[Openstack] Folsom: cinder HTTP 401
Richard Shaw
richard at aggress.net
Fri Dec 14 17:15:36 UTC 2012
Hi
I found the issue, a port mismatch between the endpoint and the cinder api, teach me for picking up a config from another guide.
I'm now getting an authentication issue as below. i've double checked the username and pass, they are correct so i'm thinking roles and services but not sure what steps would be next.
I'm unclear as to why it's attempting to connect as username admin when in my /etc/cinder/api-paste.ini I have the following?
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 127.0.0.1
auth_port = 35357
service_host = 127.0.0.1
service_port = 5000
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = password
signing_dirname = /tmp/keystone-signing-nova
root at vagrant-precise-pangolin:/etc/cinder# cinder --debug list
connect: (10.0.2.15, 5000)
send: 'POST /v2.0/tokens HTTP/1.1\r\nHost: 10.0.2.15:5000\r\nContent-Length: 103\r\ncontent-type: application/json\r\naccept-encoding: gzip, deflate\r\naccept: application/json\r\nuser-agent: python-cinderclient\r\n\r\n{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "password"}}}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Vary: X-Auth-Token
header: Content-Type: application/json
header: Date: Fri, 14 Dec 2012 16:56:31 GMT
header: Transfer-Encoding: chunked
connect: (localhost, 8776)
send: u'GET /v1/59916ae0608f4c68b7e14b13b46b9183/volumes/detail HTTP/1.1\r\nHost: localhost:8776\r\nx-auth-project-id: admin\r\nx-auth-token: be29e0db52a74dbc89d3ea2791984713\r\naccept-encoding: gzip, deflate\r\naccept: application/json\r\nuser-agent: python-cinderclient\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Www-Authenticate: Keystone uri='http://127.0.0.1:35357'
header: Content-Length: 276
header: Content-Type: text/plain; charset=UTF-8
header: Date: Fri, 14 Dec 2012 16:56:31 GMT
send: 'POST /v2.0/tokens HTTP/1.1\r\nHost: 10.0.2.15:5000\r\nContent-Length: 103\r\ncontent-type: application/json\r\naccept-encoding: gzip, deflate\r\naccept: application/json\r\nuser-agent: python-cinderclient\r\n\r\n{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "password"}}}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Vary: X-Auth-Token
header: Content-Type: application/json
header: Date: Fri, 14 Dec 2012 16:56:31 GMT
header: Transfer-Encoding: chunked
send: u'GET /v1/59916ae0608f4c68b7e14b13b46b9183/volumes/detail HTTP/1.1\r\nHost: localhost:8776\r\nx-auth-project-id: admin\r\nx-auth-token: be29e0db52a74dbc89d3ea2791984713\r\naccept-encoding: gzip, deflate\r\naccept: application/json\r\nuser-agent: python-cinderclient\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Www-Authenticate: Keystone uri='http://127.0.0.1:35357'
header: Content-Length: 276
header: Content-Type: text/plain; charset=UTF-8
header: Date: Fri, 14 Dec 2012 16:56:31 GMT
DEBUG (shell:473) n/a (HTTP 401)
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/cinderclient/shell.py", line 470, in main
OpenStackCinderShell().main(sys.argv[1:])
File "/usr/lib/python2.7/dist-packages/cinderclient/shell.py", line 421, in main
args.func(self.cs, args)
File "/usr/lib/python2.7/dist-packages/cinderclient/v1/shell.py", line 139, in do_list
volumes = cs.volumes.list(search_opts=search_opts)
File "/usr/lib/python2.7/dist-packages/cinderclient/v1/volumes.py", line 171, in list
"volumes")
File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 63, in _list
resp, body = self.api.client.get(url)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 138, in get
return self._cs_request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 135, in _cs_request
raise ex
Unauthorized: n/a (HTTP 401)
ERROR: n/a (HTTP 401)
Thanks and have a good weekend
On 14 Dec 2012, at 15:10, Razique Mahroua <razique.mahroua at gmail.com> wrote:
> Ok, can you show us the Keystone endpoints ?
>
> Razique Mahroua - Nuage & Co
> razique.mahroua at gmail.com
> Tel : +33 9 72 37 94 15
>
> <NUAGECO-LOGO-Fblan_petit.jpg>
>
> Le 14 déc. 2012 à 15:58, Richard Shaw <richard at aggress.net> a écrit :
>
>>
>> Nothing in cinder-api.log with reference to that call, I restarted all the cinder services and ran the command again, the last entries are:
>>
>> 2012-12-14 14:52:25 30300 DEBUG cinder.service [-] policy_default_rule : default wait /usr/lib/python2.7/dist-packages/cinder/service.py:420
>> 2012-12-14 14:52:25 30300 DEBUG cinder.service [-] control_exchange : cinder wait /usr/lib/python2.7/dist-packages/cinder/service.py:420
>> 2012-12-14 14:52:25 30300 DEBUG cinder.service [-] log_file : /var/log/cinder/cinder-api.log wait /usr/lib/python2.7/dist-packages/cinder/service.py:420
>> 2012-12-14 14:52:25 30300 DEBUG cinder.service [-] keystone_authtoken : <cinder.openstack.common.cfg.GroupAttr object at 0x20a7e50> wait /usr/lib/python2.7/dist-packages/cinder/service.py:420
>> 2012-12-14 14:52:25 30300 INFO cinder.wsgi [-] Started osapi_volume on 0.0.0.0:5900
>>
>> grepped for any ERROR lines in the logs, nothing at all
>>
>> I have a hangover as well :/
>>
>> Thanks,
>>
>> Richard
>>
>> On 14 Dec 2012, at 14:30, Razique Mahroua <razique.mahroua at gmail.com> wrote:
>>
>>> Poor Richards's head.
>>> What cinder-api logs give you ?
>>> you see the call in there ?
>>>
>>> Razique Mahroua - Nuage & Co
>>> razique.mahroua at gmail.com
>>> Tel : +33 9 72 37 94 15
>>>
>>> <NUAGECO-LOGO-Fblan_petit.jpg>
>>>
>>> Le 14 déc. 2012 à 14:50, Richard Shaw <richard at aggress.net> a écrit :
>>>
>>>> Hi,
>>>>
>>>> Yes that banging sound is my head on the desk. Having cinder issues, keystone's in place and verified as working, glance is verified as working so I know some auth with keystone's working.
>>>>
>>>> Here's the error:
>>>>
>>>> root at vagrant-precise-pangolin:~# cinder --debug create --display_name test 1
>>>> connect: (10.0.2.15, 5000)
>>>> send: 'POST /v2.0/tokens HTTP/1.1\r\nHost: 10.0.2.15:5000\r\nContent-Length: 103\r\ncontent-type: application/json\r\naccept-encoding: gzip, deflate\r\naccept: application/json\r\nuser-agent: python-cinderclient\r\n\r\n{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "password"}}}'
>>>> reply: 'HTTP/1.1 200 OK\r\n'
>>>> header: Vary: X-Auth-Token
>>>> header: Content-Type: application/json
>>>> header: Date: Fri, 14 Dec 2012 13:25:16 GMT
>>>> header: Transfer-Encoding: chunked
>>>> connect: (localhost, 8776)
>>>> connect fail: (u'localhost', 8776)
>>>> DEBUG (shell:473) n/a (HTTP 400)
>>>> Traceback (most recent call last):
>>>> File "/usr/lib/python2.7/dist-packages/cinderclient/shell.py", line 470, in main
>>>> OpenStackCinderShell().main(sys.argv[1:])
>>>> File "/usr/lib/python2.7/dist-packages/cinderclient/shell.py", line 421, in main
>>>> args.func(self.cs, args)
>>>> File "/usr/lib/python2.7/dist-packages/cinderclient/v1/shell.py", line 231, in do_create
>>>> metadata=volume_metadata)
>>>> File "/usr/lib/python2.7/dist-packages/cinderclient/v1/volumes.py", line 138, in create
>>>> return self._create('/volumes', body, 'volume')
>>>> File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line 149, in _create
>>>> resp, body = self.api.client.post(url, body=body)
>>>> File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 141, in post
>>>> return self._cs_request(url, 'POST', **kwargs)
>>>> File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 126, in _cs_request
>>>> **kwargs)
>>>> File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 109, in request
>>>> raise exceptions.from_response(resp, body)
>>>> BadRequest: n/a (HTTP 400)
>>>> ERROR: n/a (HTTP 400)
>>>>
>>>> I'm running:
>>>>
>>>> OS: Ubuntu 12.04LTS
>>>> Release: Folsom
>>>>
>>>> Here's what I've got in my cinder.conf. Sql connection verified
>>>>
>>>> [DEFAULT]
>>>> rootwrap_config = /etc/cinder/rootwrap.conf
>>>> api_paste_confg = /etc/cinder/api-paste.ini
>>>> iscsi_helper = tgtadm
>>>> volume_name_template = volume-%s
>>>> volume_group = cinder-volumes
>>>> verbose = True
>>>> auth_strategy = keystone
>>>> state_path = /var/lib/cinder
>>>> volumes_dir = /var/lib/cinder/volumes
>>>> sql_connection = mysql://cinder:password@127.0.0.1/password
>>>> osapi_volume_listen_port=5900
>>>>
>>>> Here's what I've got in my api-paste.ini
>>>>
>>>> #############
>>>> # Openstack #
>>>> #############
>>>>
>>>> [composite:osapi_volume]
>>>> use = call:cinder.api.openstack.urlmap:urlmap_factory
>>>> /: osvolumeversions
>>>> /v1: openstack_volume_api_v1
>>>>
>>>> [composite:openstack_volume_api_v1]
>>>> use = call:cinder.api.auth:pipeline_factory
>>>> noauth = faultwrap sizelimit noauth osapi_volume_app_v1
>>>> keystone = faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1
>>>> keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1
>>>>
>>>> [filter:faultwrap]
>>>> paste.filter_factory = cinder.api.openstack:FaultWrapper.factory
>>>>
>>>> [filter:noauth]
>>>> paste.filter_factory = cinder.api.openstack.auth:NoAuthMiddleware.factory
>>>>
>>>> [filter:sizelimit]
>>>> paste.filter_factory = cinder.api.sizelimit:RequestBodySizeLimiter.factory
>>>>
>>>> [app:osapi_volume_app_v1]
>>>> paste.app_factory = cinder.api.openstack.volume:APIRouter.factory
>>>>
>>>> [pipeline:osvolumeversions]
>>>> pipeline = faultwrap osvolumeversionapp
>>>>
>>>> [app:osvolumeversionapp]
>>>> paste.app_factory = cinder.api.openstack.volume.versions:Versions.factory
>>>>
>>>> ##########
>>>> # Shared #
>>>> ##########
>>>>
>>>> [filter:keystonecontext]
>>>> paste.filter_factory = cinder.api.auth:CinderKeystoneContext.factory
>>>>
>>>> [filter:authtoken]
>>>> paste.filter_factory = keystone.middleware.auth_token:filter_factory
>>>> auth_host = 127.0.0.1
>>>> auth_port = 35357
>>>> service_host = 127.0.0.1
>>>> service_port = 5000
>>>> auth_protocol = http
>>>> admin_tenant_name = service
>>>> admin_user = cinder
>>>> admin_password = password
>>>> signing_dirname = /tmp/keystone-signing-nova
>>>> ~
>>>>
>>>> Any help would be gratefully received and will hasten the end of my head banging.
>>>>
>>>> Thanks
>>>>
>>>> Richard
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~openstack
>>>> Post to : openstack at lists.launchpad.net
>>>> Unsubscribe : https://launchpad.net/~openstack
>>>> More help : https://help.launchpad.net/ListHelp
>>>
>>
>
More information about the Openstack
mailing list