← Back to team overview

openstack team mailing list archive

Re: Keystone Curl can't get tokens by credentials

 

Hi Alessio,

Thank you for your help. Your answer solved the problem. I was really
confused by the different documents with different versions. It should be
v2.0.

But after this step, I met another problem, when I ran "swift -A
http://127.0.0.1:5000/v2.0 -U joeuser -K secrete stat -v", I got the
following error message:
Traceback (most recent call last):
  File "/usr/bin/swift", line 1853, in <module>
    error_queue)
  File "/usr/bin/swift", line 1363, in st_stat
    headers = conn.head_account()
  File "/usr/bin/swift", line 818, in head_account
    return self._retry(None, head_account)
  File "/usr/bin/swift", line 790, in _retry
    self.http_conn = self.http_connection()
File "/usr/bin/swift", line 778, in http_connection

    return http_connection(self.url)
  File "/usr/bin/swift", line 163, in http_connection
    parsed = urlparse(url)
  File "/usr/lib/python2.7/urlparse.py", line 135, in urlparse
    tuple = urlsplit(url, scheme, allow_fragments)
  File "/usr/lib/python2.7/urlparse.py", line 174, in urlsplit
    i = url.find(':')
AttributeError: 'NoneType' object has no attribute 'find'

I have found a answer online said "Keystone try to pick the tenant ID from
table "users" last variable which is tenant_id . if you did not specify it
, I think that keystone will return wrong URL for swift client . try to
associate a tenant for the user , and add an endpoint for the tenant to
swift endpoint templates." And this answer worked for the guy who had this
problem.

But this solution haven't worked for me. I have created a user named
"joeuser", its tenant is "customer-x". And I also have created the
endpointTemplates, and added endpoints (swift endpoint is one) with tenants
(customer-x). (All are done by running the sampledata provided by the
keystone).

The keystone api.log: WARNING [eventlet.wsgi.server] 127.0.0.1 --
[18/Jan/2012 14:05:30] "GET /v2.0 HTTP/1.1" 200 1364 0.000522. (It seemed
nothing was wrong)

I was totally confused when I fed the swift with wrong username and
password "swift -A http://127.0.0.1:5000/v2.0 -U asdf -K asdfasdf stat -v",
I got the same error message and the api.log showed the same log message.
So, it seemed that his problem may happen before authentication.

So, could you please help with this problem? That must be highly
appreciated. I have got stuck here for several days.

Other information: I used the tempauth for swift successfully and created
two containers and uploaded several files. So I think swift works well. And
the bug mentioned in the official documentation "note: you currently have
to create a container or upload something as your first action to have the
account created; there’s a Swift bug to be fixed soon" may NOT affect my
swift command. I also got error message when I tried "swift -A
http://127.0.0.1:5000/v2.0 -U asdf -K asdfasdf post myfiles" ("myfiles" is
a container I created before).

Thank you so much for you help.

Fine regards,

Sean.



On 17 January 2012 04:26, Alessio Ababilov <aababilov@xxxxxxxxxxxxxxxx>wrote:

>  Hi!
>
> Please!
>
> Why are you using v1.0 in this command:
>
>
> swift -A http://127.0.0.1:5000/v1.0 -U admin -K secrete stat -v
>
> Could you try:
>
> swift -A http://127.0.0.1:5000/v2.0 <http://127.0.0.1:5000/v1.0> -U admin
> -K secrete stat -v
>
>
>
> On 01/16/2012 02:22 PM, Xuyun Zhang wrote:
>
> Alessio,
>
> Your answer solved my problem. Thank you so much. But I met the '500
> Internal Server Error'.
>
> I generated a user admin with password secrete, and used curl to produce
> the token successfully. When I ran " swift -A http://127.0.0.1:5000/v1.0-U admin -K secrete stat -v", but got "Auth GET failed; http:
> 127.0.0.1:5000/v1.0 500 Internal Server Error".
> the api.log showed that the publicURL error. So, could you please help me
> with this problem. I guess there are something wrong with adding endpoints.
> But I don't know what's the exact cause.
>
> tail of the /var/log/keystone/api.log:
> 2012-01-16 22:53:17  WARNING [eventlet.wsgi.server] 127.0.0.1 - -
> [16/Jan/2012 22:53:17] "GET /v1.0 HTTP/1.1" 500 747 0.030160
> 2012-01-16 22:53:25  WARNING [eventlet.wsgi.server] Traceback (most
> recent call last):
>   File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
> handle_one_response
>     result = self.application(self.environ, start_response)
>   File "/home/chang/keystone/keystone/frontends/normalizer.py", line 107,
> in __call__
>     return self.app(env, start_response)
>   File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py",
> line 77, in __call__
>     json.loads(response.body))
>   File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py",
> line 102, in __transform_headers
>     service_urls += endpoint["publicURL"]
> KeyError: 'publicURL'
> 2012-01-16 22:53:25  WARNING [eventlet.wsgi.server] 127.0.0.1 - -
> [16/Jan/2012 22:53:25] "GET /v1.0 HTTP/1.1" 500 747 0.030664
> 2012-01-16 22:53:41  WARNING [eventlet.wsgi.server] Traceback (most
> recent call last):
>   File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
> handle_one_response
>     result = self.application(self.environ, start_response)
>   File "/home/chang/keystone/keystone/frontends/normalizer.py", line 107,
> in __call__
>     return self.app(env, start_response)
>   File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py",
> line 77, in __call__
>     json.loads(response.body))
>   File "/home/chang/keystone/keystone/frontends/legacy_token_auth.py",
> line 102, in __transform_headers
>     service_urls += endpoint["publicURL"]
> KeyError: 'publicURL'
> 2012-01-16 22:53:41  WARNING [eventlet.wsgi.server] 127.0.0.1 - -
> [16/Jan/2012 22:53:41] "GET /v1.0 HTTP/1.1" 500 747 0.034363
> 2012-01-16 22:53:49  WARNING [eventlet.wsgi.server] 127.0.0.1 - -
> [16/Jan/2012 22:53:49] "GET /v1.0 HTTP/1
>
> My environments:
> Keystone v2012.1-dev
> swift 1.4.3-0ubuntu2
> host IP: 138.25.61.81
>
> part of swift-proxy.conf:
> bind_port = 8080 (not 8888)
>
> part of keystone.conf:
> service_host = 127.0.0.1
> serivce_port  = 5000
> admin_host = 127.0.0.1
> admin_port = 5001 (not 35357)
>
> data generate sh:
> #!/bin/bash
> rm -f /var/lib/keystone/keystone.db
> keystone-manage database sync
> chown keystone:nogroup /var/lib/keystone/keystone.db
>
> keystone-manage user add admin secrete
> keystone-manage role add Admin
> keystone-manage role add KeystoneServiceAdmin
> keystone-manage role grant Admin admin
> keystone-manage role grant KeystoneServiceAdmin admin
>
> keystone-manage service add nova compute "Nova-Compute-Service"
> keystone-manage service add glance "glance Glance-Image-Service"
> keystone-manage service add swift storage "Swift-Ojbect-Storage-Service"
> keystone-manage service add keystone identity "Keystone-Identity-Service"
>
> keystone-manage endpointTemplates add RegionOne nova
> http://138.25.61.81:8774/v1.1/%tenant_id%
> http://127.0.0.1:8774/v1.1/%tenant_id%
> http://138.25.61.81:8774/v1.1/%tenant_id% 1 1
> keystone-manage endpointTemplates add RegionOne glance
> http://138.25.61.81:9292/v1 http://127.0.0.1:9292/v1
> http://138.25.61.81:9292/v1 1 1
> keystone-manage endpointTemplates add RegionOne swift
> http://138.25.61.81:8080/v1/AUTH_%tenant_id% http://127.0.0.1:8080/v1.0/
> http://138.25.61.81:8080/v1/AUTH_%tenant_id% 1 1
> keystone-manage endpointTemplates add RegionOne keystone
> http://138.25.61.81:5000/v2.0 http://127.0.0.1:5001/v2.0
> http://138.25.61.81:5000/v2.0 1 1
>
> keystone-manage tenant add admin-tenant
> keystone-manage role grant Admin admin admin-tenant
>
> keystone-manage token add 999888777666 admin admin-tenant 2015-02-05T00:00
>
> keystone-manage tenant add demo-tenant
> keystone-manage user add demo secrete
> keystone-manage role add Member
> keystone-manage role grant Member demo demo-tenant
> keystone-manage role grant Admin admin demo-tenant
>
> keystone-manage credentials add admin EC2 admin-key secretepassword
> keystone-manage credentials add admin EC2 demo-key secretepassword
>
> keystone-manage endpoint add admin-tenant 1
> keystone-manage endpoint add admin-tenant 2
> keystone-manage endpoint add admin-tenant 3
> keystone-manage endpoint add admin-tenant 4
>
> keystone-manage endpoint add demo-tenant 1
> keystone-manage endpoint add demo-tenant 2
> keystone-manage endpoint add demo-tenant 3
> keystone-manage endpoint add demo-tenant 4
>
>
>
>
>  On 16 January 2012 00:00, Alessio Ababilov <aababilov@xxxxxxxxxxxxxxxx>wrote:
>
>>  Hi!
>>
>> You are using sqlite and I guess that you have run ./sampledata as root.
>> So, the database file is owned by root and cannot be writable by `keystone`
>> user.
>>
>> Please change it ownership (run as root in the directory where you have
>> your keystone.db):
>>
>> chown keystone keystone.db
>>
>>
>>
>> On 01/14/2012 01:51 PM, Xuyun Zhang wrote:
>>
>>  I set the database by running ./sampledata
>>
>> Then I tried to use curl to get tokens, the command is:
>>
>> $ curl -d '{"auth":{"passwordCredentials":{"username": "admin",
>> "password": "secrete"}}}' -H "Content-type: application/json"
>> http://localhost:35357/v2.0/tokens
>>
>> The result is :
>> $ {"IdentityFault": {"message": "Unhandled error", "code": "500",
>> "details": "(OperationalError) attempt to write a readonly database
>> u'INSERT INTO tokens (id, user_id, tenant_id, expires) VALUES (?, ?, ?, ?)'
>> ('ce9cc482-7ab5-4785-9152-3cab95e12833', 1, None, '2012-01-15 22
>> :41:14.794615')"}}
>>
>> it seemed that the token had been generated yet can't be written to the
>> database.
>>
>> my environment:
>> swift version: 1.4.3-0ubuntu2 (installed by apt-get install command)
>> keystone version: keystone 2012.1-dev (installation directory:
>> /home/chang/keystone)
>>
>> Any helpful information is highly appreciated!
>>
>> Regards,
>> Sean
>>
>>
>>
>>   _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>>
>> --
>> Alessio Ababilov
>> Software Engineer
>> Grid Dynamics
>>
>>
>
>
> --
> Alessio Ababilov
> Software Engineer
> Grid Dynamics
>
>

Follow ups

References