[Openstack] Enabling logging in keystone.

Ahmed Al-Mehdi ahmed at coraid.com
Tue Oct 2 22:48:16 UTC 2012


Hi Anne,

Thank you for pointing that out. I noticed the "adminTenant" string in the curl command, and it did bother me a bit, but I did not pursue it due to lack of experience with curl / Rest API / OpenStack but looking, I should have known better. Can this be addressed in the "Deploy and Install OpenStack - Red Hat Ubuntu" document, as I am sure others might be running into the same issue. Do I need to file a bug against documentation or email someone specifically.

After making the change in the curl command, I am now getting a different error message:

#> keystone --token 012345SECRET99TOKEN012345 --endpoint http://10.0.2.15:35357/v2.0 tenant-list
+----------------------------------+---------------+---------+
| id | name | enabled |
+----------------------------------+---------------+---------+
| 07a44f9d55694d638f41bc160c14b42e | openstackDemo | True |
| 0e4cc20586ae42329db51e0c6f807731 | service | True |
+----------------------------------+---------------+---------+

#> curl -d '{"auth": {"tenantName": "service", "passwordCredentials": {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   191    0    80  100   111    346    480 --:--:-- --:--:-- --:--:--   497
{
    "error": {
        "code": 401,
        "message": "Invalid tenant",
        "title": "Not Authorized"
    }
}

Thank you,
Ahmed.

________________________________
From: annegentle at justwriteclick.com [annegentle at justwriteclick.com] On Behalf Of Anne Gentle [anne at openstack.org]
Sent: Tuesday, October 02, 2012 1:26 PM
To: Ahmed Al-Mehdi
Cc: Dolph Mathews; openstack at lists.launchpad.net
Subject: Re: [Openstack] Enabling logging in keystone.

Hi Ahmed -

I believe you don't have a tenant named "adminTenant" - possibly try this?

curl -d '{"auth": {"tenantName": "service", "passwordCredentials": {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool

Also, you can run keystone with the --debug parameter to see the curl output like so:
keystone --debug --token
012345SECRET99TOKEN012345 --endpoint http://10.0.2.15:35357/v2.0 tenant-list

Generally, yes, you need to ensure keystone is working correctly before installing glance and nova (they require keystone), so you're correct to keep trying.

Anne

On Tue, Oct 2, 2012 at 3:09 PM, Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>> wrote:
Hi Dolph,

Very sorry about that.  With the correct token, calling keystone from the cli is working.    However, the curl command is failing.  Will this cause an issue down the line as I start to install glance and nova?


#> keystone --token 012345SECRET99TOKEN012345 --endpoint http://10.0.2.15:35357/v2.0 tenant-list
+----------------------------------+---------------+---------+
|                id                |      name     | enabled |
+----------------------------------+---------------+---------+
| 07a44f9d55694d638f41bc160c14b42e | openstackDemo |   True  |
| 0e4cc20586ae42329db51e0c6f807731 |    service    |   True  |
+----------------------------------+---------------+---------+
#> curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials": {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   231    0   116  100   115   2771   2747 --:--:-- --:--:-- --:--:--  3052

{
    "error": {
        "code": 401,
        "message": "The request you have made requires authentication.",
        "title": "Not Authorized"
    }
}

Regards,
Ahmed.


________________________________
From: Dolph Mathews [dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>]
Sent: Tuesday, October 02, 2012 12:12 PM
To: Ahmed Al-Mehdi
Cc: heckj; openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>

Subject: Re: [Openstack] Enabling logging in keystone.

You're missing a "5" on the admin_token you've specified on the command line.

012345SECRET99TOKEN01234 (your CLI arg)
012345SECRET99TOKEN012345 (keystone.conf)

-Dolph


On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>> wrote:
Hi Joe,

I have put the conf file (renamed to ahmed_keystone.conf)  into gist.

git://gist.github.com/3821846.git<http://gist.github.com/3821846.git>

Please let me know if you have any issues accessing the file.

Thank you very much for helping me out.  I have a feeling the issue might be in the python script to populate keystone. When I previously input the data manually, I got keystone configured properly.

Regards,
Ahmed.


________________________________________
From: heckj [heckj at mac.com<mailto:heckj at mac.com>]
Sent: Tuesday, October 02, 2012 10:56 AM
To: Ahmed Al-Mehdi
Cc: openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Subject: Re: [Openstack] Enabling logging in keystone.

Ahmed - can you put your keystone.conf into a paste or gist and share it with me? I'd be happy to help you debug this.

I'm assuming you're running keystone on the system with the IP address 10.0.2.15, correct?

-joe

On Oct 2, 2012, at 10:45 AM, Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>> wrote:

> Hi Joe,
>
> I noticed I did not put the port number in the URL, now I am getting a more meaningful error:
>
> #> keystone --token 012345SECRET99TOKEN01234 --endpoint http://10.0.2.15:35357/v2.0  tenant-list
> No handlers could be found for logger "keystoneclient.client"
> Unable to authorize user
>
> Regards,
> Ahmed.
>
> ________________________________________
> From: openstack-bounces+ahmed=coraid.com at lists.launchpad.net<mailto:coraid.com at lists.launchpad.net> [openstack-bounces+ahmed=coraid.com at lists.launchpad.net<mailto:coraid.com at lists.launchpad.net>] On Behalf Of Ahmed Al-Mehdi [ahmed at coraid.com<mailto:ahmed at coraid.com>]
> Sent: Tuesday, October 02, 2012 10:30 AM
> To: heckj
> Cc: openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
> Subject: Re: [Openstack] Enabling logging in keystone.
>
> Hi Joe,
>
> Unfortunately before I read your response I re-installed my Ubuntu server.  I repeated the same steps mentioned in the OpenStack document "Deploy and Install OpenStack - RedHat Ubuntu" and also used the script mentioned in it  (https://github.com/nimbis/keystone-init/blob/master/keystone-init.py) to populate keystone.  I reboot the server prior to running your suggested command and now running into a different issue, which I feel maybe due to not starting some service.  Btw, my host OS is Ubuntu 12.04 (32 bit) running inVirtualBox.
>
> Currently I am getting the following error:
>
> #> keystone --token 012345SECRET99TOKEN01234 --endpoint http://10.0.2.15/v2.0 tenant-list
> No handlers could be found for logger "keystoneclient.client"
> Unable to communicate with identity service: [Errno 111] Connection refused. (HTTP 400)
>
> How can I address the "logger" error.  I don't see any output sent to /var/log/keystone/keystone.log.
>
> I checked mysql and keystone is running:
>
> #> service keystone status
> keystone start/running, process 741
> #> ps aux | grep key
> keystone   741  0.0  0.0   3028  1184 ?        Ss   09:41   0:00 su -s /bin/sh -c exec keystone-all keystone
> keystone   760  0.1  1.0  30872 21696 ?        S    09:41   0:01 /usr/bin/python /usr/bin/keystone-all
> root      1726  0.0  0.0   4388   828 tty1     S+   09:56   0:00 grep --color=auto key
>
> Thank you,
> Ahmed.
>
>
> ________________________________________
> From: heckj [heckj at mac.com<mailto:heckj at mac.com>]
> Sent: Monday, October 01, 2012 5:47 PM
> To: Ahmed Al-Mehdi
> Cc: openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
> Subject: Re: [Openstack] Enabling logging in keystone.
>
> Can you invoke the keystone commands with --token and --endpoint? That's the same thing as what you're trying to do with curl, but using the CLI to do the hard work of making sure you get the header's all nailed down correctly.
>
> Some good ones to try are:
> (using your example "token" and "endpoint" from below - modify if they don't match your config)
>
>        keystone --token ahmedadmintoken --endpoint http://10.176.20.158:35357/v2.0 tenant-list
>        keystone --token ahmedadmintoken --endpoint http://10.176.20.158:35357/v2.0 user-list
>        keystone --token ahmedadmintoken --endpoint http://10.176.20.158:35357/v2.0 service-list
>        keystone --token ahmedadmintoken --endpoint http://10.176.20.158:35357/v2.0 role-list
>
> All of these should report back *without* errors, even if you haven't bootstrapped Keystone to include any services, tenants, users, or roles.
>
> You can also add "--debug" (as in keystone --debug --token ahmedadmintoken --endpoint http://10.176.20.158:35357/v2.0 user-list) to see the underlying HTTP protocol going back and forth and what's getting sent to Keystone.
>
> -joe
>
> On Oct 1, 2012, at 5:30 PM, Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>> wrote:
>> Actually, the curl command with the "X_Auth_Token" is my weak attempt to try to find a solution.  I am actually issuing the following command (per recommendation from the OpenStack document - "Install and Deploy Manual – Red Hat Ubuntu"):
>>
>> root at bodega:~# curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials": {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" -H "X_Auth_Token: ahmedadmintoken" http://10.176.20.158:35357/v2.0/tokens | python -mjson.tool
>>  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>>                                 Dload  Upload   Total   Spent    Left  Speed
>> 100   231    0   116  100   115  12927  12816 --:--:-- --:--:-- --:--:-- 14500
>> {
>>    "error": {
>>        "code": 401,
>>        "message": "The request you have made requires authentication.",
>>        "title": "Not Authorized"
>>    }
>> }
>>
>> Regards,
>> Ahmed.
>>
>>
>> From: heckj <heckj at mac.com<mailto:heckj at mac.com>>
>> Date: Monday, October 1, 2012 5:23 PM
>> To: Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>>
>> Cc: "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>
>> Subject: Re: [Openstack] Enabling logging in keystone.
>>
>> Ahmed -
>>
>> The header that's supposed to have the token within it is labelled "X-Auth-Token', not "X_Auth_Token".  Unless you're really comfortable with the protocol, I'd recommend using the keystone CLI from the python-keystoneclient to do your verifying, using it's debugging (which is to show you the curl output that you did below).
>>
>> -joe
>>
>> On Oct 1, 2012, at 5:12 PM, Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>> wrote:
>>> Hello,
>>>
>>> I am trying to verify the installation of keystone.  When I try to run some "curl" commands, I get the following error message:
>>>
>>> root at bodega:~/ahmed/keystone-init# curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials": {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" -H "X_Auth_Token: ahmedadmintoken" http://10.176.20.158:35357/v2.0/tokens | python -mjson.tool
>>>  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>>>                                 Dload  Upload   Total   Spent    Left  Speed
>>> 100   231    0   116  100   115  15205  15074 --:--:-- --:--:-- --:--:-- 16571
>>> {
>>>    "error": {
>>>        "code": 401,
>>>        "message": "The request you have made requires authentication.",
>>>        "title": "Not Authorized"
>>>    }
>>> }
>>>
>>>
>>> I don't see any message in the /var/log/keystone/logging.conf file.   I can pass "-debug" option to keystone to enable debugging, but I am not sure how to do that from curl.  Following is content of /etc/keystone/logging.conf file:
>>>
>>> root at bodega:~# cat /etc/keystone/logging.conf
>>> [loggers]
>>> keys=root
>>>
>>> [formatters]
>>> keys=normal,normal_with_name,debug
>>>
>>> [handlers]
>>> keys=production,file,devel
>>>
>>> [logger_root]
>>> level=WARNING
>>> handlers=file
>>>
>>> [handler_production]
>>> class=handlers.SysLogHandler
>>> level=ERROR
>>> formatter=normal_with_name
>>> args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
>>>
>>> [handler_file]
>>> class=FileHandler
>>> level=DEBUG
>>> formatter=normal_with_name
>>> args=('/var/log/keystone/keystone.log', 'a')
>>>
>>> [handler_devel]
>>> class=StreamHandler
>>> level=NOTSET
>>> formatter=debug
>>> args=(sys.stdout,)
>>>
>>> [formatter_normal]
>>> format=%(asctime)s %(levelname)s %(message)s
>>>
>>> [formatter_normal_with_name]
>>> format=(%(name)s): %(asctime)s %(levelname)s %(message)s
>>>
>>> [formatter_debug]
>>> format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s
>>> root at bodega:~#
>>>
>>> Any help would be greatly appreciated.
>>>
>>> Regards,
>>> Ahmed.
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121002/d9456bb8/attachment.html>


More information about the Openstack mailing list