[Openstack-operators] Authentication problems with cinder
Juan José Pavlik Salles
jjpavlik at gmail.com
Mon Apr 29 20:56:25 UTC 2013
Hi, i have spent the last days trying to solve this problem. I can't list
my cinder volumes from my shell:
root at locro:~# cinder --os-username=admin --os-tenant-name=admin
--os-password=XXX --os-auth-url=http://172.19.136.1:35357/v2.0 --debug list
REQ: curl -i http://172.19.136.1:35357/v2.0/tokens -X POST -H
"Content-Type: application/json" -H "Accept: application/json" -H
"User-Agent: python-cinderclient" -d '{"auth": {"tenantName": "admin",
"passwordCredentials": {"username": "admin", "password": "zGp05Nsa"}}}'
RESP: [200] {'date': 'Mon, 29 Apr 2013 17:24:44 GMT', 'content-type':
'application/json', 'content-length': '7096', 'vary': 'X-Auth-Token'}
RESP BODY: {"access": {"token": {"issued_at": "2013-04-29T17:24:44.044013",
"expires": "2013-04-30T17:24:43Z", "id": "MIIMaQYJKoZIhvcNAQcC...",
"tenant": {"description": null, "enabled": true, "id":
"6aa3bf1ab68040218873a782f90cffa7", "name": "admin"}}, "serviceCatalog":
[{"endpoints": [{"adminURL": "
http://172.19.136.11:8774/v2/6aa3bf1ab68040218873a782f90cffa7", "region":
"RegionOne", "internalURL": "
http://172.19.136.10:8774/v2/6aa3bf1ab68040218873a782f90cffa7", "id":
"26178391275a42cfa3b786ab151c8f8a", "publicURL": "
http://172.19.136.11:8774/v2/6aa3bf1ab68040218873a782f90cffa7"}],
"endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints":
[{"adminURL": "http://172.19.136.11:9696/", "region": "RegionOne",
"internalURL": "http://172.19.136.11:9696/", "id":
"1d0f394d83804ecaaa5ba708ccf0417b", "publicURL":
"http://172.19.136.11:9696/"}],
"endpoints_links": [], "type": "network", "name": "quantum"}, {"endpoints":
[{"adminURL": "http://172.19.136.10:9292/v2", "region": "RegionOne",
"internalURL": "http://172.19.136.11:9292/v2", "id":
"11f37a313bad47f28b846cb9b94d458c", "publicURL": "
http://172.19.136.11:9292/v2"}], "endpoints_links": [], "type": "image",
"name": "glance"}, {"endpoints": [{"adminURL": "
http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7", "region":
"RegionOne", "internalURL": "
http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7", "id":
"1ebe70478edd45d087263a4dc457f03a", "publicURL": "
http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7"}],
"endpoints_links": [], "type": "volume", "name": "cinder"}, {"endpoints":
[{"adminURL": "http://172.19.136.11:8773/services/Admin", "region":
"RegionOne", "internalURL": "http://172.19.136.10:8773/services/Cloud",
"id": "4fd5bcbee3584c2b883b08f22f81de54", "publicURL": "
http://172.19.136.10:8773/services/Cloud"}], "endpoints_links": [], "type":
"ec2", "name": "ec2"}, {"endpoints": [{"adminURL": "
http://172.19.136.10:8080/v1", "region": "RegionOne", "internalURL": "
http://172.19.136.11:8080/v1/AUTH_6aa3bf1ab68040218873a782f90cffa7", "id":
"65911114c36341a19006c328c6d0a2ae", "publicURL": "
http://172.19.136.10:8080/v1/AUTH_6aa3bf1ab68040218873a782f90cffa7"}],
"endpoints_links": [], "type": "object-store", "name": "swift"},
{"endpoints": [{"adminURL": "http://172.19.136.11:35357/v2.0", "region":
"RegionOne", "internalURL": "http://172.19.136.10:5000/v2.0", "id":
"0f9389d0485e4f2f9f7874c41181bd28", "publicURL": "
http://172.19.136.10:5000/v2.0"}], "endpoints_links": [], "type":
"identity", "name": "keystone"}], "user": {"username": "admin",
"roles_links": [], "id": "3f82673b5fe0411ab5fd8216bdb693c6", "roles":
[{"name": "KeystoneServiceAdmin"}, {"name": "KeystoneAdmin"}, {"name":
"admin"}], "name": "admin"}, "metadata": {"is_admin": 0, "roles":
["6666fa99078a4f07a070e7e858c32f02", "36bba9ef0178448c8a654b75feb3a0f4",
"a25581dd3470460b91ecaa29eca7205c"]}}}
REQ: curl -i
http://172.19.136.1:8776/v1/6aa3bf1ab68040218873a782f90cffa7/volumes/detail-X
GET -H "X-Auth-Project-Id: admin" -H "User-Agent: python-cinderclient"
-H "Accept: application/json" -H "X-Auth-Token: MIIMaQYJKoZIhvcNAQcCo..."
RESP: [401] {'date': 'Mon, 29 Apr 2013 17:24:44 GMT', 'content-length':
'276', 'content-type': 'text/plain; charset=UTF-8', 'www-authenticate':
"Keystone uri='http://172.19.136.1:35357'"}
RESP BODY: 401 Unauthorized
This server could not verify that you are authorized to access the document
you requested. Either you supplied the wrong credentials (e.g., bad
password), or your browser does not understand how to supply the
credentials required.
Authentication required
Unauthorized, reauthenticating.
I don't have this problem with the other services like glance or keystone
with the same user/password/tenant, all of them work great. I noticed that
i can list the endpoints with cinder and it works:
root at locro:~# cinder --os-username=admin --os-tenant-name=admin
--os-password=XXX --os-auth-url=http://172.19.136.1:35357/v2.0 endpoints
+-------------+---------------------------------------------------------------+
| nova | Value
|
+-------------+---------------------------------------------------------------+
| adminURL |
http://172.19.136.11:8774/v2/6aa3bf1ab68040218873a782f90cffa7 |
| id | 26178391275a42cfa3b786ab151c8f8a
|
| internalURL |
http://172.19.136.10:8774/v2/6aa3bf1ab68040218873a782f90cffa7 |
| publicURL |
http://172.19.136.11:8774/v2/6aa3bf1ab68040218873a782f90cffa7 |
| region | RegionOne
|
| serviceName | nova
|
+-------------+---------------------------------------------------------------+
+-------------+----------------------------------+
| quantum | Value |
+-------------+----------------------------------+
| adminURL | http://172.19.136.11:9696/ |
| id | 1d0f394d83804ecaaa5ba708ccf0417b |
| internalURL | http://172.19.136.11:9696/ |
| publicURL | http://172.19.136.11:9696/ |
| region | RegionOne |
+-------------+----------------------------------+
+-------------+----------------------------------+
| glance | Value |
+-------------+----------------------------------+
...
So... what's wrong here? From my point of view, it's not just an auth
problem, it must be something else. Any ideas?
--
Pavlik Juan José
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130429/d955c678/attachment.html>
More information about the OpenStack-operators
mailing list