yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #61190
[Bug 1661601] [NEW] mitaka: issue with keystone.middleware.auth
Public bug reported:
Whether using curl or xml with correct credentials continue to get
(DEBUG keystone.middleware.auth [req-
07a6c838-2b74-486f-a843-167f2539e25c - - - - -] There is either no auth
token in the request or the certificate issuer is not trusted. No auth
context will be set. _build_auth_context /usr/lib/python2.7/dist-
packages/keystone/middleware/auth.py:71)
Here is one set of xml code: (both xml and curl script below result in
above error)
curl -i -X POST -H "X-Autplication/xml"
http://haproxy2-st:35357/v3/auth/tokens -d '<?xml version="1.0"
encoding="UTF-8"?><auth><identity><methods><method>password</method></methods><password><user
password="xxxxxxx" name="admin"><domain id="default"
name="default"/></user></password></identity></auth>'
Here is another set of xml code:
<auth type="keystone" config="region=vtil-
swift-2;username=admin;password=linux4u;project_name=admin;project_domain_name=default;user_domain_name=default;auth_url=http://haproxy2-st:35357/v3"/>
Here is curl script:
curl -i -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": {"name": default"),
"password": "xxxxxxx
}
}
}.
"scope": {
"project": {
"name": "admin",
"domain": {"name": "default"}
}
}
}
}' http://haproxy2-st:35357/v3/auth/tokens
Contents of admin.sh that works:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=xxxxxxx
export OS_AUTH_URL=http://haproxy2-st:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
root@hlxkvm035:~# openstack token issue --debug
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
START with options: ['token', 'issue', '--debug']
options: Namespace(access_token_endpoint='', auth_type='', auth_url='http://haproxy2-st:35357/v3', cacert='', client_id='', client_secret='***', cloud='', debug=True, default_domain='default', deferred_help=False, domain_id='', domain_name='', endpoint='', identity_provider='', identity_provider_url='', insecure=None, interface='', log_file=None, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='2', os_network_api_version='', os_object_api_version='', os_project_id=None, os_project_name=None, os_volume_api_version='', password='***', project_domain_id='', project_domain_name='default', project_id='', project_name='admin', protocol='', region_name='', scope='', service_provider_endpoint='', timing=False, token='***', trust_id='', url='', user_domain_id='', user_domain_name='default', user_id='', username='admin', verbose_level=3, verify=None)
defaults: {u'auth_type': 'password', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'api_timeout': None, u'baremetal_api_version': u'1', u'image_api_version': u'2', 'cacert': None, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', u'interface': None, u'network_api_version': u'2', u'image_format': u'qcow2', u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'verify': True, u'identity_api_version': u'2.0', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'dns_api_version': u'2', u'object_store_api_version': u'1', u'disable_vendor_agent': {}}
cloud cfg: {'auth_type': 'password', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'timing': False, u'network_api_version': u'2', u'image_format': u'qcow2', u'image_api_version': '2', 'verify': True, u'dns_api_version': u'2', u'object_store_api_version': u'1', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': {'username': 'admin', 'project_name': 'admin', 'user_domain_name': 'default', 'auth_url': 'http://haproxy2-st:35357/v3', 'password': '***', 'project_domain_name': 'default'}, 'default_domain': 'default', u'container_api_version': u'1', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', u'interface': None, 'cacert': None, u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', 'debug': True, u'disable_vendor_agent': {}}
compute API version 2, cmd group openstack.compute.v2
network API version 2, cmd group openstack.network.v2
image API version 2, cmd group openstack.image.v2
volume API version 2, cmd group openstack.volume.v2
identity API version 3, cmd group openstack.identity.v3
object_store API version 1, cmd group openstack.object_store.v1
command: token issue -> openstackclient.identity.v3.token.IssueToken
Auth plugin password selected
auth_type: password
Using auth plugin: password
Using parameters {'username': 'admin', 'project_name': 'admin', 'auth_url': 'http://haproxy2-st:35357/v3', 'user_domain_name': 'default', 'password': '***', 'project_domain_name': 'default'}
Get auth_ref
REQ: curl -g -i -X GET http://haproxy2-st:35357/v3 -H "Accept: application/json" -H "User-Agent: python-openstackclient keystoneauth1/2.4.1 python-requests/2.9.1 CPython/2.7.6"
Starting new HTTP connection (1): haproxy2-st
"GET /v3 HTTP/1.1" 200 251
RESP: [200] Content-Length: 251 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Fri, 03 Feb 2017 13:00:22 GMT x-openstack-request-id: req-3d3204e2-e3b2-47c8-b127-cbed2eb4f832 Content-Type: application/json X-Distribution: Ubuntu
RESP BODY: {"version": {"status": "stable", "updated": "2016-04-04T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.6", "links": [{"href": "http://haproxy2-st:35357/v3/";, "rel": "self"}]}}
Making authentication request to http://haproxy2-st:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1770
run(Namespace(columns=[], formatter='table', max_width=0, noindent=False, prefix='', variables=[]))
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2017-02-03T14:00:22.753450Z |
| id | gAAAAABYlH7mLmeNoImhzPFh2OXbnmbMKQcEh1BPfAQcc3tYluIJgBFfr2YsaTxiGFqd4MU2QLhHDflG4H6b2aG_etZBdaPiSUhvZrGvh7lhBm5BJ7IBvxv0OAxtkC5SsIM1HRjjg9zNlmdqQWjhhM0W7BAV8UnDEUOz7GrnBkPepFGXrio7uQU |
| project_id | 6c3e9efe2ba44eacbe6fb1068805308d |
| user_id | df6bede8c9814627b2ff8ff456f1b424 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
clean_up IssueToken:
END return value: 0
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1661601
Title:
mitaka: issue with keystone.middleware.auth
Status in OpenStack Identity (keystone):
New
Bug description:
Whether using curl or xml with correct credentials continue to get
(DEBUG keystone.middleware.auth [req-
07a6c838-2b74-486f-a843-167f2539e25c - - - - -] There is either no
auth token in the request or the certificate issuer is not trusted. No
auth context will be set. _build_auth_context /usr/lib/python2.7/dist-
packages/keystone/middleware/auth.py:71)
Here is one set of xml code: (both xml and curl script below result
in above error)
curl -i -X POST -H "X-Autplication/xml"
http://haproxy2-st:35357/v3/auth/tokens -d '<?xml version="1.0"
encoding="UTF-8"?><auth><identity><methods><method>password</method></methods><password><user
password="xxxxxxx" name="admin"><domain id="default"
name="default"/></user></password></identity></auth>'
Here is another set of xml code:
<auth type="keystone" config="region=vtil-
swift-2;username=admin;password=linux4u;project_name=admin;project_domain_name=default;user_domain_name=default;auth_url=http://haproxy2-st:35357/v3"/>
Here is curl script:
curl -i -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": {"name": default"),
"password": "xxxxxxx
}
}
}.
"scope": {
"project": {
"name": "admin",
"domain": {"name": "default"}
}
}
}
}' http://haproxy2-st:35357/v3/auth/tokens
Contents of admin.sh that works:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=xxxxxxx
export OS_AUTH_URL=http://haproxy2-st:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
root@hlxkvm035:~# openstack token issue --debug
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
START with options: ['token', 'issue', '--debug']
options: Namespace(access_token_endpoint='', auth_type='', auth_url='http://haproxy2-st:35357/v3', cacert='', client_id='', client_secret='***', cloud='', debug=True, default_domain='default', deferred_help=False, domain_id='', domain_name='', endpoint='', identity_provider='', identity_provider_url='', insecure=None, interface='', log_file=None, os_compute_api_version='', os_identity_api_version='3', os_image_api_version='2', os_network_api_version='', os_object_api_version='', os_project_id=None, os_project_name=None, os_volume_api_version='', password='***', project_domain_id='', project_domain_name='default', project_id='', project_name='admin', protocol='', region_name='', scope='', service_provider_endpoint='', timing=False, token='***', trust_id='', url='', user_domain_id='', user_domain_name='default', user_id='', username='admin', verbose_level=3, verify=None)
defaults: {u'auth_type': 'password', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'api_timeout': None, u'baremetal_api_version': u'1', u'image_api_version': u'2', 'cacert': None, u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', u'interface': None, u'network_api_version': u'2', u'image_format': u'qcow2', u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'verify': True, u'identity_api_version': u'2.0', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', u'container_api_version': u'1', u'dns_api_version': u'2', u'object_store_api_version': u'1', u'disable_vendor_agent': {}}
cloud cfg: {'auth_type': 'password', u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'timing': False, u'network_api_version': u'2', u'image_format': u'qcow2', u'image_api_version': '2', 'verify': True, u'dns_api_version': u'2', u'object_store_api_version': u'1', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': {'username': 'admin', 'project_name': 'admin', 'user_domain_name': 'default', 'auth_url': 'http://haproxy2-st:35357/v3', 'password': '***', 'project_domain_name': 'default'}, 'default_domain': 'default', u'container_api_version': u'1', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': u'1', u'interface': None, 'cacert': None, u'key_manager_api_version': u'v1', u'metering_api_version': u'2', 'deferred_help': False, u'identity_api_version': '3', u'volume_api_version': u'2', 'cert': None, u'secgroup_source': u'neutron', 'debug': True, u'disable_vendor_agent': {}}
compute API version 2, cmd group openstack.compute.v2
network API version 2, cmd group openstack.network.v2
image API version 2, cmd group openstack.image.v2
volume API version 2, cmd group openstack.volume.v2
identity API version 3, cmd group openstack.identity.v3
object_store API version 1, cmd group openstack.object_store.v1
command: token issue -> openstackclient.identity.v3.token.IssueToken
Auth plugin password selected
auth_type: password
Using auth plugin: password
Using parameters {'username': 'admin', 'project_name': 'admin', 'auth_url': 'http://haproxy2-st:35357/v3', 'user_domain_name': 'default', 'password': '***', 'project_domain_name': 'default'}
Get auth_ref
REQ: curl -g -i -X GET http://haproxy2-st:35357/v3 -H "Accept: application/json" -H "User-Agent: python-openstackclient keystoneauth1/2.4.1 python-requests/2.9.1 CPython/2.7.6"
Starting new HTTP connection (1): haproxy2-st
"GET /v3 HTTP/1.1" 200 251
RESP: [200] Content-Length: 251 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Fri, 03 Feb 2017 13:00:22 GMT x-openstack-request-id: req-3d3204e2-e3b2-47c8-b127-cbed2eb4f832 Content-Type: application/json X-Distribution: Ubuntu
RESP BODY: {"version": {"status": "stable", "updated": "2016-04-04T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.6", "links": [{"href": "http://haproxy2-st:35357/v3/";, "rel": "self"}]}}
Making authentication request to http://haproxy2-st:35357/v3/auth/tokens
"POST /v3/auth/tokens HTTP/1.1" 201 1770
run(Namespace(columns=[], formatter='table', max_width=0, noindent=False, prefix='', variables=[]))
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2017-02-03T14:00:22.753450Z |
| id | gAAAAABYlH7mLmeNoImhzPFh2OXbnmbMKQcEh1BPfAQcc3tYluIJgBFfr2YsaTxiGFqd4MU2QLhHDflG4H6b2aG_etZBdaPiSUhvZrGvh7lhBm5BJ7IBvxv0OAxtkC5SsIM1HRjjg9zNlmdqQWjhhM0W7BAV8UnDEUOz7GrnBkPepFGXrio7uQU |
| project_id | 6c3e9efe2ba44eacbe6fb1068805308d |
| user_id | df6bede8c9814627b2ff8ff456f1b424 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
clean_up IssueToken:
END return value: 0
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1661601/+subscriptions
Follow ups
