[Openstack-operators] Nova doesn't get authorization from keystone

Adam Young ayoung at redhat.com
Wed Sep 18 19:40:53 UTC 2013


On 09/05/2013 10:32 AM, Alvise Dorigo wrote:
> Hi,
> with a recent openstack-grizzly installation (via packstack) I can successfully operate through the dashboard (load images into glance, launch/terminate image instances, etc.).
> The problem is with the nova command line tool which returns back an authorization problem:

Possibly a problem with RBAC.  If the user does not have the appropriate 
role for the API you are accessing, you will be denied.

look at the roles assigned to that user in that project, and compare 
them with the policy.xml for you nova server.  If you can't see the 
policy for some reason, look at the one on github.

>
> nova --debug list
> [...]
> INFO (connectionpool:203) Starting new HTTP connection (1): 192.135.16.31
> DEBUG (connectionpool:295) "GET /v2/2159cc8fafe244cfa7e3cad5c1f8a27f/servers/detail HTTP/1.1" 401 276
> RESP: [401] {'date': 'Thu, 05 Sep 2013 14:25:53 GMT', 'content-length': '276', 'content-type': 'text/plain; charset=UTF-8', 'www-authenticate': "Keystone uri='http://192.135.16.31:35357'"}
> RESP BODY: 401 Unauthorized
>
> This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
>
>   Authentication required
>
> DEBUG (shell:768) Unauthorized (HTTP 401)
> Traceback (most recent call last):
>    File "/usr/lib/python2.6/site-packages/novaclient/shell.py", line 765, in main
>      OpenStackComputeShell().main(map(strutils.safe_decode, sys.argv[1:]))
>    File "/usr/lib/python2.6/site-packages/novaclient/shell.py", line 701, in main
>      args.func(self.cs, args)
>    File "/usr/lib/python2.6/site-packages/novaclient/v1_1/shell.py", line 937, in do_list
>      servers = cs.servers.list(search_opts=search_opts)
>    File "/usr/lib/python2.6/site-packages/novaclient/v1_1/servers.py", line 375, in list
>      return self._list("/servers%s%s" % (detail, query_string), "servers")
>    File "/usr/lib/python2.6/site-packages/novaclient/base.py", line 62, in _list
>      _resp, body = self.api.client.get(url)
>    File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 230, in get
>      return self._cs_request(url, 'GET', **kwargs)
>    File "/usr/lib/python2.6/site-packages/novaclient/client.py", line 227, in _cs_request
>      raise e
> Unauthorized: Unauthorized (HTTP 401)
> ERROR: Unauthorized (HTTP 401)
>
> Of course I use the same (correct) credentials used with the dashboard (and downloaded from the dashboard itself: "Access & Security" -> "Download Openstack RC file").
>
> Any idea about what should I look for to understand the cause of this error ?
>
> thanks in advance,
>
> 	Alvise
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators




More information about the OpenStack-operators mailing list