how can i enable the service_token_roles? if i cset the service_token_role_required=true for nova, cinder, glance and neutron nova is unable to start instances.
i see the curl request form nova to cinder with an X-Service-Token but the result is always 401. Am Freitag, den 01.12.2017, 10:55 +0100 schrieb Kim-Norman Sahm: > after removing these options from the [keystone_authtoken] section in > cinder.conf snapshots are working: > > service_token_roles_required=True > service_token_roles=service > > > > Am Freitag, den 01.12.2017, 10:23 +0100 schrieb Kim-Norman Sahm: > > > > this is my cinder section of the nova.conf > > > > [cinder] > > os_region_name=myregion > > cross_az_attach=False > > catalog_info=volumev3:cinderv3:internalURL > > > > > > i don't find anything about cinder authentication in the nova > > config > > options. https://docs.openstack.org/ocata/config-reference/compute/ > > co > > nf > > ig-options.html > > > > > > > > Am Donnerstag, den 30.11.2017, 11:30 -0600 schrieb Matt Riedemann: > > > > > > > > > On 11/30/2017 9:30 AM, Kim-Norman Sahm wrote: > > > > > > > > > > > > > > > > after upgrade openstack newton -> ocata i cannot create > > > > snapshots > > > > of my > > > > instances. > > > > > > > > if i try to create a snapshot of a instance horizon get this > > > > error: > > > > "Error: Unable to create snapshot." > > > > create a snapshot of a cinder volume via openstackcli is > > > > working. > > > > > > > > nova.log > > > > ---------------------------- > > > > 2017-11-30 15:19:57.875 93 DEBUG cinderclient.v3.client [req- > > > > 5820c19b- > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > 469dc3d300df4d41aaea00db572043ae - default default] REQ: curl > > > > -g > > > > -i > > > > -X > > > > GET https://cinder:8776/v3/469dc3d300df4d41aaea00db572043ae/vol > > > > um > > > > es > > > > /c67 > > > > b5cf3-0beb-4efa-9177-d2b6498185fb -H "X-Service-Token: > > > > {SHA1}29a46cd87988e2bb905dbd3e796401aa23dff1a5" -H "User-Agent: > > > > python- > > > > cinderclient" -H "Accept: application/json" -H "X-Auth-Token: > > > > {SHA1}524061f0ab91e64ed6241e437792346f90df856e" > > > > _http_log_request > > > > /usr/lib/python2.7/dist-packages/keystoneauth1/session.py:347 > > > > 2017-11-30 15:19:57.890 92 INFO nova.osapi_compute.wsgi.server > > > > [req- > > > > d83d5b73-fd24-406c-ad6b-feed6a40bfae > > > > c756af2957c4447eafc4cef39cdb79e5 > > > > 469dc3d300df4d41aaea00db572043ae - default default] 10.78.21.2 > > > > "GET > > > > /v2.1/flavors/203/os-extra_specs HTTP/1.1" status: 200 len: 448 > > > > time: > > > > 0.0326798 > > > > 2017-11-30 15:19:58.148 93 DEBUG cinderclient.v3.client [req- > > > > 5820c19b- > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > 469dc3d300df4d41aaea00db572043ae - default default] RESP: [401] > > > > Date: > > > > Thu, 30 Nov 2017 15:19:57 GMT Server: Apache/2.4.18 (Ubuntu) x- > > > > openstack-request-id: req-22378faa-880b-4a80-a83e-41936741839e > > > > WWW- > > > > Authenticate: Keystone uri='https://keystone:5000/' Content- > > > > Length: > > > > 114 > > > > Content-Type: application/json > > > > RESP BODY: {"error": {"message": "The request you have made > > > > requires > > > > authentication.", "code": 401, "title": "Unauthorized"}} > > > > _http_log_response /usr/lib/python2.7/dist- > > > > packages/keystoneauth1/session.py:395 > > > > 2017-11-30 15:19:58.149 93 DEBUG cinderclient.v3.client [req- > > > > 5820c19b- > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > 469dc3d300df4d41aaea00db572043ae - default default] GET call to > > > > cinderv3 for https://cinder:8776/v3/469dc3d300df4d41aaea00db572 > > > > 04 > > > > 3a > > > > e/vo > > > > lumes/c67b5cf3-0beb-4efa-9177-d2b6498185fb used request id req- > > > > 22378faa-880b-4a80-a83e-41936741839e request > > > > /usr/lib/python2.7/dist- > > > > packages/keystoneauth1/session.py:640 > > > > 2017-11-30 15:19:58.157 93 DEBUG cinderclient.v3.client [req- > > > > 5820c19b- > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > 469dc3d300df4d41aaea00db572043ae - default default] RESP: [401] > > > > Date: > > > > Thu, 30 Nov 2017 15:19:58 GMT Server: Apache/2.4.18 (Ubuntu) x- > > > > openstack-request-id: req-02ebac9f-794a-46f4-85b2-0e429a1785cf > > > > WWW- > > > > Authenticate: Keystone uri='https://keystone:5000/' Content- > > > > Length: > > > > 114 > > > > Content-Type: application/json > > > > RESP BODY: {"error": {"message": "The request you have made > > > > requires > > > > authentication.", "code": 401, "title": "Unauthorized"}} > > > > _http_log_response /usr/lib/python2.7/dist- > > > > packages/keystoneauth1/session.py:395 > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > [req- > > > > 5820c19b-fb11-43a2-8513-0782540b3d32 > > > > c756af2957c4447eafc4cef39cdb79e5 > > > > 469dc3d300df4d41aaea00db572043ae - default default] Unexpected > > > > exception in API method > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > Traceback (most recent call last): > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist- > > > > packages/nova/api/openstack/extensions.py", > > > > line 338, in wrapped > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions return f(*args, **kwargs) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist- > > > > packages/nova/api/openstack/common.py", > > > > line > > > > 359, in inner > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions return f(*args, **kwargs) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist- > > > > packages/nova/api/validation/__init__.py", > > > > line 108, in wrapper > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions return func(*args, **kwargs) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist- > > > > packages/nova/api/validation/__init__.py", > > > > line 108, in wrapper > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions return func(*args, **kwargs) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist- > > > > packages/nova/api/openstack/compute/servers.py", line 1095, in > > > > _action_create_image > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions metadata) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/nova/compute/api.py", line > > > > 151, > > > > in > > > > inner > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions return f(self, context, > > > > instance, > > > > *args, **kw) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/nova/compute/api.py", line > > > > 2909, > > > > in > > > > snapshot_volume_backed > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions volume = > > > > self.volume_api.get(context, > > > > bdm.volume_id) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/nova/volume/cinder.py", line > > > > 168, > > > > in > > > > wrapper > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions res > > > > = method(self, ctx, *args, **kwargs) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/nova/volume/cinder.py", line > > > > 190, > > > > in > > > > wrapper > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions res > > > > = method(self, ctx, volume_id, *args, **kwargs) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/nova/volume/cinder.py", line > > > > 234, > > > > in > > > > get > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions item > > > > = cinderclient(context).volumes.get(volume_id) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", > > > > line > > > > 277, in get > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions return > > > > self._get("/volumes/%s" > > > > % > > > > volume_id, "volume") > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/cinderclient/base.py", line > > > > 313, > > > > in > > > > _get > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions resp, body = > > > > self.api.client.get(url) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line > > > > 164, in > > > > get > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions return self._cs_request(url, > > > > 'GET', > > > > **kwargs) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line > > > > 155, in > > > > _cs_request > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions return self.request(url, > > > > method, > > > > **kwargs) > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions File > > > > "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line > > > > 144, in > > > > request > > > > 2017-11-30 15:19:58.158 93 ERROR > > > > nova.api.openstack.extensions raise > > > > exceptions.from_response(resp, > > > > body) > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > Unauthorized: The request you have made requires > > > > authentication. > > > > (HTTP > > > > 401) > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > 2017-11-30 15:19:58.164 93 INFO nova.api.openstack.wsgi [req- > > > > 5820c19b- > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > 469dc3d300df4d41aaea00db572043ae - default default] HTTP > > > > exception > > > > thrown: Unexpected API Error. Please report this at http://bugs > > > > .l > > > > au > > > > nchp > > > > ad.net/nova/ and attach the Nova API log if possible. > > > > <class 'cinderclient.exceptions.Unauthorized'> > > > > 2017-11-30 15:19:58.166 93 DEBUG nova.api.openstack.wsgi [req- > > > > 5820c19b- > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > 469dc3d300df4d41aaea00db572043ae - default default] Returning > > > > 500 > > > > to > > > > user: Unexpected API Error. Please report this at http://bugs.l > > > > au > > > > nc > > > > hpad > > > > .net/nova/ and attach the Nova API log if possible. > > > > <class 'cinderclient.exceptions.Unauthorized'> __call__ > > > > /usr/lib/python2.7/dist- > > > > packages/nova/api/openstack/wsgi.py:1039 > > > > ---------------------------- > > > > > > > > > > > > nova.conf [keystone_authtoken] section: > > > > ---------------------------- > > > > [keystone_authtoken] > > > > auth_type=password > > > > memcached_servers=10.78.21.1,10.78.21.2 > > > > region_name=de-qsu1-1 > > > > project_name=services > > > > auth_version=3 > > > > service_token_roles = service > > > > username = nova > > > > password = mynovasecret > > > > auth_uri=https://keystone:5000 > > > > auth_url=https://keystone:35357 > > > > ---------------------------- > > > > > > > > It looks like nova push invalid auth-token and/or service-token > > > > to > > > > cinder. > > > > does anybody know this problem? > > > > > > > > br Kim > > > > > > > > > > > > _______________________________________________________________ > > > > __ > > > > __ > > > > _______ > > > > OpenStack Development Mailing List (not for usage questions) > > > > Unsubscribe: [email protected]?subject: > > > > un > > > > su > > > > bscribe > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-d > > > > ev > > > > > > > Appears that you have dropped, or misconfigured, the auth info in > > > the > > > [cinder] section of nova.conf because nova is failing to > > > authenticate > > > to > > > talk to cinder. If you're able to create volume snapshots via > > > cinder > > > directly, it's probably because your keystone auth in cinder.conf > > > is > > > fine. > > > > > ___________________________________________________________________ > > __ > > _____ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: [email protected]?subject:unsu > > bs > > cribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > _____________________________________________________________________ > _____ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubs > cribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
