openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #21963
Re: download ec2 creds fails consistently in horizon
I am able to login as a non-admin user and access the containers.
In addition to missing nova-cert, I also had to change the keystoneauth settings in /etc/swift/proxy-server.conf to add "Member" to the operator_roles list, which I suppose is equivalent to making a "Member" user the equivalent of an administrator for Swift.
-Wyllys
On Mar 15, 2013, at 1:02 PM, Jay Pipes <jaypipes@xxxxxxxxx> wrote:
> It's actually not nova-cert that you need. It is the Keystone EC2
> credentials API extension that is the problem. It only works for users
> with admin role.
>
> I logged a bug on it and am working on a fix:
>
> https://bugs.launchpad.net/keystone/+bug/1136190
>
> Best,
> -jay
>
> On 03/14/2013 10:57 AM, Wyllys Ingersoll wrote:
>>
>> I figured it out - nova-cert was not installed and running. I need to add this to my setup when EC2 is enabled, I wasn't aware of the dependency.
>>
>> -Wyllys
>>
>>
>>
>> On Mar 14, 2013, at 10:35 AM, Wyllys Ingersoll <wyllys.ingersoll@xxxxxxxxxx> wrote:
>>
>>>
>>> I have EC2 configured correctly as far as I can tell because I am able to view my containers using the S3 APIs and S3 tools such as CyberDuck or s3curl.pl, using ec2 credentials returned by the keystone command line tool.
>>>
>>> However, when I use the Horizon user settings interface and select "Download EC2 Credentials", nothing happens and it eventually returns yet another "System Error".
>>>
>>> According to the logs, the failure is because the call to request "os-certificates" is timing out. I know this is probably because some other nova service is not running, but Im not sure which one it needs to complete this transaction. It'd be nice if the error message somewhere that indicated which service was not responding or what to do about it. Can someone tell me which nova service I need to have running and configured to issue os-certificates?
>>>
>>> Also, I really only want the EC2 credentials to be created and downloaded, Im not so much interested in the X509 certificates at this point. It'd be nice if the user settings EC2 panel had more options, such as just creating and/or listing the EC2 access ID and Key for a particular user rather than assuming you want/need everything all at once.
>>>
>>> thanks,
>>> Wyllys Ingersoll
>>> EVault
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help : https://help.launchpad.net/ListHelp
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
Follow ups
References