openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #24045
Re: [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized
Oh... Got it, Angus. Thank you!
I finally got it that for when using curl, I have first to get an AUTH
token
from keystone, in order to use that returned token in the HTTP GET for
the API.
Just sharing what I did:
$ curl -d '{"auth":{"passwordCredentials":{"username": "ceilometer",
"password": "SECRET"}}}' -H "Content-type: application/json"
http://localhost:35357/v2.0/tokens
Returns:
{"access": {"token": {"issued_at": "2013-05-29T15:17:07.501333", "expires":
"2013-05-30T15:17:07Z", "id":
"MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0yOVQxNToxNzowNy41MDEzMzMiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMwVDE1OjE3OjA3WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICJkOTIwZmM4NWVjZDk0MjZlYmQ5ZTNmOGM3MzAwZjVkNCIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAiiB9a3o5N2piewbmZU3Ng9ShhPHB4WiigGUocdrNeE24+RktDoRrM+uZKptjd6aanlAGbrAUKpi5Uj-oNAbmKUt1CK-154aUaUpcy8NJFNwIZA2hBafbofOWU6FceVDIc1yztr0bZRdSD-vDl0hrISi0mL961yU+uXFQRxeNtqY="},
"serviceCatalog": [], "user": {"username": "admin", "roles_links": [],
"id": "d920fc85ecd9426ebd9e3f8c7300f5d4", "roles": [], "name": "admin"},
"metadata": {"is_admin": 0, "roles": []}}}
Where the token is the value of the "id" therefore, a GET to get all the
meters, can be:
$ curl -k -D -H "X-Auth-Token: MIICbgYJKoZIhvcNAQcCoIICXzCCAl
sCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3
MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0yOVQxNToxNz
owNy41MDEzMzMiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMwVDE1OjE3OjA3Wi
IsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXS
wgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIj
ogW10sICJpZCI6ICJkOTIwZmM4NWVjZDk0MjZlYmQ5ZTNmOGM3MzAwZjVkNC
IsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOi
B7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQ
swCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ
4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMA
cGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAiiB9a3o5N2piewbmZU3Ng9ShhP
HB4WiigGUocdrNeE24+RktDoRrM+uZKptjd6aanlAGbrAUKpi5Uj-oNAbmKUt1CK-
154aUaUpcy8NJFNwIZA2hBafbofOWU6FceVDIc1yztr0bZRdSD-
vDl0hrISi0mL961yU+uXFQRxeNtqY=" -X 'GET' -v http://localhost:8777/v2/meters
Which, indeed returned the metrics I was looking for.
Thank you a lot. I really appreciate it.
I tried using ceilometer-client (I just git cloned it, and ran "sudo python
setup.py install",
nothing went wrong apparently), but when trying to run it like this:
$ ceilometer --os-username ceilometer --os-password ficrowstran02
--os-tenant-name admin --os-auth-url http://localhost:5000/v2.0 statistics
Returns: "invalid literal for int() with base 10: ''
Maybe because my AUTH Token is exceeds the 32/64-bit addressing of a
integer? Not sure... I'll figure it out and do the follow-up here.
Thank you for the great help!
On Mon, May 27, 2013 at 10:21 PM, Angus Salkeld <asalkeld@xxxxxxxxxx> wrote:
> On 27/05/13 11:14 -0300, Bruno Oliveira wrote:
>
>> Hello stackers,
>>
>> I'm having a really hard time setting up ceilometer-api so I thought
>> if I could ask you guys for some enlightment.
>>
>> I can clearly see data being pulled in the screens that are running
>> /ceilometer-collector, ./ceilometer-agent-compute
>> ,./ceilometer-agent-central
>>
>> Even the screen running ceilometer-api-server starts with no problem.
>>
>> But I cannot reach the api at all via curl. Neither by using its
>> actual port (8777)
>> nor using the port set in the virtual host of apache. All I'm getting
>> is auth error
>>
>> $ curl http://127.0.0.1:8777 OR $ curl http://127.0.0.1:9090
>> ==============================**===============
>> <html>
>> <head>
>> <title>401 Unauthorized</title>
>> </head>
>> <body>
>> <h1>401 Unauthorized</h1>
>> This server could not verify that you are authorized to access the
>> document you requested. Either you supplied the wrong credentials
>> (e.g., bad password), or your browser does not understand how to
>> supply the credentials required.<br /><br />
>> Authentication required
>> ==============================**===============
>>
>
> Right, Authentication is required by the client, but you are not
> passing it any credentials.
>
> I'd suggest using python-ceilometerclient to do the auth for you:
> So use it like any other openstack client.
>
> try something like this:
>
> asalkeld@elf python-ceilometerclient (master)$ . ../devstack/openrc admin
> admin
> asalkeld@elf python-ceilometerclient (master)$ ceilometer resource-list
> +-----------------------------**---------+--------+---------+-**
> ------------------------------**---+
> | Resource ID | Source | User ID | Project ID
> |
> +-----------------------------**---------+--------+---------+-**
> ------------------------------**---+
> | a8ce423c-c1a1-41e3-af7c-**b38d92f5e36f | | None |
> 1076d9bd669d422bbd74e1e2f54d15**10 |
> +-----------------------------**---------+--------+---------+-**
> ------------------------------**---+
> asalkeld@elf python-ceilometerclient (master)$ ceilometer meter-list
> +--------------+-------+------**-+----------------------------**
> ----------+---------+---------**-------------------------+
> | Name | Type | Unit | Resource ID |
> User ID | Project ID |
> +--------------+-------+------**-+----------------------------**
> ----------+---------+---------**-------------------------+
> | image | gauge | image | a8ce423c-c1a1-41e3-af7c-**b38d92f5e36f |
> None | 1076d9bd669d422bbd74e1e2f54d15**10 |
> | image.size | gauge | B | a8ce423c-c1a1-41e3-af7c-**b38d92f5e36f |
> None | 1076d9bd669d422bbd74e1e2f54d15**10 |
> | image.update | delta | image | a8ce423c-c1a1-41e3-af7c-**b38d92f5e36f |
> None | 1076d9bd669d422bbd74e1e2f54d15**10 |
> | image.upload | delta | image | a8ce423c-c1a1-41e3-af7c-**b38d92f5e36f |
> None | 1076d9bd669d422bbd74e1e2f54d15**10 |
> +--------------+-------+------**-+----------------------------**
> ----------+---------+---------**-------------------------+
> asalkeld@elf python-ceilometerclient (master)$ ceilometer sample-list -m
> image.update
> +-----------------------------**---------+--------------+-----**
> --+--------+-------+----------**------------------+
> | Resource ID | Name | Type | Volume |
> Unit | Timestamp |
> +-----------------------------**---------+--------------+-----**
> --+--------+-------+----------**------------------+
> | a8ce423c-c1a1-41e3-af7c-**b38d92f5e36f | image.update | delta | 1.0
> | image | 2013-05-28T01:14:40.238000 |
> +-----------------------------**---------+--------------+-----**
> --+--------+-------+----------**------------------+
>
>
> Remember you can only see the samples/meter/resources that you own or all
> if you are admin.
>
>
> -Angus
>
>
>>
>> On top of that, the only thing I had to do in a non-standard basis, was to
>> setup ceilometer virtual host to answer request on port 9090 of apache
>> instead of the default 80 (since horizon is bind to it).
>>
>>
>> Here's a copy of my running ceilometer.conf
>> ==============================**=======
>> /etc/ceilometer/ceilometer.**conf
>> ==============================**=======
>> [DEFAULT]
>> os_username=ceilometer
>> os_password=MYSECRET
>> os_tenant_name=admin
>> os_auth_url=http://localhost:**5000/v2.0 <http://localhost:5000/v2.0>
>> signing_dirname = /tmp/keystone-signing-**ceilometer
>> metering_api_port=8777
>> auth_strategy=keystone
>> nova_control_exchange=nova
>> hypervisor_inspector=libvirt
>> libvirt_type=kvm
>> glance_control_exchange=glance
>> quantum_control_exchange=**quantum
>> debug=true
>> verbose=true
>> (...)
>> *logging writing parameters here*
>> (...)
>> log_dir=/var/log/ceilometer
>> rpc_backend=ceilometer.**openstack.common.rpc.impl_**kombu
>> rabbit_host=localhost
>> rabbit_port=5672
>> rabbit_userid=guest
>> rabbit_password=ficrowstran02
>> rabbit_retry_backoff=2
>> rabbit_max_retries=0
>> database_connection=mongodb://**localhost:27017/ceilometer
>> sql_connection_debug=0
>> cinder_control_exchange=cinder
>> enable_v1_api=true
>>
>> [rpc_notifier2]
>>
>> [matchmaker_redis]
>>
>> [publisher_meter]
>> metering_secret=METERING_**SECRET
>>
>> [keystone_authtoken]
>> auth_host = localhost
>> auth_port = 5000
>> admin_user = ceilometer
>> admin_password = MYSECRET
>> admin_tenant_name = admin
>> auth_uri = http://localhost:5000/v2.0/
>> ==============================**=======
>>
>>
>> The "ceilometer" user pointed at "admin_user" under the
>> "[keystone_authtoken]" section, as well as in "os_username" under the
>> "[DEFAULT]" section,
>> was created in keystone and it'sbind to the admin tenant.
>>
>>
>> $ keystone tenant-get admin
>> +-------------+---------------**-------------------+
>> | Property | Value |
>> +-------------+---------------**-------------------+
>> | description | |
>> | enabled | True |
>> | id | 670f5dd4070d44b6a8308277a236d1**af |
>> | name | admin |
>> +-------------+---------------**-------------------+
>>
>> $ keystone user-get ceilometer
>> +----------+------------------**----------------+
>> | Property | Value |
>> +----------+------------------**----------------+
>> | email | ceilometer@xxxxxxxxxxx |
>> | enabled | True |
>> | id | a98ec068f5f349439acef431e826d7**ff |
>> | name | ceilometer |
>> | tenantId | 670f5dd4070d44b6a8308277a236d1**af |
>> +----------+------------------**----------------+
>>
>>
>> Finally, here's the ceilometer site running on apache. the user
>> and group 'stackadmin' are valid users indeed in the machine
>>
>> $ id stackadmin
>>
>> uid=1000(stackadmin) gid=1000(stackadmin)
>> groups=1000(stackadmin),4(adm)**,24(cdrom),27(sudo),30(dip),**
>> 46(plugdev),111(libvirtd),113(**lpadmin),114(sambashare
>>
>>
>> ==============================**=======
>> /etc/apache2/sites-available/**ceilometer
>> ==============================**=======
>> <VirtualHost *:9090>
>> WSGIDaemonProcess ceilometer user=stackadmin group=stackadmin threads=5
>> WSGIScriptAlias / /opt/stack/ceilometer/**ceilometer/api/app.wsgi
>> SetEnv APACHE_RUN_USER stackadmin
>> SetEnv APACHE_RUN_GROUP stackadmin
>> WSGIProcessGroup ceilometer
>> ErrorLog /var/log/apache2/ceilometer_**error.log
>> LogLevel warn
>> CustomLog /var/log/apache2/ceilometer_**access.log combined
>> </VirtualHost>
>> ==============================**=======
>>
>>
>> Despite of everything, I keep getting that "401 Unauthorized"
>> auth error.
>>
>> Do you guys have any suggestions of what I can try to fix it ?
>>
>> Thank you all.
>>
>> --
>>
>> Bruno de Oliveira
>> Developer, System Analyst
>>
>> ______________________________**_________________
>> Mailing list: https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
>> More help : https://help.launchpad.net/**ListHelp<https://help.launchpad.net/ListHelp>
>>
>
> ______________________________**_________________
> Mailing list: https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~**openstack<https://launchpad.net/~openstack>
> More help : https://help.launchpad.net/**ListHelp<https://help.launchpad.net/ListHelp>
>
References