[Openstack] Keystone installation with ManagedIT packages...

Kiall Mac Innes kiall at managedit.ie
Fri Feb 3 00:15:42 UTC 2012


Hi Lille,

My packages (the Managed I.T ones) certainly do work, the config files
shipped with them are fairly stock config files from the git stable/diablo
branch, these generally are not setup for use with keystone of of the box.

I've got a bunch of scripts and sample config files on our GitHub
account[1], Maybe you can compare your config files to these?

If that doesn't work, can you place your config's (all of them!) up on
http://paste.openstack.org and send us the links? Also - Can you run
"SELECT * from `endpoint_templates`;" against

Here is:

A sample of what I get back from keystone:
http://paste.openstack.org/show/4665/
A sample of the glance index output http://paste.openstack.org/show/4666/
A sample result for the SQL query http://paste.openstack.org/show/4667/ (Note:
I have a webserver on port 80 that proxies traffic to the correct service
i.e. your ports will likely be different, but the path (the part AFTER the
port) should match)

Thanks,
Kiall

[1] https://github.com/managedit/openstack-setup


On Thu, Feb 2, 2012 at 10:12 PM, Lillie Ross-CDSR11 <
Ross.Lillie at motorolasolutions.com> wrote:

> Still having issues.
>
> I found a config bug in my Keystone.conf file in the filter pipeline for
> the d5_compat modules.  However, when I fix the config to match the
> installation guide and restart keystone, I get an error message that the
> d5_compat module can't be found.  My keystone installation is from the
> ManagedIT PPA.  Is this a bug in the documentation?  In the ManagedIT
> packages? The pipeline for the ManageIT package is configured as follows:
>
> [pipeline:admin]
> pipeline =
>    urlrewritefilter
>    admin_api
>
> [pipeline:keystone-legacy-auth]
> pipeline =
>    urlrewritefilter
>    legacy_auth
>    RAX-KEY-extension
>    service_api
>
> versus what is specified in the installation guide.  Does this difference
> matter?  What are the differences?
>
> Regards,
> Ross
>
>
> On Feb 1, 2012, at 10:31 AM, Lillie Ross-CDSR11 wrote:
>
> > Hi Jay,
> >
> > Yes, this confused me, however I get the same error using the token I
> generated and added (via the keystone-manage command).  To wit:
> >
> > root at nova:~# keystone-manage token list
> > token user    expiration      tenant
> >
> -------------------------------------------------------------------------------
> > 10111213141516171819  1       2022-01-01 00:00:00  2
> > fa89fb9a-60d2-4921-b12d-6aee1c177823  1       2012-02-01 15:24:33  1
> > b06c5e4e-5e59-4293-aa54-ce6879f11371  2       2012-02-01 15:26:41  1
> >
> > where the first token is the long-lived one I supplied during
> installation.  Running the glance command yields identical results:
> >
> > root at nova:~# glance -v -A 10111213141516171819 details
> > Failed to show details. Got error:
> > Internal Server error: Traceback (most recent call last):
> >  File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
> handle_one_response
> >    result = self.application(self.environ, start_response)
> >  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
> __call__
> >    resp = self.call_func(req, *args, **self.kwargs)
> >  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
> call_func
> >    return self.func(req, *args, **kwargs)
> >  File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
> 113, in __call__
> >    response = req.get_response(self.application)
> >  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in
> get_response
> >    application, catch_exc_info=False)
> >  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in
> call_application
> >    app_iter = application(self.environ, start_response)
> >  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
> __call__
> >    resp = self.call_func(req, *args, **self.kwargs)
> >  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
> call_func
> >    return self.func(req, *args, **kwargs)
> >  File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
> 110, in __call__
> >    response = self.process_request(req)
> >  File "/usr/lib/python2.7/dist-packages/glance/common/context.py", line
> 104, in process_request
> >    raise exception.NotAuthorized()
> > NotAuthorized: None
> >
> > Completed in 0.0031 sec.
> >
> > Interestingly (perhaps) I see nothing in the keystone.log file.  In
> fact, I don't even see the keystone log file.  Keystone opens to log files
> named 'admin.log' and 'keystone_legacy_auth.log'.  Is this right?  Also, if
> I run keystone interactively (keystone -v -d) then issue the glance
> command, I see nothing in the keystone window. This doesn't seem right to
> me, but I'm just getting started with keystone integration.
> >
> > Thanks in advance for any insight...
> >
> > Regards,
> > Ross
> >
> > On Jan 31, 2012, at 6:48 PM, Jay Pipes wrote:
> >
> >> On 01/31/2012 06:28 PM, Lillie Ross-CDSR11 wrote:
> >>> I'm reinstalling the various Openstack services from packages in the
> >>> ManagedIT PPA to pull in the latest Diablo bug fixes. I'm following the
> >>> latest directions in the newly release installation guide as I perform
> >>> these upgrades
> >>> (
> http://docs.openstack.org/diablo/openstack-compute/install/content/index.html
> ).
> >>>
> >>> However, I'm having trouble getting Glance to authenticate with
> >>> Keystone. All config files have been copied from the examples posted in
> >>> the installation guide (and modified accordingly for my admin token, IP
> >>> addresses, etc.). Regardless, I continually get the following error
> >>> message and stack dump when trying to verify the Glance/Keystone
> >>> integration:
> >>>
> >>> Step 1: Grab a token
> >>>
> >>> # curl -d '{"auth": {"tenantName": "default",
> >>> "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H
> >>> "Content-type: application/json" http://173.23.181.1:35357/v2.0/tokens|
> >>> python -mjson.tool
> >>>
> >>> ...
> >>> "token": {
> >>> "expires": "2012-02-01T15:24:33",
> >>> "id": "fa89fb9a-60d2-4921-b12d-6aee1c177823",
> >>> "tenant": {
> >>> "id": "1",
> >>> "name": "default"
> >>> }
> >>> }
> >>
> >> You're going to want to grab a long-lived token (sometimes called a
> service token) to use for the Glance API <-> Glance Registry connection.
> This service token should be used in the glance-registry.conf file.
> >>
> >> In glance-registry.conf, you'll see a section looking like this:
> >>
> >> [filter:authtoken]
> >> paste.filter_factory = keystone.middleware.auth_token:filter_factory
> >> service_protocol = http
> >> service_host = 127.0.0.1
> >> service_port = 5000
> >> auth_host = 127.0.0.1
> >> auth_port = 35357
> >> auth_protocol = http
> >> auth_uri = http://127.0.0.1:5000/
> >> admin_token = 999888777666
> >>
> >> Replace admin_token = 999888777666 with the relevant long-lived service
> token.
> >>
> >> Cheers!
> >> -jay
> >>
> >>
> >>> Step 2: Try a Glance command
> >>>
> >>> # glance details -A fa89fb9a-60d2-4921-b12d-6aee1c177823
> >>> Failed to show details. Got error:
> >>> Internal Server error: Traceback (most recent call last):
> >>> File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
> >>> handle_one_response
> >>> result = self.application(self.environ, start_response)
> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
> __call__
> >>> resp = self.call_func(req, *args, **self.kwargs)
> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
> call_func
> >>> return self.func(req, *args, **kwargs)
> >>> File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
> 113,
> >>> in __call__
> >>> response = req.get_response(self.application)
> >>> File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in
> >>> get_response
> >>> application, catch_exc_info=False)
> >>> File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in
> >>> call_application
> >>> app_iter = application(self.environ, start_response)
> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
> __call__
> >>> resp = self.call_func(req, *args, **self.kwargs)
> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
> call_func
> >>> return self.func(req, *args, **kwargs)
> >>> File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
> 110,
> >>> in __call__
> >>> response = self.process_request(req)
> >>> File "/usr/lib/python2.7/dist-packages/glance/common/context.py", line
> >>> 104, in process_request
> >>> raise exception.NotAuthorized()
> >>> NotAuthorized: None
> >>>
> >>> From the Glance api.log file we see the following (with the traceback
> >>> identical to above removed):
> >>>
> >>> 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation]
> >>> Processing request: GET /v1/images/detail Accept:
> >>> 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation]
> >>> Matched versioned URI. Version: 1.0
> >>> 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] Traceback (most
> recent
> >>> call last):
> >>> ? (traceback removed)
> >>> 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] 127.0.0.1 - -
> >>> [31/Jan/2012 17:14:30] "GET /v1/images/detail?limit=10 HTTP/1.1" 500
> >>> 1528 0.001163
> >>>
> >>> This is probably a config blunder on my part, but I've poured over the
> >>> config files numerous times. Regardless, I've attached the glance-api
> >>> and registry conf files.
> >>>
> >>> Any suggestions?
> >>>
> >>> Regards,
> >>> Ross
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Mailing list: https://launchpad.net/~openstack
> >>> Post to     : openstack at lists.launchpad.net
> >>> Unsubscribe : https://launchpad.net/~openstack
> >>> More help   : https://help.launchpad.net/ListHelp
> >>
> >> _______________________________________________
> >> Mailing list: https://launchpad.net/~openstack
> >> Post to     : openstack at lists.launchpad.net
> >> Unsubscribe : https://launchpad.net/~openstack
> >> More help   : https://help.launchpad.net/ListHelp
> >>
> >>
> >>
> >
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120203/0373fef9/attachment.html>


More information about the Openstack mailing list