[TripleO] Horizon login failed with Something went wrong error in IPv6
Hi Team,
We are trying to deploy the Tripleo Train with IPv6. All the overcloud control plane networks - internal, management etc are also on the IPv6 subnet.
Upon successful completion of overcloud, when I am trying to open the page, it does open. But when I enter the correct login credentials, it says something went wrong.
[image: image.png]
Upon looking into error logs, I found 2022-01-21 12:33:34.825 324 WARNING keystone.server.flask.application [req-0660e62c-dff7-4609-89fe-225e177a84f8 f908417368a24cc685818bb5fc54fe12 - - default -] *Authorization failed. The request you have made requires authentication. from fd00:fd00:fd00:2000::359: keystone.exception.Unauthorized: The request you have made requires authentication.*
where *fd00:fd00:fd00:2000::359 is my internal IP address which is reachable.*
Regards Anirudh Gupta
On 1/21/22 10:34, Anirudh Gupta wrote:
Hi Team,
We are trying to deploy the Tripleo Train with IPv6. All the overcloud control plane networks - internal, management etc are also on the IPv6 subnet.
Upon successful completion of overcloud, when I am trying to open the page, it does open. But when I enter the correct login credentials, it says something went wrong.
image.png
Upon looking into error logs, I found 2022-01-21 12:33:34.825 324 WARNING keystone.server.flask.application [req-0660e62c-dff7-4609-89fe-225e177a84f8 f908417368a24cc685818bb5fc54fe12 - - default -] *Authorization failed. The request you have made requires authentication. from fd00:fd00:fd00:2000::359: keystone.exception.Unauthorized: The request you have made requires authentication.***
where *fd00:fd00:fd00:2000::359 is my internal IP address which is reachable.*
Regards Anirudh Gupta
Can you share more details from the deployment? Maby open a bug in Launcpad against TripleO and attach logs, templates used for deployment, and config files for Horizon?
Did you set the parameter MemcachedIPv6 to true in your environment files?
Does the CLI work?
Regards, Harald
Hi Harald, Thanks for the response.
we have CLI working perfectly.
For Query: "Did you set the parameter MemcachedIPv6 to true in your environment files?" we have passed this in our environment defaults, so yes this is getting passed.
About the Deployment: 3 Node Controller + 1 Compute for the Triple of Stein. it is working perfectly in the ipv4 segment but when we change the Networking to ipv6 we start seeing this error as reported. Please find the attached :
1. network_data.yaml 2. roles_data.yaml
using these YAML files we are rendering the remaining config files and are using bond-with-vlan configs.
Also for your reference please find the keystone end point details: (overcloud) [stack@undercloud ~]$ openstack endpoint list | grep "keystone" | 5ab65d3322654c3eaa9a868c547eec1e | regionOne | keystone | identity | True | public | http://%5Bfd00:fd00:fd00:9900::351%5D:5000 | | d31bd34d0ac942a59eb086c4a5d3079f | regionOne | keystone | identity | True | internal | http://%5Bfd00:fd00:fd00:2000::7d%5D:5000 | | e27f7195a48045d0ab14ceb065c67512 | regionOne | keystone | identity | True | admin | http://10.10.0.213:35357
# sudo pcs status :
[heat-admin@overcloud-controller-2 ~]$ sudo pcs status Cluster name: tripleo_cluster Cluster Summary: * Stack: corosync * Current DC: overcloud-controller-1 (version 2.1.2-1.el8-ada5c3b36e2) - partition with quorum * Last updated: Mon Jan 24 12:39:04 2022 * Last change: Mon Jan 24 11:20:45 2022 by root via cibadmin on overcloud-controller-0 * 15 nodes configured * 46 resource instances configured
Node List: * Online: [ overcloud-controller-0 overcloud-controller-1 overcloud-controller-2 ] * GuestOnline: [ galera-bundle-0@overcloud-controller-2 galera-bundle-1@overcloud-controller-0 galera-bundle-2@overcloud-controller-1 ovn-dbs-bundle-0@overcloud-controller-2 ovn-dbs-bundle-1@overcloud-controller-0 ovn-dbs-bundle-2@overcloud-controller-1 rabbitmq-bundle-0@overcloud-controller-2 rabbitmq-bundle-1@overcloud-controller-0 rabbitmq-bundle-2@overcloud-controller-1 redis-bundle-0@overcloud-controller-2 redis-bundle-1@overcloud-controller-0 redis-bundle-2@overcloud-controller-1 ]
Full List of Resources: * ip-10.10.30.213 (ocf::heartbeat:IPaddr2): Started overcloud-controller-0 * ip-fd00.fd00.fd00.9900..351 (ocf::heartbeat:IPaddr2): Started overcloud-controller-1 * ip-fd00.fd00.fd00.2000..3a0 (ocf::heartbeat:IPaddr2): Started overcloud-controller-2 * ip-fd00.fd00.fd00.2000..7d (ocf::heartbeat:IPaddr2): Started overcloud-controller-0 * ip-fd80.fd00.fd00.2000..6d (ocf::heartbeat:IPaddr2): Started overcloud-controller-1 * Container bundle set: haproxy-bundle [cluster.common.tag/centos-binary-haproxy:pcmklatest]: * haproxy-bundle-podman-0 (ocf::heartbeat:podman): Started overcloud-controller-2 * haproxy-bundle-podman-1 (ocf::heartbeat:podman): Started overcloud-controller-0 * haproxy-bundle-podman-2 (ocf::heartbeat:podman): Started overcloud-controller-1 * Container bundle set: galera-bundle [cluster.common.tag/centos-binary-mariadb:pcmklatest]: * galera-bundle-0 (ocf::heartbeat:galera): Master overcloud-controller-2 * galera-bundle-1 (ocf::heartbeat:galera): Master overcloud-controller-0 * galera-bundle-2 (ocf::heartbeat:galera): Master overcloud-controller-1 * Container bundle set: rabbitmq-bundle [cluster.common.tag/centos-binary-rabbitmq:pcmklatest]: * rabbitmq-bundle-0 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-controller-2 * rabbitmq-bundle-1 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-controller-0 * rabbitmq-bundle-2 (ocf::heartbeat:rabbitmq-cluster): Started overcloud-controller-1 * Container bundle set: redis-bundle [cluster.common.tag/centos-binary-redis:pcmklatest]: * redis-bundle-0 (ocf::heartbeat:redis): Master overcloud-controller-2 * redis-bundle-1 (ocf::heartbeat:redis): Slave overcloud-controller-0 * redis-bundle-2 (ocf::heartbeat:redis): Slave overcloud-controller-1 * Container bundle set: ovn-dbs-bundle [cluster.common.tag/centos-binary-ovn-northd:pcmklatest]: * ovn-dbs-bundle-0 (ocf::ovn:ovndb-servers): Master overcloud-controller-2 * ovn-dbs-bundle-1 (ocf::ovn:ovndb-servers): Slave overcloud-controller-0 * ovn-dbs-bundle-2 (ocf::ovn:ovndb-servers): Slave overcloud-controller-1 * ip-fd00.fd00.fd00.2000..ea (ocf::heartbeat:IPaddr2): Started overcloud-controller-2 * Container bundle: openstack-cinder-volume [cluster.common.tag/centos-binary-cinder-volume:pcmklatest]: * openstack-cinder-volume-podman-0 (ocf::heartbeat:podman): Started overcloud-controller-0
Failed Resource Actions: * ovndb_servers_monitor_30000 on ovn-dbs-bundle-2 'not running' (7): call=23, status='complete', last-rc-change='Mon Jan 24 11:17:07 2022', queued=0ms, exec=0ms
Daemon Status: corosync: active/enabled pacemaker: active/enabled pcsd: active/enabled
please check and let me know in case it can help us somehow.
On Fri, Jan 21, 2022 at 10:44 PM Harald Jensas hjensas@redhat.com wrote:
On 1/21/22 10:34, Anirudh Gupta wrote:
Hi Team,
We are trying to deploy the Tripleo Train with IPv6. All the overcloud control plane networks - internal, management etc are also on the IPv6 subnet.
Upon successful completion of overcloud, when I am trying to open the page, it does open. But when I enter the correct login credentials, it says something went wrong.
image.png
Upon looking into error logs, I found 2022-01-21 12:33:34.825 324 WARNING keystone.server.flask.application [req-0660e62c-dff7-4609-89fe-225e177a84f8 f908417368a24cc685818bb5fc54fe12 - - default -] *Authorization failed. The request you have made requires authentication. from fd00:fd00:fd00:2000::359: keystone.exception.Unauthorized: The request you have made requires authentication.***
where *fd00:fd00:fd00:2000::359 is my internal IP address which is reachable.*
Regards Anirudh Gupta
Can you share more details from the deployment? Maby open a bug in Launcpad against TripleO and attach logs, templates used for deployment, and config files for Horizon?
Did you set the parameter MemcachedIPv6 to true in your environment files?
Does the CLI work?
Regards, Harald
participants (3)
-
Anirudh Gupta
-
Harald Jensas
-
Lokendra Rathour