[Openstack] [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized

Angus Salkeld asalkeld at redhat.com
Tue May 28 01:21:13 UTC 2013


On 27/05/13 11:14 -0300, Bruno Oliveira wrote:
>Hello stackers,
>
>I'm having a really hard time setting up ceilometer-api so I thought
>if I could ask you guys for some enlightment.
>
>I can clearly see data being pulled in the screens that are running
>/ceilometer-collector, ./ceilometer-agent-compute ,./ceilometer-agent-central
>
>Even the screen running ceilometer-api-server starts with no problem.
>
>But I cannot reach the api at all via curl. Neither by using its
>actual port (8777)
>nor using the port set in the virtual host of apache. All I'm getting
>is auth error
>
>$ curl http://127.0.0.1:8777  OR  $ curl http://127.0.0.1:9090
>=============================================
><html>
> <head>
>  <title>401 Unauthorized</title>
> </head>
> <body>
>  <h1>401 Unauthorized</h1>
>  This server could not verify that you are authorized to access the
>document you requested. Either you supplied the wrong credentials
>(e.g., bad password), or your browser does not understand how to
>supply the credentials required.<br /><br />
>Authentication required
>=============================================

Right, Authentication is required by the client, but you are not
passing it any credentials.

I'd suggest using python-ceilometerclient to do the auth for you:
So use it like any other openstack client.

try something like this:

asalkeld at elf python-ceilometerclient (master)$ . ../devstack/openrc admin admin
asalkeld at elf python-ceilometerclient (master)$ ceilometer resource-list
+--------------------------------------+--------+---------+----------------------------------+
| Resource ID                          | Source | User ID | Project ID                       |
+--------------------------------------+--------+---------+----------------------------------+
| a8ce423c-c1a1-41e3-af7c-b38d92f5e36f |        | None    | 1076d9bd669d422bbd74e1e2f54d1510 |
+--------------------------------------+--------+---------+----------------------------------+
asalkeld at elf python-ceilometerclient (master)$ ceilometer meter-list
+--------------+-------+-------+--------------------------------------+---------+----------------------------------+
| Name         | Type  | Unit  | Resource ID                          | User ID | Project ID                       |
+--------------+-------+-------+--------------------------------------+---------+----------------------------------+
| image        | gauge | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None    | 1076d9bd669d422bbd74e1e2f54d1510 |
| image.size   | gauge | B     | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None    | 1076d9bd669d422bbd74e1e2f54d1510 |
| image.update | delta | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None    | 1076d9bd669d422bbd74e1e2f54d1510 |
| image.upload | delta | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None    | 1076d9bd669d422bbd74e1e2f54d1510 |
+--------------+-------+-------+--------------------------------------+---------+----------------------------------+
asalkeld at elf python-ceilometerclient (master)$ ceilometer sample-list -m image.update
+--------------------------------------+--------------+-------+--------+-------+----------------------------+
| Resource ID                          | Name         | Type  | Volume | Unit  | Timestamp                  |
+--------------------------------------+--------------+-------+--------+-------+----------------------------+
| a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | image.update | delta | 1.0    | image | 2013-05-28T01:14:40.238000 |
+--------------------------------------+--------------+-------+--------+-------+----------------------------+


Remember you can only see the samples/meter/resources that you own or all if you are admin.


-Angus

>
>
>On top of that, the only thing I had to do in a non-standard basis, was to
>setup ceilometer virtual host to answer request on port 9090 of apache
>instead of the default 80 (since horizon is bind to it).
>
>
>Here's a copy of my running ceilometer.conf
>=====================================
>/etc/ceilometer/ceilometer.conf
>=====================================
>[DEFAULT]
>os_username=ceilometer
>os_password=MYSECRET
>os_tenant_name=admin
>os_auth_url=http://localhost:5000/v2.0
>signing_dirname = /tmp/keystone-signing-ceilometer
>metering_api_port=8777
>auth_strategy=keystone
>nova_control_exchange=nova
>hypervisor_inspector=libvirt
>libvirt_type=kvm
>glance_control_exchange=glance
>quantum_control_exchange=quantum
>debug=true
>verbose=true
>(...)
>*logging writing parameters here*
>(...)
>log_dir=/var/log/ceilometer
>rpc_backend=ceilometer.openstack.common.rpc.impl_kombu
>rabbit_host=localhost
>rabbit_port=5672
>rabbit_userid=guest
>rabbit_password=ficrowstran02
>rabbit_retry_backoff=2
>rabbit_max_retries=0
>database_connection=mongodb://localhost:27017/ceilometer
>sql_connection_debug=0
>cinder_control_exchange=cinder
>enable_v1_api=true
>
>[rpc_notifier2]
>
>[matchmaker_redis]
>
>[publisher_meter]
>metering_secret=METERING_SECRET
>
>[keystone_authtoken]
>auth_host = localhost
>auth_port = 5000
>admin_user = ceilometer
>admin_password = MYSECRET
>admin_tenant_name = admin
>auth_uri = http://localhost:5000/v2.0/
>=====================================
>
>
>The "ceilometer" user pointed at "admin_user" under the
>"[keystone_authtoken]" section, as well as in "os_username" under the
>"[DEFAULT]" section,
>was created in keystone and it'sbind to the admin tenant.
>
>
>$ keystone tenant-get admin
>+-------------+----------------------------------+
>|   Property  |              Value               |
>+-------------+----------------------------------+
>| description |                                  |
>|   enabled   |               True               |
>|      id     | 670f5dd4070d44b6a8308277a236d1af |
>|     name    |              admin               |
>+-------------+----------------------------------+
>
>$ keystone user-get ceilometer
>+----------+----------------------------------+
>| Property |              Value               |
>+----------+----------------------------------+
>|  email   |      ceilometer at example.com      |
>| enabled  |               True               |
>|    id    | a98ec068f5f349439acef431e826d7ff |
>|   name   |            ceilometer            |
>| tenantId | 670f5dd4070d44b6a8308277a236d1af |
>+----------+----------------------------------+
>
>
>Finally, here's the ceilometer site running on apache. the user
>and group 'stackadmin' are valid users indeed in the machine
>
>$ id stackadmin
>
>uid=1000(stackadmin) gid=1000(stackadmin)
>groups=1000(stackadmin),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(libvirtd),113(lpadmin),114(sambashare
>
>
>=====================================
>/etc/apache2/sites-available/ceilometer
>=====================================
><VirtualHost *:9090>
>    WSGIDaemonProcess ceilometer user=stackadmin group=stackadmin threads=5
>    WSGIScriptAlias / /opt/stack/ceilometer/ceilometer/api/app.wsgi
>    SetEnv APACHE_RUN_USER stackadmin
>    SetEnv APACHE_RUN_GROUP stackadmin
>    WSGIProcessGroup ceilometer
>    ErrorLog /var/log/apache2/ceilometer_error.log
>    LogLevel warn
>    CustomLog /var/log/apache2/ceilometer_access.log combined
></VirtualHost>
>=====================================
>
>
>Despite of everything, I keep getting that "401 Unauthorized"
>auth error.
>
>Do you guys have any suggestions of what I can try to fix it ?
>
>Thank you all.
>
>--
>
>Bruno de Oliveira
>Developer, System Analyst
>
>_______________________________________________
>Mailing list: https://launchpad.net/~openstack
>Post to     : openstack at lists.launchpad.net
>Unsubscribe : https://launchpad.net/~openstack
>More help   : https://help.launchpad.net/ListHelp




More information about the Openstack mailing list