[Openstack] Enabling logging in keystone.
Tom Fifield
fifieldt at unimelb.edu.au
Wed Oct 3 00:18:09 UTC 2012
Hi,
Can you please lodge a documentation bug at :
https://bugs.launchpad.net/openstack-manuals/+filebug
Thanks!
Regards,
Tom
On 03/10/12 10:10, Ahmed Al-Mehdi wrote:
> Hello,
> I have gone through the document numerous times trying to configure
> keystone - mistyping keys, wrong key value, missing steps, etc (error
> prone). I was looking forward to using the script, as it would save a
> lot of typing/pain for a newcomer. However, if there are no plans to
> document the script (including adding a name / email to the Readme file
> to contact for issues in the script), test, and keep it updated (synced)
> with each new release of OpenStack(keystone), then I feel it is best to
> remove mention of it from the document.
> While at it, the document also mentions a bash script to configure
> keystone, which I have not tried. If the bash script suffers from the
> same issue, maybe worthconsidering removing it from the document also.
> The above are just my opinions.
> Regards,
> Ahmed.
> ------------------------------------------------------------------------
> *From:* Dolph Mathews [dolph.mathews at gmail.com]
> *Sent:* Tuesday, October 02, 2012 4:50 PM
> *To:* openstack at lists.launchpad.net
> *Cc:* heckj; Ahmed Al-Mehdi; Anne Gentle
> *Subject:* Re: [Openstack] Enabling logging in keystone.
>
> I find it odd that the document describes two approaches for configuring
> keystone -- one being a relatively undocumented, scripted approach not
> managed or distributed by OpenStack. Surely these two approaches will
> continue to evolve seperately and we'll experience more issues such as
> this one.
>
> Anyone have any objections to removing this "scripted configuration"
> section in favor of focusing on the existing "manual" approach?
>
> http://docs.openstack.org/trunk/openstack-compute/install/apt/content/setting-up-tenants-users-and-roles.html
>
> -Dolph
>
>
> On Tue, Oct 2, 2012 at 6:42 PM, Ahmed Al-Mehdi <ahmed at coraid.com
> <mailto:ahmed at coraid.com>> wrote:
>
> Hi Dolph,
> I am now getting the same output as the "curl" command, basically
> "Invalid Tenant". At this point
> root at ubuntu1 <mailto:root at ubuntu1>:~# keystone
> --os-username=adminUser--os-password=secretword--os-tenant-name=service
> --os-auth-url=http://10.0.
> 2.15:35357/v2.0token-get
>
> No handlers could be found for logger "keystoneclient.client"
> Invalid tenant (HTTP 401)
> Without the "os-tenant-name" parameter, I seem to get "good' response.
> root at ubuntu1 <mailto:root at ubuntu1>:~# keystone
> --os-username=adminUser--os-password=secretword--os-auth-url=http://10.0.2.15:35357/v2.0
> token-get
> No handlers could be found for logger "keystoneclient.v2_0.client"
> +----------+----------------------------------+
> | Property | Value |
> +----------+----------------------------------+
> | expires | 2012-10-03T23:31:17Z|
> | id | 31078072aae94f5aab5c8e46ff5f6373|
> | user_id| 3e674f7f64ba452cb20781b8d5e26b7f|
> +----------+----------------------------------+
> At this point, I feel like I am running into issues with/in the
> python / PyYAMLscript (https://github.com/nimbis/keystone-init.git)
> which must not be populating info into keystone "accurately" and
> most probably not equivalent to manual steps mentioned in "Deployand
> Install OpenStack- Red Hat Ubuntu". I will look into the script.
> Regards,
> Ahmed.
> ------------------------------------------------------------------------
> *From:* Dolph Mathews [dolph.mathews at gmail.com
> <mailto:dolph.mathews at gmail.com>]
> *Sent:* Tuesday, October 02, 2012 2:19 PM
>
> *To:* Ahmed Al-Mehdi
> *Cc:* heckj; openstack at lists.launchpad.net
> <mailto:openstack at lists.launchpad.net>
> *Subject:* Re: [Openstack] Enabling logging in keystone.
>
> No worries, that's what a second set of eyes is for!
>
> By specifying a token and endpoint, you're bypassing the
> authentication process that your curl command is performing.
>
> You can test authentication with the keystone client using:
>
> $ keystone --os-username=adminUser --os-password=secretword
> --os-tenant-name=adminTenant
> --os-authurl=http://10.0.2.15:35357/v2.0
> <http://10.0.2.15:35357/v2.0/tokens> token-get
>
> But as Anne pointed out, you don't have a tenant named
> "adminTenant". You'll also need to make sure you've granted a role
> to your user on the specified tenant for authorization to succeed.
> You can remove the tenant name argument from the token-get call to
> test authentication without authorization (therefore without
> requiring anything but a valid user in your keystone install).
>
> -Dolph
>
> On Tuesday, October 2, 2012, Ahmed Al-Mehdi wrote:
>
> Hi Dolph,
> Very sorry about that. With the correct token, calling keystone
> from the cliis working. However, the curl command is
> failing. Will this cause an issue down the line as I start to
> install glance and nova?
> #> keystone --token 012345SECRET99TOKEN012345--endpoint
> http://10.0.2.15:35357/v2.0 tenant-list
> +----------------------------------+---------------+---------+
> | id | name | enabled |
> +----------------------------------+---------------+---------+
> | 07a44f9d55694d638f41bc160c14b42e| openstackDemo| True |
> | 0e4cc20586ae42329db51e0c6f807731| service | True |
> +----------------------------------+---------------+---------+
> #> curl -d '{"auth": {"tenantName": "adminTenant",
> "passwordCredentials": {"username": "adminUser", "password":
> "secretword"}}}' -H "Content-type: application/json"
> http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool
> % Total % Received % Xferd Average Speed
> Time Time Time Current
> Dload Upload Total
> Spent Left Speed
> 100 231 0 116 100 115 2771 2747 --:--:-- --:--:--
> --:--:-- 3052
> {
> "error": {
> "code": 401,
> "message": "The request you have made requires
> authentication.",
> "title": "Not Authorized"
> }
> }
> Regards,
> Ahmed.
> ------------------------------------------------------------------------
> *From:* Dolph Mathews [dolph.mathews at gmail.com
> <https://exg5.exghost.com/owa/UrlBlockedError.aspx>]
> *Sent:* Tuesday, October 02, 2012 12:12 PM
> *To:* Ahmed Al-Mehdi
> *Cc:* heckj; openstack at lists.launchpad.net
> <https://exg5.exghost.com/owa/UrlBlockedError.aspx>
> *Subject:* Re: [Openstack] Enabling logging in keystone.
>
> You're missing a "5" on the admin_tokenyou've specified on the
> command line.
>
> 012345SECRET99TOKEN01234 (your CLIarg)
> 012345SECRET99TOKEN012345 (keystone.conf)
>
> -Dolph
>
>
> On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi<ahmed at coraid.com>
> wrote:
>
> Hi Joe,
>
> I have put the conf file (renamed to ahmed_keystone.conf)
> into gist.
>
> git://gist.github.com/3821846.git
> <http://gist.github.com/3821846.git>
>
> Please let me know if you have any issues accessing the file.
>
> Thank you very much for helping me out. I have a feeling
> the issue might be in the python script to populate
> keystone. When I previously input the data manually, I got
> keystone configured properly.
>
> Regards,
> Ahmed.
>
>
> ________________________________________
> From: heckj[heckj at mac.com]
> Sent: Tuesday, October 02, 2012 10:56 AM
> To: Ahmed Al-Mehdi
> Cc: openstack at lists.launchpad.net
> Subject: Re: [Openstack] Enabling logging in keystone.
>
> Ahmed - can you put your keystone.confinto a paste or gist
> and share it with me? I'd be happy to help you debug this.
>
> I'm assuming you're running keystone on the system with the
> IP address 10.0.2.15, correct?
>
> -joe
>
> On Oct 2, 2012, at 10:45 AM, Ahmed
> Al-Mehdi<ahmed at coraid.com> wrote:
>
> > Hi Joe,
> >
> > I noticed I did not put the port number in the URL, now I
> am getting a more meaningful error:
> >
> > #> keystone --token 012345SECRET99TOKEN01234--endpoint
> http://10.0.2.15:35357/v2.0 tenant-list
> > No handlers could be found for logger "keystoneclient.client"
> > Unable to authorize user
> >
> > Regards,
> > Ahmed.
> >
> > ________________________________________
> > From:
> openstack-bounces+ahmed=coraid.com at lists.launchpad.net[openstack-bounces+ahmed=coraid.com at lists.launchpad.net]
> On Behalf Of Ahmed Al-Mehdi[ahmed at coraid.com]
> > Sent: Tuesday, October 02, 2012 10:30 AM
> > To: heckj
> > Cc: openstack at lists.launchpad.net
> > Subject: Re: [Openstack] Enabling logging in keystone.
> >
> > Hi Joe,
> >
> > Unfortunately before I read your response I re-installed
> my Ubuntuserver. I repeated the same steps mentioned in
> the OpenStackdocument "Deploy and
> Install OpenStack- RedHatUbuntu" and also used the script
> mentioned in it
> (https://github.com/nimbis/keystone-init/blob/master/keystone-init.py) to populate keystone. I reboot the server prior to running your suggested command and now running into a different issue, which I feel maybe due to not starting some service. Btw, my host OS is Ubuntu12.04 (32 bit) running inVirtualBox.
> >
> > Currently I am getting the following error:
> >
> > #> keystone --token 012345SECRET99TOKEN01234--endpoint
> http://10.0.2.15/v2.0 tenant-lis
>
>
>
> --
>
> -Dolph
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
More information about the Openstack
mailing list