[Openstack] Icehouse multi-node - Centos7 - live migration failed because - neutron not authorised

Benoit ML ben42ml at gmail.com
Thu Jul 17 14:53:33 UTC 2014


Hello,

Evrything now works. I replace  ml2 by openvswitch for the core plugin.


##core_plugin =neutron.plugins.ml2.plugin.Ml2Plugin
core_plugin =openvswitch


Regards,




2014-07-17 11:14 GMT+02:00 Benoit ML <ben42ml at gmail.com>:

> Hello,
>
>
> I'm working on a multi-node setup of openstack Icehouse using centos7.
> I have :
>   - one controllor node with all server services thing stuff
>   - one network node with openvswitch agent, l3-agent, dhcp-agent
>   - two compute node with nova-compute and neutron-openvswitch
>   - one storage nfs node
>
> My network is configured to use vxlan.  I can create VM, tenant-network,
> external-network, routeur, assign floating-ip to VM, push ssh-key into VM,
> create volume from glance image, etc... Evrything is conected and
> reacheable. Pretty cool :)
>
> But when i try to migrate VM things go wrong ...  I have configured  nova,
> libvirtd and qemu to use migration through libvirt-tcp.
> I have create and exchanged ssh-key for nova user on all  node. I have
> verified userid and groupid of nova.
>
>  Well i have enable debug = True in keystone.conf
>
> And after a nova migrate <VM>, when i nova show <VM> :
>
> ==============================================================================
> | fault                                | {"message": "Remote error:
> Unauthorized {\"error\": {\"message\": \"User
> 0b45ccc267e04b59911e88381bb450c0 is unauthorized for tenant services\",
> \"code\": 401, \"title\": \"Unauthorized\"}} |
>
> ==============================================================================
>
> So well User with id 0b45ccc267e04b59911e88381bb450c0 is neutron :
>
> ==============================================================================
> keystone user-list
>   | 0b45ccc267e04b59911e88381bb450c0 | neutron |   True  |       |
>
> ==============================================================================
>
> And the role seems good :
>
> ==============================================================================
> keystone user-role-add --user=neutron --tenant=services --role=admin
>          Conflict occurred attempting to store role grant. User
> 0b45ccc267e04b59911e88381bb450c0 already has role
> 734c2fb6fb444792b5ede1fa1e17fb7e in tenant dea82f7937064b6da1c370280d8bfdad
> (HTTP 409)
>
>
> keystone user-role-list --user neutron --tenant services
>
> +----------------------------------+-------+----------------------------------+----------------------------------+
> |                id                |  name |
> user_id              |            tenant_id             |
>
> +----------------------------------+-------+----------------------------------+----------------------------------+
> | 734c2fb6fb444792b5ede1fa1e17fb7e | admin |
> 0b45ccc267e04b59911e88381bb450c0 | dea82f7937064b6da1c370280d8bfdad |
>
> +----------------------------------+-------+----------------------------------+----------------------------------+
>
> keystone tenant-list
> +----------------------------------+----------+---------+
> |                id                |   name   | enabled |
> +----------------------------------+----------+---------+
> | e250f7573010415da6f191e0b53faae5 |  admin   |   True  |
> | fa30c6bdd56e45dea48dfbe9c3ee8782 | exploit  |   True  |
> | dea82f7937064b6da1c370280d8bfdad | services |   True  |
> +----------------------------------+----------+---------+
>
> ==============================================================================
>
>
> Can you help me to resolve this plz ?  Point me to any direction plz ?
> Do you need all my configuration files ?
>
>
> Thank you in advance !
>
> Regards,
>
> --
> Benoit
>



-- 
--
Benoit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140717/927f158b/attachment.html>


More information about the Openstack mailing list