[Openstack] Domain not found error
Eugen Block
eblock at nde.ag
Mon Apr 16 09:27:52 UTC 2018
Hi,
I found some differences between your bootstrap command and your
admin-rc credentials:
> export OS_AUTH_URL=http://20.20.20.7:35357/v3
> --bootstrap-admin-url http://20.20.20.8:5000/v3/
You use two different IPs for your controller node, this can't work.
Another thing is, you usually have to create one admin endpoint (port
35357) and a public endpoint (port 5000), you use the public port for
both endpoints. This could work, of course, although not recommended.
But then you have to change your admin-rc credentials respectively.
They should reflect the configuration you bootstrapped with
keystone-manage.
Change your admin-rc to point to the correct IP and the correct port,
then retry the domain list command after sourcing the credentials.
Zitat von Shyam Prasad N <nspmangalore at gmail.com>:
> Hi,
>
> Sorry for the late reply. Was out for a while.
>
> # openstack domain list
> The request you have made requires authentication. (HTTP 401) (Request-ID:
> req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4)
>
> # tail /var/log/keystone/keystone-manage.log
> #
>
> # keystone-manage bootstrap --bootstrap-password PASSWORD
> --bootstrap-admin-url http://20.20.20.8:5000/v3/ --bootstrap-internal-url
> http://20.20.20.8:5000/v3/ --bootstrap-public-url http://20.20.20.8:5000/v3/
> --bootstrap-region-id RegionOne
> 2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-]
> Deprecated: Use of the identity driver config to automatically configure
> the same assignment driver has been deprecated, in the "O" release, the
> assignment driver will need to be expicitly configured if different than
> the default (SQL).
> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default
> already exists, skipping creation.
> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already
> exists, skipping creation.
> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already
> exists, skipping creation.
> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists,
> skipping creation.
> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has
> admin on admin.
> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne
> exists, skipping creation.
> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin
> endpoint as already created
> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal
> endpoint as already created
> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public
> endpoint as already created
> # tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 18518
> WARNING keystone.assignment.core [-] Deprecated: Use of the identity driver
> config to automatically configure the same assignment driver has been
> deprecated, in the "O" release, the assignment driver will need to be
> expicitly configured if different than the default (SQL).
> 2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default
> already exists, skipping creation.
> 2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already
> exists, skipping creation.
> 2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already
> exists, skipping creation.
> 2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists,
> skipping creation.
> 2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has
> admin on admin.
> 2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne
> exists, skipping creation.
> 2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin
> endpoint as already created
> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal
> endpoint as already created
> 2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
> [req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public
> endpoint as already created
> #
>
>
> On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block <eblock at nde.ag> wrote:
>
>> Hi,
>>
>> the bug I reported is invalid because the keystone-bootstrap command is
>> supposed to create the default domain. Since we created our cloud in
>> Liberty release the default domain already existed in our environment.
>> Well, I guess we're back to square one. ;-)
>>
>> Can you paste the output of
>>
>> control:~ # openstack domain list
>>
>> If the keystone bootstrap command worked, it should at least show the
>> default domain. If it doesn't take a look into
>> /var/log/keystone/keystone-manage.log and check for errors. If this
>> doesn't reveal anything try running it again and check the logs again.
>>
>>
>> Zitat von Eugen Block <eblock at nde.ag>:
>>
>>
>> The missing command has been in Newton, Ocata and Pike release. They fixed
>>> it in Queens again.
>>>
>>> I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297
>>>
>>> Regards
>>>
>>>
>>> Zitat von Shyam Prasad N <nspmangalore at gmail.com>:
>>>
>>> Thanks Eugen. It'll be great if you can do it. (I haven't yet gone through
>>>> the bug reporting documentation)
>>>> Please add me to the bug's CC list. That way if some info is needed from
>>>> me, I can provide it.
>>>>
>>>> Regards,
>>>> Shyam
>>>>
>>>> On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block <eblock at nde.ag> wrote:
>>>>
>>>> I believe there's something missing in Ocata and Pike docs. If you read
>>>>> Mitaka install guide [1] you'll find the first step to be creating the
>>>>> default domain before all other steps regarding projects and users.
>>>>>
>>>>> You should run
>>>>>
>>>>> openstack domain create --description "Default Domain" default
>>>>>
>>>>> and then the next steps should work, at least I hope so.
>>>>>
>>>>> Do you want to report this as a bug? I can also report it, I have
>>>>> already
>>>>> filed several reports.
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>> [1] https://docs.openstack.org/mitaka/install-guide-obs/keystone
>>>>> -users.html
>>>>>
>>>>>
>>>>>
>>>>> Zitat von Shyam Prasad N <nspmangalore at gmail.com>:
>>>>>
>>>>> Hi,
>>>>>
>>>>>>
>>>>>> Please read my replies inline below...
>>>>>>
>>>>>> On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block <eblock at nde.ag> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>>
>>>>>>> can you paste the credentials you're using?
>>>>>>>
>>>>>>> # cat admin-rc
>>>>>>>
>>>>>> export OS_USERNAME=admin
>>>>>> export OS_PASSWORD=abcdef
>>>>>> export OS_PROJECT_NAME=admin
>>>>>> export OS_USER_DOMAIN_NAME=Default
>>>>>> export OS_PROJECT_DOMAIN_NAME=Default
>>>>>> export OS_AUTH_URL=http://20.20.20.7:35357/v3
>>>>>> export OS_IDENTITY_API_VERSION=3
>>>>>>
>>>>>> The config values (e.g. domain) are case sensitive, the ID of the
>>>>>> default
>>>>>>
>>>>>> domain is usually "domain", its name is "Default". But if you're
>>>>>>> sourcing
>>>>>>> the credentials with ID "Default" this would go wrong, although I'm
>>>>>>> not
>>>>>>> sure if this would be the expected error message.
>>>>>>>
>>>>>>> Just a couple of weeks ago there was someone on ask.openstack.org who
>>>>>>> ignored case-sensitive options and failed to operate his cloud.
>>>>>>>
>>>>>>> Did the keystone-manage bootstrap command work?
>>>>>>>
>>>>>>> Yes. It did not throw any errors.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>> Zitat von Shyam Prasad N <nspmangalore at gmail.com>:
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>
>>>>>>>> I'm trying to install keystone for my swift cluster.
>>>>>>>> I followed this document for install and configuration:
>>>>>>>> https://docs.openstack.org/keystone/pike/install/
>>>>>>>>
>>>>>>>> However, I'm getting this error for a command:
>>>>>>>> # openstack user create --domain default --password-prompt swift
>>>>>>>> The request you have made requires authentication. (HTTP 401)
>>>>>>>> (Request-ID:
>>>>>>>> req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8)
>>>>>>>>
>>>>>>>> # tail /var/log/keystone/keystone.log
>>>>>>>> 2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi
>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET
>>>>>>>> http://20.20.20.7:35357/v3/
>>>>>>>> 2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server
>>>>>>>> [req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - -
>>>>>>>> [11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545
>>>>>>>> 2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi
>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST
>>>>>>>> http://20.20.20.7:35357/v3/auth/tokens
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find
>>>>>>>> domain:
>>>>>>>> Default
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> Traceback
>>>>>>>> (most recent call last):
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py",
>>>>>>>> line
>>>>>>>> 185,
>>>>>>>> in _lookup_domain
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> domain_name)
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line
>>>>>>>> 124,
>>>>>>>> in
>>>>>>>> wrapped
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> __ret_val
>>>>>>>> = __f(*args, **kwargs)
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line
>>>>>>>> 1053,
>>>>>>>> in
>>>>>>>> decorate
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> should_cache_fn)
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line
>>>>>>>> 657,
>>>>>>>> in
>>>>>>>> get_or_create
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> async_creator) as value:
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line
>>>>>>>> 158,
>>>>>>>> in
>>>>>>>> __enter__
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> return
>>>>>>>> self._enter()
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line
>>>>>>>> 98, in
>>>>>>>> _enter
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> generated
>>>>>>>> = self._enter_create(createdtime)
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line
>>>>>>>> 149,
>>>>>>>> in
>>>>>>>> _enter_create
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> created
>>>>>>>> =
>>>>>>>> self.creator()
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line
>>>>>>>> 625,
>>>>>>>> in
>>>>>>>> gen_value
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> created_value = creator()
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line
>>>>>>>> 1049,
>>>>>>>> in
>>>>>>>> creator
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> return
>>>>>>>> fn(*arg, **kw)
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
>>>>>>>> "/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line
>>>>>>>> 720,
>>>>>>>> in
>>>>>>>> get_domain_by_name
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> raise
>>>>>>>> exception.DomainNotFound(domain_id=domain_name)
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> DomainNotFound: Could not find domain: Default
>>>>>>>> 2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
>>>>>>>> 2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi
>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization
>>>>>>>> failed.
>>>>>>>> The request you have made requires authentication. from 20.20.20.7
>>>>>>>> 2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server
>>>>>>>> [req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - -
>>>>>>>> [11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425
>>>>>>>> 0.113822
>>>>>>>>
>>>>>>>> Can someone please tell me what's going on?
>>>>>>>> Thanks in advance for your replies.
>>>>>>>>
More information about the Openstack
mailing list