[Openstack] Horizon Keystone Endpoint Issue
Michaël Van de Borne
michael.vandeborne at cetic.be
Tue Feb 19 17:26:06 UTC 2013
Moreover (sorry for spamming), this command works fine:
root at leonard:/etc/init.d# keystone --os-username nova --os-password
openstack --os-tenant-name service --os-auth-url
http://192.168.203.103:5000/v2.0/ token-get
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| expires | 2013-02-20T17:19:25Z |
| id | 0eb9d38144604ced8e9fc5def623f9ca |
| tenant_id | a9f86bcd83e94fbdba61862bce42e717 |
| user_id | a933854b05e04921a78684368e89c47d |
+-----------+----------------------------------+
this works as well:
nova --os-username nova --os-password openstack --os-tenant-name service
--os-auth-url http://192.168.203.103:5000/v2.0/ list
So this makes me think that users, roles, services, tenants and
endpoints are configured properly in keystone. But I can be wrong...
Le 19/02/2013 18:09, Michaël Van de Borne a écrit :
> I checked /etc/nova/api-paste.ini. Here's the relevant section in it:
>
> [filter:authtoken]
> paste.filter_factory = keystone.middleware.auth_token:filter_factory
> auth_host = 192.168.203.103
> auth_port = 35357
> auth_protocol = http
> admin_tenant_name = service
> admin_user = nova
> admin_password = openstack
> signing_dir = /tmp/keystone-signing-nova
>
> I played with the tenant name (admin, service), the port (35357, 5000)
> and the user (nova, admin) and various combination of all those. I
> also changed keystone by keystoneclient in the 'paste.filter_factory'
> line (as I saw both in doc)
>
> still no luck.
>
> any clue?
>
>
>
>
>
> Le 19/02/2013 17:40, Michaël Van de Borne a écrit :
>> Same problem here. Running Grizzly. Dashboard keeps prompting me for
>> my credentials. Pretty sure dashboard sends wrong tenant name to
>> keystone. Here is the keystone.log entry:
>> 2013-02-19 16:55:06 WARNING [keystone.common.wsgi] Authorization
>> failed. The request you have made requires authentication. from
>> 192.168.203.103
>>
>> here are the endpoints:
>> grizzly at leonard:/etc/init.d$ keystone endpoint-list
>> WARNING: Bypassing authentication using a token & endpoint
>> (authentication credentials are being ignored).
>> +----------------------------------+----------+---------------------------------------------------+---------------------------------------------------+----------------------------------------------+----------------------------------+
>> | id | region |
>> publicurl | internalurl |
>> adminurl | service_id |
>> +----------------------------------+----------+---------------------------------------------------+---------------------------------------------------+----------------------------------------------+----------------------------------+
>> | 0f9dbbb5ac764e0794464abcb46047a2 | myregion |
>> http://192.168.203.103:9292 | http://192.168.203.103:9292 |
>> http://192.168.203.103:9292 | 0ad102dc14eb4866af351358e372cb23 |
>> | 1c45042b6bb64fd7b6f56d7348e86103 | myregion |
>> http://192.168.202.103:5000/v2.0 | http://192.168.203.103:5000/v2.0 |
>> http://192.168.203.103:35357/v2.0 | 37059fcb24d345f293d4add7202504bb |
>> | 61c1c0305ffa4254b8271a2045489d9a | myregion |
>> http://192.168.202.103:8774/v2/%(tenant_id)s |
>> http://192.168.203.103:8774/v2/%(tenant_id)s |
>> http://192.168.203.103:8774/v2/%(tenant_id)s |
>> 99f1d14e769046099e85d010ed4c29da |
>> | 9248f20cf38b4dbaa3f85abc1ee1f94d | myregion |
>> http://192.168.202.103:8773/services/Cloud |
>> http://192.168.203.103:8773/services/Cloud |
>> http://192.168.203.103:8773/services/Admin |
>> c22a33b56e67445a9550643a276a2f87 |
>> | bdb68ba018c34cad95acb24f3ad92645 | myregion |
>> http://192.168.202.103:9696/v2 | http://192.168.203.103:9696/v2 |
>> http://192.168.203.103:9696/v2 | d21a72e559934837901574dfb3bc6a6c |
>> | beaf4c028cc24068a2068ea16489eb94 | myregion |
>> http://192.168.202.103:8080/v1/AUTH_%(tenant_id)s |
>> http://192.168.203.103:8080/v1/AUTH_%(tenant_id)s |
>> http://192.168.203.103:8080/v1 | 7fc69365d1b64eb58e7ac6fcf8369ff2 |
>> | c4f3ea0477ac428b958f5bcee2fb14e1 | myregion |
>> http://192.168.202.103:8776/v1/%(tenant_id)s |
>> http://192.168.203.103:8776/v1/%(tenant_id)s |
>> 192.168.203.103:8776/v1/%(tenant_id)s |
>> 19b1f3c4fa5843a295e538aab1f4cd40 |
>> | fe82e5a1b6344c5784eb89be0d04b10b | myregion |
>> http://192.168.202.103:8776/v1/%(tenant_id)s |
>> http://192.168.203.103:8776/v1/%(tenant_id)s |
>> http://192.168.203.103:8776/v1/%(tenant_id)s |
>> ef7714abcdc04c06aa9f1ef2bdc29a3a |
>> +----------------------------------+----------+---------------------------------------------------+---------------------------------------------------+----------------------------------------------+----------------------------------+
>>
>>
>> (by the way, I cannot get rid of the WARNING, but that's not the
>> point here)
>>
>> Here's the relevant section in
>> /etc/openstack-dashboard/local-settings.py:
>> OPENSTACK_HOST = "192.168.202.103"
>> OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
>> #OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
>> OPENSTACK_KEYSTONE_DEFAULT_ROLE = "admin"
>>
>> I tried switching from Member to admin role, but still no luck.
>>
>> Nova seems properly configured:
>> grizzly at leonard:~$ nova list
>>
>> grizzly at leonard:~$ echo $?
>> 0
>>
>> Any idea how to make horizon and keystone talking together?
>>
>>
>>
>> michaël
>>
>>
>>
>>
>> Le 13/02/2013 16:13, Razique Mahroua a écrit :
>>> Is the dash configured to talk with the Keystone backend?
>>> can you run something like $ keystone endoint-list
>>> thanks
>>>
>>> *Razique Mahroua** - **Nuage & Co*
>>> razique.mahroua at gmail.com <mailto:razique.mahroua at gmail.com>
>>> Tel : +33 9 72 37 94 15
>>>
>>>
>>> Le 12 févr. 2013 à 16:54, Logan McNaughton <logan at bacoosta.com
>>> <mailto:logan at bacoosta.com>> a écrit :
>>>
>>>> I've had this problem before, in my experience it's not a problem
>>>> with keystone, it's a problem with nova (by the looks of the
>>>> traceback). I believe it's a bug in Horizon because you'll find a
>>>> lot of people with this issue if you Google it. I don't have an
>>>> answer on how to fix it, other than don't fixate on the
>>>> "EndpointNotFound", look to your nova configs for a solution.
>>>>
>>>>
>>>> On Tue, Feb 12, 2013 at 5:03 AM, Trinath Somanchi
>>>> <trinath.somanchi at gmail.com <mailto:trinath.somanchi at gmail.com>> wrote:
>>>>
>>>> Hi Stackers-
>>>>
>>>> I have successfully installed folsom in my test setup.
>>>> But when I browse Horison, with admin/password as credentials,
>>>> I get this error.
>>>>
>>>> [Tue Feb 12 10:03:16 2013] [error] unable to retrieve service
>>>> catalog with token
>>>> [Tue Feb 12 10:03:16 2013] [error] Traceback (most recent call
>>>> last):
>>>> [Tue Feb 12 10:03:16 2013] [error] File
>>>> "/usr/lib/python2.7/dist-packages/keystoneclient/v2_0/client.py",
>>>> line 132, in _extract_service_catalog
>>>> [Tue Feb 12 10:03:16 2013] [error] endpoint_type='adminURL')
>>>> [Tue Feb 12 10:03:16 2013] [error] File
>>>> "/usr/lib/python2.7/dist-packages/keystoneclient/service_catalog.py",
>>>> line 62, in url_for
>>>> [Tue Feb 12 10:03:16 2013] [error] raise
>>>> exceptions.EndpointNotFound('Endpoint not found.')
>>>> [Tue Feb 12 10:03:16 2013] [error] EndpointNotFound: Endpoint
>>>> not found.
>>>> [Tue Feb 12 10:03:17 2013] [error] \x1b[31;1mUnauthorized: n/a
>>>> (HTTP 401)\x1b[0m
>>>> [Tue Feb 12 10:03:17 2013] [error] Traceback (most recent call
>>>> last):
>>>> [Tue Feb 12 10:03:17 2013] [error] File
>>>> "/usr/lib/python2.7/dist-packages/horizon/usage/base.py", line
>>>> 93, in summarize
>>>> [Tue Feb 12 10:03:17 2013] [error] self.usage_list =
>>>> self.get_usage_list(start, end)
>>>> [Tue Feb 12 10:03:17 2013] [error] File
>>>> "/usr/lib/python2.7/dist-packages/horizon/usage/base.py", line
>>>> 128, in get_usage_list
>>>> [Tue Feb 12 10:03:17 2013] [error] return
>>>> api.usage_list(self.request, start, end)
>>>> [Tue Feb 12 10:03:17 2013] [error] File
>>>> "/usr/lib/python2.7/dist-packages/horizon/api/nova.py", line
>>>> 418, in usage_list
>>>> [Tue Feb 12 10:03:17 2013] [error] return [Usage(u) for u in
>>>> novaclient(request).usage.list(start, end, True)]
>>>> [Tue Feb 12 10:03:17 2013] [error] File
>>>> "/usr/lib/python2.7/dist-packages/novaclient/v1_1/usage.py",
>>>> line 35, in list
>>>> [Tue Feb 12 10:03:17 2013] [error] "tenant_usages")
>>>> [Tue Feb 12 10:03:17 2013] [error] File
>>>> "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 62,
>>>> in _list
>>>> [Tue Feb 12 10:03:17 2013] [error] _resp, body =
>>>> self.api.client.get(url)
>>>> [Tue Feb 12 10:03:17 2013] [error] File
>>>> "/usr/lib/python2.7/dist-packages/novaclient/client.py", line
>>>> 239, in get
>>>> [Tue Feb 12 10:03:17 2013] [error] return self._cs_request(url,
>>>> 'GET', **kwargs)
>>>> [Tue Feb 12 10:03:17 2013] [error] File
>>>> "/usr/lib/python2.7/dist-packages/novaclient/client.py", line
>>>> 236, in _cs_request
>>>> [Tue Feb 12 10:03:17 2013] [error] raise ex
>>>> [Tue Feb 12 10:03:17 2013] [error] Unauthorized: n/a (HTTP 401)
>>>>
>>>> It says , I missed some End point Configuration.
>>>>
>>>> But then, I have configured it correctly.
>>>>
>>>> Can any one guide me resolving this issue.
>>>>
>>>> Thanks in advance.
>>>>
>>>> --
>>>> Regards,
>>>> ----------------------------------------------
>>>> Trinath Somanchi,
>>>> +91 9866 235 130
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~openstack
>>>> <https://launchpad.net/%7Eopenstack>
>>>> Post to : openstack at lists.launchpad.net
>>>> <mailto:openstack at lists.launchpad.net>
>>>> Unsubscribe : https://launchpad.net/~openstack
>>>> <https://launchpad.net/%7Eopenstack>
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~openstack
>>>> <https://launchpad.net/%7Eopenstack>
>>>> Post to : openstack at lists.launchpad.net
>>>> <mailto:openstack at lists.launchpad.net>
>>>> Unsubscribe : https://launchpad.net/~openstack
>>>> <https://launchpad.net/%7Eopenstack>
>>>> More help : https://help.launchpad.net/ListHelp
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list:https://launchpad.net/~openstack
>>> Post to :openstack at lists.launchpad.net
>>> Unsubscribe :https://launchpad.net/~openstack
>>> More help :https://help.launchpad.net/ListHelp
>>
>>
>>
>> _______________________________________________
>> Mailing list:https://launchpad.net/~openstack
>> Post to :openstack at lists.launchpad.net
>> Unsubscribe :https://launchpad.net/~openstack
>> More help :https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130219/20551ad0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 10122 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130219/20551ad0/attachment.jpe>
More information about the Openstack
mailing list