← Back to team overview

openstack team mailing list archive

authentication help needed, added keystone to system


could anyone please explain to me what is the relation between zones
in nova-manage and region in keystone-manage? And help me to get the
auth back working.

I got my fedora host test system messed up after installing keystone.
Now I suspect region/zone could be the reason for authentication
failure. Should they be the same?

I got to this point by too much copy pasting the instructions without
fully understanding the details... :( The system worked before

# nova-manage host list
host                            zone
blade5    nova
blade6    nova
blade7    nova
blade8    nova

# keystone-manage  endpointTemplates list
All EndpointTemplates
service region  Public URL
nova    RegionOne
glance  RegionOne
swift   RegionOne
keystone        RegionOne
nova_compat     RegionOne

this works for admin:

$ curl -d '{"auth":{"passwordCredentials":{"username": "admin",
"password": "secret"}}}' -H "Content-type: application/json"
{"access": {"token": {"expires": "2015-02-05T00:00:00", "id":
"999888777666", "tenant": {"id": "2", "name": "admin"}},
"serviceCatalog": [{"endpoints": [{"adminURL":
"";, "region": "RegionOne", "internalURL":
"";, "publicURL":
""}], "type": "compute", "name":
"nova"}, {"endpoints": [{"adminURL": "";,
"region": "RegionOne", "internalURL": "";,
"publicURL": ""}], "type": "image",
"name": "glance"}, {"endpoints": [{"adminURL":
"";, "region": "RegionOne", "internalURL":
"";, "publicURL":
""}], "type": "storage", "name":
"swift"}, {"endpoints": [{"adminURL": "";,
"region": "RegionOne", "internalURL": "";,
"publicURL": ""}], "type": "identity",
"name": "keystone"}, {"endpoints": [{"adminURL":
"";, "region": "RegionOne", "internalURL":
"";, "publicURL":
""}], "type": "compute", "name":
"nova_compat"}], "user": {"id": "2", "roles": [{"id": "4", "name":
"Admin"}, {"id": "4", "name": "Admin"}, {"id": "4", "name": "Admin"},
{"id": "6", "name": "KeystoneServiceAdmin"}], "name": "admin"}}}

but as a user it always gives access error:

$ curl -d '{"auth":{"passwordCredentials":{"username": "demo",
"password": "guest"}}}' -H "Content-type: application/json"
  <title>401 Unauthorized</title>
  <h1>401 Unauthorized</h1>
  This server could not verify that you are authorized to access the
document you requested. Either you supplied the wrong credentials
(e.g., bad password), or your browser does not understand how to
supply the credentials required.<br /><br />
Authentication required


What possibly could cause this?

# tail  -1 /var/log/keystone/admin.log
2012-01-26 16:11:01  WARNING [eventlet.wsgi.server] - -
[26/Jan/2012 16:11:01] "POST /v2.0/tokens HTTP/1.1" 200 1519 0.084546


$ rpm -qa 'openstack*'