Feel free to file a bug -- I'm reviewing the document right now.
http://docs.openstack.org/trunk/openstack-compute/install/apt/content/verifying-identity-install.html As for the invalid tenant message, I'm guessing you don't have any roles granted to "adminUser" on that tenant. Checkout the user-role-add command: $ keystone help user-role-add You might also try the other tenant returned by tenant-list. -Dolph On Tue, Oct 2, 2012 at 5:48 PM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: > Hi Anne, > > Thank you for pointing that out. I noticed the "adminTenant" string in > the curl command, and it did bother me a bit, but I did not pursue it due > to lack of experience with curl / Rest API / OpenStack but looking, I > should have known better. Can this be addressed in the "Deploy and > Install OpenStack - Red Hat Ubuntu" document, as I am sure others might > be running into the same issue. Do I need to file a bug against > documentation or email someone specifically. > > After making the change in the curl command, I am now getting a different > error message: > > #> keystone --token 012345SECRET99TOKEN012345 --endpoint > http://10.0.2.15:35357/v2.0 tenant-list > +----------------------------------+---------------+---------+ > | id | name | enabled | > +----------------------------------+---------------+---------+ > | 07a44f9d55694d638f41bc160c14b42e | openstackDemo | True | > | 0e4cc20586ae42329db51e0c6f807731 | service | True | > +----------------------------------+---------------+---------+ > > #> curl -d '{"auth": {"tenantName": "service", "passwordCredentials": > {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: > application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left > Speed > 100 191 0 80 100 111 346 480 --:--:-- --:--:-- --:--:-- > 497 > { > "error": { > "code": 401, > "message": "Invalid tenant", > "title": "Not Authorized" > } > } > > Thank you, > Ahmed. > > ------------------------------ > *From:* annegen...@justwriteclick.com [annegen...@justwriteclick.com] On > Behalf Of Anne Gentle [a...@openstack.org] > *Sent:* Tuesday, October 02, 2012 1:26 PM > *To:* Ahmed Al-Mehdi > *Cc:* Dolph Mathews; openstack@lists.launchpad.net > > *Subject:* Re: [Openstack] Enabling logging in keystone. > > Hi Ahmed - > > I believe you don't have a tenant named "adminTenant" - possibly try this? > > curl -d '{"auth": {"tenantName": "service", "passwordCredentials": > {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: > application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool > > Also, you can run keystone with the --debug parameter to see the curl > output like so: > keystone --debug --token > 012345SECRET99TOKEN012345 --endpoint http://10.0.2.15:35357/v2.0tenant-list > > Generally, yes, you need to ensure keystone is working correctly before > installing glance and nova (they require keystone), so you're correct to > keep trying. > > Anne > > On Tue, Oct 2, 2012 at 3:09 PM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: > >> Hi Dolph, >> >> Very sorry about that. With the correct token, calling keystone from >> the cli is working. However, the curl command is failing. Will this >> cause an issue down the line as I start to install glance and nova? >> >> >> #> keystone --token 012345SECRET99TOKEN012345 --endpoint >> http://10.0.2.15:35357/v2.0 tenant-list >> +----------------------------------+---------------+---------+ >> | id | name | enabled | >> +----------------------------------+---------------+---------+ >> | 07a44f9d55694d638f41bc160c14b42e | openstackDemo | True | >> | 0e4cc20586ae42329db51e0c6f807731 | service | True | >> +----------------------------------+---------------+---------+ >> #> curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials": >> {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: >> application/json" http://10.0.2.15:35357/v2.0/tokens | python >> -mjson.tool >> >> % Total % Received % Xferd Average Speed Time Time Time >> Current >> Dload Upload Total Spent Left >> Speed >> 100 231 0 116 100 115 2771 2747 --:--:-- --:--:-- >> --:--:-- 3052 >> >> { >> "error": { >> "code": 401, >> "message": "The request you have made requires authentication.", >> "title": "Not Authorized" >> } >> } >> >> Regards, >> Ahmed. >> >> >> ------------------------------ >> *From:* Dolph Mathews [dolph.math...@gmail.com] >> *Sent:* Tuesday, October 02, 2012 12:12 PM >> *To:* Ahmed Al-Mehdi >> *Cc:* heckj; openstack@lists.launchpad.net >> >> *Subject:* Re: [Openstack] Enabling logging in keystone. >> >> You're missing a "5" on the admin_token you've specified on the >> command line. >> >> 012345SECRET99TOKEN01234 (your CLI arg) >> 012345SECRET99TOKEN012345 (keystone.conf) >> >> -Dolph >> >> >> On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: >> >>> Hi Joe, >>> >>> I have put the conf file (renamed to ahmed_keystone.conf) into gist. >>> >>> git://gist.github.com/3821846.git >>> >>> Please let me know if you have any issues accessing the file. >>> >>> Thank you very much for helping me out. I have a feeling the issue >>> might be in the python script to populate keystone. When I previously input >>> the data manually, I got keystone configured properly. >>> >>> Regards, >>> Ahmed. >>> >>> >>> ________________________________________ >>> From: heckj [he...@mac.com] >>> Sent: Tuesday, October 02, 2012 10:56 AM >>> To: Ahmed Al-Mehdi >>> Cc: openstack@lists.launchpad.net >>> Subject: Re: [Openstack] Enabling logging in keystone. >>> >>> Ahmed - can you put your keystone.conf into a paste or gist and share >>> it with me? I'd be happy to help you debug this. >>> >>> I'm assuming you're running keystone on the system with the IP address >>> 10.0.2.15, correct? >>> >>> -joe >>> >>> On Oct 2, 2012, at 10:45 AM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: >>> >>> > Hi Joe, >>> > >>> > I noticed I did not put the port number in the URL, now I am getting a >>> more meaningful error: >>> > >>> > #> keystone --token 012345SECRET99TOKEN01234 --endpoint >>> http://10.0.2.15:35357/v2.0 tenant-list >>> > No handlers could be found for logger "keystoneclient.client" >>> > Unable to authorize user >>> > >>> > Regards, >>> > Ahmed. >>> > >>> > ________________________________________ >>> > From: >>> > openstack-bounces+ahmed=coraid....@lists.launchpad.net[openstack-bounces+ahmed >>> =coraid....@lists.launchpad.net] On Behalf Of Ahmed Al-Mehdi [ >>> ah...@coraid.com] >>> > Sent: Tuesday, October 02, 2012 10:30 AM >>> > To: heckj >>> > Cc: openstack@lists.launchpad.net >>> > Subject: Re: [Openstack] Enabling logging in keystone. >>> > >>> > Hi Joe, >>> > >>> > Unfortunately before I read your response I re-installed my Ubuntuserver. >>> > I repeated the same steps mentioned in the OpenStackdocument "Deploy and >>> > Install OpenStack- RedHatUbuntu" >>> and also used the script mentioned in it ( >>> https://github.com/nimbis/keystone-init/blob/master/keystone-init.py) >>> to populate keystone. I reboot the server prior to running your suggested >>> command and now running into a different issue, which I feel maybe due to >>> not starting some service. Btw, my host OS is Ubuntu 12.04 (32 bit) >>> running inVirtualBox. >>> > >>> > Currently I am getting the following error: >>> > >>> > #> keystone --token 012345SECRET99TOKEN01234 --endpoint >>> http://10.0.2.15/v2.0 tenant-list >>> > No handlers could be found for logger "keystoneclient.client" >>> > Unable to communicate with identity service: [Errno 111] Connection >>> refused. (HTTP 400) >>> > >>> > How can I address the "logger" error. I don't see any output sent to >>> /var/log/keystone/keystone.log. >>> > >>> > I checked mysql and keystone is running: >>> > >>> > #> service keystone status >>> > keystone start/running, process 741 >>> > #> ps aux | grep key >>> > keystone 741 0.0 0.0 3028 1184 ? Ss 09:41 0:00 su-s >>> > /bin/sh-c exec keystone-all keystone >>> > keystone 760 0.1 1.0 30872 21696 ? S 09:41 0:01 >>> > /usr/bin/python >>> /usr/bin/keystone-all >>> > root 1726 0.0 0.0 4388 828 tty1 S+ 09:56 0:00 >>> > grep--color=auto key >>> > >>> > Thank you, >>> > Ahmed. >>> > >>> > >>> > ________________________________________ >>> > From: heckj [he...@mac.com] >>> > Sent: Monday, October 01, 2012 5:47 PM >>> > To: Ahmed Al-Mehdi >>> > Cc: openstack@lists.launchpad.net >>> > Subject: Re: [Openstack] Enabling logging in keystone. >>> > >>> > Can you invoke the keystone commands with --token and --endpoint? >>> That's the same thing as what you're trying to do with curl, but using >>> the CLI to do the hard work of making sure you get the header's all >>> nailed down correctly. >>> > >>> > Some good ones to try are: >>> > (using your example "token" and "endpoint" from below - modify if they >>> don't match your config) >>> > >>> > keystone --token ahmedadmintoken --endpoint >>> http://10.176.20.158:35357/v2.0 tenant-list >>> > keystone --token ahmedadmintoken --endpoint >>> http://10.176.20.158:35357/v2.0 user-list >>> > keystone --token ahmedadmintoken --endpoint >>> http://10.176.20.158:35357/v2.0 service-list >>> > keystone --token ahmedadmintoken --endpoint >>> http://10.176.20.158:35357/v2.0 role-list >>> > >>> > All of these should report back *without* errors, even if you haven't >>> bootstrapped Keystone to include any services, tenants, users, or roles. >>> > >>> > You can also add "--debug" (as in keystone --debug >>> --token ahmedadmintoken --endpoint >>> http://10.176.20.158:35357/v2.0user-list) to see the underlying HTTP >>> protocol going back and forth and >>> what's getting sent to Keystone. >>> > >>> > -joe >>> > >>> > On Oct 1, 2012, at 5:30 PM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: >>> >> Actually, the curl command with the "X_Auth_Token" is my weak >>> attempt to try to find a solution. I am actually issuing the following >>> command (per recommendation from the OpenStack document - "Install and >>> Deploy Manual – Red Hat Ubuntu"): >>> >> >>> >> root@bodega:~# curl -d '{"auth": {"tenantName": "adminTenant", >>> "passwordCredentials": {"username": "adminUser", "password": >>> "secretword"}}}' >>> -H "Content-type: application/json" -H "X_Auth_Token: ahmedadmintoken" >>> http://10.176.20.158:35357/v2.0/tokens | python -mjson.tool >>> >> % Total % Received % Xferd Average Speed Time Time Time >>> Current >>> >> Dload Upload Total Spent >>> Left Speed >>> >> 100 231 0 116 100 115 12927 12816 --:--:-- --:--:-- >>> --:--:-- 14500 >>> >> { >>> >> "error": { >>> >> "code": 401, >>> >> "message": "The request you have made requires >>> authentication.", >>> >> "title": "Not Authorized" >>> >> } >>> >> } >>> >> >>> >> Regards, >>> >> Ahmed. >>> >> >>> >> >>> >> From: heckj <he...@mac.com> >>> >> Date: Monday, October 1, 2012 5:23 PM >>> >> To: Ahmed Al-Mehdi <ah...@coraid.com> >>> >> Cc: "openstack@lists.launchpad.net" <openstack@lists.launchpad.net> >>> >> Subject: Re: [Openstack] Enabling logging in keystone. >>> >> >>> >> Ahmed - >>> >> >>> >> The header that's supposed to have the token within it is >>> >> labelled"X-Auth-Token', not "X_Auth_Token". >>> Unless you're really comfortable with the protocol, I'd recommend using >>> the keystone CLI from the python-keystoneclient to do your verifying, >>> using it's debugging (which is to show you the curl output that you did >>> below). >>> >> >>> >> -joe >>> >> >>> >> On Oct 1, 2012, at 5:12 PM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: >>> >>> Hello, >>> >>> >>> >>> I am trying to verify the installation of keystone. When I try to >>> run some "curl" commands, I get the following error message: >>> >>> >>> >>> root@bodega:~/ahmed/keystone-init# curl -d '{"auth": {"tenantName": >>> "adminTenant", "passwordCredentials": {"username": "adminUser", >>> "password": "secretword"}}}' -H "Content-type: application/json" -H >>> "X_Auth_Token: ahmedadmintoken" http://10.176.20.158:35357/v2.0/tokens| >>> python -mjson.tool >>> >>> % Total % Received % Xferd Average Speed Time Time >>> Time Current >>> >>> Dload Upload Total Spent >>> Left Speed >>> >>> 100 231 0 116 100 115 15205 15074 --:--:-- --:--:-- >>> --:--:-- 16571 >>> >>> { >>> >>> "error": { >>> >>> "code": 401, >>> >>> "message": "The request you have made requires >>> authentication.", >>> >>> "title": "Not Authorized" >>> >>> } >>> >>> } >>> >>> >>> >>> >>> >>> I don't see any message in the /var/log/keystone/logging.conf file. >>> I can pass "-debug" option to keystone to enable debugging, but I am not >>> sure how to do that from curl. Following is content of >>> /etc/keystone/logging.conf file: >>> >>> >>> >>> root@bodega:~# cat /etc/keystone/logging.conf >>> >>> [loggers] >>> >>> keys=root >>> >>> >>> >>> [formatters] >>> >>> keys=normal,normal_with_name,debug >>> >>> >>> >>> [handlers] >>> >>> keys=production,file,devel >>> >>> >>> >>> [logger_root] >>> >>> level=WARNING >>> >>> handlers=file >>> >>> >>> >>> [handler_production] >>> >>> class=handlers.SysLogHandler >>> >>> level=ERROR >>> >>> formatter=normal_with_name >>> >>> args=(('localhost', handlers.SYSLOG_UDP_PORT), >>> handlers.SysLogHandler.LOG_USER) >>> >>> >>> >>> [handler_file] >>> >>> class=FileHandler >>> >>> level=DEBUG >>> >>> formatter=normal_with_name >>> >>> args=('/var/log/keystone/keystone.log', 'a') >>> >>> >>> >>> [handler_devel] >>> >>> class=StreamHandler >>> >>> level=NOTSET >>> >>> formatter=debug >>> >>> args=(sys.stdout,) >>> >>> >>> >>> [formatter_normal] >>> >>> format=%(asctime)s %(levelname)s %(message)s >>> >>> >>> >>> [formatter_normal_with_name] >>> >>> format=(%(name)s): %(asctime)s %(levelname)s %(message)s >>> >>> >>> >>> [formatter_debug] >>> >>> format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s >>> %(message)s >>> >>> root@bodega:~# >>> >>> >>> >>> Any help would be greatly appreciated. >>> >>> >>> >>> Regards, >>> >>> Ahmed. >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> >>> Mailing list: https://launchpad.net/~openstack >>> >>> Post to : openstack@lists.launchpad.net >>> >>> Unsubscribe : https://launchpad.net/~openstack >>> >>> More help : https://help.launchpad.net/ListHelp >>> >> >>> > _______________________________________________ >>> > Mailing list: https://launchpad.net/~openstack >>> > Post to : openstack@lists.launchpad.net >>> > Unsubscribe : https://launchpad.net/~openstack >>> > More help : https://help.launchpad.net/ListHelp >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
