openstack team mailing list archive

Thread
Date

Re: Enabling logging in keystone.

To: Dolph Mathews <dolph.mathews@xxxxxxxxx>
From: Ahmed Al-Mehdi <ahmed@xxxxxxxxxx>
Date: Tue, 2 Oct 2012 18:42:59 -0500
Accept-language: en-US
Acceptlanguage: en-US
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAC=h7gW8u4UOUirMqiDD38CuE7OHfCqAap44m8Fookch6kfmWQ@mail.gmail.com>
Thread-index: Ac2g46nb8wneaU/aSHehtpasznSAcAAE/4QJ
Thread-topic: [Openstack] Enabling logging in keystone.

Hi Dolph,

I am now getting the same output as the "curl" command, basically "Invalid Tenant". At this point

root@ubuntu1<mailto:root@ubuntu1>:~# keystone --os-username=adminUser --os-password=secretword --os-tenant-name=service --os-auth-url=http://10.0.
2.15:35357/v2.0 token-get
No handlers could be found for logger "keystoneclient.client"
Invalid tenant (HTTP 401)

Without the "os-tenant-name" parameter, I seem to get "good' response.

root@ubuntu1<mailto:root@ubuntu1>:~# keystone --os-username=adminUser --os-password=secretword --os-auth-url=http://10.0.2.15:35357/v2.0 token-get
No handlers could be found for logger "keystoneclient.v2_0.client"
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| expires | 2012-10-03T23:31:17Z |
| id | 31078072aae94f5aab5c8e46ff5f6373 |
| user_id | 3e674f7f64ba452cb20781b8d5e26b7f |
+----------+----------------------------------+
At this point, I feel like I am running into issues with/in the python / PyYAML script (https://github.com/nimbis/keystone-init.git) which must not be populating info into keystone "accurately" and most probably not equivalent to manual steps mentioned in "Deploy and Install OpenStack - Red Hat Ubuntu". I will look into the script.

Regards,
Ahmed.

________________________________
From: Dolph Mathews [dolph.mathews@xxxxxxxxx]
Sent: Tuesday, October 02, 2012 2:19 PM
To: Ahmed Al-Mehdi
Cc: heckj; openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Enabling logging in keystone.

No worries, that's what a second set of eyes is for!

By specifying a token and endpoint, you're bypassing the authentication process that your curl command is performing.

You can test authentication with the keystone client using:

$ keystone --os-username=adminUser --os-password=secretword --os-tenant-name=adminTenant --os-authurl=http://10.0.2.15:35357/v2.0<http://10.0.2.15:35357/v2.0/tokens> token-get

But as Anne pointed out, you don't have a tenant named "adminTenant". You'll also need to make sure you've granted a role to your user on the specified tenant for authorization to succeed. You can remove the tenant name argument from the token-get call to test authentication without authorization (therefore without requiring anything but a valid user in your keystone install).

-Dolph

On Tuesday, October 2, 2012, Ahmed Al-Mehdi wrote:
Hi Dolph,

Very sorry about that.  With the correct token, calling keystone from the cli is working.    However, the curl command is failing.  Will this cause an issue down the line as I start to install glance and nova?

#> keystone --token 012345SECRET99TOKEN012345 --endpoint http://10.0.2.15:35357/v2.0 tenant-list
+----------------------------------+---------------+---------+
|                id                |      name     | enabled |
+----------------------------------+---------------+---------+
| 07a44f9d55694d638f41bc160c14b42e | openstackDemo |   True  |
| 0e4cc20586ae42329db51e0c6f807731 |    service    |   True  |
+----------------------------------+---------------+---------+
#> curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials": {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   231    0   116  100   115   2771   2747 --:--:-- --:--:-- --:--:--  3052
{
    "error": {
        "code": 401,
        "message": "The request you have made requires authentication.",
        "title": "Not Authorized"
    }
}

Regards,
Ahmed.

________________________________
From: Dolph Mathews [dolph.mathews@xxxxxxxxx<https://exg5.exghost.com/owa/UrlBlockedError.aspx>]
Sent: Tuesday, October 02, 2012 12:12 PM
To: Ahmed Al-Mehdi
Cc: heckj; openstack@xxxxxxxxxxxxxxxxxxx<https://exg5.exghost.com/owa/UrlBlockedError.aspx>
Subject: Re: [Openstack] Enabling logging in keystone.

You're missing a "5" on the admin_token you've specified on the command line.

012345SECRET99TOKEN01234 (your CLI arg)
012345SECRET99TOKEN012345 (keystone.conf)

-Dolph

On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi <ahmed@xxxxxxxxxx> wrote:
Hi Joe,

I have put the conf file (renamed to ahmed_keystone.conf)  into gist.

git://gist.github.com/3821846.git<http://gist.github.com/3821846.git>

Please let me know if you have any issues accessing the file.

Thank you very much for helping me out.  I have a feeling the issue might be in the python script to populate keystone. When I previously input the data manually, I got keystone configured properly.

Regards,
Ahmed.

________________________________________
From: heckj [heckj@xxxxxxx]
Sent: Tuesday, October 02, 2012 10:56 AM
To: Ahmed Al-Mehdi
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Enabling logging in keystone.

Ahmed - can you put your keystone.conf into a paste or gist and share it with me? I'd be happy to help you debug this.

I'm assuming you're running keystone on the system with the IP address 10.0.2.15, correct?

-joe

On Oct 2, 2012, at 10:45 AM, Ahmed Al-Mehdi <ahmed@xxxxxxxxxx> wrote:

> Hi Joe,
>
> I noticed I did not put the port number in the URL, now I am getting a more meaningful error:
>
> #> keystone --token 012345SECRET99TOKEN01234 --endpoint http://10.0.2.15:35357/v2.0  tenant-list
> No handlers could be found for logger "keystoneclient.client"
> Unable to authorize user
>
> Regards,
> Ahmed.
>
> ________________________________________
> From: openstack-bounces+ahmed=coraid.com@xxxxxxxxxxxxxxxxxxx [openstack-bounces+ahmed=coraid.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ahmed Al-Mehdi [ahmed@xxxxxxxxxx]
> Sent: Tuesday, October 02, 2012 10:30 AM
> To: heckj
> Cc: openstack@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openstack] Enabling logging in keystone.
>
> Hi Joe,
>
> Unfortunately before I read your response I re-installed my Ubuntu server.  I repeated the same steps mentioned in the OpenStack document "Deploy and Install OpenStack - RedHat Ubuntu" and also used the script mentioned in it  (https://github.com/nimbis/keystone-init/blob/master/keystone-init.py) to populate keystone.  I reboot the server prior to running your suggested command and now running into a different issue, which I feel maybe due to not starting some service.  Btw, my host OS is Ubuntu 12.04 (32 bit) running inVirtualBox.
>
> Currently I am getting the following error:
>
> #> keystone --token 012345SECRET99TOKEN01234 --endpoint http://10.0.2.15/v2.0 tenant-lis

--

-Dolph

Follow ups

Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-03
Re: Enabling logging in keystone.
From: Dolph Mathews, 2012-10-02

References

Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
Re: Enabling logging in keystone.
From: heckj, 2012-10-02
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
Re: Enabling logging in keystone.
From: heckj, 2012-10-02
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
Re: Enabling logging in keystone.
From: Dolph Mathews, 2012-10-02
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
Re: Enabling logging in keystone.
From: Dolph Mathews, 2012-10-02