<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi,<div class="">do you have other services or only heat configured?! </div><div class="">Did you check if keystone store token properly? I had the same problem when my memcache token backend didn’t work.</div><div class=""><br class=""></div><div class="">If not, it seems all correct. Did you follow openstack install official guide?</div><div class=""><br class=""></div><div class="">Davide</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 02 Feb 2017, at 10:19, NareshA kumar <<a href="mailto:nka@criterionnetworks.com" class="">nka@criterionnetworks.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Dear Davide,<div class="">Below are the steps I have followed to configure heat in kilo. Please let me know if I am missing something here.</div><div class=""><br class=""></div><div class="">mysql -u root -p</div><div class=""><br class=""></div><div class="">CREATE DATABASE heat;</div><div class=""><br class=""></div><div class="">GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \</div><div class="">  IDENTIFIED BY 'heat';</div><div class="">GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \</div><div class="">  IDENTIFIED BY 'heat';</div><div class=""><br class=""></div><div class="">export OS_TENANT_NAME='openstack'</div><div class="">export OS_USERNAME='admin'</div><div class="">export OS_PASSWORD='Chang3M3'</div><div class="">export OS_AUTH_URL='<a href="https://identity.cncloud.com:5000/v2.0" class="">https://identity.cncloud.com:5000/v2.0</a>'</div><div class="">export OS_AUTH_STRATEGY='keystone'</div><div class="">export OS_REGION_NAME='RegionOne'</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">keystone user-create --name heat --pass heat</div><div class="">keystone user-role-add --user heat --role admin --tenant services</div><div class="">keystone service-create --name heat --description "Orchestration" --type orchestration</div><div class="">keystone service-create --name heat-cfn --description "Orchestration" --type cloudformation</div><div class="">keystone endpoint-create --service heat --publicurl "<a href="http://54.174.88.227:8004/v1/%(tenant_id)s" class=""><font color="red" class=""><b class="">MailScanner warning: numerical links are often malicious:</b></font> http://54.174.88.227:8004/v1/%(tenant_id)s</a>" --adminurl "<a href="http://54.174.88.227:8004/v1/%(tenant_id)s" class=""><font color="red" class=""><b class="">MailScanner warning: numerical links are often malicious:</b></font> http://54.174.88.227:8004/v1/%(tenant_id)s</a>" --internalurl "<a href="http://54.174.88.227:8004/v1/%(tenant_id)s" class=""><font color="red" class=""><b class="">MailScanner warning: numerical links are often malicious:</b></font> http://54.174.88.227:8004/v1/%(tenant_id)s</a>"</div><div class="">keystone endpoint-create --service heat-cfn --publicurl "<a href="http://54.174.88.227:8000/v1/%(tenant_id)s" class=""><font color="red" class=""><b class="">MailScanner warning: numerical links are often malicious:</b></font> http://54.174.88.227:8000/v1/%(tenant_id)s</a>" --adminurl "<a href="http://54.174.88.227:8000/v1/%(tenant_id)s" class=""><font color="red" class=""><b class="">MailScanner warning: numerical links are often malicious:</b></font> http://54.174.88.227:8000/v1/%(tenant_id)s</a>" --internalurl "<a href="http://54.174.88.227:8000/v1/%(tenant_id)s" class=""><font color="red" class=""><b class="">MailScanner warning: numerical links are often malicious:</b></font> http://54.174.88.227:8000/v1/%(tenant_id)s</a>"</div><div class="">keystone role-create --name heat_stack_owner</div><div class="">keystone user-role-add --user admin --tenant openstack --role heat_stack_owner</div><div class="">keystone role-create --name heat_stack_user</div><div class=""><br class=""></div><div class="">heat-keystone-setup-domain \</div><div class="">–stack-user-domain-name heat_user_domain \</div><div class="">–stack-domain-admin heat_domain_admin \</div><div class="">–stack-domain-admin-password $HeatPass | tee heat-keystone-setup-domain.out</div><div class=""><br class=""></div><div class="">heact.conf:</div><div class="">[DEFAULT]</div><div class="">debug = true</div><div class="">verbose = true</div><div class="">rpc_backend = zmq</div><div class="">heat_metadata_server_url = <a href="http://54.174.88.227:8000/" class=""><font color="red" class=""><b class="">MailScanner warning: numerical links are often malicious:</b></font> http://54.174.88.227:8000</a></div><div class="">heat_waitcondition_server_url = <a href="http://54.174.88.227:8000/v1/waitcondition" class=""><font color="red" class=""><b class="">MailScanner warning: numerical links are often malicious:</b></font> http://54.174.88.227:8000/v1/waitcondition</a></div><div class="">stack_domain_admin  = heat_domain_admin</div><div class="">stack_domain_admin_password  = Chang3M3</div><div class="">stack_user_domain_name = heat_user_domain</div><div class="">stack_user_domain_id=f798141e117a417996a736ba8f57f368</div><div class="">rpc_zmq_host = 54.174.88.227</div><div class="">[database]</div><div class="">connection = mysql://<a href="http://heat:heat@54.174.88.227/heat" class="">heat:heat@54.174.88.227/heat</a></div><div class="">[keystone_authtoken]</div><div class="">auth_uri = <a href="https://identity.cncloud.com:5000/v2.0" class="">https://identity.cncloud.com:5000/v2.0</a></div><div class="">identity_url = <a href="https://identity.cncloud.com:35357/" class="">https://identity.cncloud.com:35357</a></div><div class="">#memcached_servers = controller:11211</div><div class="">project_name = services</div><div class="">auth_type = password</div><div class="">admin_tenant_name = services</div><div class="">admin_user = heat</div><div class="">admin_password = heat</div><div class="">[ec2authtoken]</div><div class="">auth_uri =  <a href="https://identity.cncloud.com:5000/v2.0" class="">https://identity.cncloud.com:5000/v2.0</a></div><div class=""><br class=""></div><div class="">heat-manage db_sync</div><div class=""><br class=""></div><div class="">service heat-api restart</div><div class="">service heat-api-cfn restart</div><div class="">service heat-engine restart</div><div class=""><br class=""></div><div class=""><div class="">export OS_TENANT_NAME='services'</div><div class="">export OS_USERNAME='heat'</div><div class="">export OS_PASSWORD='heat'</div><div class="">export OS_AUTH_URL='<a href="https://identity.cncloud.com:5000/v2.0" class="">https://identity.cncloud.com:5000/v2.0</a>'</div><div class="">export OS_AUTH_STRATEGY='keystone'</div><div class="">export OS_REGION_NAME='RegionOne'</div></div><div class=""><br class=""></div><div class="">heat stack-list</div><div class=""><br class=""></div><div class="">ERROR : Authentication Required.</div><div class=""><br class=""></div><div class=""> </div></div><div class="gmail_extra"><br clear="all" class=""><div class=""><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class="">Regards,<br class=""></div>NareshA.<br class=""></div></div></div>

<br class=""><div class="gmail_quote">On Wed, Feb 1, 2017 at 4:07 PM, NareshA kumar <span dir="ltr" class=""><<a href="mailto:nka@criterionnetworks.com" target="_blank" class="">nka@criterionnetworks.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><div dir="ltr" class=""><span style="font-size:12.8px" class="">Davide,</span><div style="font-size:12.8px" class="">Yes I am using the heat credentials as you have mentioned. But still I am getting Authentication required error.</div></div></span><div class="gmail_extra"><br clear="all" class=""><div class=""><div class="m_-4179281368635806196gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class="">Regards,<br class=""></div>NareshA.<br class=""></div></div></div><div class=""><div class="h5">

<br class=""><div class="gmail_quote">On Wed, Feb 1, 2017 at 4:01 PM, NareshA kumar <span dir="ltr" class=""><<a href="mailto:nka@criterionnetworks.com" target="_blank" class="">nka@criterionnetworks.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">Davide,<div class="">Yes I am using the heat credentials as you have mentioned. But still I am getting Authentication required error.</div><div class=""><br class=""></div><div class="">I am attaching heat-api.log here for your reference. I am guessing that I would have missed something while creating heat domains.</div></div><div class="gmail_extra"><br clear="all" class=""><div class=""><div class="m_-4179281368635806196m_-2080276478268442852gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class="">Regards,<br class=""></div>NareshA.<br class=""></div></div></div><div class=""><div class="m_-4179281368635806196h5">

<br class=""><div class="gmail_quote">On Wed, Feb 1, 2017 at 3:14 PM, Davide Panarese <span dir="ltr" class=""><<a href="mailto:dpanarese@enter.eu" target="_blank" class="">dpanarese@enter.eu</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class=""><div class="">If you use heat creadential for token request it works?</div><div class=""><br class=""></div><div class="">export OS_AUTH_URL=<a href="https://identity.cncloud.com:5000/v2.0" target="_blank" class="">https://identity.c<wbr class="">ncloud.com:5000/v2.0</a></div><div class="">export OS_REGION_NAME=RegionOne</div><div class="">export OS_USERNAME=heat</div><div class="">export OS_TENANT_NAME=services</div><div class="">export OS_PASSWORD=heat</div><div class=""><br class=""></div><div class="">keystone token-get </div><div class=""><br class=""></div><div class="">Davide<br class=""><blockquote type="cite" class=""><span class=""><div class="">On 01 Feb 2017, at 10:10, NareshA kumar <<a href="mailto:nka@criterionnetworks.com" target="_blank" class="">nka@criterionnetworks.com</a>> wrote:</div><br class="m_-4179281368635806196m_-2080276478268442852m_5396508831408631585Apple-interchange-newline"></span><div class=""><div dir="ltr" class=""><span class="">I have associated heat user to services tenant and gave it a admin role.<div class=""><br class=""></div><div class=""><div class="">keystone user-role-list --user heat --tenant services</div><div class="">+-----------------------------<wbr class="">-----+-------+----------------<wbr class="">------------------+-----------<wbr class="">-----------------------+</div><div class="">|                id                |  name |             user_id              |            tenant_id             |</div><div class="">+-----------------------------<wbr class="">-----+-------+----------------<wbr class="">------------------+-----------<wbr class="">-----------------------+</div><div class="">| 2b995253c23e4c1db8cd374346a4ec<wbr class="">d4 | admin | 645eb7e9f04f4a2b8df65272a23c13<wbr class="">94 | 024890084b7642e9b8535b52a86584<wbr class="">ea |</div><div class="">+-----------------------------<wbr class="">-----+-------+----------------<wbr class="">------------------+-----------<wbr class="">-----------------------+</div></div><div class=""><br class=""></div><div class="">heat --debug stack-list</div><div class=""><br class=""></div></span><div class=""><span class=""><div class="">DEBUG (session) REQ: curl -g -i -X GET <a href="https://identity.cncloud.com:5000/v2.0" target="_blank" class="">https://identity.cncloud.com:5<wbr class="">000/v2.0</a> -H "Accept: application/json" -H "User-Agent: python-keystoneclient"</div><div class="">DEBUG (session) RESP: [200] x-openstack-request-id: req-2515497e-671b-475e-b48c-0c<wbr class="">b6f2ccfe2f content-length: 347 via: 1.1 <a href="http://identity.cncloud.com:5000/" target="_blank" class="">identity.cncloud.com:5000</a> access-control-expose-headers: Accept, Content-Type, X-Auth-Token, X-Subject-Token vary: X-Auth-Token server: Apache/2.4.7 (Ubuntu) connection: close access-control-allow-methods: GET POST OPTIONS PUT DELETE PATCH date: Wed, 01 Feb 2017 09:07:01 GMT access-control-allow-origin: * access-control-allow-headers: Accept, Content-Type, X-Auth-Token, X-Subject-Token content-type: application/json x-distribution: Ubuntu </div><div class="">RESP BODY: {"version": {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.ide<wbr class="">ntity-v2.0+json"}], "id": "v2.0", "links": [{"href": "<a href="https://identity.cncloud.com:5000/v2.0/" target="_blank" class="">https://identity.cncloud.com:<wbr class="">5000/v2.0/</a>", "rel": "self"}, {"href": "<a href="http://docs.openstack.org/" target="_blank" class="">http://docs.openstack.org/</a>", "type": "text/html", "rel": "describedby"}]}}</div><div class=""><br class=""></div><div class="">DEBUG (v2) Making authentication request to <a href="https://identity.cncloud.com:5000/v2.0/tokens" target="_blank" class="">https://identity.cncloud.com:5<wbr class="">000/v2.0/tokens</a></div></span><div class="">DEBUG (session) REQ: curl -g -i -X GET <a href="http://54.174.88.227:8004/v1/0c28d40bdcf0472d8dfb214a5c0286c4/stacks" target="_blank" class=""><font color="red" class=""><b class="">MailScanner ha rilevato un possibile tentativo di frode proveniente da "54.174.88.227:8004" </b></font> <font color="red" class=""><b class="">MailScanner warning: numerical links are often malicious:</b></font> http://54.174.88.227:8004/v1/0<wbr class="">c28d40bdcf0472d8dfb214a5c0286c<wbr class="">4/stacks</a>? -H "Accept: application/json" -H "User-Agent: python-heatclient" -H "X-Region-Name: RegionOne" -H "X-Auth-Token: {SHA1}9cc75daaff59cdb14a75bfb7<wbr class="">4ca6d77ebb8d8ac6" -H "Content-Type: application/json" -H "X-Auth-Url: <a href="https://identity.cncloud.com:5000/v2.0" target="_blank" class="">https://identity.cncloud.com:5<wbr class="">000/v2.0</a>"</div><div class=""><div class="m_-4179281368635806196m_-2080276478268442852h5"><div class="">DEBUG (session) RESP:</div><div class="">DEBUG (v2) Making authentication request to <a href="https://identity.cncloud.com:5000/v2.0/tokens" target="_blank" class="">https://identity.cncloud.com:5<wbr class="">000/v2.0/tokens</a></div><div class="">DEBUG (session) RESP:</div><div class="">Traceback (most recent call last):</div><div class="">  File "/usr/bin/heat", line 10, in <module></div><div class="">    sys.exit(main())</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/shell.py", line 706, in main</div><div class="">    HeatShell().main(args)</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/shell.py", line 656, in main</div><div class="">    args.func(client, args)</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/v1/shell.py", line 581, in do_stack_list</div><div class="">    utils.print_list(stacks, fields, sortby_index=3)</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/openstack/commo<wbr class="">n/cliutils.py", line 169, in print_list</div><div class="">    for o in objs:</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/v1/stacks.py", line 100, in paginate</div><div class="">    stacks = self._list(url, 'stacks')</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/openstack/commo<wbr class="">n/apiclient/base.py", line 117, in _list</div><div class="">    body = self.client.get(url).json()</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/common/http.py"<wbr class="">, line 292, in get</div><div class="">    return self.client_request("GET", url, **kwargs)</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/common/http.py"<wbr class="">, line 285, in client_request</div><div class="">    resp, body = self.json_request(method, url, **kwargs)</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/common/http.py"<wbr class="">, line 266, in json_request</div><div class="">    resp = self._http_request(url, method, **kwargs)</div><div class="">  File "/usr/lib/python2.7/dist-packa<wbr class="">ges/heatclient/common/http.py"<wbr class="">, line 361, in _http_request</div><div class="">    raise exc.from_response(resp)</div><div class="">heatclient.exc.HTTPUnauthorize<wbr class="">d: ERROR: Authentication required</div></div></div></div><div class=""><br class=""></div></div><div class=""><div class="m_-4179281368635806196m_-2080276478268442852h5"><div class="gmail_extra"><br clear="all" class=""><div class=""><div class="m_-4179281368635806196m_-2080276478268442852m_5396508831408631585gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class="">Regards,<br class=""></div>NareshA.<br class=""></div></div></div>

<br class=""><div class="gmail_quote">On Wed, Feb 1, 2017 at 2:16 PM, Davide Panarese <span dir="ltr" class=""><<a href="mailto:dpanarese@enter.eu" target="_blank" class="">dpanarese@enter.eu</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">Could you debug heat api call with heat —debug stack-list?<div class="">Did you associate heat user to service tenant and give it admin role?</div><div class=""><br class=""></div><div class="">Davide</div><div class=""><div class=""><blockquote type="cite" class=""><div class=""><div class="m_-4179281368635806196m_-2080276478268442852m_5396508831408631585h5"><div class="">On 31 Jan 2017, at 19:54, NareshA kumar <<a href="mailto:nka@criterionnetworks.com" target="_blank" class="">nka@criterionnetworks.com</a>> wrote:</div><br class="m_-4179281368635806196m_-2080276478268442852m_5396508831408631585m_5765547782561637881Apple-interchange-newline"></div></div><div class=""><div class=""><div class="m_-4179281368635806196m_-2080276478268442852m_5396508831408631585h5"><div dir="ltr" class=""><div style="font-size:12.8px" class="">Hi,</div><div style="font-size:12.8px" class="">I am installing heat in kilo with keystone v2 APIs. As per document I have configured the endpoints and heat.conf. "heat stack-list" gives me Authentication required error. In heat-api.log I am seeing "Authorization failed for token" message. </div><div style="font-size:12.8px" class="">Can anyone help me solve this issue?</div><div style="font-size:12.8px" class=""><br class=""></div><div class=""><div class="m_-4179281368635806196m_-2080276478268442852m_5396508831408631585m_5765547782561637881gmail_signature"><div dir="ltr" class=""><div class="">Regards,<br class=""></div>NareshA.<br class=""></div></div></div>

</div>

<br class=""></div></div><span class="m_-4179281368635806196m_-2080276478268442852m_5396508831408631585HOEnZb"><font color="#888888" class="">--

<br class=""><font color="#999999" face="Arial, Helvetica, sans-serif" size="1" class=""> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non infetto.

<br class=""><a href="http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=32A47402B1.A84A6" target="_blank" class="">Clicca qui per segnalarlo come spam.</a></font>

<font color="#999999" face="Arial, Helvetica, sans-serif" size="1" class=""><br class=""><a href="http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=32A47402B1.A84A6" target="_blank" class="">Clicca qui per metterlo in blacklist</a></font>

______________________________<wbr class="">_________________</font></span><span class=""><br class="">Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank" class="">http://lists.openstack.org/cgi<wbr class="">-bin/mailman/listinfo/openstac<wbr class="">k</a><br class="">Post to     : <a href="mailto:openstack@lists.openstack.org" target="_blank" class="">openstack@lists.openstack.org</a><br class="">Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank" class="">http://lists.openstack.org/cgi<wbr class="">-bin/mailman/listinfo/openstac<wbr class="">k</a><br class=""></span></div></blockquote></div><br class=""></div></div></blockquote></div><br class=""></div>

<br class="">--

<br class=""><font color="#999999" face="Arial, Helvetica, sans-serif" size="1" class=""> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non infetto.

<br class=""><a href="http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=557444011D.A905A" target="_blank" class="">Clicca qui per segnalarlo come spam.</a></font>

<font color="#999999" face="Arial, Helvetica, sans-serif" size="1" class=""><br class=""><a href="http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=557444011D.A905A" target="_blank" class="">Clicca qui per metterlo in blacklist</a></font>

______________________________<wbr class="">_________________<br class="">Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank" class="">http://lists.openstack.org/cgi<wbr class="">-bin/mailman/listinfo/openstac<wbr class="">k</a><br class="">Post to     : <a href="mailto:openstack@lists.openstack.org" target="_blank" class="">openstack@lists.openstack.org</a><br class="">Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank" class="">http://lists.openstack.org/cgi<wbr class="">-bin/mailman/listinfo/openstac<wbr class="">k</a><br class=""></div></div></div></blockquote></div><br class=""></div></blockquote></div><br class=""></div></div></div>

</blockquote></div><br class=""></div></div></div>

</blockquote></div><br class=""></div>

<br class="">--

<br class=""><font color="#999999" face="Arial, Helvetica, sans-serif" size="1" class=""> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non infetto.

<br class=""><a href="http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=B4EDD402E7.ADD0F" class="">Clicca qui per segnalarlo come spam.</a></font>

<font color="#999999" face="Arial, Helvetica, sans-serif" size="1" class=""><br class=""><a href="http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=B4EDD402E7.ADD0F" class="">Clicca qui per metterlo in blacklist</a></font>

_______________________________________________<br class="">Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class="">Post to     : <a href="mailto:openstack@lists.openstack.org" class="">openstack@lists.openstack.org</a><br class="">Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class=""></div></blockquote></div><br class=""></div></body></html>