openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #24255
Re: Ceilometer-api Auth Error
Hi Doug
I send authentications from the admin user. In order for me to explain you better the issue i will paste here the phases that i am trying to do:
I use curl and send the admin user/password and ask for a token:
curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "admin_pass"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens
It returns this
{"access": {"token": {"issued_at": "2013-06-06T14:11:26.005501", "expires": "2013-06-07T14:11:26Z", "id": "MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE="}, "serviceCatalog": [], "user": {"username": "admin", "roles_links": [], "id": "0b14e1644ffa4336967087458cd85c56", "roles": [], "name": "admin"}, "metadata": {"is_admin": 0, "roles": []}}}
Then, i use curl again with the token that i just received with the following command
curl -k -D -H "X-Auth-Token: MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE=" -X 'GET' -v http://localhost:8777/v2/meters
The return value is this
* getaddrinfo(3) failed for X-Auth-Token:80* Couldn't resolve host 'X-Auth-Token'* Closing connection 0curl: (6) Couldn't resolve host 'X-Auth-Token'* About to connect() to localhost port 8777 (#1)* Trying 127.0.0.1...* Connected to localhost (127.0.0.1) port 8777 (#1)> GET /v2/meters HTTP/1.1> User-Agent: curl/7.29.0> Host: localhost:8777> Accept: */*>* HTTP 1.0, assume close after body< HTTP/1.0 401 Unauthorized< Date: Thu, 06 Jun 2013 14:14:06 GMT< Server: WSGIServer/0.1 Python/2.7.4< WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'< Content-Length: 381< Content-Type: text/html; charset=UTF-8<<html> <head> <title>401 Unauthorized</title> </head> <body> <h1>401 Unauthorized</h1> This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br />Authentication required
</body>* Closing connection 1
No data is returned in any case.
I manually installed 3 node openStack and ceilometer , so i am not using devStack.
Even when i try to send manually credentials of the admin user:
ceilometer --os-username admin --os-password password --os-tenant-name admin --os-auth-url http://localhost:5000/v2.0 resource-list
the result is this:
No handlers could be found for logger "ceilometerclient.common.http"Invalid OpenStack Identity credentials.
Is there any possibility that keystone is not validating all the Tokens?
Claudio Marques
Date: Thu, 6 Jun 2013 09:42:38 -0400
From: doug.hellmann@xxxxxxxxxxxxx
To: claudio@xxxxxxxxxxxx
CC: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Ceilometer-api Auth Error
On Thu, Jun 6, 2013 at 7:22 AM, Claudio Marques <claudio@xxxxxxxxxxxx> wrote:
Hi Stackers
Hi have a problem with ceilometer-api. I want access it via curl or http and every time i try to do it i simple get the same errors.
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
My ceilometer.conf file is like this:
[DEFAULT]os_username=adminos_password=admin_passos_tenant_name=admin
os_auth_url=http://10.0.1.167:5000/v2.0/signing_dirname = /tmp/keystone-signing-ceilometermetering_api_port=8777auth_strategy=keystone
nova_control_exchange=novahypervisor_inspector=libvirtlibvirt_type=qemuglance_control_exchange=glancequantum_control_exchange=quantumdebug=trueverbose=true
log_dir=/var/log/ceilometerrpc_backend=ceilometer.openstack.common.rpc.impl_komburabbit_host=localhostrabbit_port=5672rabbit_userid=guestrabbit_password=guest
rabbit_retry_backoff=2rabbit_max_retries=0rabbit_use_ssl=False
database_connection=mongodb://10.0.1.25:27017/ceilometer
sql_connection_debug=0cinder_control_exchange=cinderenable_v1_api=true
[keystone_authtoken]
auth_host = localhostauth_port = 5000
admin_user = adminadmin_password = admin_passadmin_tenant_name = adminauth_uri = http://10.0.1.167:5000/v2.0/
What auth chould i pass in order to get metrics form ceilometer?
The ceilometer API uses keystone authentication, just like the other OpenStack services. If you pass credentials for a regular user, you can see data about the tenant/project you're authenticating with. If you pass credentials for an admin user, you can see all data.
Doug
Thank's for any reply
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Follow ups
References