[Openstack] Verification of Keystone Installation fails

Ahmed Al-Mehdi ahmed at coraid.com
Wed Oct 31 21:34:15 UTC 2012 

Thank you very much for the explanation.  After some further tinkering with keystone.conf file, what you explained below is exactly what is happening.  Thank you again for bearing with my questions.

Regards,
Ahmed.


From: Dolph Mathews <dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>>
Date: Wednesday, October 31, 2012 2:16 PM
To: Joshua Harlow <harlowja at yahoo-inc.com<mailto:harlowja at yahoo-inc.com>>
Cc: Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>>, Joseph Heck <Joe.Heck at nebula.com<mailto:Joe.Heck at nebula.com>>, "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>
Subject: Re: [Openstack] Verification of Keystone Installation fails

There are basically two rules at work:

1) an existing token takes precedence over username+password credentials.
2) CLI options take precedence over configuration from the environment.

In Folsom, these options look like:

(existing token)
--os-token / OS_SERVICE_TOKEN
--os-endpoint / OS_SERVICE_ENDPOINT

(credentials)
--os-username / OS_USERNAME
--os-password / OS_PASSWORD
--os-tenant-name / OS_TENANT_NAME
--os-auth-url / OS_AUTH_URL

(there are also a few other options like region, api version, etc)

Rule 1 is universally applied before rule 2, which means the token + endpoint from the environment is taking precedence over username + password from the CLI. IMO, it's a bug that rule 2 isn't applied before rule 1.

-Dolph


On Wed, Oct 31, 2012 at 3:32 PM, Joshua Harlow <harlowja at yahoo-inc.com<mailto:harlowja at yahoo-inc.com>> wrote:
I think the overall issue is connected to https://bugs.launchpad.net/keystone/+bug/962600

Right? Seems like that is still happening :-(

From: Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>>
Date: Wednesday, October 31, 2012 1:15 PM
To: Dolph Mathews <dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>>
Cc: Joseph Heck <Joe.Heck at nebula.com<mailto:Joe.Heck at nebula.com>>, "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>

Subject: Re: [Openstack] Verification of Keystone Installation fails

Hi Dolph,

Awesome, that worked.  Thank you very much.  Just out of curiosity, what was the exact conflict?   Between which environment variable and option passed to the CLI?

Regards,
Ahmed.


From: Dolph Mathews <dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>>
Date: Wednesday, October 31, 2012 10:46 AM
To: Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>>
Cc: "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>, Joseph Heck <Joe.Heck at nebula.com<mailto:Joe.Heck at nebula.com>>
Subject: Re: [Openstack] Verification of Keystone Installation fails

I was able to reproduce by defining SERVICE_ENDPOINT and SERVICE_TOKEN in my own environment, which appear to be overriding the credentials provided on the CLI -- I don't think that's the intended behavior.

If you unset them, you should be able to verify the install.

If you skip verifying keystone and something is wrong with it, you'll likely find out pretty quick when another service calls keystone for the first time :)

-Dolph


On Wed, Oct 31, 2012 at 12:22 PM, Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>> wrote:
Hi Dolph,

Thank you very much for helping me on this issue.  Following is the environment variables related to openstack:

root at bodega:~# env | egrep "OS_|SERVICE_"
SERVICE_ENDPOINT=http://10.176.20.158:35357/v2.0/
SERVICE_TOKEN=012345SECRET99TOKEN012345
root at bodega:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:1e:67:06:1b:67
          inet addr:10.176.20.158  Bcast:10.176.255.255  Mask:255.255.0.0
          inet6 addr: fe80::21e:67ff:fe06:1b67/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12760203 errors:0 dropped:0 overruns:0 frame:0
          TX packets:203944 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1044985224 (1.0 GB)  TX bytes:22642912 (22.6 MB)
          Interrupt:16 Memory:b2000000-b2020000
root at bodega:~#

I am attaching keystone.conf file.

Would you happen to know if there is a high level document document on keystone (more than just a user guide, but a architectural/functional doc, but not a API doc).  Something similar to http://docs.openstack.org/trunk/openstack-identity/admin/os-identity-starter-guide-trunk.pdf but updated.

Does my current issue prohibit me from progressing forward with the next steps in the install document, setting up glance, nova, etc.?

Regards,
Ahmed.



From: Dolph Mathews <dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>>
Date: Wednesday, October 31, 2012 9:44 AM
To: Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>>
Cc: "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>
Subject: Re: [Openstack] Verification of Keystone Installation fails

The error you're seeing is actually client-side, so there won't be anything in keystone's logs. It indicates that you're not actually authenticating with keystone (and instead bypassing authentication using --token and --endpoint, for example) ... however, that's obviously not the case, as you're explicitly providing --os-username, etc.

Unfortunately, I'm not able to reproduce this issue. Can you share your OS_* environment variables? I suspect something there is unexpectedly overriding what you're providing on the CLI... which would be a legitimate bug.

Thanks,

-Dolph


On Wed, Oct 31, 2012 at 2:08 AM, Ahmed Al-Mehdi <ahmed at coraid.com<mailto:ahmed at coraid.com>> wrote:
Hello,

I followed the steps in the "OpenStack Install Deploy for Ubuntu" manual to install Keystone.  However, when I issue the commands in section "Verifying the Identity Service Installation" ( http://docs.openstack.org/trunk/openstack-compute/install/apt/content/verifying-identity-install.html ), I am getting the following error:

# keystone --os-username=admin --os-password=admin  --os-auth-url=http://10.176.20.158:35357/v2.0 token-get
'Client' object has no attribute 'service_catalog'

I don't see any additional info in keystone.log.  Can someone please help me.

Thank you,
Ahmed.


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121031/4390a814/attachment.html>

More information about the Openstack mailing list