[Openstack] Horizon Keystone Endpoint Issue
Michaël Van de Borne
michael.vandeborne at cetic.be
Tue Feb 19 17:09:47 UTC 2013
I checked /etc/nova/api-paste.ini. Here's the relevant section in it:
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 192.168.203.103
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = openstack
signing_dir = /tmp/keystone-signing-nova
I played with the tenant name (admin, service), the port (35357, 5000)
and the user (nova, admin) and various combination of all those. I also
changed keystone by keystoneclient in the 'paste.filter_factory' line
(as I saw both in doc)
still no luck.
any clue?
Le 19/02/2013 17:40, Michaël Van de Borne a écrit :
> Same problem here. Running Grizzly. Dashboard keeps prompting me for
> my credentials. Pretty sure dashboard sends wrong tenant name to
> keystone. Here is the keystone.log entry:
> 2013-02-19 16:55:06 WARNING [keystone.common.wsgi] Authorization
> failed. The request you have made requires authentication. from
> 192.168.203.103
>
> here are the endpoints:
> grizzly at leonard:/etc/init.d$ keystone endpoint-list
> WARNING: Bypassing authentication using a token & endpoint
> (authentication credentials are being ignored).
> +----------------------------------+----------+---------------------------------------------------+---------------------------------------------------+----------------------------------------------+----------------------------------+
> | id | region |
> publicurl | internalurl |
> adminurl | service_id |
> +----------------------------------+----------+---------------------------------------------------+---------------------------------------------------+----------------------------------------------+----------------------------------+
> | 0f9dbbb5ac764e0794464abcb46047a2 | myregion |
> http://192.168.203.103:9292 | http://192.168.203.103:9292 |
> http://192.168.203.103:9292 | 0ad102dc14eb4866af351358e372cb23 |
> | 1c45042b6bb64fd7b6f56d7348e86103 | myregion |
> http://192.168.202.103:5000/v2.0 | http://192.168.203.103:5000/v2.0 |
> http://192.168.203.103:35357/v2.0 | 37059fcb24d345f293d4add7202504bb |
> | 61c1c0305ffa4254b8271a2045489d9a | myregion |
> http://192.168.202.103:8774/v2/%(tenant_id)s |
> http://192.168.203.103:8774/v2/%(tenant_id)s |
> http://192.168.203.103:8774/v2/%(tenant_id)s |
> 99f1d14e769046099e85d010ed4c29da |
> | 9248f20cf38b4dbaa3f85abc1ee1f94d | myregion |
> http://192.168.202.103:8773/services/Cloud |
> http://192.168.203.103:8773/services/Cloud |
> http://192.168.203.103:8773/services/Admin |
> c22a33b56e67445a9550643a276a2f87 |
> | bdb68ba018c34cad95acb24f3ad92645 | myregion |
> http://192.168.202.103:9696/v2 | http://192.168.203.103:9696/v2 |
> http://192.168.203.103:9696/v2 | d21a72e559934837901574dfb3bc6a6c |
> | beaf4c028cc24068a2068ea16489eb94 | myregion |
> http://192.168.202.103:8080/v1/AUTH_%(tenant_id)s |
> http://192.168.203.103:8080/v1/AUTH_%(tenant_id)s |
> http://192.168.203.103:8080/v1 | 7fc69365d1b64eb58e7ac6fcf8369ff2 |
> | c4f3ea0477ac428b958f5bcee2fb14e1 | myregion |
> http://192.168.202.103:8776/v1/%(tenant_id)s |
> http://192.168.203.103:8776/v1/%(tenant_id)s |
> 192.168.203.103:8776/v1/%(tenant_id)s |
> 19b1f3c4fa5843a295e538aab1f4cd40 |
> | fe82e5a1b6344c5784eb89be0d04b10b | myregion |
> http://192.168.202.103:8776/v1/%(tenant_id)s |
> http://192.168.203.103:8776/v1/%(tenant_id)s |
> http://192.168.203.103:8776/v1/%(tenant_id)s |
> ef7714abcdc04c06aa9f1ef2bdc29a3a |
> +----------------------------------+----------+---------------------------------------------------+---------------------------------------------------+----------------------------------------------+----------------------------------+
>
>
> (by the way, I cannot get rid of the WARNING, but that's not the point
> here)
>
> Here's the relevant section in /etc/openstack-dashboard/local-settings.py:
> OPENSTACK_HOST = "192.168.202.103"
> OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
> #OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
> OPENSTACK_KEYSTONE_DEFAULT_ROLE = "admin"
>
> I tried switching from Member to admin role, but still no luck.
>
> Nova seems properly configured:
> grizzly at leonard:~$ nova list
>
> grizzly at leonard:~$ echo $?
> 0
>
> Any idea how to make horizon and keystone talking together?
>
>
>
> michaël
>
>
>
>
> Le 13/02/2013 16:13, Razique Mahroua a écrit :
>> Is the dash configured to talk with the Keystone backend?
>> can you run something like $ keystone endoint-list
>> thanks
>>
>> *Razique Mahroua** - **Nuage & Co*
>> razique.mahroua at gmail.com <mailto:razique.mahroua at gmail.com>
>> Tel : +33 9 72 37 94 15
>>
>>
>> Le 12 févr. 2013 à 16:54, Logan McNaughton <logan at bacoosta.com
>> <mailto:logan at bacoosta.com>> a écrit :
>>
>>> I've had this problem before, in my experience it's not a problem
>>> with keystone, it's a problem with nova (by the looks of the
>>> traceback). I believe it's a bug in Horizon because you'll find a
>>> lot of people with this issue if you Google it. I don't have an
>>> answer on how to fix it, other than don't fixate on the
>>> "EndpointNotFound", look to your nova configs for a solution.
>>>
>>>
>>> On Tue, Feb 12, 2013 at 5:03 AM, Trinath Somanchi
>>> <trinath.somanchi at gmail.com <mailto:trinath.somanchi at gmail.com>> wrote:
>>>
>>> Hi Stackers-
>>>
>>> I have successfully installed folsom in my test setup.
>>> But when I browse Horison, with admin/password as credentials, I
>>> get this error.
>>>
>>> [Tue Feb 12 10:03:16 2013] [error] unable to retrieve service
>>> catalog with token
>>> [Tue Feb 12 10:03:16 2013] [error] Traceback (most recent call
>>> last):
>>> [Tue Feb 12 10:03:16 2013] [error] File
>>> "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py", line
>>> 132, in _extract_service_catalog
>>> [Tue Feb 12 10:03:16 2013] [error] endpoint_type='adminURL')
>>> [Tue Feb 12 10:03:16 2013] [error] File
>>> "/usr/lib/python2.7/dist-packages/keystoneclient/service_catalog.py",
>>> line 62, in url_for
>>> [Tue Feb 12 10:03:16 2013] [error] raise
>>> exceptions.EndpointNotFound('Endpoint not found.')
>>> [Tue Feb 12 10:03:16 2013] [error] EndpointNotFound: Endpoint
>>> not found.
>>> [Tue Feb 12 10:03:17 2013] [error] \x1b[31;1mUnauthorized: n/a
>>> (HTTP 401)\x1b[0m
>>> [Tue Feb 12 10:03:17 2013] [error] Traceback (most recent call
>>> last):
>>> [Tue Feb 12 10:03:17 2013] [error] File
>>> "/usr/lib/python2.7/dist-packages/horizon/usage/base.py", line
>>> 93, in summarize
>>> [Tue Feb 12 10:03:17 2013] [error] self.usage_list =
>>> self.get_usage_list(start, end)
>>> [Tue Feb 12 10:03:17 2013] [error] File
>>> "/usr/lib/python2.7/dist-packages/horizon/usage/base.py", line
>>> 128, in get_usage_list
>>> [Tue Feb 12 10:03:17 2013] [error] return
>>> api.usage_list(self.request, start, end)
>>> [Tue Feb 12 10:03:17 2013] [error] File
>>> "/usr/lib/python2.7/dist-packages/horizon/api/nova.py", line
>>> 418, in usage_list
>>> [Tue Feb 12 10:03:17 2013] [error] return [Usage(u) for u in
>>> novaclient(request).usage.list(start, end, True)]
>>> [Tue Feb 12 10:03:17 2013] [error] File
>>> "/usr/lib/python2.7/dist-packages/novaclient/v1_1/usage.py",
>>> line 35, in list
>>> [Tue Feb 12 10:03:17 2013] [error] "tenant_usages")
>>> [Tue Feb 12 10:03:17 2013] [error] File
>>> "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 62,
>>> in _list
>>> [Tue Feb 12 10:03:17 2013] [error] _resp, body =
>>> self.api.client.get(url)
>>> [Tue Feb 12 10:03:17 2013] [error] File
>>> "/usr/lib/python2.7/dist-packages/novaclient/client.py", line
>>> 239, in get
>>> [Tue Feb 12 10:03:17 2013] [error] return self._cs_request(url,
>>> 'GET', **kwargs)
>>> [Tue Feb 12 10:03:17 2013] [error] File
>>> "/usr/lib/python2.7/dist-packages/novaclient/client.py", line
>>> 236, in _cs_request
>>> [Tue Feb 12 10:03:17 2013] [error] raise ex
>>> [Tue Feb 12 10:03:17 2013] [error] Unauthorized: n/a (HTTP 401)
>>>
>>> It says , I missed some End point Configuration.
>>>
>>> But then, I have configured it correctly.
>>>
>>> Can any one guide me resolving this issue.
>>>
>>> Thanks in advance.
>>>
>>> --
>>> Regards,
>>> ----------------------------------------------
>>> Trinath Somanchi,
>>> +91 9866 235 130
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> <https://launchpad.net/%7Eopenstack>
>>> Post to : openstack at lists.launchpad.net
>>> <mailto:openstack at lists.launchpad.net>
>>> Unsubscribe : https://launchpad.net/~openstack
>>> <https://launchpad.net/%7Eopenstack>
>>> More help : https://help.launchpad.net/ListHelp
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> <https://launchpad.net/%7Eopenstack>
>>> Post to : openstack at lists.launchpad.net
>>> <mailto:openstack at lists.launchpad.net>
>>> Unsubscribe : https://launchpad.net/~openstack
>>> <https://launchpad.net/%7Eopenstack>
>>> More help : https://help.launchpad.net/ListHelp
>>
>>
>>
>> _______________________________________________
>> Mailing list:https://launchpad.net/~openstack
>> Post to :openstack at lists.launchpad.net
>> Unsubscribe :https://launchpad.net/~openstack
>> More help :https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130219/8f3189c5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 10122 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130219/8f3189c5/attachment.jpe>
More information about the Openstack
mailing list