openstack team mailing list archive

Thread
Date
Re: Keystone Curl can't get tokens by credentials

To: Alessio Ababilov <aababilov@xxxxxxxxxxxxxxxx>
From: Xuyun Zhang <xyzhanggz@xxxxxxxxx>
Date: Mon, 16 Jan 2012 23:22:17 +1100
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4F12CDD1.4070105@griddynamics.com>
Alessio,

Your answer solved my problem. Thank you so much. But I met the '500
Internal Server Error'.

I generated a user admin with password secrete, and used curl to produce
the token successfully. When I ran " swift -A http://127.0.0.1:5000/v1.0 -U
admin -K secrete stat -v", but got "Auth GET failed; http:
127.0.0.1:5000/v1.0 500 Internal Server Error".
the api.log showed that the publicURL error. So, could you please help me
with this problem. I guess there are something wrong with adding endpoints.
But I don't know what's the exact cause.

tail of the /var/log/keystone/api.log:
2012-01-16 22:53:17  WARNING [eventlet.wsgi.server] 127.0.0.1 - -
[16/Jan/2012 22:53:17] "GET /v1.0 HTTP/1.1" 500 747 0.030160
2012-01-16 22:53:25  WARNING [eventlet.wsgi.server] Traceback (most recent
call last):
  File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
handle_one_response
    result = self.application(self.environ, start_response)
  File "/home/chang/keystone/keystone/frontends/normalizer.py", line 107,
in __call__
    return self.app(env, start_response)
  File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py", line
77, in __call__
    json.loads(response.body))
  File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py", line
102, in __transform_headers
    service_urls += endpoint["publicURL"]
KeyError: 'publicURL'
2012-01-16 22:53:25  WARNING [eventlet.wsgi.server] 127.0.0.1 - -
[16/Jan/2012 22:53:25] "GET /v1.0 HTTP/1.1" 500 747 0.030664
2012-01-16 22:53:41  WARNING [eventlet.wsgi.server] Traceback (most recent
call last):
  File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
handle_one_response
    result = self.application(self.environ, start_response)
  File "/home/chang/keystone/keystone/frontends/normalizer.py", line 107,
in __call__
    return self.app(env, start_response)
  File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py", line
77, in __call__
    json.loads(response.body))
  File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py", line
102, in __transform_headers
    service_urls += endpoint["publicURL"]
KeyError: 'publicURL'
2012-01-16 22:53:41  WARNING [eventlet.wsgi.server] 127.0.0.1 - -
[16/Jan/2012 22:53:41] "GET /v1.0 HTTP/1.1" 500 747 0.034363
2012-01-16 22:53:49  WARNING [eventlet.wsgi.server] 127.0.0.1 - -
[16/Jan/2012 22:53:49] "GET /v1.0 HTTP/1

My environments:
Keystone v2012.1-dev
swift 1.4.3-0ubuntu2
host IP: 138.25.61.81

part of swift-proxy.conf:
bind_port = 8080 (not 8888)

part of keystone.conf:
service_host = 127.0.0.1
serivce_port  = 5000
admin_host = 127.0.0.1
admin_port = 5001 (not 35357)

data generate sh:
#!/bin/bash
rm -f /var/lib/keystone/keystone.db
keystone-manage database sync
chown keystone:nogroup /var/lib/keystone/keystone.db

keystone-manage user add admin secrete
keystone-manage role add Admin
keystone-manage role add KeystoneServiceAdmin
keystone-manage role grant Admin admin
keystone-manage role grant KeystoneServiceAdmin admin

keystone-manage service add nova compute "Nova-Compute-Service"
keystone-manage service add glance "glance Glance-Image-Service"
keystone-manage service add swift storage "Swift-Ojbect-Storage-Service"
keystone-manage service add keystone identity "Keystone-Identity-Service"

keystone-manage endpointTemplates add RegionOne nova
http://138.25.61.81:8774/v1.1/%tenant_id%
http://127.0.0.1:8774/v1.1/%tenant_id%
http://138.25.61.81:8774/v1.1/%tenant_id% 1 1
keystone-manage endpointTemplates add RegionOne glance
http://138.25.61.81:9292/v1 http://127.0.0.1:9292/v1
http://138.25.61.81:9292/v1 1 1
keystone-manage endpointTemplates add RegionOne swift
http://138.25.61.81:8080/v1/AUTH_%tenant_id% http://127.0.0.1:8080/v1.0/
http://138.25.61.81:8080/v1/AUTH_%tenant_id% 1 1
keystone-manage endpointTemplates add RegionOne keystone
http://138.25.61.81:5000/v2.0 http://127.0.0.1:5001/v2.0
http://138.25.61.81:5000/v2.0 1 1

keystone-manage tenant add admin-tenant
keystone-manage role grant Admin admin admin-tenant

keystone-manage token add 999888777666 admin admin-tenant 2015-02-05T00:00

keystone-manage tenant add demo-tenant
keystone-manage user add demo secrete
keystone-manage role add Member
keystone-manage role grant Member demo demo-tenant
keystone-manage role grant Admin admin demo-tenant

keystone-manage credentials add admin EC2 admin-key secretepassword
keystone-manage credentials add admin EC2 demo-key secretepassword

keystone-manage endpoint add admin-tenant 1
keystone-manage endpoint add admin-tenant 2
keystone-manage endpoint add admin-tenant 3
keystone-manage endpoint add admin-tenant 4

keystone-manage endpoint add demo-tenant 1
keystone-manage endpoint add demo-tenant 2
keystone-manage endpoint add demo-tenant 3
keystone-manage endpoint add demo-tenant 4




On 16 January 2012 00:00, Alessio Ababilov <aababilov@xxxxxxxxxxxxxxxx>wrote:

>  Hi!
>
> You are using sqlite and I guess that you have run ./sampledata as root.
> So, the database file is owned by root and cannot be writable by `keystone`
> user.
>
> Please change it ownership (run as root in the directory where you have
> your keystone.db):
>
> chown keystone keystone.db
>
>
>
> On 01/14/2012 01:51 PM, Xuyun Zhang wrote:
>
> I set the database by running ./sampledata
>
> Then I tried to use curl to get tokens, the command is:
>
> $ curl -d '{"auth":{"passwordCredentials":{"username": "admin",
> "password": "secrete"}}}' -H "Content-type: application/json"
> http://localhost:35357/v2.0/tokens
>
> The result is :
> $ {"IdentityFault": {"message": "Unhandled error", "code": "500",
> "details": "(OperationalError) attempt to write a readonly database
> u'INSERT INTO tokens (id, user_id, tenant_id, expires) VALUES (?, ?, ?, ?)'
> ('ce9cc482-7ab5-4785-9152-3cab95e12833', 1, None, '2012-01-15 22
> :41:14.794615')"}}
>
> it seemed that the token had been generated yet can't be written to the
> database.
>
> my environment:
> swift version: 1.4.3-0ubuntu2 (installed by apt-get install command)
> keystone version: keystone 2012.1-dev (installation directory:
> /home/chang/keystone)
>
> Any helpful information is highly appreciated!
>
> Regards,
> Sean
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>
>
> --
> Alessio Ababilov
> Software Engineer
> Grid Dynamics
>
>
Follow ups

Re: Keystone Curl can't get tokens by credentials
From: Alessio Ababilov, 2012-01-16
Using fake drivers for testing
From: Brebner, Gavin, 2012-01-16
References

Keystone Curl can't get tokens by credentials
From: Xuyun Zhang, 2012-01-14
Re: Keystone Curl can't get tokens by credentials
From: Alessio Ababilov, 2012-01-15