← Back to team overview

openstack team mailing list archive

authentication help needed, added keystone to system

 

could anyone please explain to me what is the relation between zones
in nova-manage and region in keystone-manage? And help me to get the
auth back working.

I got my fedora host test system messed up after installing keystone.
Now I suspect region/zone could be the reason for authentication
failure. Should they be the same?

I got to this point by too much copy pasting the instructions without
fully understanding the details... :( The system worked before
keystone.


---------------------------
# nova-manage host list
host                            zone
blade5    nova
blade6    nova
blade7    nova
blade8    nova
---------------------------


---------------------------
# keystone-manage  endpointTemplates list
All EndpointTemplates
service region  Public URL
-------------------------------------------------------------------------------
nova    RegionOne       http://10.20.106.105:8774/v1.1/%tenant_id%
glance  RegionOne       http://10.20.106.105:9292/v1
swift   RegionOne       http://10.20.106.105:8080/v1/AUTH_%tenant_id%
keystone        RegionOne       http://10.20.106.105:5000/v2.0
nova_compat     RegionOne       http://10.20.106.105:8774/v1.0/
---------------------------

this works for admin:

---------------------------
$ curl -d '{"auth":{"passwordCredentials":{"username": "admin",
"password": "secret"}}}' -H "Content-type: application/json"
http://node1:35357/v2.0/tokens
{"access": {"token": {"expires": "2015-02-05T00:00:00", "id":
"999888777666", "tenant": {"id": "2", "name": "admin"}},
"serviceCatalog": [{"endpoints": [{"adminURL":
"http://10.0.0.1:8774/v1.1/2";, "region": "RegionOne", "internalURL":
"http://10.0.0.1:8774/v1.1/2";, "publicURL":
"http://10.20.106.105:8774/v1.1/2"}], "type": "compute", "name":
"nova"}, {"endpoints": [{"adminURL": "http://10.0.0.1:9292/v1";,
"region": "RegionOne", "internalURL": "http://10.0.0.1:9292/v1";,
"publicURL": "http://10.20.106.105:9292/v1"}], "type": "image",
"name": "glance"}, {"endpoints": [{"adminURL":
"http://10.0.0.1:8080/v1.0/";, "region": "RegionOne", "internalURL":
"http://10.0.0.1:8080/v1/AUTH_2";, "publicURL":
"http://10.20.106.105:8080/v1/AUTH_2"}], "type": "storage", "name":
"swift"}, {"endpoints": [{"adminURL": "http://10.0.0.1:35357/v2.0";,
"region": "RegionOne", "internalURL": "http://10.0.0.1:5000/v2.0";,
"publicURL": "http://10.20.106.105:5000/v2.0"}], "type": "identity",
"name": "keystone"}, {"endpoints": [{"adminURL":
"http://10.0.0.1:8774/v1.0";, "region": "RegionOne", "internalURL":
"http://10.0.0.1:8774/v1.0";, "publicURL":
"http://10.20.106.105:8774/v1.0/"}], "type": "compute", "name":
"nova_compat"}], "user": {"id": "2", "roles": [{"id": "4", "name":
"Admin"}, {"id": "4", "name": "Admin"}, {"id": "4", "name": "Admin"},
{"id": "6", "name": "KeystoneServiceAdmin"}], "name": "admin"}}}
---------------------------

but as a user it always gives access error:

---------------------------
$ curl -d '{"auth":{"passwordCredentials":{"username": "demo",
"password": "guest"}}}' -H "Content-type: application/json"
http://node1:8774/v1.1/tokens
<html>
 <head>
  <title>401 Unauthorized</title>
 </head>
 <body>
  <h1>401 Unauthorized</h1>
  This server could not verify that you are authorized to access the
document you requested. Either you supplied the wrong credentials
(e.g., bad password), or your browser does not understand how to
supply the credentials required.<br /><br />
Authentication required


 </body>
</html>
---------------------------

What possibly could cause this?

---------------------------
# tail  -1 /var/log/keystone/admin.log
2012-01-26 16:11:01  WARNING [eventlet.wsgi.server] 10.0.0.1 - -
[26/Jan/2012 16:11:01] "POST /v2.0/tokens HTTP/1.1" 200 1519 0.084546
---------------------------



versions:

$ rpm -qa 'openstack*'
openstack-nova-doc-2011.3-18.fc17.noarch
openstack-glance-doc-2011.3-2.fc16.noarch
openstack-glance-2011.3-2.fc16.noarch
openstack-swift-doc-1.4.4-1.fc17.noarch
openstack-nova-2011.3-18.fc17.noarch
openstack-keystone-2011.3.1-2.fc17.noarch