Hi,
I found some differences between your bootstrap command and your
admin-rc credentials:
export OS_AUTH_URL=http://20.20.20.7:35357/v3
--bootstrap-admin-url http://20.20.20.8:5000/v3/
You use two different IPs for your controller node, this can't work.
Another thing is, you usually have to create one admin endpoint (port
35357) and a public endpoint (port 5000), you use the public port for
both endpoints. This could work, of course, although not recommended.
But then you have to change your admin-rc credentials respectively.
They should reflect the configuration you bootstrapped with
keystone-manage.
Change your admin-rc to point to the correct IP and the correct port,
then retry the domain list command after sourcing the credentials.
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Hi,
Sorry for the late reply. Was out for a while.
# openstack domain list
The request you have made requires authentication. (HTTP 401) (Request-ID:
req-fd20ec4d-9000-4cfa-9a5c-ba547a11c4c4)
# tail /var/log/keystone/keystone-manage.log
#
# keystone-manage bootstrap --bootstrap-password PASSWORD
--bootstrap-admin-url http://20.20.20.8:5000/v3/ --bootstrap-internal-url
http://20.20.20.8:5000/v3/ --bootstrap-public-url http://20.20.20.8:5000/v3/
--bootstrap-region-id RegionOne
2018-04-15 22:29:39.456 18518 WARNING keystone.assignment.core [-]
Deprecated: Use of the identity driver config to automatically configure
the same assignment driver has been deprecated, in the "O" release, the
assignment driver will need to be expicitly configured if different than
the default (SQL).
2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default
already exists, skipping creation.
2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already
exists, skipping creation.
2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already
exists, skipping creation.
2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists,
skipping creation.
2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has
admin on admin.
2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne
exists, skipping creation.
2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin
endpoint as already created
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal
endpoint as already created
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public
endpoint as already created
# tail /var/log/keystone/keystone-manage.log2018-04-15 22:29:39.456 18518
WARNING keystone.assignment.core [-] Deprecated: Use of the identity driver
config to automatically configure the same assignment driver has been
deprecated, in the "O" release, the assignment driver will need to be
expicitly configured if different than the default (SQL).
2018-04-15 22:29:39.585 18518 INFO keystone.cmd.cli [-] Domain default
already exists, skipping creation.
2018-04-15 22:29:39.621 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Project admin already
exists, skipping creation.
2018-04-15 22:29:39.640 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already
exists, skipping creation.
2018-04-15 22:29:39.670 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Role admin exists,
skipping creation.
2018-04-15 22:29:39.822 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] User admin already has
admin on admin.
2018-04-15 22:29:39.827 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Region RegionOne
exists, skipping creation.
2018-04-15 22:29:39.834 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping admin
endpoint as already created
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping internal
endpoint as already created
2018-04-15 22:29:39.835 18518 INFO keystone.cmd.cli
[req-ed92018e-9fa0-4222-b9ca-6d81d80cbf7f - - - - -] Skipping public
endpoint as already created
#
On Fri, Apr 13, 2018 at 11:54 AM, Eugen Block <ebl...@nde.ag> wrote:
Hi,
the bug I reported is invalid because the keystone-bootstrap command is
supposed to create the default domain. Since we created our cloud in
Liberty release the default domain already existed in our environment.
Well, I guess we're back to square one. ;-)
Can you paste the output of
control:~ # openstack domain list
If the keystone bootstrap command worked, it should at least show the
default domain. If it doesn't take a look into
/var/log/keystone/keystone-manage.log and check for errors. If this
doesn't reveal anything try running it again and check the logs again.
Zitat von Eugen Block <ebl...@nde.ag>:
The missing command has been in Newton, Ocata and Pike release. They fixed
it in Queens again.
I filed a bug report: https://bugs.launchpad.net/keystone/+bug/1763297
Regards
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Thanks Eugen. It'll be great if you can do it. (I haven't yet gone through
the bug reporting documentation)
Please add me to the bug's CC list. That way if some info is needed from
me, I can provide it.
Regards,
Shyam
On Thu, Apr 12, 2018 at 12:48 PM, Eugen Block <ebl...@nde.ag> wrote:
I believe there's something missing in Ocata and Pike docs. If you read
Mitaka install guide [1] you'll find the first step to be creating the
default domain before all other steps regarding projects and users.
You should run
openstack domain create --description "Default Domain" default
and then the next steps should work, at least I hope so.
Do you want to report this as a bug? I can also report it, I have
already
filed several reports.
Regards
[1] https://docs.openstack.org/mitaka/install-guide-obs/keystone
-users.html
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Hi,
Please read my replies inline below...
On Thu, Apr 12, 2018 at 12:10 PM, Eugen Block <ebl...@nde.ag> wrote:
Hi,
can you paste the credentials you're using?
# cat admin-rc
export OS_USERNAME=admin
export OS_PASSWORD=abcdef
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://20.20.20.7:35357/v3
export OS_IDENTITY_API_VERSION=3
The config values (e.g. domain) are case sensitive, the ID of the
default
domain is usually "domain", its name is "Default". But if you're
sourcing
the credentials with ID "Default" this would go wrong, although I'm
not
sure if this would be the expected error message.
Just a couple of weeks ago there was someone on ask.openstack.org who
ignored case-sensitive options and failed to operate his cloud.
Did the keystone-manage bootstrap command work?
Yes. It did not throw any errors.
Regards
Zitat von Shyam Prasad N <nspmangal...@gmail.com>:
Hi,
I'm trying to install keystone for my swift cluster.
I followed this document for install and configuration:
https://docs.openstack.org/keystone/pike/install/
However, I'm getting this error for a command:
# openstack user create --domain default --password-prompt swift
The request you have made requires authentication. (HTTP 401)
(Request-ID:
req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8)
# tail /var/log/keystone/keystone.log
2018-04-11 22:45:10.895 29335 INFO keystone.common.wsgi
[req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] GET
http://20.20.20.7:35357/v3/
2018-04-11 22:45:10.898 29335 INFO eventlet.wsgi.server
[req-147f239e-2205-40b5-8aea-40604c99b695 - - - - -] 20.20.20.7 - -
[11/Apr/2018 22:45:10] "GET /v3 HTTP/1.1" 200 493 0.062545
2018-04-11 22:45:10.908 29335 INFO keystone.common.wsgi
[req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] POST
http://20.20.20.7:35357/v3/auth/tokens
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
[req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Could not find
domain:
Default
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
Traceback
(most recent call last):
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/keystone/auth/controllers.py",
line
185,
in _lookup_domain
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
domain_name)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line
124,
in
wrapped
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
__ret_val
= __f(*args, **kwargs)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line
1053,
in
decorate
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
should_cache_fn)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line
657,
in
get_or_create
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
async_creator) as value:
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line
158,
in
__enter__
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
return
self._enter()
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line
98, in
_enter
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
generated
= self._enter_create(createdtime)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/dogpile/core/dogpile.py", line
149,
in
_enter_create
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
created
=
self.creator()
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line
625,
in
gen_value
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
created_value = creator()
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/dogpile/cache/region.py", line
1049,
in
creator
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
return
fn(*arg, **kw)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers File
"/usr/lib/python2.7/dist-packages/keystone/resource/core.py", line
720,
in
get_domain_by_name
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
raise
exception.DomainNotFound(domain_id=domain_name)
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
DomainNotFound: Could not find domain: Default
2018-04-11 22:45:11.011 29335 ERROR keystone.auth.controllers
2018-04-11 22:45:11.016 29335 WARNING keystone.common.wsgi
[req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] Authorization
failed.
The request you have made requires authentication. from 20.20.20.7
2018-04-11 22:45:11.018 29335 INFO eventlet.wsgi.server
[req-8f888754-1cf5-4c24-81b6-7481c9c0dfb8 - - - - -] 20.20.20.7 - -
[11/Apr/2018 22:45:11] "POST /v3/auth/tokens HTTP/1.1" 401 425
0.113822
Can someone please tell me what's going on?
Thanks in advance for your replies.
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
