← Back to team overview

openstack team mailing list archive

Re: Keystone installation with ManagedIT packages...

 

That should have read...

 ... Also - Can you run "SELECT * from `endpoint_templates`;" against the
keystone DB ...

Thanks,
Kiall


On Fri, Feb 3, 2012 at 12:15 AM, Kiall Mac Innes <kiall@xxxxxxxxxxxx> wrote:

> Hi Lille,
>
> My packages (the Managed I.T ones) certainly do work, the config files
> shipped with them are fairly stock config files from the git stable/diablo
> branch, these generally are not setup for use with keystone of of the box.
>
> I've got a bunch of scripts and sample config files on our GitHub
> account[1], Maybe you can compare your config files to these?
>
> If that doesn't work, can you place your config's (all of them!) up on
> http://paste.openstack.org and send us the links? Also - Can you run
> "SELECT * from `endpoint_templates`;" against
>
> Here is:
>
> A sample of what I get back from keystone:
> http://paste.openstack.org/show/4665/
> A sample of the glance index output http://paste.openstack.org/show/4666/
> A sample result for the SQL query http://paste.openstack.org/show/4667/ (Note:
> I have a webserver on port 80 that proxies traffic to the correct service
> i.e. your ports will likely be different, but the path (the part AFTER the
> port) should match)
>
> Thanks,
> Kiall
>
> [1] https://github.com/managedit/openstack-setup
>
>
>
> On Thu, Feb 2, 2012 at 10:12 PM, Lillie Ross-CDSR11 <
> Ross.Lillie@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
>> Still having issues.
>>
>> I found a config bug in my Keystone.conf file in the filter pipeline for
>> the d5_compat modules.  However, when I fix the config to match the
>> installation guide and restart keystone, I get an error message that the
>> d5_compat module can't be found.  My keystone installation is from the
>> ManagedIT PPA.  Is this a bug in the documentation?  In the ManagedIT
>> packages? The pipeline for the ManageIT package is configured as follows:
>>
>> [pipeline:admin]
>> pipeline =
>>    urlrewritefilter
>>    admin_api
>>
>> [pipeline:keystone-legacy-auth]
>> pipeline =
>>    urlrewritefilter
>>    legacy_auth
>>    RAX-KEY-extension
>>    service_api
>>
>> versus what is specified in the installation guide.  Does this difference
>> matter?  What are the differences?
>>
>> Regards,
>> Ross
>>
>>
>> On Feb 1, 2012, at 10:31 AM, Lillie Ross-CDSR11 wrote:
>>
>> > Hi Jay,
>> >
>> > Yes, this confused me, however I get the same error using the token I
>> generated and added (via the keystone-manage command).  To wit:
>> >
>> > root@nova:~# keystone-manage token list
>> > token user    expiration      tenant
>> >
>> -------------------------------------------------------------------------------
>> > 10111213141516171819  1       2022-01-01 00:00:00  2
>> > fa89fb9a-60d2-4921-b12d-6aee1c177823  1       2012-02-01 15:24:33  1
>> > b06c5e4e-5e59-4293-aa54-ce6879f11371  2       2012-02-01 15:26:41  1
>> >
>> > where the first token is the long-lived one I supplied during
>> installation.  Running the glance command yields identical results:
>> >
>> > root@nova:~# glance -v -A 10111213141516171819 details
>> > Failed to show details. Got error:
>> > Internal Server error: Traceback (most recent call last):
>> >  File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
>> handle_one_response
>> >    result = self.application(self.environ, start_response)
>> >  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
>> __call__
>> >    resp = self.call_func(req, *args, **self.kwargs)
>> >  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
>> call_func
>> >    return self.func(req, *args, **kwargs)
>> >  File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
>> 113, in __call__
>> >    response = req.get_response(self.application)
>> >  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053,
>> in get_response
>> >    application, catch_exc_info=False)
>> >  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022,
>> in call_application
>> >    app_iter = application(self.environ, start_response)
>> >  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
>> __call__
>> >    resp = self.call_func(req, *args, **self.kwargs)
>> >  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
>> call_func
>> >    return self.func(req, *args, **kwargs)
>> >  File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
>> 110, in __call__
>> >    response = self.process_request(req)
>> >  File "/usr/lib/python2.7/dist-packages/glance/common/context.py", line
>> 104, in process_request
>> >    raise exception.NotAuthorized()
>> > NotAuthorized: None
>> >
>> > Completed in 0.0031 sec.
>> >
>> > Interestingly (perhaps) I see nothing in the keystone.log file.  In
>> fact, I don't even see the keystone log file.  Keystone opens to log files
>> named 'admin.log' and 'keystone_legacy_auth.log'.  Is this right?  Also, if
>> I run keystone interactively (keystone -v -d) then issue the glance
>> command, I see nothing in the keystone window. This doesn't seem right to
>> me, but I'm just getting started with keystone integration.
>> >
>> > Thanks in advance for any insight...
>> >
>> > Regards,
>> > Ross
>> >
>> > On Jan 31, 2012, at 6:48 PM, Jay Pipes wrote:
>> >
>> >> On 01/31/2012 06:28 PM, Lillie Ross-CDSR11 wrote:
>> >>> I'm reinstalling the various Openstack services from packages in the
>> >>> ManagedIT PPA to pull in the latest Diablo bug fixes. I'm following
>> the
>> >>> latest directions in the newly release installation guide as I perform
>> >>> these upgrades
>> >>> (
>> http://docs.openstack.org/diablo/openstack-compute/install/content/index.html
>> ).
>> >>>
>> >>> However, I'm having trouble getting Glance to authenticate with
>> >>> Keystone. All config files have been copied from the examples posted
>> in
>> >>> the installation guide (and modified accordingly for my admin token,
>> IP
>> >>> addresses, etc.). Regardless, I continually get the following error
>> >>> message and stack dump when trying to verify the Glance/Keystone
>> >>> integration:
>> >>>
>> >>> Step 1: Grab a token
>> >>>
>> >>> # curl -d '{"auth": {"tenantName": "default",
>> >>> "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H
>> >>> "Content-type: application/json"
>> http://173.23.181.1:35357/v2.0/tokens |
>> >>> python -mjson.tool
>> >>>
>> >>> ...
>> >>> "token": {
>> >>> "expires": "2012-02-01T15:24:33",
>> >>> "id": "fa89fb9a-60d2-4921-b12d-6aee1c177823",
>> >>> "tenant": {
>> >>> "id": "1",
>> >>> "name": "default"
>> >>> }
>> >>> }
>> >>
>> >> You're going to want to grab a long-lived token (sometimes called a
>> service token) to use for the Glance API <-> Glance Registry connection.
>> This service token should be used in the glance-registry.conf file.
>> >>
>> >> In glance-registry.conf, you'll see a section looking like this:
>> >>
>> >> [filter:authtoken]
>> >> paste.filter_factory = keystone.middleware.auth_token:filter_factory
>> >> service_protocol = http
>> >> service_host = 127.0.0.1
>> >> service_port = 5000
>> >> auth_host = 127.0.0.1
>> >> auth_port = 35357
>> >> auth_protocol = http
>> >> auth_uri = http://127.0.0.1:5000/
>> >> admin_token = 999888777666
>> >>
>> >> Replace admin_token = 999888777666 with the relevant long-lived
>> service token.
>> >>
>> >> Cheers!
>> >> -jay
>> >>
>> >>
>> >>> Step 2: Try a Glance command
>> >>>
>> >>> # glance details -A fa89fb9a-60d2-4921-b12d-6aee1c177823
>> >>> Failed to show details. Got error:
>> >>> Internal Server error: Traceback (most recent call last):
>> >>> File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
>> >>> handle_one_response
>> >>> result = self.application(self.environ, start_response)
>> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
>> __call__
>> >>> resp = self.call_func(req, *args, **self.kwargs)
>> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
>> call_func
>> >>> return self.func(req, *args, **kwargs)
>> >>> File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
>> 113,
>> >>> in __call__
>> >>> response = req.get_response(self.application)
>> >>> File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053,
>> in
>> >>> get_response
>> >>> application, catch_exc_info=False)
>> >>> File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022,
>> in
>> >>> call_application
>> >>> app_iter = application(self.environ, start_response)
>> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in
>> __call__
>> >>> resp = self.call_func(req, *args, **self.kwargs)
>> >>> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in
>> call_func
>> >>> return self.func(req, *args, **kwargs)
>> >>> File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line
>> 110,
>> >>> in __call__
>> >>> response = self.process_request(req)
>> >>> File "/usr/lib/python2.7/dist-packages/glance/common/context.py", line
>> >>> 104, in process_request
>> >>> raise exception.NotAuthorized()
>> >>> NotAuthorized: None
>> >>>
>> >>> From the Glance api.log file we see the following (with the traceback
>> >>> identical to above removed):
>> >>>
>> >>> 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation]
>> >>> Processing request: GET /v1/images/detail Accept:
>> >>> 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation]
>> >>> Matched versioned URI. Version: 1.0
>> >>> 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] Traceback (most
>> recent
>> >>> call last):
>> >>> ? (traceback removed)
>> >>> 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] 127.0.0.1 - -
>> >>> [31/Jan/2012 17:14:30] "GET /v1/images/detail?limit=10 HTTP/1.1" 500
>> >>> 1528 0.001163
>> >>>
>> >>> This is probably a config blunder on my part, but I've poured over the
>> >>> config files numerous times. Regardless, I've attached the glance-api
>> >>> and registry conf files.
>> >>>
>> >>> Any suggestions?
>> >>>
>> >>> Regards,
>> >>> Ross
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> Mailing list: https://launchpad.net/~openstack
>> >>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> >>> Unsubscribe : https://launchpad.net/~openstack
>> >>> More help   : https://help.launchpad.net/ListHelp
>> >>
>> >> _______________________________________________
>> >> Mailing list: https://launchpad.net/~openstack
>> >> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> >> Unsubscribe : https://launchpad.net/~openstack
>> >> More help   : https://help.launchpad.net/ListHelp
>> >>
>> >>
>> >>
>> >
>>
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>
>

References