The problem looks like that only users with role ['projectmanager', 'sysadmin'] can run instances. The demo user created by devstack only has "Member" role. Not sure how it's mapped to the roles described in http://docs.openstack.org/diablo/openstack-compute/admin/content/users-and-projects.html
After switching to admin user, it works fine. Anyway, this keystone vs old authentication is really confusing.. On Thu, Oct 27, 2011 at 10:43 PM, Yun Mao <yun...@gmail.com> wrote: > I think I'm close to figuring this out. You can take a look at the > devstack scripts. In particular, > https://github.com/cloudbuilders/devstack/blob/master/files/keystone_data.sh > > Then you can source openrc to get the EC2_* environment variables. > > However, it only works for euca-describe-instances, > euca-describe-images, at least for me. > > When I tried euca-run-instances, the error is: > $ euca-run-instances ami-00000004 > Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error > None: None > > The log on the nova-api daemon looks like this: > 2011-10-27 18:29:22,288 DEBUG nova [-] HTTP PERF: 0.01362 seconds to > GET 127.0.0.1:35357 /v2.0/tokens/bd9c6abd-eeb4-4ba9-b49e-7aafe790ef9c) > from (pid=2774) getresponse > /opt/stack/keystone/keystone/common/bufferedhttp.py:99 > 2011-10-27 18:29:22,301 DEBUG nova [-] HTTP PERF: 0.01282 seconds to > GET 127.0.0.1:35357 /v2.0/tokens/bd9c6abd-eeb4-4ba9-b49e-7aafe790ef9c) > from (pid=2774) getresponse > /opt/stack/keystone/keystone/common/bufferedhttp.py:99 > 2011-10-27 18:29:22,302 DEBUG nova.api [-] action: RunInstances from > (pid=2774) __call__ /opt/stack/nova/nova/api/ec2/__init__.py:240 > 2011-10-27 18:29:22,302 DEBUG nova.api [-] arg: ImageId val: > ami-0000000 from (pid=2774) __call__ > /opt/stack/nova/nova/api/ec2/__init__.py:242 > 2011-10-27 18:29:22,303 DEBUG nova.api [-] arg: MaxCount > val: 1 from (pid=2774) __call__ > /opt/stack/nova/nova/api/ec2/__init__.py:242 > 2011-10-27 18:29:22,303 DEBUG nova.api [-] arg: MinCount > val: 1 from (pid=2774) __call__ > /opt/stack/nova/nova/api/ec2/__init__.py:242 > 2011-10-27 18:29:22,303 DEBUG nova.api [-] arg: InstanceType > val: m1.small from (pid=2774) __call__ > /opt/stack/nova/nova/api/ec2/__init__.py:242 > 2011-10-27 18:29:22,303 AUDIT nova.api > [4f056dc4-6515-4bd0-bd09-0c1584b9fc39 demo 2] Unauthorized request for > controller=CloudController and action=RunInstances > 2011-10-27 18:29:22,304 INFO nova.api > [4f056dc4-6515-4bd0-bd09-0c1584b9fc39 demo 2] 0.60822s 127.0.0.1 POST > /services/Cloud/ CloudController:RunInstances 401 [Boto/2.0 (linux2)] > application/x-www-form-urlencoded text/plain > > Does anyone know what's going on? Thanks, > > Yun > > On Tue, Oct 25, 2011 at 8:51 AM, David Kranz <david.kr...@qrclab.com> wrote: >> Along the same lines, how do you export the shell variables for euca-tools >> with keystone since nova-manage to create the zipfile does not work? >> >> -David >> >> On 10/24/2011 8:29 PM, Vishvananda Ishaya wrote: >> >> Speaking of keystone diablo tag, it is currently missing the following >> commit: >> https://github.com/openstack/keystone/commit/2bb474331d73e7c6d2a507cb097c50cfe65ad6b6 >> This commit is required for the ec2 api to work with keystone. Seems like >> we need to move the tag or create a keystone/stable branch and pull this in. >> Vish >> On Oct 24, 2011, at 12:03 AM, Mark McLoughlin wrote: >> >> Hey, >> >> I just noticed a few things when reviewing the Fedora packaging of >> keystone: >> >> - There's no diablo release tarball on https://launchpad.net/keystone >> like other projects >> >> - The 2011.3 tag in git has version=1.0 in setup.py. Which versioning >> scheme is keystone going to follow? >> >> - The version in master is non-numeric 'essex' rather than e.g. >> 2011.3 or 1.1 >> >> Thanks, >> Mark. >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
