See the definition for "Token" on the concepts page:
http://docs.openstack.org/trunk/openstack-compute/install/apt/content/keystone-concepts.html Yep! Authentication and authorization both appear to be behaving as expected; the response you see reflects your configured OpenStack service catalog, and the fact that you have the "admin" role on the "openstackDemo" tenant. -Dolph On Wed, Oct 3, 2012 at 1:17 AM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: > Hi Dolph, > > When I use user the keystone command, I am able to get "proper" tokens: > > root@ubuntu1:~# keystone --os-username=adminUser --os-password=secretword--os > -tenant-name=openstackDemo --os-auth-url=http:/ > /10.0.2.15:35357/v2.0 token-get > +-----------+----------------------------------+ > | Property | Value | > +-----------+----------------------------------+ > | expires | 2012-10-04T06:00:20Z | > | id | f10375dbe4dd4a90912ae9e6da4512e1 | > | tenant_id | 07a44f9d55694d638f41bc160c14b42e | > | user_id | 3e674f7f64ba452cb20781b8d5e26b7f | > +-----------+----------------------------------+ > root@ubuntu1:~# keystone --os-username=adminUser --os-password=secretword > --os-auth-url=http://10.0.2.15:35357/v2.0 token-get > No handlers could be found for logger "keystoneclient.v2_0.client" > +----------+----------------------------------+ > | Property | Value | > +----------+----------------------------------+ > | expires | 2012-10-04T06:00:41Z | > | id | b65af77d1ada496a929fb4991d54c147 | > | user_id | 3e674f7f64ba452cb20781b8d5e26b7f | > +----------+----------------------------------+ > I have a naive question. What is this "token"? How is it used? > > > However, when I use the curl command, I get a page worth of "something". > I am sorry but I am not familiar with the curl command. Since the above > two commands are working, my guess is it is safe to ignore the curl command > output, and that my keystone setup is correct. Would that be a safe > assumption. > > curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials": > {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: > application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool > { > "access": { > "metadata": { > "is_admin": 0, > "roles": [ > "31ae9c8a9486481b9c25f9e8d7e2c2f2" > ] > }, > "serviceCatalog": [ > { > "endpoints": [ > { > "adminURL": " > http://10.0.2.15:8774/v2/07a44f9d55694d638f41bc160c14b42e";, > "id": "92ed4291f5ce431cb3677953c620ef9d", > "internalURL": " > http://10.0.2.15:8774/v2/07a44f9d55694d638f41bc160c14b42e";, > "publicURL": " > http://10.0.2.15:8774/v2/07a44f9d55694d638f41bc160c14b42e";, > "region": "RegionOne" > } > ], > "endpoints_links": [], > "name": "nova", > "type": "compute" > }, > { > "endpoints": [ > { > "adminURL": "http://10.0.2.15:9292/v1";, > "id": "8bb7d0241e144a61afb336ac7a37af68", > "internalURL": "http://10.0.2.15:9292/v1";, > "publicURL": "http://10.0.2.15:9292/v1";, > "region": "RegionOne" > } > ], > "endpoints_links": [], > "name": "glance", > "type": "image" > }, > { > "endpoints": [ > { > "adminURL": " > http://10.0.2.15:8776/v1/07a44f9d55694d638f41bc160c14b42e";, > "id": "6bccef05d60d49f78e50c8dab7a9a2eb", > "internalURL": " > http://10.0.2.15:8776/v1/07a44f9d55694d638f41bc160c14b42e";, > "publicURL": " > http://10.0.2.15:8776/v1/07a44f9d55694d638f41bc160c14b42e";, > "region": "RegionOne" > } > ], > "endpoints_links": [], > "name": "volume", > "type": "volume" > }, > { > "endpoints": [ > { > "adminURL": "http://10.0.2.15:8773/services/Admin > ", > "id": "3efbabfc7e634bb0ac779a1e39ce385a", > "internalURL": " > http://10.0.2.15:8773/services/Cloud";, > "publicURL": "http://10.0.2.15:8773/services/Cloud > ", > "region": "RegionOne" > } > ], > "endpoints_links": [], > "name": "ec2", > "type": "ec2" > }, > { > "endpoints": [ > { > "adminURL": "http://10.0.2.15:8888/v1";, > "id": "1bf33c68cd70421797f05b55349abddc", > "internalURL": " > http://10.0.2.15:8888/v1/AUTH_07a44f9d55694d638f41bc160c14b42e";, > "publicURL": " > http://10.0.2.15:8888/v1/AUTH_07a44f9d55694d638f41bc160c14b42e";, > "region": "RegionOne" > } > ], > "endpoints_links": [], > "name": "swift", > "type": "object-store" > }, > { > "endpoints": [ > { > "adminURL": "http://10.0.2.15:35357/v2.0";, > "id": "ca29bb2a675d4f52bd0c8f0b0d163795", > "internalURL": "http://10.0.2.15:5000/v2.0";, > "publicURL": "http://10.0.2.15:5000/v2.0";, > "region": "RegionOne" > } > ], > "endpoints_links": [], > "name": "keystone", > "type": "identity" > } > ], > "token": { > "expires": "2012-10-04T06:03:49Z", > "id": "1320c1df67eb4519b3545b91bdaa1f05", > "tenant": { > "description": "Default Tenant", > "enabled": true, > "id": "07a44f9d55694d638f41bc160c14b42e", > "name": "openstackDemo" > } > }, > "user": { > "id": "3e674f7f64ba452cb20781b8d5e26b7f", > "name": "adminUser", > "roles": [ > { > "name": "admin" > } > ], > "roles_links": [], > "username": "adminUser" > } > } > } > > Thank you, > Ahmed. > > > > > ------------------------------ > *From:* > openstack-bounces+ahmed=coraid....@lists.launchpad.net[openstack-bounces+ahmed= > coraid....@lists.launchpad.net] On Behalf Of Ahmed Al-Mehdi [ > ah...@coraid.com] > *Sent:* Tuesday, October 02, 2012 4:42 PM > *To:* Dolph Mathews > > *Cc:* openstack@lists.launchpad.net > *Subject:* Re: [Openstack] Enabling logging in keystone. > > Hi Dolph, > > I am now getting the same output as the "curl" command, basically > "Invalid Tenant". At this point > > root@ubuntu1:~# keystone --os-username=adminUser > --os-password=secretword--os-tenant-name=service > --os-auth-url=http://10.0. > 2.15:35357/v2.0 token-get > No handlers could be found for logger "keystoneclient.client" > Invalid tenant (HTTP 401) > > Without the "os-tenant-name" parameter, I seem to get "good' response. > > root@ubuntu1:~# keystone --os-username=adminUser --os-password=secretword--os > -auth-url=http://10.0.2.15:35357/v2.0 token-get > No handlers could be found for logger "keystoneclient.v2_0.client" > +----------+----------------------------------+ > | Property | Value | > +----------+----------------------------------+ > | expires | 2012-10-03T23:31:17Z | > | id | 31078072aae94f5aab5c8e46ff5f6373 | > | user_id | 3e674f7f64ba452cb20781b8d5e26b7f | > +----------+----------------------------------+ > At this point, I feel like I am running into issues with/in the python / > PyYAML script (https://github.com/nimbis/keystone-init.git) which must > not be populating info into keystone "accurately" and most probably not > equivalent to manual steps mentioned in "Deploy and Install OpenStack - > Red Hat Ubuntu". I will look into the script. > > Regards, > Ahmed. > > ------------------------------ > *From:* Dolph Mathews [dolph.math...@gmail.com] > *Sent:* Tuesday, October 02, 2012 2:19 PM > *To:* Ahmed Al-Mehdi > *Cc:* heckj; openstack@lists.launchpad.net > *Subject:* Re: [Openstack] Enabling logging in keystone. > > No worries, that's what a second set of eyes is for! > > By specifying a token and endpoint, you're bypassing the authentication > process that your curl command is performing. > > You can test authentication with the keystone client using: > > $ keystone --os-username=adminUser --os-password=secretword > --os-tenant-name=adminTenant > --os-authurl=http://10.0.2.15:35357/v2.0<http://10.0.2.15:35357/v2.0/tokens> > token-get > > But as Anne pointed out, you don't have a tenant named "adminTenant". > You'll also need to make sure you've granted a role to your user on the > specified tenant for authorization to succeed. You can remove the tenant > name argument from the token-get call to test authentication without > authorization (therefore without requiring anything but a valid user in > your keystone install). > > -Dolph > > On Tuesday, October 2, 2012, Ahmed Al-Mehdi wrote: > >> Hi Dolph, >> >> Very sorry about that. With the correct token, calling keystone from >> the cli is working. However, the curl command is failing. Will this >> cause an issue down the line as I start to install glance and nova? >> >> >> #> keystone --token 012345SECRET99TOKEN012345 --endpoint >> http://10.0.2.15:35357/v2.0 tenant-list >> +----------------------------------+---------------+---------+ >> | id | name | enabled | >> +----------------------------------+---------------+---------+ >> | 07a44f9d55694d638f41bc160c14b42e | openstackDemo | True | >> | 0e4cc20586ae42329db51e0c6f807731 | service | True | >> +----------------------------------+---------------+---------+ >> #> curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials": >> {"username": "adminUser", "password": "secretword"}}}' -H "Content-type: >> application/json" http://10.0.2.15:35357/v2.0/tokens | python -mjson.tool >> % Total % Received % Xferd Average Speed Time Time Time >> Current >> Dload Upload Total Spent Left >> Speed >> 100 231 0 116 100 115 2771 2747 --:--:-- --:--:-- --:--:-- >> 3052 >> { >> "error": { >> "code": 401, >> "message": "The request you have made requires authentication.", >> "title": "Not Authorized" >> } >> } >> >> Regards, >> Ahmed. >> >> >> ------------------------------ >> *From:* Dolph Mathews >> [dolph.math...@gmail.com<https://exg5.exghost.com/owa/UrlBlockedError.aspx> >> ] >> *Sent:* Tuesday, October 02, 2012 12:12 PM >> *To:* Ahmed Al-Mehdi >> *Cc:* heckj; >> openstack@lists.launchpad.net<https://exg5.exghost.com/owa/UrlBlockedError.aspx> >> *Subject:* Re: [Openstack] Enabling logging in keystone. >> >> You're missing a "5" on the admin_token you've specified on the command >> line. >> >> 012345SECRET99TOKEN01234 (your CLI arg) >> 012345SECRET99TOKEN012345 (keystone.conf) >> >> -Dolph >> >> >> On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: >> >> Hi Joe, >> >> I have put the conf file (renamed to ahmed_keystone.conf) into gist. >> >> git://gist.github.com/3821846.git >> >> Please let me know if you have any issues accessing the file. >> >> Thank you very much for helping me out. I have a feeling the issue might >> be in the python script to populate keystone. When I previously input the >> data manually, I got keystone configured properly. >> >> Regards, >> Ahmed. >> >> >> ________________________________________ >> From: heckj [he...@mac.com] >> Sent: Tuesday, October 02, 2012 10:56 AM >> To: Ahmed Al-Mehdi >> Cc: openstack@lists.launchpad.net >> Subject: Re: [Openstack] Enabling logging in keystone. >> >> Ahmed - can you put your keystone.conf into a paste or gist and share it >> with me? I'd be happy to help you debug this. >> >> I'm assuming you're running keystone on the system with the IP address >> 10.0.2.15, correct? >> >> -joe >> >> On Oct 2, 2012, at 10:45 AM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: >> >> > Hi Joe, >> > >> > I noticed I did not put the port number in the URL, now I am getting a >> more meaningful error: >> > >> > #> keystone --token 012345SECRET99TOKEN01234 --endpoint >> http://10.0.2.15:35357/v2.0 tenant-list >> > No handlers could be found for logger "keystoneclient.client" >> > Unable to authorize user >> > >> > Regards, >> > Ahmed. >> > >> > ________________________________________ >> > From: >> > openstack-bounces+ahmed=coraid....@lists.launchpad.net[openstack-bounces+ahmed >> =coraid....@lists.launchpad.net] On Behalf Of Ahmed Al-Mehdi [ >> ah...@coraid.com] >> > Sent: Tuesday, October 02, 2012 10:30 AM >> > To: heckj >> > Cc: openstack@lists.launchpad.net >> > Subject: Re: [Openstack] Enabling logging in keystone. >> > >> > Hi Joe, >> > >> > Unfortunately before I read your response I re-installed my Ubuntuserver. >> > I repeated the same steps mentioned in the OpenStackdocument "Deploy and >> > Install OpenStack- RedHatUbuntu" >> and also used the script mentioned in it ( >> https://github.com/nimbis/keystone-init/blob/master/keystone-init.py) to >> populate keystone. I reboot the server prior to running your suggested >> command and now running into a different issue, which I feel maybe due to >> not starting some service. Btw, my host OS is Ubuntu 12.04 (32 bit) >> running inVirtualBox. >> > >> > Currently I am getting the following error: >> > >> > #> keystone --token 012345SECRET99TOKEN01234 --endpoint >> http://10.0.2.15/v2.0 tenant-lis >> >> > > -- > > -Dolph >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
