[Openstack] Keystone Curl can't get tokens by credentials

Alessio Ababilov aababilov at griddynamics.com
Mon Jan 16 17:26:26 UTC 2012 

Hi!

Please!

Why are you using v1.0 in this command:

swift -A http://127.0.0.1:5000/v1.0 -U admin -K secrete stat -v

Could you try:

swift -A http://127.0.0.1:5000/v2.0 <http://127.0.0.1:5000/v1.0> -U 
admin -K secrete stat -v


On 01/16/2012 02:22 PM, Xuyun Zhang wrote:
> Alessio,
>
> Your answer solved my problem. Thank you so much. But I met the '500 
> Internal Server Error'.
>
> I generated a user admin with password secrete, and used curl to 
> produce the token successfully. When I ran " swift -A 
> http://127.0.0.1:5000/v1.0 -U admin -K secrete stat -v", but got "Auth 
> GET failed; http:127.0.0.1:5000/v1.0 <http://127.0.0.1:5000/v1.0> 500 
> Internal Server Error".
> the api.log showed that the publicURL error. So, could you please help 
> me with this problem. I guess there are something wrong with adding 
> endpoints. But I don't know what's the exact cause.
>
> tail of the /var/log/keystone/api.log:
> 2012-01-16 22:53:17  WARNING [eventlet.wsgi.server] 127.0.0.1 - - 
> [16/Jan/2012 22:53:17] "GET /v1.0 HTTP/1.1" 500 747 0.030160
> 2012-01-16 22:53:25  WARNING [eventlet.wsgi.server] Traceback (most 
> recent call last):
>   File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, 
> in handle_one_response
>     result = self.application(self.environ, start_response)
>   File "/home/chang/keystone/keystone/frontends/normalizer.py", line 
> 107, in __call__
>     return self.app(env, start_response)
>   File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py", 
> line 77, in __call__
>     json.loads(response.body))
>   File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py", 
> line 102, in __transform_headers
>     service_urls += endpoint["publicURL"]
> KeyError: 'publicURL'
> 2012-01-16 22:53:25  WARNING [eventlet.wsgi.server] 127.0.0.1 - - 
> [16/Jan/2012 22:53:25] "GET /v1.0 HTTP/1.1" 500 747 0.030664
> 2012-01-16 22:53:41  WARNING [eventlet.wsgi.server] Traceback (most 
> recent call last):
>   File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, 
> in handle_one_response
>     result = self.application(self.environ, start_response)
>   File "/home/chang/keystone/keystone/frontends/normalizer.py", line 
> 107, in __call__
>     return self.app(env, start_response)
>   File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py", 
> line 77, in __call__
>     json.loads(response.body))
>   File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py", 
> line 102, in __transform_headers
>     service_urls += endpoint["publicURL"]
> KeyError: 'publicURL'
> 2012-01-16 22:53:41  WARNING [eventlet.wsgi.server] 127.0.0.1 - - 
> [16/Jan/2012 22:53:41] "GET /v1.0 HTTP/1.1" 500 747 0.034363
> 2012-01-16 22:53:49  WARNING [eventlet.wsgi.server] 127.0.0.1 - - 
> [16/Jan/2012 22:53:49] "GET /v1.0 HTTP/1
>
> My environments:
> Keystone v2012.1-dev
> swift 1.4.3-0ubuntu2
> host IP: 138.25.61.81
>
> part of swift-proxy.conf:
> bind_port = 8080 (not 8888)
>
> part of keystone.conf:
> service_host = 127.0.0.1
> serivce_port  = 5000
> admin_host = 127.0.0.1
> admin_port = 5001 (not 35357)
>
> data generate sh:
> #!/bin/bash
> rm -f /var/lib/keystone/keystone.db
> keystone-manage database sync
> chown keystone:nogroup /var/lib/keystone/keystone.db
>
> keystone-manage user add admin secrete
> keystone-manage role add Admin
> keystone-manage role add KeystoneServiceAdmin
> keystone-manage role grant Admin admin
> keystone-manage role grant KeystoneServiceAdmin admin
>
> keystone-manage service add nova compute "Nova-Compute-Service"
> keystone-manage service add glance "glance Glance-Image-Service"
> keystone-manage service add swift storage "Swift-Ojbect-Storage-Service"
> keystone-manage service add keystone identity "Keystone-Identity-Service"
>
> keystone-manage endpointTemplates add RegionOne nova 
> http://138.25.61.81:8774/v1.1/%tenant_id% 
> http://127.0.0.1:8774/v1.1/%tenant_id% 
> http://138.25.61.81:8774/v1.1/%tenant_id% 1 1
> keystone-manage endpointTemplates add RegionOne glance 
> http://138.25.61.81:9292/v1 http://127.0.0.1:9292/v1 
> http://138.25.61.81:9292/v1 1 1
> keystone-manage endpointTemplates add RegionOne swift 
> http://138.25.61.81:8080/v1/AUTH_%tenant_id% 
> http://127.0.0.1:8080/v1.0/ 
> http://138.25.61.81:8080/v1/AUTH_%tenant_id% 1 1
> keystone-manage endpointTemplates add RegionOne keystone 
> http://138.25.61.81:5000/v2.0 http://127.0.0.1:5001/v2.0 
> http://138.25.61.81:5000/v2.0 1 1
>
> keystone-manage tenant add admin-tenant
> keystone-manage role grant Admin admin admin-tenant
>
> keystone-manage token add 999888777666 admin admin-tenant 2015-02-05T00:00
>
> keystone-manage tenant add demo-tenant
> keystone-manage user add demo secrete
> keystone-manage role add Member
> keystone-manage role grant Member demo demo-tenant
> keystone-manage role grant Admin admin demo-tenant
>
> keystone-manage credentials add admin EC2 admin-key secretepassword
> keystone-manage credentials add admin EC2 demo-key secretepassword
>
> keystone-manage endpoint add admin-tenant 1
> keystone-manage endpoint add admin-tenant 2
> keystone-manage endpoint add admin-tenant 3
> keystone-manage endpoint add admin-tenant 4
>
> keystone-manage endpoint add demo-tenant 1
> keystone-manage endpoint add demo-tenant 2
> keystone-manage endpoint add demo-tenant 3
> keystone-manage endpoint add demo-tenant 4
>
>
>
>
> On 16 January 2012 00:00, Alessio Ababilov <aababilov at griddynamics.com 
> <mailto:aababilov at griddynamics.com>> wrote:
>
>     Hi!
>
>     You are using sqlite and I guess that you have run ./sampledata as
>     root. So, the database file is owned by root and cannot be
>     writable by `keystone` user.
>
>     Please change it ownership (run as root in the directory where you
>     have your keystone.db):
>
>     chown keystone keystone.db
>
>
>
>     On 01/14/2012 01:51 PM, Xuyun Zhang wrote:
>>     I set the database by running ./sampledata
>>
>>     Then I tried to use curl to get tokens, the command is:
>>
>>     $ curl -d '{"auth":{"passwordCredentials":{"username": "admin",
>>     "password": "secrete"}}}' -H "Content-type: application/json"
>>     http://localhost:35357/v2.0/tokens
>>
>>     The result is :
>>     $ {"IdentityFault": {"message": "Unhandled error", "code": "500",
>>     "details": "(OperationalError) attempt to write a readonly
>>     database u'INSERT INTO tokens (id, user_id, tenant_id, expires)
>>     VALUES (?, ?, ?, ?)' ('ce9cc482-7ab5-4785-9152-3cab95e12833', 1,
>>     None, '2012-01-15 22 <tel:2012-01-15%2022>:41:14.794615')"}}
>>
>>     it seemed that the token had been generated yet can't be written
>>     to the database.
>>
>>     my environment:
>>     swift version: 1.4.3-0ubuntu2 (installed by apt-get install command)
>>     keystone version: keystone 2012.1-dev (installation directory:
>>     /home/chang/keystone)
>>
>>     Any helpful information is highly appreciated!
>>
>>     Regards,
>>     Sean
>>
>>
>>
>>     _______________________________________________
>>     Mailing list:https://launchpad.net/~openstack  <https://launchpad.net/%7Eopenstack>
>>     Post to     :openstack at lists.launchpad.net  <mailto:openstack at lists.launchpad.net>
>>     Unsubscribe :https://launchpad.net/~openstack  <https://launchpad.net/%7Eopenstack>
>>     More help   :https://help.launchpad.net/ListHelp
>
>
>     -- 
>     Alessio Ababilov
>     Software Engineer
>     Grid Dynamics
>
>


-- 
Alessio Ababilov
Software Engineer
Grid Dynamics

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120116/85771aa2/attachment.html>

More information about the Openstack mailing list