Hello,
I have gone through the document numerous times trying to configure
keystone - mistyping keys, wrong key value, missing steps, etc (error
prone). I was looking forward to using the script, as it would save a
lot of typing/pain for a newcomer. However, if there are no plans to
document the script (including adding a name / email to the Readme file
to contact for issues in the script), test, and keep it updated (synced)
with each new release of OpenStack(keystone), then I feel it is best to
remove mention of it from the document.
While at it, the document also mentions a bash script to configure
keystone, which I have not tried. If the bash script suffers from the
same issue, maybe worthconsidering removing it from the document also.
The above are just my opinions.
Regards,
Ahmed.
------------------------------------------------------------------------
*From:* Dolph Mathews [dolph.mathews@xxxxxxxxx]
*Sent:* Tuesday, October 02, 2012 4:50 PM
*To:* openstack@xxxxxxxxxxxxxxxxxxx
*Cc:* heckj; Ahmed Al-Mehdi; Anne Gentle
*Subject:* Re: [Openstack] Enabling logging in keystone.
I find it odd that the document describes two approaches for configuring
keystone -- one being a relatively undocumented, scripted approach not
managed or distributed by OpenStack. Surely these two approaches will
continue to evolve seperately and we'll experience more issues such as
this one.
Anyone have any objections to removing this "scripted configuration"
section in favor of focusing on the existing "manual" approach?
http://docs.openstack.org/trunk/openstack-compute/install/apt/content/setting-up-tenants-users-and-roles.html
-Dolph
On Tue, Oct 2, 2012 at 6:42 PM, Ahmed Al-Mehdi <ahmed@xxxxxxxxxx
<mailto:ahmed@xxxxxxxxxx>> wrote:
Hi Dolph,
I am now getting the same output as the "curl" command, basically
"Invalid Tenant". At this point
root@ubuntu1 <mailto:root@ubuntu1>:~# keystone
--os-username=adminUser--os-password=secretword--os-tenant-name=service
--os-auth-url=http://10.0.
2.15:35357/v2.0token-get
No handlers could be found for logger "keystoneclient.client"
Invalid tenant (HTTP 401)
Without the "os-tenant-name" parameter, I seem to get "good' response.
root@ubuntu1 <mailto:root@ubuntu1>:~# keystone
--os-username=adminUser--os-password=secretword--os-auth-url=http://10.0.2.15:35357/v2.0
token-get
No handlers could be found for logger "keystoneclient.v2_0.client"
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| expires | 2012-10-03T23:31:17Z|
| id | 31078072aae94f5aab5c8e46ff5f6373|
| user_id| 3e674f7f64ba452cb20781b8d5e26b7f|
+----------+----------------------------------+
At this point, I feel like I am running into issues with/in the
python / PyYAMLscript (https://github.com/nimbis/keystone-init.git)
which must not be populating info into keystone "accurately" and
most probably not equivalent to manual steps mentioned in "Deployand
Install OpenStack- Red Hat Ubuntu". I will look into the script.
Regards,
Ahmed.
------------------------------------------------------------------------
*From:* Dolph Mathews [dolph.mathews@xxxxxxxxx
<mailto:dolph.mathews@xxxxxxxxx>]
*Sent:* Tuesday, October 02, 2012 2:19 PM
*To:* Ahmed Al-Mehdi
*Cc:* heckj; openstack@xxxxxxxxxxxxxxxxxxx
<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
*Subject:* Re: [Openstack] Enabling logging in keystone.
No worries, that's what a second set of eyes is for!
By specifying a token and endpoint, you're bypassing the
authentication process that your curl command is performing.
You can test authentication with the keystone client using:
$ keystone --os-username=adminUser --os-password=secretword
--os-tenant-name=adminTenant
--os-authurl=http://10.0.2.15:35357/v2.0
<http://10.0.2.15:35357/v2.0/tokens> token-get
But as Anne pointed out, you don't have a tenant named
"adminTenant". You'll also need to make sure you've granted a role
to your user on the specified tenant for authorization to succeed.
You can remove the tenant name argument from the token-get call to
test authentication without authorization (therefore without
requiring anything but a valid user in your keystone install).
-Dolph
On Tuesday, October 2, 2012, Ahmed Al-Mehdi wrote:
Hi Dolph,
Very sorry about that. With the correct token, calling keystone
from the cliis working. However, the curl command is
failing. Will this cause an issue down the line as I start to
install glance and nova?
#> keystone --token 012345SECRET99TOKEN012345--endpoint
http://10.0.2.15:35357/v2.0 tenant-list
+----------------------------------+---------------+---------+
| id | name | enabled |
+----------------------------------+---------------+---------+
| 07a44f9d55694d638f41bc160c14b42e| openstackDemo| True |
| 0e4cc20586ae42329db51e0c6f807731| service | True |
+----------------------------------+---------------+---------+
#> curl -d '{"auth": {"tenantName": "adminTenant",
"passwordCredentials": {"username": "adminUser", "password":
"secretword"}}}' -H "Content-type: application/json"
http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool
% Total % Received % Xferd Average Speed
Time Time Time Current
Dload Upload Total
Spent Left Speed
100 231 0 116 100 115 2771 2747 --:--:-- --:--:--
--:--:-- 3052
{
"error": {
"code": 401,
"message": "The request you have made requires
authentication.",
"title": "Not Authorized"
}
}
Regards,
Ahmed.
------------------------------------------------------------------------
*From:* Dolph Mathews [dolph.mathews@xxxxxxxxx
<https://exg5.exghost.com/owa/UrlBlockedError.aspx>]
*Sent:* Tuesday, October 02, 2012 12:12 PM
*To:* Ahmed Al-Mehdi
*Cc:* heckj; openstack@xxxxxxxxxxxxxxxxxxx
<https://exg5.exghost.com/owa/UrlBlockedError.aspx>
*Subject:* Re: [Openstack] Enabling logging in keystone.
You're missing a "5" on the admin_tokenyou've specified on the
command line.
012345SECRET99TOKEN01234 (your CLIarg)
012345SECRET99TOKEN012345 (keystone.conf)
-Dolph
On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi<ahmed@xxxxxxxxxx>
wrote:
Hi Joe,
I have put the conf file (renamed to ahmed_keystone.conf)
into gist.
git://gist.github.com/3821846.git
<http://gist.github.com/3821846.git>
Please let me know if you have any issues accessing the file.
Thank you very much for helping me out. I have a feeling
the issue might be in the python script to populate
keystone. When I previously input the data manually, I got
keystone configured properly.
Regards,
Ahmed.
________________________________________
From: heckj[heckj@xxxxxxx]
Sent: Tuesday, October 02, 2012 10:56 AM
To: Ahmed Al-Mehdi
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Enabling logging in keystone.
Ahmed - can you put your keystone.confinto a paste or gist
and share it with me? I'd be happy to help you debug this.
I'm assuming you're running keystone on the system with the
IP address 10.0.2.15, correct?
-joe
On Oct 2, 2012, at 10:45 AM, Ahmed
Al-Mehdi<ahmed@xxxxxxxxxx> wrote:
> Hi Joe,
>
> I noticed I did not put the port number in the URL, now I
am getting a more meaningful error:
>
> #> keystone --token 012345SECRET99TOKEN01234--endpoint
http://10.0.2.15:35357/v2.0 tenant-list
> No handlers could be found for logger "keystoneclient.client"
> Unable to authorize user
>
> Regards,
> Ahmed.
>
> ________________________________________
> From:
openstack-bounces+ahmed=coraid.com@xxxxxxxxxxxxxxxxxxx[openstack-bounces+ahmed=coraid.com@xxxxxxxxxxxxxxxxxxx]
On Behalf Of Ahmed Al-Mehdi[ahmed@xxxxxxxxxx]
> Sent: Tuesday, October 02, 2012 10:30 AM
> To: heckj
> Cc: openstack@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openstack] Enabling logging in keystone.
>
> Hi Joe,
>
> Unfortunately before I read your response I re-installed
my Ubuntuserver. I repeated the same steps mentioned in
the OpenStackdocument "Deploy and
Install OpenStack- RedHatUbuntu" and also used the script
mentioned in it
(https://github.com/nimbis/keystone-init/blob/master/keystone-init.py) to populate keystone. I reboot the server prior to running your suggested command and now running into a different issue, which I feel maybe due to not starting some service. Btw, my host OS is Ubuntu12.04 (32 bit) running inVirtualBox.
>
> Currently I am getting the following error:
>
> #> keystone --token 012345SECRET99TOKEN01234--endpoint
http://10.0.2.15/v2.0 tenant-lis
--
-Dolph
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
