openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #07254
Re: Keystone installation with ManagedIT packages...
Hi Lille,
My packages (the Managed I.T ones) certainly do work, the config files
shipped with them are fairly stock config files from the git stable/diablo
branch, these generally are not setup for use with keystone of of the box.
I've got a bunch of scripts and sample config files on our GitHub
account[1], Maybe you can compare your config files to these?
If that doesn't work, can you place your config's (all of them!) up on
http://paste.openstack.org and send us the links? Also - Can you run
"SELECT * from `endpoint_templates`;" against
Here is:
A sample of what I get back from keystone:
http://paste.openstack.org/show/4665/
A sample of the glance index output http://paste.openstack.org/show/4666/
A sample result for the SQL query http://paste.openstack.org/show/4667/ (Note:
I have a webserver on port 80 that proxies traffic to the correct service
i.e. your ports will likely be different, but the path (the part AFTER the
port) should match)
Thanks,
Kiall
[1] https://github.com/managedit/openstack-setup
On Thu, Feb 2, 2012 at 10:12 PM, Lillie Ross-CDSR11 <
Ross.Lillie@xxxxxxxxxxxxxxxxxxxxx> wrote:
> Still having issues.
>
> I found a config bug in my Keystone.conf file in the filter pipeline for
> the d5_compat modules. However, when I fix the config to match the
> installation guide and restart keystone, I get an error message that the
> d5_compat module can't be found. My keystone installation is from the
> ManagedIT PPA. Is this a bug in the documentation? In the ManagedIT
> packages? The pipeline for the ManageIT package is configured as follows:
>
> [pipeline:admin]
> pipeline =
> urlrewritefilter
> admin_api
>
> [pipeline:keystone-legacy-auth]
> pipeline =
> urlrewritefilter
> legacy_auth
> RAX-KEY-extension
> service_api
>
> versus what is specified in the installation guide. Does this difference
> matter? What are the differences?
>
> Regards,
> Ross
>
>
> On Feb 1, 2012, at 10:31 AM, Lillie Ross-CDSR11 wrote:
>
> > Hi Jay,
> >
> > Yes, this confused me, however I get the same error using the token I
> generated and added (via the keystone-manage command). To wit:
> >
> > root@nova:~# keystone-manage token list
> > token user expiration tenant
> >
> -------------------------------------------------------------------------------
> > 10111213141516171819 1 2022-01-01 00:00:00 2
> > fa89fb9a-60d2-4921-b12d-6aee1c177823 1 2012-02-01 15:24:33 1
> > b06c5e4e-5e59-4293-aa54-ce6879f11371 2 2012-02-01 15:26:41 1
> >
> > where the first token is the long-lived one I supplied during
> installation. Running the glance command yields identical results:
> >
> > root@nova:~# glance -v -A 10111213141516171819 details
> > Failed to show details. Got error:
> > Internal Server error: Traceback (most recent call last):
> > File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
> handle_one_response
> > result = self.application(self.environ, start_response)
> > File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
> __call__
> > resp = self.call_func(req, *args, **self.kwargs)
> > File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
> call_func
> > return self.func(req, *args, **kwargs)
> > File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
> 113, in __call__
> > response = req.get_response(self.application)
> > File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in
> get_response
> > application, catch_exc_info=False)
> > File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in
> call_application
> > app_iter = application(self.environ, start_response)
> > File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
> __call__
> > resp = self.call_func(req, *args, **self.kwargs)
> > File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
> call_func
> > return self.func(req, *args, **kwargs)
> > File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
> 110, in __call__
> > response = self.process_request(req)
> > File "/usr/lib/python2.7/dist-packages/glance/common/context.py", line
> 104, in process_request
> > raise exception.NotAuthorized()
> > NotAuthorized: None
> >
> > Completed in 0.0031 sec.
> >
> > Interestingly (perhaps) I see nothing in the keystone.log file. In
> fact, I don't even see the keystone log file. Keystone opens to log files
> named 'admin.log' and 'keystone_legacy_auth.log'. Is this right? Also, if
> I run keystone interactively (keystone -v -d) then issue the glance
> command, I see nothing in the keystone window. This doesn't seem right to
> me, but I'm just getting started with keystone integration.
> >
> > Thanks in advance for any insight...
> >
> > Regards,
> > Ross
> >
> > On Jan 31, 2012, at 6:48 PM, Jay Pipes wrote:
> >
> >> On 01/31/2012 06:28 PM, Lillie Ross-CDSR11 wrote:
> >>> I'm reinstalling the various Openstack services from packages in the
> >>> ManagedIT PPA to pull in the latest Diablo bug fixes. I'm following the
> >>> latest directions in the newly release installation guide as I perform
> >>> these upgrades
> >>> (
> http://docs.openstack.org/diablo/openstack-compute/install/content/index.html
> ).
> >>>
> >>> However, I'm having trouble getting Glance to authenticate with
> >>> Keystone. All config files have been copied from the examples posted in
> >>> the installation guide (and modified accordingly for my admin token, IP
> >>> addresses, etc.). Regardless, I continually get the following error
> >>> message and stack dump when trying to verify the Glance/Keystone
> >>> integration:
> >>>
> >>> Step 1: Grab a token
> >>>
> >>> # curl -d '{"auth": {"tenantName": "default",
> >>> "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H
> >>> "Content-type: application/json" http://173.23.181.1:35357/v2.0/tokens|
> >>> python -mjson.tool
> >>>
> >>> ...
> >>> "token": {
> >>> "expires": "2012-02-01T15:24:33",
> >>> "id": "fa89fb9a-60d2-4921-b12d-6aee1c177823",
> >>> "tenant": {
> >>> "id": "1",
> >>> "name": "default"
> >>> }
> >>> }
> >>
> >> You're going to want to grab a long-lived token (sometimes called a
> service token) to use for the Glance API <-> Glance Registry connection.
> This service token should be used in the glance-registry.conf file.
> >>
> >> In glance-registry.conf, you'll see a section looking like this:
> >>
> >> [filter:authtoken]
> >> paste.filter_factory = keystone.middleware.auth_token:filter_factory
> >> service_protocol = http
> >> service_host = 127.0.0.1
> >> service_port = 5000
> >> auth_host = 127.0.0.1
> >> auth_port = 35357
> >> auth_protocol = http
> >> auth_uri = http://127.0.0.1:5000/
> >> admin_token = 999888777666
> >>
> >> Replace admin_token = 999888777666 with the relevant long-lived service
> token.
> >>
> >> Cheers!
> >> -jay
> >>
> >>
> >>> Step 2: Try a Glance command
> >>>
> >>> # glance details -A fa89fb9a-60d2-4921-b12d-6aee1c177823
> >>> Failed to show details. Got error:
> >>> Internal Server error: Traceback (most recent call last):
> >>> File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
> >>> handle_one_response
> >>> result = self.application(self.environ, start_response)
> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
> __call__
> >>> resp = self.call_func(req, *args, **self.kwargs)
> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
> call_func
> >>> return self.func(req, *args, **kwargs)
> >>> File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
> 113,
> >>> in __call__
> >>> response = req.get_response(self.application)
> >>> File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in
> >>> get_response
> >>> application, catch_exc_info=False)
> >>> File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in
> >>> call_application
> >>> app_iter = application(self.environ, start_response)
> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
> __call__
> >>> resp = self.call_func(req, *args, **self.kwargs)
> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
> call_func
> >>> return self.func(req, *args, **kwargs)
> >>> File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
> 110,
> >>> in __call__
> >>> response = self.process_request(req)
> >>> File "/usr/lib/python2.7/dist-packages/glance/common/context.py", line
> >>> 104, in process_request
> >>> raise exception.NotAuthorized()
> >>> NotAuthorized: None
> >>>
> >>> From the Glance api.log file we see the following (with the traceback
> >>> identical to above removed):
> >>>
> >>> 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation]
> >>> Processing request: GET /v1/images/detail Accept:
> >>> 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation]
> >>> Matched versioned URI. Version: 1.0
> >>> 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] Traceback (most
> recent
> >>> call last):
> >>> ? (traceback removed)
> >>> 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] 127.0.0.1 - -
> >>> [31/Jan/2012 17:14:30] "GET /v1/images/detail?limit=10 HTTP/1.1" 500
> >>> 1528 0.001163
> >>>
> >>> This is probably a config blunder on my part, but I've poured over the
> >>> config files numerous times. Regardless, I've attached the glance-api
> >>> and registry conf files.
> >>>
> >>> Any suggestions?
> >>>
> >>> Regards,
> >>> Ross
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Mailing list: https://launchpad.net/~openstack
> >>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> >>> Unsubscribe : https://launchpad.net/~openstack
> >>> More help : https://help.launchpad.net/ListHelp
> >>
> >> _______________________________________________
> >> Mailing list: https://launchpad.net/~openstack
> >> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> >> Unsubscribe : https://launchpad.net/~openstack
> >> More help : https://help.launchpad.net/ListHelp
> >>
> >>
> >>
> >
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
Follow ups
References