dir="ltr">Hello,<br><br><br><div>I'm working on a multi-node setup of openstack Icehouse using centos7.</div><div>I have : </div><div> - one controllor node with all server services thing stuff</div><div>
- one network node with openvswitch agent, l3-agent, dhcp-agent</div><div> - two compute node with nova-compute and neutron-openvswitch</div><div> - one storage nfs node</div><div><br><div>My network is configured to use vxlan. I can create VM,
tenant-network, external-network, routeur, assign floating-ip to VM,
push ssh-key into VM, create volume from glance image, etc... Evrything
is conected and reacheable. Pretty cool :) </div>
<div><br></div><div>But when i try to migrate VM things go wrong ... I
have configured nova, libvirtd and qemu to use migration through
libvirt-tcp.</div><div>I have create and exchanged ssh-key for nova user on all node. I have verified userid and groupid of nova.<br><br> Well i have enable debug = True in keystone.conf <br><br>And after a nova migrate <VM>, when i nova show <VM> :<br>
==============================================================================<br>|
fault | {"message": "Remote error:
Unauthorized {\"error\": {\"message\": \"User
0b45ccc267e04b59911e88381bb450c0 is unauthorized for tenant services\",
\"code\": 401, \"title\": \"Unauthorized\"}} |<br>
==============================================================================<br><br>So well User with id 0b45ccc267e04b59911e88381bb450c0 is neutron :<br>==============================================================================<br>
keystone user-list<br> | 0b45ccc267e04b59911e88381bb450c0 | neutron | True | |<br>==============================================================================<br><br>And the role seems good :<br>==============================================================================<br>
keystone user-role-add --user=neutron --tenant=services --role=admin<br>
Conflict occurred attempting to store role grant. User
0b45ccc267e04b59911e88381bb450c0 already has role
734c2fb6fb444792b5ede1fa1e17fb7e in tenant
dea82f7937064b6da1c370280d8bfdad (HTTP 409)<br>
<br><br>keystone user-role-list --user neutron --tenant services<br>+----------------------------------+-------+----------------------------------+----------------------------------+<br>| id | name | user_id | tenant_id |<br>
+----------------------------------+-------+----------------------------------+----------------------------------+<br>| 734c2fb6fb444792b5ede1fa1e17fb7e | admin | 0b45ccc267e04b59911e88381bb450c0 | dea82f7937064b6da1c370280d8bfdad |<br>
+----------------------------------+-------+----------------------------------+----------------------------------+<br><br>keystone tenant-list<br>+----------------------------------+----------+---------+<br>| id | name | enabled |<br>
+----------------------------------+----------+---------+<br>| e250f7573010415da6f191e0b53faae5 | admin | True |<br>| fa30c6bdd56e45dea48dfbe9c3ee8782 | exploit | True |<br>| dea82f7937064b6da1c370280d8bfdad | services | True |<br>
+----------------------------------+----------+---------+<br>==============================================================================<br></div><br><br></div><div>Can you help me to resolve this plz ? Point me to any direction plz ?<br>
Do you need all my configuration files ? <br><br><br></div><div>Thank you in advance !<br><br>Regards,<br></div><div><br>--<br>Benoit<br>
</div></div>