Hi Aimee, I think devstack by default configured horizon to use v3 . For V2 authentication, from the logs , auth_url doesn't seem to be set explicitly to v2 auth_url .
I have always set explicit v2 auth which worked fine. For eg:- auth_url = 'http://<host-ip>:5000/v2.0' , for V2 authentication I have raised a patch, to take the auth_url from horizon settings instead of from request. https://review.openstack.org/#/c/345828/1 Please set explict v2 auth_url as mentioned above in OPENSTACK_KESYTONE_URL in <horizon>/openstack_dashboard/local/local_settings.py and restart apache2 server . Then v2 authentication should go through fine. For v3 , need to add relevant code for v3 authentication in contrib/horizon as presently it is hardcoded to use only v2. but yes, the code from plugin model patch is still a WIP , so doesn't work for v3 authentication I guess I'll have a look at it and let you know . Best Regards, Anusha On 21 July 2016 at 21:56, Tim Hinrichs <[email protected]> wrote: > So clearly an authentication problem then. > > Anusha, do you have any ideas? (Aimee, I think Anusha has worked with > Keystone authentication most recently, so she's your best bet.) > > Tim > > On Thu, Jul 21, 2016 at 8:59 AM Aimee Ukasick <[email protected]> > wrote: > >> The Policy/Data Sources web page throws the same errors. I am >> planning to recheck direct API calls using v3 auth today or tomorrow. >> >> aimee >> >> On Thu, Jul 21, 2016 at 10:49 AM, Tim Hinrichs <[email protected]> wrote: >> > Hi Aimee, >> > >> > Do the other APIs work? That is, is it a general problem >> authenticating, or >> > is the problem limited to list_policies? >> > >> > Tim >> > >> > On Wed, Jul 20, 2016 at 3:54 PM Aimee Ukasick < >> [email protected]> >> > wrote: >> >> >> >> Hi all, >> >> >> >> I've been working on Policy UI (Horizon): Unable to get policies >> >> list (devstack) (https://bugs.launchpad.net/congress/+bug/1602837) >> >> for the past 3 days. Anusha is correct - it's an authentication >> >> problem, but I have not been able to fix it. >> >> >> >> I grabbed the relevant code in congress.py from Anusha's horizon >> >> plugin model patchset (https://review.openstack.org/#/c/305063/3) and >> >> added try/catch blocks, logging statements (with error because I >> >> haven't figured out how to set the horizon log level). >> >> >> >> >> >> I am testing the code on devstack, which I cloned on 19 July 2016. >> >> >> >> With both v2 and v3 auth, congressclient.v1.client is created. >> >> The failure happens trying to call >> >> congressclient.v1.client.Client.list_policies(). >> >> When using v2 auth, the error message is "Unable to get policies list: >> >> The resource could not be found" >> >> When using v3 auth, the error message is "Cannot authorize API client" >> >> >> >> I am assuming that congressclient.v1.client.Client is >> >> >> >> >> https://github.com/openstack/python-congressclient/blob/master/congressclient/v1/client.py >> >> and that client.list_policy() calls list_policy()in the >> >> python-congressclient >> >> which in turn calls the Congress API. Is this correct? >> >> >> >> Any ideas why with v3 auth, the python-congressclient cannot authorize >> the >> >> call to the API? >> >> >> >> I looked at other horizon plugin models (ceilometer, neutron, nova, >> >> cerberus, cloudkitty, trove, designate, manila) to see how they created >> >> the client. While the code to create a client is not identical, >> >> it is vastly different from the code to create a client >> >> in contrib/horizon/congress.py. >> >> >> >> Thanks in advance for any pointers. >> >> >> >> aimee >> >> >> >> Aimee Ukasick (aimeeu) >> >> >> >> v2 log: >> >> 2016-07-20 22:13:56.501455 >> >> 2016-07-20 22:14:30.238233 ***** view.get_data calling policies = >> >> congress.policies_list(self.request) ***** >> >> 2016-07-20 22:14:30.238318 ***** self.request.path= >> >> /dashboard/admin/policies/ >> >> 2016-07-20 22:14:30.238352 ***** congress.policies_list(request) >> >> BEGIN***** >> >> 2016-07-20 22:14:30.238376 ***** calling client = >> >> congressclient(request)***** >> >> 2016-07-20 22:14:30.238399 ***** congress.congressclient BEGIN***** >> >> 2016-07-20 22:14:30.238454 ***** auth_url= >> http://192.168.56.103/identity >> >> 2016-07-20 22:14:30.238479 ***** calling get_keystone_session ***** >> >> 2016-07-20 22:14:30.238505 ***** congress.get_keystone_session BEGIN >> >> auth_url *****http://192.168.56.103/identity >> >> 2016-07-20 22:14:30.238554 ***** path= /identity >> >> 2016-07-20 22:14:30.238578 ***** using V2 plugin to authenticate***** >> >> 2016-07-20 22:14:30.238630 ***** v2 auth.get_auth_state= >> >> 2016-07-20 22:14:30.238656 None >> >> 2016-07-20 22:14:30.238677 ***** finished using V2 plugin to >> >> authenticate***** >> >> 2016-07-20 22:14:30.238698 ***** creating session with auth ***** >> >> 2016-07-20 22:14:30.244407 ***** congress.get_keystone_session END***** >> >> 2016-07-20 22:14:30.244462 ***** regtion_name= RegionOne >> >> 2016-07-20 22:14:30.244491 ***** calling >> congress_client.Client(**kwargs) >> >> 2016-07-20 22:14:30.247830 ***** congress.congressclient END***** >> >> 2016-07-20 22:14:30.247902 ***** calling policies_list = >> >> client.list_policy()***** >> >> 2016-07-20 22:14:30.248012 DEBUG:keystoneauth.identity.v2:Making >> >> authentication request to http://192.168.56.103/identity/tokens >> >> 2016-07-20 22:14:30.255023 DEBUG:keystoneauth.session:Request returned >> >> failure status: 404 >> >> 2016-07-20 22:14:30.257546 Unable to get policies list: The resource >> >> could not be found. >> >> >> >> >> >> v3 log: >> >> 2016-07-20 22:09:22.912969 >> >> 2016-07-20 22:09:31.907119 ***** view.get_data calling policies = >> >> congress.policies_list(self.request) ***** >> >> 2016-07-20 22:09:31.907973 ***** self.request.path= >> >> /dashboard/admin/policies/ >> >> 2016-07-20 22:09:31.908122 ***** congress.policies_list(request) >> >> BEGIN***** >> >> 2016-07-20 22:09:31.908250 ***** calling client = >> >> congressclient(request)***** >> >> 2016-07-20 22:09:31.908386 ***** congress.congressclient BEGIN***** >> >> 2016-07-20 22:09:31.909034 ***** auth_url= >> http://192.168.56.103/identity >> >> 2016-07-20 22:09:31.909217 ***** calling get_keystone_session ***** >> >> 2016-07-20 22:09:31.909356 ***** congress.get_keystone_session BEGIN >> >> auth_url *****http://192.168.56.103/identity >> >> 2016-07-20 22:09:31.909527 ***** path= /identity >> >> 2016-07-20 22:09:31.909795 ***** using V3 plugin to authenticate***** >> >> 2016-07-20 22:09:31.910042 auth_url=http://192.168.56.103/identity >> >> 2016-07-20 22:09:31.910175 token=d46339f2d0b5455db54909d6ed95a9cc >> >> 2016-07-20 22:09:31.910301 project_name=alt_demo >> >> 2016-07-20 22:09:31.910426 domain_name=Default >> >> 2016-07-20 22:09:31.910676 project_domain_name=default >> >> 2016-07-20 22:09:31.910866 ***** v3 auth.get_auth_state= >> >> 2016-07-20 22:09:31.910992 None >> >> 2016-07-20 22:09:31.914053 ***** finished using V3 plugin to >> >> authenticate***** >> >> 2016-07-20 22:09:31.914100 ***** creating session with auth ***** >> >> 2016-07-20 22:09:31.922260 ***** congress.get_keystone_session END***** >> >> 2016-07-20 22:09:31.922542 ***** regtion_name= RegionOne >> >> 2016-07-20 22:09:31.922676 ***** calling >> congress_client.Client(**kwargs) >> >> 2016-07-20 22:09:31.922822 ***** congress.congressclient END***** >> >> 2016-07-20 22:09:31.922949 ***** calling policies_list = >> >> client.list_policy()***** >> >> 2016-07-20 22:09:31.924732 Unable to get policies list: Cannot >> >> authorize API client. >> >> >> >> >> __________________________________________________________________________ >> >> OpenStack Development Mailing List (not for usage questions) >> >> Unsubscribe: >> [email protected]?subject:unsubscribe >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> > >> > >> __________________________________________________________________________ >> > OpenStack Development Mailing List (not for usage questions) >> > Unsubscribe: >> [email protected]?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> [email protected]?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
