openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #17118
Re: Enabling logging in keystone.
Hi Dolph,
When I use user the keystone command, I am able to get "proper" tokens:
root@ubuntu1<mailto:root@ubuntu1>:~# keystone --os-username=adminUser --os-password=secretword --os-tenant-name=openstackDemo --os-auth-url=http:/
/10.0.2.15:35357/v2.0 token-get
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| expires | 2012-10-04T06:00:20Z |
| id | f10375dbe4dd4a90912ae9e6da4512e1 |
| tenant_id | 07a44f9d55694d638f41bc160c14b42e |
| user_id | 3e674f7f64ba452cb20781b8d5e26b7f |
+-----------+----------------------------------+
root@ubuntu1<mailto:root@ubuntu1>:~# keystone --os-username=adminUser --os-password=secretword --os-auth-url=http://10.0.2.15:35357/v2.0 token-get
No handlers could be found for logger "keystoneclient.v2_0.client"
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| expires | 2012-10-04T06:00:41Z |
| id | b65af77d1ada496a929fb4991d54c147 |
| user_id | 3e674f7f64ba452cb20781b8d5e26b7f |
+----------+----------------------------------+
I have a naive question. What is this "token"? How is it used?
However, when I use the curl command, I get a page worth of "something". I am sorry but I am not familiar with the curl command. Since the above two commands are working, my guess is it is safe to ignore the curl command output, and that my keystone setup is correct. Would that be a safe assumption.
curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials": {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool
{
"access": {
"metadata": {
"is_admin": 0,
"roles": [
"31ae9c8a9486481b9c25f9e8d7e2c2f2"
]
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://10.0.2.15:8774/v2/07a44f9d55694d638f41bc160c14b42e";,
"id": "92ed4291f5ce431cb3677953c620ef9d",
"internalURL": "http://10.0.2.15:8774/v2/07a44f9d55694d638f41bc160c14b42e";,
"publicURL": "http://10.0.2.15:8774/v2/07a44f9d55694d638f41bc160c14b42e";,
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "nova",
"type": "compute"
},
{
"endpoints": [
{
"adminURL": "http://10.0.2.15:9292/v1";,
"id": "8bb7d0241e144a61afb336ac7a37af68",
"internalURL": "http://10.0.2.15:9292/v1";,
"publicURL": "http://10.0.2.15:9292/v1";,
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "glance",
"type": "image"
},
{
"endpoints": [
{
"adminURL": "http://10.0.2.15:8776/v1/07a44f9d55694d638f41bc160c14b42e";,
"id": "6bccef05d60d49f78e50c8dab7a9a2eb",
"internalURL": "http://10.0.2.15:8776/v1/07a44f9d55694d638f41bc160c14b42e";,
"publicURL": "http://10.0.2.15:8776/v1/07a44f9d55694d638f41bc160c14b42e";,
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "volume",
"type": "volume"
},
{
"endpoints": [
{
"adminURL": "http://10.0.2.15:8773/services/Admin";,
"id": "3efbabfc7e634bb0ac779a1e39ce385a",
"internalURL": "http://10.0.2.15:8773/services/Cloud";,
"publicURL": "http://10.0.2.15:8773/services/Cloud";,
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "ec2",
"type": "ec2"
},
{
"endpoints": [
{
"adminURL": "http://10.0.2.15:8888/v1";,
"id": "1bf33c68cd70421797f05b55349abddc",
"internalURL": "http://10.0.2.15:8888/v1/AUTH_07a44f9d55694d638f41bc160c14b42e";,
"publicURL": "http://10.0.2.15:8888/v1/AUTH_07a44f9d55694d638f41bc160c14b42e";,
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "swift",
"type": "object-store"
},
{
"endpoints": [
{
"adminURL": "http://10.0.2.15:35357/v2.0";,
"id": "ca29bb2a675d4f52bd0c8f0b0d163795",
"internalURL": "http://10.0.2.15:5000/v2.0";,
"publicURL": "http://10.0.2.15:5000/v2.0";,
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "keystone",
"type": "identity"
}
],
"token": {
"expires": "2012-10-04T06:03:49Z",
"id": "1320c1df67eb4519b3545b91bdaa1f05",
"tenant": {
"description": "Default Tenant",
"enabled": true,
"id": "07a44f9d55694d638f41bc160c14b42e",
"name": "openstackDemo"
}
},
"user": {
"id": "3e674f7f64ba452cb20781b8d5e26b7f",
"name": "adminUser",
"roles": [
{
"name": "admin"
}
],
"roles_links": [],
"username": "adminUser"
}
}
}
Thank you,
Ahmed.
________________________________
From: openstack-bounces+ahmed=coraid.com@xxxxxxxxxxxxxxxxxxx [openstack-bounces+ahmed=coraid.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ahmed Al-Mehdi [ahmed@xxxxxxxxxx]
Sent: Tuesday, October 02, 2012 4:42 PM
To: Dolph Mathews
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Enabling logging in keystone.
Hi Dolph,
I am now getting the same output as the "curl" command, basically "Invalid Tenant". At this point
root@ubuntu1<mailto:root@ubuntu1>:~# keystone --os-username=adminUser --os-password=secretword --os-tenant-name=service --os-auth-url=http://10.0.
2.15:35357/v2.0 token-get
No handlers could be found for logger "keystoneclient.client"
Invalid tenant (HTTP 401)
Without the "os-tenant-name" parameter, I seem to get "good' response.
root@ubuntu1<mailto:root@ubuntu1>:~# keystone --os-username=adminUser --os-password=secretword --os-auth-url=http://10.0.2.15:35357/v2.0 token-get
No handlers could be found for logger "keystoneclient.v2_0.client"
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| expires | 2012-10-03T23:31:17Z |
| id | 31078072aae94f5aab5c8e46ff5f6373 |
| user_id | 3e674f7f64ba452cb20781b8d5e26b7f |
+----------+----------------------------------+
At this point, I feel like I am running into issues with/in the python / PyYAML script (https://github.com/nimbis/keystone-init.git) which must not be populating info into keystone "accurately" and most probably not equivalent to manual steps mentioned in "Deploy and Install OpenStack - Red Hat Ubuntu". I will look into the script.
Regards,
Ahmed.
________________________________
From: Dolph Mathews [dolph.mathews@xxxxxxxxx]
Sent: Tuesday, October 02, 2012 2:19 PM
To: Ahmed Al-Mehdi
Cc: heckj; openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Enabling logging in keystone.
No worries, that's what a second set of eyes is for!
By specifying a token and endpoint, you're bypassing the authentication process that your curl command is performing.
You can test authentication with the keystone client using:
$ keystone --os-username=adminUser --os-password=secretword --os-tenant-name=adminTenant --os-authurl=http://10.0.2.15:35357/v2.0<http://10.0.2.15:35357/v2.0/tokens> token-get
But as Anne pointed out, you don't have a tenant named "adminTenant". You'll also need to make sure you've granted a role to your user on the specified tenant for authorization to succeed. You can remove the tenant name argument from the token-get call to test authentication without authorization (therefore without requiring anything but a valid user in your keystone install).
-Dolph
On Tuesday, October 2, 2012, Ahmed Al-Mehdi wrote:
Hi Dolph,
Very sorry about that. With the correct token, calling keystone from the cli is working. However, the curl command is failing. Will this cause an issue down the line as I start to install glance and nova?
#> keystone --token 012345SECRET99TOKEN012345 --endpoint http://10.0.2.15:35357/v2.0 tenant-list
+----------------------------------+---------------+---------+
| id | name | enabled |
+----------------------------------+---------------+---------+
| 07a44f9d55694d638f41bc160c14b42e | openstackDemo | True |
| 0e4cc20586ae42329db51e0c6f807731 | service | True |
+----------------------------------+---------------+---------+
#> curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials": {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 231 0 116 100 115 2771 2747 --:--:-- --:--:-- --:--:-- 3052
{
"error": {
"code": 401,
"message": "The request you have made requires authentication.",
"title": "Not Authorized"
}
}
Regards,
Ahmed.
________________________________
From: Dolph Mathews [dolph.mathews@xxxxxxxxx<https://exg5.exghost.com/owa/UrlBlockedError.aspx>]
Sent: Tuesday, October 02, 2012 12:12 PM
To: Ahmed Al-Mehdi
Cc: heckj; openstack@xxxxxxxxxxxxxxxxxxx<https://exg5.exghost.com/owa/UrlBlockedError.aspx>
Subject: Re: [Openstack] Enabling logging in keystone.
You're missing a "5" on the admin_token you've specified on the command line.
012345SECRET99TOKEN01234 (your CLI arg)
012345SECRET99TOKEN012345 (keystone.conf)
-Dolph
On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi <ahmed@xxxxxxxxxx> wrote:
Hi Joe,
I have put the conf file (renamed to ahmed_keystone.conf) into gist.
git://gist.github.com/3821846.git<http://gist.github.com/3821846.git>
Please let me know if you have any issues accessing the file.
Thank you very much for helping me out. I have a feeling the issue might be in the python script to populate keystone. When I previously input the data manually, I got keystone configured properly.
Regards,
Ahmed.
________________________________________
From: heckj [heckj@xxxxxxx]
Sent: Tuesday, October 02, 2012 10:56 AM
To: Ahmed Al-Mehdi
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Enabling logging in keystone.
Ahmed - can you put your keystone.conf into a paste or gist and share it with me? I'd be happy to help you debug this.
I'm assuming you're running keystone on the system with the IP address 10.0.2.15, correct?
-joe
On Oct 2, 2012, at 10:45 AM, Ahmed Al-Mehdi <ahmed@xxxxxxxxxx> wrote:
> Hi Joe,
>
> I noticed I did not put the port number in the URL, now I am getting a more meaningful error:
>
> #> keystone --token 012345SECRET99TOKEN01234 --endpoint http://10.0.2.15:35357/v2.0 tenant-list
> No handlers could be found for logger "keystoneclient.client"
> Unable to authorize user
>
> Regards,
> Ahmed.
>
> ________________________________________
> From: openstack-bounces+ahmed=coraid.com@xxxxxxxxxxxxxxxxxxx [openstack-bounces+ahmed=coraid.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ahmed Al-Mehdi [ahmed@xxxxxxxxxx]
> Sent: Tuesday, October 02, 2012 10:30 AM
> To: heckj
> Cc: openstack@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openstack] Enabling logging in keystone.
>
> Hi Joe,
>
> Unfortunately before I read your response I re-installed my Ubuntu server. I repeated the same steps mentioned in the OpenStack document "Deploy and Install OpenStack - RedHat Ubuntu" and also used the script mentioned in it (https://github.com/nimbis/keystone-init/blob/master/keystone-init.py) to populate keystone. I reboot the server prior to running your suggested command and now running into a different issue, which I feel maybe due to not starting some service. Btw, my host OS is Ubuntu 12.04 (32 bit) running inVirtualBox.
>
> Currently I am getting the following error:
>
> #> keystone --token 012345SECRET99TOKEN01234 --endpoint http://10.0.2.15/v2.0 tenant-lis
--
-Dolph
Follow ups
References
-
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
-
Re: Enabling logging in keystone.
From: heckj, 2012-10-02
-
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
-
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
-
Re: Enabling logging in keystone.
From: heckj, 2012-10-02
-
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
-
Re: Enabling logging in keystone.
From: Dolph Mathews, 2012-10-02
-
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
-
Re: Enabling logging in keystone.
From: Dolph Mathews, 2012-10-02
-
Re: Enabling logging in keystone.
From: Ahmed Al-Mehdi, 2012-10-02
