Hi All, working on testing our Kilo-> Mitaka keystone upgrade, and I've clearly missied something I need to do or undo.
After DB migration and the edits I belive are required to paste and conf files I can get tokens (using password auth) but it won't seem to accept them (for example with an admin user I get 'action requires authorization' errors when trying to show users ) Current setup is pretty simple and past upgrades of keystone have been super easy, so other that reread and recheck not sure where I should focus my attention. using: fernet tokens mysql local users apache/wsgi Ubuntu 14.04 cloud archive packages This is what I can see with --debug the client (both python-keystoneclient and python-openstackclient) after getting the initial auth token through password exchange: REQ: curl -g -i -X GET https://controller:35358/v2.0/users -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}<redacted>" "GET /v2.0/users HTTP/1.1" 401 114 RESP: [401] Content-Length: 114 Vary: X-Auth-Token Keep-Alive: timeout=5 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Thu, 25 Aug 2016 14:41:26 GMT WWW-Authenticate: Keystone uri="https://nimbus.csail.mit.edu:35358"; Content-Type: application/json X-Distribution: Ubuntu RESP BODY: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}} (v3 requests are similar modulo API differences) Keysote.log in debug mode issues a couple deprecation warnings but no errors (http://pastebin.com/WriB6u6i). Not this log is for the same event but response is UTC where log is local time (-0400) Any pointer to where I should focus my investigations woudl be most welcome :) Thanks, -Jon _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
