openstack team mailing list archive

[claudio marques <mrqss_cld@xxxxxxxxxxx>]

Hi Doug
I send authentications from the admin user. In order for me to explain you better the issue i will paste here the phases that i am trying to do:
I use curl and send the admin user/password and ask for a token:
curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "admin_pass"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens
It returns this
{"access": {"token": {"issued_at": "2013-06-06T14:11:26.005501", "expires": "2013-06-07T14:11:26Z", "id": "MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE="}, "serviceCatalog": [], "user": {"username": "admin", "roles_links": [], "id": "0b14e1644ffa4336967087458cd85c56", "roles": [], "name": "admin"}, "metadata": {"is_admin": 0, "roles": []}}}
Then, i use curl again with the token that i just received with the following command

curl -k -D -H "X-Auth-Token: MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE=" -X 'GET' -v http://localhost:8777/v2/meters
The return value is this
* getaddrinfo(3) failed for X-Auth-Token:80* Couldn't resolve host 'X-Auth-Token'* Closing connection 0curl: (6) Couldn't resolve host 'X-Auth-Token'* About to connect() to localhost port 8777 (#1)*   Trying 127.0.0.1...* Connected to localhost (127.0.0.1) port 8777 (#1)> GET /v2/meters HTTP/1.1> User-Agent: curl/7.29.0> Host: localhost:8777> Accept: */*>* HTTP 1.0, assume close after body< HTTP/1.0 401 Unauthorized< Date: Thu, 06 Jun 2013 14:14:06 GMT< Server: WSGIServer/0.1 Python/2.7.4< WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'< Content-Length: 381< Content-Type: text/html; charset=UTF-8<<html> <head>  <title>401 Unauthorized</title> </head> <body>  <h1>401 Unauthorized</h1>  This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br />Authentication required

 </body>* Closing connection 1
No data is returned in any case.
I manually installed 3 node openStack and ceilometer , so i am not using devStack. 
Even when i try to send manually credentials of the admin user:
ceilometer --os-username admin --os-password password --os-tenant-name admin --os-auth-url http://localhost:5000/v2.0 resource-list
the result is this:
No handlers could be found for logger "ceilometerclient.common.http"Invalid OpenStack Identity credentials.
Is there any possibility that keystone is not validating all the Tokens?

Claudio Marques

Date: Thu, 6 Jun 2013 09:42:38 -0400
From: doug.hellmann@xxxxxxxxxxxxx
To: claudio@xxxxxxxxxxxx
CC: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Ceilometer-api Auth Error




On Thu, Jun 6, 2013 at 7:22 AM, Claudio Marques <claudio@xxxxxxxxxxxx> wrote:

Hi Stackers

Hi have a problem with ceilometer-api. I want access it via curl or http and every time i try to do it i simple get the same errors. 

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.



My ceilometer.conf file is like this:
[DEFAULT]os_username=adminos_password=admin_passos_tenant_name=admin
os_auth_url=http://10.0.1.167:5000/v2.0/signing_dirname = /tmp/keystone-signing-ceilometermetering_api_port=8777auth_strategy=keystone

nova_control_exchange=novahypervisor_inspector=libvirtlibvirt_type=qemuglance_control_exchange=glancequantum_control_exchange=quantumdebug=trueverbose=true


log_dir=/var/log/ceilometerrpc_backend=ceilometer.openstack.common.rpc.impl_komburabbit_host=localhostrabbit_port=5672rabbit_userid=guestrabbit_password=guest

rabbit_retry_backoff=2rabbit_max_retries=0rabbit_use_ssl=False
database_connection=mongodb://10.0.1.25:27017/ceilometer

sql_connection_debug=0cinder_control_exchange=cinderenable_v1_api=true
[keystone_authtoken]
auth_host = localhostauth_port = 5000

admin_user = adminadmin_password = admin_passadmin_tenant_name = adminauth_uri = http://10.0.1.167:5000/v2.0/


What auth chould i pass in order to get metrics form ceilometer?
The ceilometer API uses keystone authentication, just like the other OpenStack services. If you pass credentials for a regular user, you can see data about the tenant/project you're authenticating with. If you pass credentials for an admin user, you can see all data.

Doug 
Thank's for any reply






_______________________________________________

Mailing list: https://launchpad.net/~openstack

Post to     : openstack@xxxxxxxxxxxxxxxxxxx

Unsubscribe : https://launchpad.net/~openstack

More help   : https://help.launchpad.net/ListHelp





_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp