I'm trying to make novaclient work with keystone. It looks like authentication is working, but actual interaction between novaclient and nova does not work. Here is what I get (with added debugging messages I added in novaclient)
I'll appreciate any help. David. $ nova list initial auth_url: http://10.0.10.1:5000/v2.0/ POST with body = {'auth': {'tenantName': 'demo', 'passwordCredentials': {'username': 'demo', 'password': 'guest'}}} request: args = ('http://10.0.10.1:5000/v2.0/tokens', 'POST') request: kwargs = {'body': '{"auth": {"tenantName": "demo", "passwordCredentials": {"username": "demo", "password": "guest"}}}', 'headers': {'Content-Type': 'application/json', 'User-Agent': 'python-novaclient'}} request: resp = {'date': 'Thu, 15 Dec 2011 19:20:10 GMT', 'status': '200', 'content-length': '993', 'content-type': 'application/json; charset=UTF-8'} request: body = {"access": {"token": {"expires": "2011-12-16T11:30:09.098995", "id": "6ad85291-8d26-4bd5-a667-525322fd66a8", "tenant": {"id": "2", "name": "demo"}}, "serviceCatalog": [{"endpoints": [{"region": "RegionOne", "internalURL": "http://10.0.10.1:8774/v1.1/";, "publicURL": "http://10.0.10.1:8774/v1.1/"}], "type": "compute", "name": "nova"}, {"endpoints": [{"region": "RegionOne", "internalURL": "http://10.0.11.1:9292/v1.1/";, "publicURL": "http://10.0.11.1:9292/v1.1/"}, {"region": "RegionOne", "internalURL": "http://10.0.1.3:9292/v1.1/";, "publicURL": "http://10.0.1.3:9292/v1.1/"}, {"region": "RegionOne", "internalURL": "http://10.0.11.1:9292/v1/";, "publicURL": "http://10.0.11.1:9292/v1/"}], "type": "image", "name": "glance"}, {"endpoints": [{"region": "RegionOne", "internalURL": "http://10.0.10.1:5000/v2.0";, "publicURL": "http://10.0.10.1:5000/v2.0"}], "type": "identity", "name": "keystone"}], "user": {"id": "2", "roles": [{"tenantId": "2", "id": "4", "name": "Member"}], "name": "demo"}}} resp of POST = {'date': 'Thu, 15 Dec 2011 19:20:10 GMT', 'status': '200', 'content-length': '993', 'content-type': 'application/json; charset=UTF-8'} service_catalog = <module 'novaclient.service_catalog' from '/home/dkang/venv/lib/python2.6/site-packages/novaclient/service_catalog.pyc'> auth_token = 6ad85291-8d26-4bd5-a667-525322fd66a8 management_url = http://10.0.10.1:8774/v1.1/ v2_auth is done request: args = (u'http://10.0.10.1:8774/v1.1//servers/detail?fresh=1323976810.06', 'GET') request: kwargs = {'headers': {'X-Auth-Project-Id': 'demo', 'User-Agent': 'python-novaclient', 'X-Auth-Token': u'6ad85291-8d26-4bd5-a667-525322fd66a8'}} request: resp = {'date': 'Thu, 15 Dec 2011 19:20:10 GMT', 'status': '404', 'content-length': '52', 'content-type': 'text/plain; charset=UTF-8'} request: body = 404 Not Found The resource could not be found. n/a (HTTP 404) ====================== Here is my nova.conf and api-paste.ini file. === nova.conf --verbose --nodaemon --allow_admin_api --dhcpbridge_flagfile=/usr/local/nova/bin/nova.conf --dhcpbridge=/usr/local/nova/bin/nova-dhcpbridge --force_dhcp_release --cc_host=10.99.1.1 --ec2_url=http://10.99.1.1:8773/services/Cloud --rabbit_host=10.99.1.1 --sql_connection=mysql://root:[email protected]/nova --network_manager=nova.network.manager.FlatDHCPManager --libvirt_type=kvm --flat_network_dhcp_start=10.99.1.2 --glance_api_servers=10.0.11.1:9292 --image_service=nova.image.glance.GlanceImageService --scheduler_driver=nova.scheduler.arch.ArchitectureScheduler --quota_cores=1024 --quota_gigabytes=1000 --quota_ram=1024000 --connection_type=libvirt --cpu_arch=x86_64 --xpu_arch= --periodic_interval=20 --max_nbd_devices=16 --fixed_range=10.99.1.0/24 --network_size=256 --baremetal_driver= --iscsi_ip_prefix=10.2.11.1 --service_down_time=120 --ec2_dmz_host=10.99.1.1 --api_paste_config=/etc/nova/api-paste.ini --flat_interface=eth0 === api-paste.ini (slight modification from that of devstack.) cat /etc/nova/api-paste.ini ############ # Metadata # ############ [composite:metadata] use = egg:Paste#urlmap /: metaversions /latest: meta /2007-01-19: meta /2007-03-01: meta /2007-08-29: meta /2007-10-10: meta /2007-12-15: meta /2008-02-01: meta /2008-09-01: meta /2009-04-04: meta [pipeline:metaversions] pipeline = ec2faultwrap logrequest metaverapp [pipeline:meta] pipeline = ec2faultwrap logrequest metaapp [app:metaverapp] paste.app_factory = nova.api.metadata.handler:Versions.factory [app:metaapp] paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory ####### # EC2 # ####### [composite:ec2] use = egg:Paste#urlmap /services/Cloud: ec2cloud /services/Admin: ec2admin [pipeline:ec2cloud] pipeline = ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor [pipeline:ec2admin] pipeline = ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor [pipeline:ec2metadata] pipeline = ec2faultwrap logrequest ec2md [pipeline:ec2versions] pipeline = ec2faultwrap logrequest ec2ver [filter:ec2faultwrap] paste.filter_factory = nova.api.ec2:FaultWrapper.factory [filter:logrequest] paste.filter_factory = nova.api.ec2:RequestLogging.factory [filter:ec2lockout] paste.filter_factory = nova.api.ec2:Lockout.factory [filter:totoken] paste.filter_factory = keystone.middleware.ec2_token:EC2Token.factory [filter:ec2noauth] paste.filter_factory = nova.api.ec2:NoAuth.factory [filter:authenticate] paste.filter_factory = nova.api.ec2:Authenticate.factory [filter:cloudrequest] controller = nova.api.ec2.cloud.CloudController paste.filter_factory = nova.api.ec2:Requestify.factory [filter:adminrequest] controller = nova.api.ec2.admin.AdminController paste.filter_factory = nova.api.ec2:Requestify.factory [filter:authorizer] paste.filter_factory = nova.api.ec2:Authorizer.factory [app:ec2executor] paste.app_factory = nova.api.ec2:Executor.factory ############# # Openstack # ############# [composite:osapi] use = call:nova.api.openstack.v2.urlmap:urlmap_factory /: osversions /v1.1: openstack_api_v2 /v2: openstack_api_v2 [pipeline:openstack_api_v2] pipeline = faultwrap authtoken keystonecontext ratelimit serialize extensions osapi_app_v2 [filter:faultwrap] paste.filter_factory = nova.api.openstack.v2:FaultWrapper.factory [filter:auth] paste.filter_factory = nova.api.openstack.v2.auth:AuthMiddleware.factory [filter:noauth] paste.filter_factory = nova.api.openstack.v2.auth:NoAuthMiddleware.factory [filter:ratelimit] paste.filter_factory = nova.api.openstack.v2.limits:RateLimitingMiddleware.factory [filter:serialize] paste.filter_factory = nova.api.openstack.wsgi:LazySerializationMiddleware.factory [filter:extensions] paste.filter_factory = nova.api.openstack.v2.extensions:ExtensionMiddleware.factory [app:osapi_app_v2] paste.app_factory = nova.api.openstack.v2:APIRouter.factory [pipeline:osversions] pipeline = faultwrap osversionapp [app:osversionapp] paste.app_factory = nova.api.openstack.v2.versions:Versions.factory ########## # Shared # ########## [filter:keystonecontext] paste.filter_factory = keystone.middleware.nova_keystone_context:NovaKeystoneContext.factory [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http auth_uri = http://127.0.0.1:5000/ admin_token = 999888777666 ---------------------- Dr. Dong-In "David" Kang Computer Scientist USC/ISI _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
