← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1661601] [NEW] mitaka: issue with keystone.middleware.auth

 

Public bug reported:

Whether using curl or xml with correct credentials continue to get
(DEBUG keystone.middleware.auth [req-
07a6c838-2b74-486f-a843-167f2539e25c - - - - -] There is either no auth
token in the request or the certificate issuer is not trusted. No auth
context will be set. _build_auth_context /usr/lib/python2.7/dist-
packages/keystone/middleware/auth.py:71)

Here is one set of xml code:  (both xml and curl script below result in
above error)

 curl -i -X POST -H "X-Autplication/xml"
http://haproxy2-st:35357/v3/auth/tokens -d '<?xml version="1.0"
encoding="UTF-8"?><auth><identity><methods><method>password</method></methods><password><user
password="xxxxxxx" name="admin"><domain id="default"
name="default"/></user></password></identity></auth>'


Here is another set of xml code:

<auth type="keystone" config="region=vtil-
swift-2;username=admin;password=linux4u;project_name=admin;project_domain_name=default;user_domain_name=default;auth_url=http://haproxy2-st:35357/v3"/>

Here is curl script:


curl -i -H "Content-Type: application/json" -d '
 { "auth": {
   "identity": {
     "methods": ["password"],
	 "password": {
	   "user": {
	     "name": "admin",
		  "domain": {"name": default"),
		  "password": "xxxxxxx
		  }
		  }
		 }.
		 "scope": {
		   "project": {
		    "name": "admin",
			"domain": {"name": "default"}
			}
		}
	}
}' http://haproxy2-st:35357/v3/auth/tokens


Contents of admin.sh that works:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=xxxxxxx
export OS_AUTH_URL=http://haproxy2-st:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2


root@hlxkvm035:~# openstack token issue --debug
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
START with options: ['token', 'issue', '--debug']
options: Namespace(access_token_endpoint='', auth_type='', auth_url='http://haproxy2-st:35357/v3', cacert='', client_id='', client_secret='***', cloud='', debug=True, default_domain='default', deferred_help=False, domain_id='', domain_name='', endpoint='', identity_provider='', identity_provider_url='', insecure=None, interface='', log_file=None, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='2', os_network_api_version='', os_object_api_version='', os_project_id=None, os_project_name=None, os_volume_api_version='', password='***', project_domain_id='', project_domain_name='default', project_id='', project_name='admin', protocol='', region_name='', scope='', service_provider_endpoint='', timing=False, token='***', trust_id='', url='', user_domain_id='', user_domain_name='default', user_id='', username='admin', verbose_level=3, verify=None)
defaults: {u'auth_type': 'password', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'api_timeout': None, u'baremetal_api_version': u'1', u'image_api_version': u'2', 'cacert': None, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', u'interface': None, u'network_api_version': u'2', u'image_format': u'qcow2', u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'verify': True, u'identity_api_version': u'2.0', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'dns_api_version': u'2', u'object_store_api_version': u'1', u'disable_vendor_agent': {}}
cloud cfg: {'auth_type': 'password', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'timing': False, u'network_api_version': u'2', u'image_format': u'qcow2', u'image_api_version': '2', 'verify': True, u'dns_api_version': u'2', u'object_store_api_version': u'1', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': {'username': 'admin', 'project_name': 'admin', 'user_domain_name': 'default', 'auth_url': 'http://haproxy2-st:35357/v3', 'password': '***', 'project_domain_name': 'default'}, 'default_domain': 'default', u'container_api_version': u'1', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', u'interface': None, 'cacert': None, u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', 'debug': True, u'disable_vendor_agent': {}}
compute API version 2, cmd group openstack.compute.v2
network API version 2, cmd group openstack.network.v2
image API version 2, cmd group openstack.image.v2
volume API version 2, cmd group openstack.volume.v2
identity API version 3, cmd group openstack.identity.v3
object_store API version 1, cmd group openstack.object_store.v1
command: token issue -> openstackclient.identity.v3.token.IssueToken
Auth plugin password selected
auth_type: password
Using auth plugin: password
Using parameters {'username': 'admin', 'project_name': 'admin', 'auth_url': 'http://haproxy2-st:35357/v3', 'user_domain_name': 'default', 'password': '***', 'project_domain_name': 'default'}
Get auth_ref
REQ: curl -g -i -X GET http://haproxy2-st:35357/v3 -H "Accept: application/json" -H "User-Agent: python-openstackclient keystoneauth1/2.4.1 python-requests/2.9.1 CPython/2.7.6"
Starting new HTTP connection (1): haproxy2-st
"GET /v3 HTTP/1.1" 200 251
RESP: [200] Content-Length: 251 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Fri, 03 Feb 2017 13:00:22 GMT x-openstack-request-id: req-3d3204e2-e3b2-47c8-b127-cbed2eb4f832 Content-Type: application/json X-Distribution: Ubuntu
RESP BODY: {"version": {"status": "stable", "updated": "2016-04-04T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.6", "links": [{"href": "http://haproxy2-st:35357/v3/";, "rel": "self"}]}}

Making authentication request to http://haproxy2-st:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1770
run(Namespace(columns=[], formatter='table', max_width=0, noindent=False, prefix='', variables=[]))
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2017-02-03T14:00:22.753450Z                                                                                                                                                             |
| id         | gAAAAABYlH7mLmeNoImhzPFh2OXbnmbMKQcEh1BPfAQcc3tYluIJgBFfr2YsaTxiGFqd4MU2QLhHDflG4H6b2aG_etZBdaPiSUhvZrGvh7lhBm5BJ7IBvxv0OAxtkC5SsIM1HRjjg9zNlmdqQWjhhM0W7BAV8UnDEUOz7GrnBkPepFGXrio7uQU |
| project_id | 6c3e9efe2ba44eacbe6fb1068805308d                                                                                                                                                        |
| user_id    | df6bede8c9814627b2ff8ff456f1b424                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
clean_up IssueToken:
END return value: 0

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1661601

Title:
  mitaka:  issue with keystone.middleware.auth

Status in OpenStack Identity (keystone):
  New

Bug description:
  Whether using curl or xml with correct credentials continue to get
  (DEBUG keystone.middleware.auth [req-
  07a6c838-2b74-486f-a843-167f2539e25c - - - - -] There is either no
  auth token in the request or the certificate issuer is not trusted. No
  auth context will be set. _build_auth_context /usr/lib/python2.7/dist-
  packages/keystone/middleware/auth.py:71)

  Here is one set of xml code:  (both xml and curl script below result
  in above error)

   curl -i -X POST -H "X-Autplication/xml"
  http://haproxy2-st:35357/v3/auth/tokens -d '<?xml version="1.0"
  encoding="UTF-8"?><auth><identity><methods><method>password</method></methods><password><user
  password="xxxxxxx" name="admin"><domain id="default"
  name="default"/></user></password></identity></auth>'

  
  Here is another set of xml code:

  <auth type="keystone" config="region=vtil-
  swift-2;username=admin;password=linux4u;project_name=admin;project_domain_name=default;user_domain_name=default;auth_url=http://haproxy2-st:35357/v3"/>

  Here is curl script:

  
  curl -i -H "Content-Type: application/json" -d '
   { "auth": {
     "identity": {
       "methods": ["password"],
  	 "password": {
  	   "user": {
  	     "name": "admin",
  		  "domain": {"name": default"),
  		  "password": "xxxxxxx
  		  }
  		  }
  		 }.
  		 "scope": {
  		   "project": {
  		    "name": "admin",
  			"domain": {"name": "default"}
  			}
  		}
  	}
  }' http://haproxy2-st:35357/v3/auth/tokens


  
  Contents of admin.sh that works:
  export OS_PROJECT_DOMAIN_NAME=default
  export OS_USER_DOMAIN_NAME=default
  export OS_PROJECT_NAME=admin
  export OS_USERNAME=admin
  export OS_PASSWORD=xxxxxxx
  export OS_AUTH_URL=http://haproxy2-st:35357/v3
  export OS_IDENTITY_API_VERSION=3
  export OS_IMAGE_API_VERSION=2

  
  root@hlxkvm035:~# openstack token issue --debug
  X11 connection rejected because of wrong authentication.
  X11 connection rejected because of wrong authentication.
  START with options: ['token', 'issue', '--debug']
  options: Namespace(access_token_endpoint='', auth_type='', auth_url='http://haproxy2-st:35357/v3', cacert='', client_id='', client_secret='***', cloud='', debug=True, default_domain='default', deferred_help=False, domain_id='', domain_name='', endpoint='', identity_provider='', identity_provider_url='', insecure=None, interface='', log_file=None, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='2', os_network_api_version='', os_object_api_version='', os_project_id=None, os_project_name=None, os_volume_api_version='', password='***', project_domain_id='', project_domain_name='default', project_id='', project_name='admin', protocol='', region_name='', scope='', service_provider_endpoint='', timing=False, token='***', trust_id='', url='', user_domain_id='', user_domain_name='default', user_id='', username='admin', verbose_level=3, verify=None)
  defaults: {u'auth_type': 'password', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'api_timeout': None, u'baremetal_api_version': u'1', u'image_api_version': u'2', 'cacert': None, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', u'interface': None, u'network_api_version': u'2', u'image_format': u'qcow2', u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'verify': True, u'identity_api_version': u'2.0', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'dns_api_version': u'2', u'object_store_api_version': u'1', u'disable_vendor_agent': {}}
  cloud cfg: {'auth_type': 'password', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'timing': False, u'network_api_version': u'2', u'image_format': u'qcow2', u'image_api_version': '2', 'verify': True, u'dns_api_version': u'2', u'object_store_api_version': u'1', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': {'username': 'admin', 'project_name': 'admin', 'user_domain_name': 'default', 'auth_url': 'http://haproxy2-st:35357/v3', 'password': '***', 'project_domain_name': 'default'}, 'default_domain': 'default', u'container_api_version': u'1', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', u'interface': None, 'cacert': None, u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', 'debug': True, u'disable_vendor_agent': {}}
  compute API version 2, cmd group openstack.compute.v2
  network API version 2, cmd group openstack.network.v2
  image API version 2, cmd group openstack.image.v2
  volume API version 2, cmd group openstack.volume.v2
  identity API version 3, cmd group openstack.identity.v3
  object_store API version 1, cmd group openstack.object_store.v1
  command: token issue -> openstackclient.identity.v3.token.IssueToken
  Auth plugin password selected
  auth_type: password
  Using auth plugin: password
  Using parameters {'username': 'admin', 'project_name': 'admin', 'auth_url': 'http://haproxy2-st:35357/v3', 'user_domain_name': 'default', 'password': '***', 'project_domain_name': 'default'}
  Get auth_ref
  REQ: curl -g -i -X GET http://haproxy2-st:35357/v3 -H "Accept: application/json" -H "User-Agent: python-openstackclient keystoneauth1/2.4.1 python-requests/2.9.1 CPython/2.7.6"
  Starting new HTTP connection (1): haproxy2-st
  "GET /v3 HTTP/1.1" 200 251
  RESP: [200] Content-Length: 251 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Fri, 03 Feb 2017 13:00:22 GMT x-openstack-request-id: req-3d3204e2-e3b2-47c8-b127-cbed2eb4f832 Content-Type: application/json X-Distribution: Ubuntu
  RESP BODY: {"version": {"status": "stable", "updated": "2016-04-04T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.6", "links": [{"href": "http://haproxy2-st:35357/v3/";, "rel": "self"}]}}

  Making authentication request to http://haproxy2-st:35357/v3/auth/tokens
  "POST /v3/auth/tokens HTTP/1.1" 201 1770
  run(Namespace(columns=[], formatter='table', max_width=0, noindent=False, prefix='', variables=[]))
  +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | Field      | Value                                                                                                                                                                                   |
  +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | expires    | 2017-02-03T14:00:22.753450Z                                                                                                                                                             |
  | id         | gAAAAABYlH7mLmeNoImhzPFh2OXbnmbMKQcEh1BPfAQcc3tYluIJgBFfr2YsaTxiGFqd4MU2QLhHDflG4H6b2aG_etZBdaPiSUhvZrGvh7lhBm5BJ7IBvxv0OAxtkC5SsIM1HRjjg9zNlmdqQWjhhM0W7BAV8UnDEUOz7GrnBkPepFGXrio7uQU |
  | project_id | 6c3e9efe2ba44eacbe6fb1068805308d                                                                                                                                                        |
  | user_id    | df6bede8c9814627b2ff8ff456f1b424                                                                                                                                                        |
  +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  clean_up IssueToken:
  END return value: 0

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1661601/+subscriptions


Follow ups