Hi, Looks like its connecting to proxy first,
Starting new HTTP connection (1): proxy.serc.iisc.ernet.in Try export no_proxy= <Your ip> #Chinmaya On 27 April 2016 at 17:23, Dhvanan Shah <[email protected]> wrote: > Hi, > > Enabling the debug flag didn't give any additional information. > > 2 node Cluster means that I have one controller that also runs the compute > and an additional compute node, thus 2 node OpenStack Cluster. > > The problem here is not with the password as I am able to log in through > the dashboard. Any action performed gives a Forbidden error and > authorization failed for keystone. > > Any other things that I could look at? > > On Wed, Apr 27, 2016 at 4:55 PM, Dolph Mathews <[email protected]> > wrote: > >> Depending on which release of keystone you're running, try enabling >> either insecure_debug (more recent releases) or debug (older releases) to >> true in keystone.conf to get more detailed error messages from keystone. >> >> >> https://github.com/openstack/keystone/blob/3c4fe622ac5da00b04ccc8bc4e207a2e9ab0f863/etc/keystone.conf.sample#L87-L91 >> >> That said, your configuration looks entirely correct to me, so I'm >> curious what the outcome is here. The only other red flag I see is that you >> mentioned a "2 node OpenStack cluster", and I'm not sure what that means in >> this context, exactly. How are the 2 nodes utilized? >> >> On Wed, Apr 27, 2016 at 5:43 AM, Dhvanan Shah <[email protected]> wrote: >> >>> keystone --debug user-list gives this: >>> >>> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65: >>> DeprecationWarning: The keystone CLI is deprecated in favor of >>> python-openstackclient. For a Python library, continue using >>> python-keystoneclient. >>> 'python-keystoneclient.', DeprecationWarning) >>> DEBUG:keystoneclient.auth.identity.v2:Making authentication request to >>> http://10.16.37.221:5000/v2.0/tokens >>> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP >>> connection (1): proxy.serc.iisc.ernet.in >>> DEBUG:requests.packages.urllib3.connectionpool:"POST >>> http://10.16.37.221:5000/v2.0/tokens HTTP/1.1" 403 3370 >>> DEBUG:keystoneclient.session:Request returned failure status: 403 >>> Authorization Failed: Forbidden (HTTP 403) >>> >>> nova --debug user list gives this: >>> >>> DEBUG (session:195) REQ: curl -g -i -X GET http://10.16.37.221:5000/v2.0 >>> -H "Accept: application/json" -H "User-Agent: python-keystoneclient" >>> INFO (connectionpool:203) Starting new HTTP connection (1): >>> proxy.serc.iisc.ernet.in >>> DEBUG (connectionpool:383) "GET http://10.16.37.221:5000/v2.0 HTTP/1.1" >>> 403 3275 >>> DEBUG (session:224) RESP: >>> DEBUG (session:396) Request returned failure status: 403 >>> WARNING (base:133) Discovering versions from the identity service failed >>> when creating the password plugin. Attempting to determine version from URL. >>> DEBUG (v2:76) Making authentication request to >>> http://10.16.37.221:5000/v2.0/tokens >>> DEBUG (connectionpool:383) "POST http://10.16.37.221:5000/v2.0/tokens >>> HTTP/1.1" 403 3370 >>> DEBUG (session:396) Request returned failure status: 403 >>> DEBUG (shell:914) Forbidden (HTTP 403) >>> Forbidden: Forbidden (HTTP 403) >>> ERROR (Forbidden): Forbidden (HTTP 403) >>> >>> >>> >>> On Wed, Apr 27, 2016 at 3:12 PM, Dhvanan Shah <[email protected]> wrote: >>> >>>> On running openstack-status this is what I get (all the services are >>>> running, so not included that here) >>>> >>>> == Keystone users == >>>> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65: >>>> DeprecationWarning: The keystone CLI is deprecated in favor of >>>> python-openstackclient. For a Python library, continue using >>>> python-keystoneclient. >>>> 'python-keystoneclient.', DeprecationWarning) >>>> Authorization Failed: Forbidden (HTTP 403) >>>> == Glance images == >>>> Forbidden (HTTP 403) >>>> == Nova managed services == >>>> No handlers could be found for logger >>>> "keystoneclient.auth.identity.generic.base" >>>> ERROR (Forbidden): Forbidden (HTTP 403) >>>> == Nova networks == >>>> No handlers could be found for logger >>>> "keystoneclient.auth.identity.generic.base" >>>> ERROR (Forbidden): Forbidden (HTTP 403) >>>> == Nova instance flavors == >>>> No handlers could be found for logger >>>> "keystoneclient.auth.identity.generic.base" >>>> ERROR (Forbidden): Forbidden (HTTP 403) >>>> == Nova instances == >>>> No handlers could be found for logger >>>> "keystoneclient.auth.identity.generic.base" >>>> ERROR (Forbidden): Forbidden (HTTP 403) >>>> >>>> >>>> On Wed, Apr 27, 2016 at 3:09 PM, Dhvanan Shah <[email protected]> >>>> wrote: >>>> >>>>> Hi Jens, >>>>> >>>>> The password is correct when I echo $OS_PASSWORD. >>>>> I downloaded the admin-openrc.sh file from the dashboard and sourced. >>>>> I ran a nova list after that: >>>>> No handlers could be found for logger >>>>> "keystoneclient.auth.identity.generic.base" >>>>> ERROR (Forbidden): Forbidden (HTTP 403) >>>>> >>>>> It still gives the error of forbidden access. >>>>> I think the password is not the issue. Forbidden access might be >>>>> something else. Do you want me to share anything else? >>>>> >>>>> On Wed, Apr 27, 2016 at 2:56 PM, Jens Rosenboom <[email protected]> >>>>> wrote: >>>>> >>>>>> 2016-04-27 10:30 GMT+02:00 Dhvanan Shah <[email protected]>: >>>>>> > UPDATE: >>>>>> > I am able to log into Horizon and perform all actions without any >>>>>> issue but >>>>>> > on my terminal, I am not able to do the same. The password that I >>>>>> thought >>>>>> > was wrong is not the issue as I logged in with the same password. >>>>>> > My keystone_adminrc file looks like this: >>>>>> > >>>>>> > unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT >>>>>> > export OS_USERNAME=admin >>>>>> > export OS_PASSWORD=**************** >>>>>> > export OS_AUTH_URL=http://10.16.37.221:35357/v2.0 >>>>>> > export PS1='[\u@\h \W(keystone_admin)]\$ ' >>>>>> > >>>>>> > export OS_TENANT_NAME=admin >>>>>> > export OS_REGION_NAME=RegionOne >>>>>> > >>>>>> > >>>>>> > Please suggest what I could do! >>>>>> >>>>>> Does your password contain special characters that might get mangled >>>>>> by the shell? You could compare the output of "echo $OS_PASSWORD" to >>>>>> verify. >>>>>> >>>>>> Otherwise, if the dashboard is working for you, you can go to >>>>>> Project/Compute/Access&Security/API Access and use the "Download >>>>>> OpenStack RC File" link there. >>>>>> >>>>>> >>>>>> __________________________________________________________________________ >>>>>> OpenStack Development Mailing List (not for usage questions) >>>>>> Unsubscribe: >>>>>> [email protected]?subject:unsubscribe >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Dhvanan Shah >>>>> >>>> >>>> >>>> >>>> -- >>>> Dhvanan Shah >>>> >>> >>> >>> >>> -- >>> Dhvanan Shah >>> >>> >>> __________________________________________________________________________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: >>> [email protected]?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> [email protected]?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > Dhvanan Shah > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
