yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1339107] Re: Kyestone: Auth token not in the request header

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1339107@xxxxxxxxxxxxxxxxxx>
Date: Mon, 04 Aug 2014 19:16:33 -0000
Reply-to: Bug 1339107 <1339107@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Actually, I totally overlooked that the request was in the logs, to POST
/v2.0/tokens. There should not be an X-Auth-Token in a request to POST
/v2.0/tokens anyway, so that's completely normal. The rest of the logs
in the problem description are also completely normal, so far as I can
tell.

Without further details, all I can say regarding the "admin user is not
authorized for some commands" is that there must be some sort of other
misconfiguration in the deployment - likely something that should have
been handled by packstack?

Finally, I don't see how https://www.redhat.com/archives/rdo-
list/2014-June/msg00067.html is related?

** Changed in: keystone
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1339107

Title:
  Kyestone: Auth token not in the request header

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  Hi, I am using CentOS 6.4, deployed OpenStack Icehouse with Packstack.

  After the deployment, they admin user is not authorized for some commands,
  e.g. nova list, neutron net-list, etc.

  Similar to the bug described in https://bugs.launchpad.net/keystone/+bug/1289935,
  however the solution patch does not apply.

  Some output:

  2014-07-08 16:52:11.063 1649 INFO eventlet.wsgi.server [-] 10.0.230.14 - - [08/Jul/2014 16:52:11] "POST /v2.0/tokens HTTP/1.1" 200 7520 0.201348
  2014-07-08 16:52:11.079 1649 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /usr/lib/python2.6/site-packages/keystone/middleware/core.py:271
  2014-07-08 16:52:11.081 1649 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.6/site-packages/keystone/common/wsgi.py:181
  2014-07-08 16:52:11.086 1649 DEBUG keystone.notifications [-] CADF Event: {'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event', 'initiator': {'typeURI': 'service/security/account/user', 'host': {'agent': 'python-neutronclient', 'address': '10.0.230.14'}, 'id': 'openstack:ca12b898-95bb-4705-8455-6122aae81752', 'name': u'77aabd14a2e1453489dec37d7b174e58'}, 'target': {'typeURI': 'service/security/account/user', 'id': 'openstack:c9028777-2e4b-4c8a-bf07-4175e1c1f5e9'}, 'observer': {'typeURI': 'service/security', 'id': 'openstack:669df929-fca7-4f71-99cf-0e2af4e981fa'}, 'eventType': 'activity', 'eventTime': '2014-07-08T14:52:11.086573+0000', 'action': 'authenticate', 'outcome': 'pending', 'id': 'openstack:0d35b838-3cc9-46ed-bdf6-e384583d0982'} _send_audit_notification /usr/lib/python2.6/site-packages/keystone/notifications.py:289


  Identical to the issue mentioned here:
  https://www.redhat.com/archives/rdo-list/2014-June/msg00067.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1339107/+subscriptions

References

[Bug 1339107] [NEW] Kyestone: Auth token not in the request header
From: Nicolae Paladi, 2014-07-08