openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #06990
authentication help needed, added keystone to system
could anyone please explain to me what is the relation between zones
in nova-manage and region in keystone-manage? And help me to get the
auth back working.
I got my fedora host test system messed up after installing keystone.
Now I suspect region/zone could be the reason for authentication
failure. Should they be the same?
I got to this point by too much copy pasting the instructions without
fully understanding the details... :( The system worked before
keystone.
---------------------------
# nova-manage host list
host zone
blade5 nova
blade6 nova
blade7 nova
blade8 nova
---------------------------
---------------------------
# keystone-manage endpointTemplates list
All EndpointTemplates
service region Public URL
-------------------------------------------------------------------------------
nova RegionOne http://10.20.106.105:8774/v1.1/%tenant_id%
glance RegionOne http://10.20.106.105:9292/v1
swift RegionOne http://10.20.106.105:8080/v1/AUTH_%tenant_id%
keystone RegionOne http://10.20.106.105:5000/v2.0
nova_compat RegionOne http://10.20.106.105:8774/v1.0/
---------------------------
this works for admin:
---------------------------
$ curl -d '{"auth":{"passwordCredentials":{"username": "admin",
"password": "secret"}}}' -H "Content-type: application/json"
http://node1:35357/v2.0/tokens
{"access": {"token": {"expires": "2015-02-05T00:00:00", "id":
"999888777666", "tenant": {"id": "2", "name": "admin"}},
"serviceCatalog": [{"endpoints": [{"adminURL":
"http://10.0.0.1:8774/v1.1/2";, "region": "RegionOne", "internalURL":
"http://10.0.0.1:8774/v1.1/2";, "publicURL":
"http://10.20.106.105:8774/v1.1/2"}], "type": "compute", "name":
"nova"}, {"endpoints": [{"adminURL": "http://10.0.0.1:9292/v1";,
"region": "RegionOne", "internalURL": "http://10.0.0.1:9292/v1";,
"publicURL": "http://10.20.106.105:9292/v1"}], "type": "image",
"name": "glance"}, {"endpoints": [{"adminURL":
"http://10.0.0.1:8080/v1.0/";, "region": "RegionOne", "internalURL":
"http://10.0.0.1:8080/v1/AUTH_2";, "publicURL":
"http://10.20.106.105:8080/v1/AUTH_2"}], "type": "storage", "name":
"swift"}, {"endpoints": [{"adminURL": "http://10.0.0.1:35357/v2.0";,
"region": "RegionOne", "internalURL": "http://10.0.0.1:5000/v2.0";,
"publicURL": "http://10.20.106.105:5000/v2.0"}], "type": "identity",
"name": "keystone"}, {"endpoints": [{"adminURL":
"http://10.0.0.1:8774/v1.0";, "region": "RegionOne", "internalURL":
"http://10.0.0.1:8774/v1.0";, "publicURL":
"http://10.20.106.105:8774/v1.0/"}], "type": "compute", "name":
"nova_compat"}], "user": {"id": "2", "roles": [{"id": "4", "name":
"Admin"}, {"id": "4", "name": "Admin"}, {"id": "4", "name": "Admin"},
{"id": "6", "name": "KeystoneServiceAdmin"}], "name": "admin"}}}
---------------------------
but as a user it always gives access error:
---------------------------
$ curl -d '{"auth":{"passwordCredentials":{"username": "demo",
"password": "guest"}}}' -H "Content-type: application/json"
http://node1:8774/v1.1/tokens
<html>
<head>
<title>401 Unauthorized</title>
</head>
<body>
<h1>401 Unauthorized</h1>
This server could not verify that you are authorized to access the
document you requested. Either you supplied the wrong credentials
(e.g., bad password), or your browser does not understand how to
supply the credentials required.<br /><br />
Authentication required
</body>
</html>
---------------------------
What possibly could cause this?
---------------------------
# tail -1 /var/log/keystone/admin.log
2012-01-26 16:11:01 WARNING [eventlet.wsgi.server] 10.0.0.1 - -
[26/Jan/2012 16:11:01] "POST /v2.0/tokens HTTP/1.1" 200 1519 0.084546
---------------------------
versions:
$ rpm -qa 'openstack*'
openstack-nova-doc-2011.3-18.fc17.noarch
openstack-glance-doc-2011.3-2.fc16.noarch
openstack-glance-2011.3-2.fc16.noarch
openstack-swift-doc-1.4.4-1.fc17.noarch
openstack-nova-2011.3-18.fc17.noarch
openstack-keystone-2011.3.1-2.fc17.noarch
