could anyone please explain to me what is the relation between zones in nova-manage and region in keystone-manage? And help me to get the auth back working.
I got my fedora host test system messed up after installing keystone. Now I suspect region/zone could be the reason for authentication failure. Should they be the same? I got to this point by too much copy pasting the instructions without fully understanding the details... :( The system worked before keystone. --------------------------- # nova-manage host list host zone blade5 nova blade6 nova blade7 nova blade8 nova --------------------------- --------------------------- # keystone-manage endpointTemplates list All EndpointTemplates service region Public URL ------------------------------------------------------------------------------- nova RegionOne http://10.20.106.105:8774/v1.1/%tenant_id% glance RegionOne http://10.20.106.105:9292/v1 swift RegionOne http://10.20.106.105:8080/v1/AUTH_%tenant_id% keystone RegionOne http://10.20.106.105:5000/v2.0 nova_compat RegionOne http://10.20.106.105:8774/v1.0/ --------------------------- this works for admin: --------------------------- $ curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "secret"}}}' -H "Content-type: application/json" http://node1:35357/v2.0/tokens {"access": {"token": {"expires": "2015-02-05T00:00:00", "id": "999888777666", "tenant": {"id": "2", "name": "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://10.0.0.1:8774/v1.1/2", "region": "RegionOne", "internalURL": "http://10.0.0.1:8774/v1.1/2", "publicURL": "http://10.20.106.105:8774/v1.1/2"}], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://10.0.0.1:9292/v1", "region": "RegionOne", "internalURL": "http://10.0.0.1:9292/v1", "publicURL": "http://10.20.106.105:9292/v1"}], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://10.0.0.1:8080/v1.0/", "region": "RegionOne", "internalURL": "http://10.0.0.1:8080/v1/AUTH_2", "publicURL": "http://10.20.106.105:8080/v1/AUTH_2"}], "type": "storage", "name": "swift"}, {"endpoints": [{"adminURL": "http://10.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://10.0.0.1:5000/v2.0", "publicURL": "http://10.20.106.105:5000/v2.0"}], "type": "identity", "name": "keystone"}, {"endpoints": [{"adminURL": "http://10.0.0.1:8774/v1.0", "region": "RegionOne", "internalURL": "http://10.0.0.1:8774/v1.0", "publicURL": "http://10.20.106.105:8774/v1.0/"}], "type": "compute", "name": "nova_compat"}], "user": {"id": "2", "roles": [{"id": "4", "name": "Admin"}, {"id": "4", "name": "Admin"}, {"id": "4", "name": "Admin"}, {"id": "6", "name": "KeystoneServiceAdmin"}], "name": "admin"}}} --------------------------- but as a user it always gives access error: --------------------------- $ curl -d '{"auth":{"passwordCredentials":{"username": "demo", "password": "guest"}}}' -H "Content-type: application/json" http://node1:8774/v1.1/tokens <html> <head> <title>401 Unauthorized</title> </head> <body> <h1>401 Unauthorized</h1> This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.<br /><br /> Authentication required </body> </html> --------------------------- What possibly could cause this? --------------------------- # tail -1 /var/log/keystone/admin.log 2012-01-26 16:11:01 WARNING [eventlet.wsgi.server] 10.0.0.1 - - [26/Jan/2012 16:11:01] "POST /v2.0/tokens HTTP/1.1" 200 1519 0.084546 --------------------------- versions: $ rpm -qa 'openstack*' openstack-nova-doc-2011.3-18.fc17.noarch openstack-glance-doc-2011.3-2.fc16.noarch openstack-glance-2011.3-2.fc16.noarch openstack-swift-doc-1.4.4-1.fc17.noarch openstack-nova-2011.3-18.fc17.noarch openstack-keystone-2011.3.1-2.fc17.noarch _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp