openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #23979
Re: [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized
On 27/05/13 11:14 -0300, Bruno Oliveira wrote:
Hello stackers,
I'm having a really hard time setting up ceilometer-api so I thought
if I could ask you guys for some enlightment.
I can clearly see data being pulled in the screens that are running
/ceilometer-collector, ./ceilometer-agent-compute ,./ceilometer-agent-central
Even the screen running ceilometer-api-server starts with no problem.
But I cannot reach the api at all via curl. Neither by using its
actual port (8777)
nor using the port set in the virtual host of apache. All I'm getting
is auth error
$ curl http://127.0.0.1:8777 OR $ curl http://127.0.0.1:9090
=============================================
<html>
<head>
<title>401 Unauthorized</title>
</head>
<body>
<h1>401 Unauthorized</h1>
This server could not verify that you are authorized to access the
document you requested. Either you supplied the wrong credentials
(e.g., bad password), or your browser does not understand how to
supply the credentials required.<br /><br />
Authentication required
=============================================
Right, Authentication is required by the client, but you are not
passing it any credentials.
I'd suggest using python-ceilometerclient to do the auth for you:
So use it like any other openstack client.
try something like this:
asalkeld@elf python-ceilometerclient (master)$ . ../devstack/openrc admin admin
asalkeld@elf python-ceilometerclient (master)$ ceilometer resource-list
+--------------------------------------+--------+---------+----------------------------------+
| Resource ID | Source | User ID | Project ID |
+--------------------------------------+--------+---------+----------------------------------+
| a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | | None | 1076d9bd669d422bbd74e1e2f54d1510 |
+--------------------------------------+--------+---------+----------------------------------+
asalkeld@elf python-ceilometerclient (master)$ ceilometer meter-list
+--------------+-------+-------+--------------------------------------+---------+----------------------------------+
| Name | Type | Unit | Resource ID | User ID | Project ID |
+--------------+-------+-------+--------------------------------------+---------+----------------------------------+
| image | gauge | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None | 1076d9bd669d422bbd74e1e2f54d1510 |
| image.size | gauge | B | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None | 1076d9bd669d422bbd74e1e2f54d1510 |
| image.update | delta | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None | 1076d9bd669d422bbd74e1e2f54d1510 |
| image.upload | delta | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None | 1076d9bd669d422bbd74e1e2f54d1510 |
+--------------+-------+-------+--------------------------------------+---------+----------------------------------+
asalkeld@elf python-ceilometerclient (master)$ ceilometer sample-list -m image.update
+--------------------------------------+--------------+-------+--------+-------+----------------------------+
| Resource ID | Name | Type | Volume | Unit | Timestamp |
+--------------------------------------+--------------+-------+--------+-------+----------------------------+
| a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | image.update | delta | 1.0 | image | 2013-05-28T01:14:40.238000 |
+--------------------------------------+--------------+-------+--------+-------+----------------------------+
Remember you can only see the samples/meter/resources that you own or all if you are admin.
-Angus
On top of that, the only thing I had to do in a non-standard basis, was to
setup ceilometer virtual host to answer request on port 9090 of apache
instead of the default 80 (since horizon is bind to it).
Here's a copy of my running ceilometer.conf
=====================================
/etc/ceilometer/ceilometer.conf
=====================================
[DEFAULT]
os_username=ceilometer
os_password=MYSECRET
os_tenant_name=admin
os_auth_url=http://localhost:5000/v2.0
signing_dirname = /tmp/keystone-signing-ceilometer
metering_api_port=8777
auth_strategy=keystone
nova_control_exchange=nova
hypervisor_inspector=libvirt
libvirt_type=kvm
glance_control_exchange=glance
quantum_control_exchange=quantum
debug=true
verbose=true
(...)
*logging writing parameters here*
(...)
log_dir=/var/log/ceilometer
rpc_backend=ceilometer.openstack.common.rpc.impl_kombu
rabbit_host=localhost
rabbit_port=5672
rabbit_userid=guest
rabbit_password=ficrowstran02
rabbit_retry_backoff=2
rabbit_max_retries=0
database_connection=mongodb://localhost:27017/ceilometer
sql_connection_debug=0
cinder_control_exchange=cinder
enable_v1_api=true
[rpc_notifier2]
[matchmaker_redis]
[publisher_meter]
metering_secret=METERING_SECRET
[keystone_authtoken]
auth_host = localhost
auth_port = 5000
admin_user = ceilometer
admin_password = MYSECRET
admin_tenant_name = admin
auth_uri = http://localhost:5000/v2.0/
=====================================
The "ceilometer" user pointed at "admin_user" under the
"[keystone_authtoken]" section, as well as in "os_username" under the
"[DEFAULT]" section,
was created in keystone and it'sbind to the admin tenant.
$ keystone tenant-get admin
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 670f5dd4070d44b6a8308277a236d1af |
| name | admin |
+-------------+----------------------------------+
$ keystone user-get ceilometer
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | ceilometer@xxxxxxxxxxx |
| enabled | True |
| id | a98ec068f5f349439acef431e826d7ff |
| name | ceilometer |
| tenantId | 670f5dd4070d44b6a8308277a236d1af |
+----------+----------------------------------+
Finally, here's the ceilometer site running on apache. the user
and group 'stackadmin' are valid users indeed in the machine
$ id stackadmin
uid=1000(stackadmin) gid=1000(stackadmin)
groups=1000(stackadmin),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111(libvirtd),113(lpadmin),114(sambashare
=====================================
/etc/apache2/sites-available/ceilometer
=====================================
<VirtualHost *:9090>
WSGIDaemonProcess ceilometer user=stackadmin group=stackadmin threads=5
WSGIScriptAlias / /opt/stack/ceilometer/ceilometer/api/app.wsgi
SetEnv APACHE_RUN_USER stackadmin
SetEnv APACHE_RUN_GROUP stackadmin
WSGIProcessGroup ceilometer
ErrorLog /var/log/apache2/ceilometer_error.log
LogLevel warn
CustomLog /var/log/apache2/ceilometer_access.log combined
</VirtualHost>
=====================================
Despite of everything, I keep getting that "401 Unauthorized"
auth error.
Do you guys have any suggestions of what I can try to fix it ?
Thank you all.
--
Bruno de Oliveira
Developer, System Analyst
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Follow ups
References