Thanks, Adam. I see how to enable SSL in keystone. My problem's with devstack at the moment. devstack is setting up keystone to run in http mode (no ssl), but neutron is trying to connect using https. I can switch neutron to use https, but then other services set up by devstack fail to connect using http. Sigh. I'll see what's required to get neutron to use http, not https.
-- Noel On Tue, Nov 19, 2013 at 1:01 PM, Adam Young <ayo...@redhat.com> wrote: > On 11/19/2013 03:31 PM, Noel Burton-Krahn wrote: > > I've just started getting this error during devstack's stack.sh: > > ERROR: Unauthorized (HTTP 401) > > It looks like nova is sending an HTTPS request to keystone, but keystone > is expecting HTTP. Everything was working around last Friday. Did > something change recently? How can I convince keystone to use HTTPS? > > Two ways: the weak way is to enable it using the keystone-manage > ssl-setup. The cool and froody way is to run Keystone behind HTTPD. > > > > http://andymc-stack.co.uk/2013/06/apache2-mod_wsgi-openstack-pt1-keystone/ > > > > stack@ubuntu$ . openrc admin > stack@ubuntu$ nova flavor-create m1.nano 42 64 0 1 > ERROR: Unauthorized (HTTP 401) > > > ==> log/screens/screen-key.2013-11-19-193839.log <== > tu - - [19/Nov/2013 20:24:57] code 400, message Bad HTTP/0.9 request type > ('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x0\ > 2R\x8b\xc9\x19M\x013\x01') > ubuntu - - [19/Nov/2013 20:24:57] > "^V^C^@\314^@^@\310^CR\213\311^YM3^K\227%w.rS\253X\266\374^E\351\312}\2536"<%5EV%5EC%5E@%5C314%5E@%5E@%5C310%5ECR%5C213%5C311%5EYM3%5EK%5C227%25w.rS%5C253X%5C266%5C374%5EE%5C351%5C312%7D%5C2536>400 > - > (eventlet.wsgi.server): 2013-11-19 20:24:57,656 INFO log write (17168) > accepted ('192.168.122.251', 50630) > > > ==> log/screens/screen-n-api.2013-11-19-193839.log <== > 2013-11-19 20:24:57.144 DEBUG keystoneclient.middleware.auth_token [-] > Authenticating user token from (pid=28433) __cal\ > l__ > /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:558 > 2013-11-19 20:24:57.144 DEBUG keystoneclient.middleware.auth_token [-] > Removing headers from request environment: X-Ide\ > > ntity-Status,X-Domain-Id,X-Domain-Name,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-User-Id,\ > > X-User-Name,X-User-Domain-Id,X-User-Domain-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant-Id,X-Tenant-Name,X-Tenant,X-R\ > ole from (pid=28433) _remove_auth_headers > /opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py:617 > 2013-11-19 20:24:57.144 INFO requests.packages.urllib3.connectionpool [-] > Starting new HTTPS connection (1): 192.168.12\ > 2.251 > 2013-11-19 20:24:57.152 WARNING keystoneclient.middleware.auth_token [-] > Retrying on HTTP connection exception: [Errno \ > 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol > > ==> log/screens/screen-key.2013-11-19-193839.log <== > ubuntu - - [19/Nov/2013 20:24:57] code 400, message Bad HTTP/0.9 request > type ('\x16\x03\x01\x00\xcc\x01\x00\x00\xc8\x03\x0\ > 2R\x8b\xc9\x19M\x013\x01') > ubuntu - - [19/Nov/2013 20:24:57] > "^V^C^@\314^@^@\310^CR\213\311^YM3^K\227%w.rS\253X\266\374^E\351\312}\2536"<%5EV%5EC%5E@%5C314%5E@%5E@%5C310%5ECR%5C213%5C311%5EYM3%5EK%5C227%25w.rS%5C253X%5C266%5C374%5EE%5C351%5C312%7D%5C2536>400 > - > (eventlet.wsgi.server): 2013-11-19 20:24:57,656 INFO log write (17168) > accepted ('192.168.122.251', 50630) > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
