Comments below. With an "I object." :) On Tue, Oct 2, 2012 at 6:50 PM, Dolph Mathews <dolph.math...@gmail.com>wrote:
> I find it odd that the document describes two approaches for configuring > keystone -- one being a relatively undocumented, scripted approach not > managed or distributed by OpenStack. Surely these two approaches will > continue to evolve seperately and we'll experience more issues such as this > one. > > Anyone have any objections to removing this "scripted configuration" > section in favor of focusing on the existing "manual" approach? > Sorry, I have to object after watching this page and the scripts evolve over the last 9-12 months. There just has to be a scripted option and I agree it needs to be tested and maintained. I'm fine with having the keystone script be the documented one. For a while though the scripts were populating templated catalogs (files) not populating the database. I think the best fix is to: - ensure scripts have exactly the documented names of tenants, users, etc. - patch the doc to use only the names in the script and manual in the verification step. Doc bug logged here describing the work needing done: https://bugs.launchpad.net/openstack-manuals/+bug/1060536 > > http://docs.openstack.org/trunk/openstack-compute/install/apt/content/setting-up-tenants-users-and-roles.html > > -Dolph > > > On Tue, Oct 2, 2012 at 6:42 PM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: > >> Hi Dolph, >> >> I am now getting the same output as the "curl" command, basically >> "Invalid Tenant". At this point >> >> root@ubuntu1:~# keystone --os-username=adminUser >> --os-password=secretword--os-tenant-name=service >> --os-auth-url=http://10.0. >> 2.15:35357/v2.0 token-get >> >> No handlers could be found for logger "keystoneclient.client" >> Invalid tenant (HTTP 401) >> >> Without the "os-tenant-name" parameter, I seem to get "good' response. >> >> root@ubuntu1:~# keystone --os-username=adminUser --os-password=secretword--os >> -auth-url=http://10.0.2.15:35357/v2.0 token-get >> No handlers could be found for logger "keystoneclient.v2_0.client" >> +----------+----------------------------------+ >> | Property | Value | >> +----------+----------------------------------+ >> | expires | 2012-10-03T23:31:17Z | >> | id | 31078072aae94f5aab5c8e46ff5f6373 | >> | user_id | 3e674f7f64ba452cb20781b8d5e26b7f | >> +----------+----------------------------------+ >> At this point, I feel like I am running into issues with/in the python >> / PyYAML script (https://github.com/nimbis/keystone-init.git) which must >> not be populating info into keystone "accurately" and most probably not >> equivalent to manual steps mentioned in "Deploy and Install OpenStack - >> Red Hat Ubuntu". I will look into the script. >> >> Regards, >> Ahmed. >> >> ------------------------------ >> *From:* Dolph Mathews [dolph.math...@gmail.com] >> *Sent:* Tuesday, October 02, 2012 2:19 PM >> >> *To:* Ahmed Al-Mehdi >> *Cc:* heckj; openstack@lists.launchpad.net >> *Subject:* Re: [Openstack] Enabling logging in keystone. >> >> No worries, that's what a second set of eyes is for! >> >> By specifying a token and endpoint, you're bypassing the authentication >> process that your curl command is performing. >> >> You can test authentication with the keystone client using: >> >> $ keystone --os-username=adminUser --os-password=secretword >> --os-tenant-name=adminTenant >> --os-authurl=http://10.0.2.15:35357/v2.0<http://10.0.2.15:35357/v2.0/tokens> >> token-get >> >> But as Anne pointed out, you don't have a tenant named "adminTenant". >> You'll also need to make sure you've granted a role to your user on the >> specified tenant for authorization to succeed. You can remove the tenant >> name argument from the token-get call to test authentication without >> authorization (therefore without requiring anything but a valid user in >> your keystone install). >> >> -Dolph >> >> On Tuesday, October 2, 2012, Ahmed Al-Mehdi wrote: >> >>> Hi Dolph, >>> >>> Very sorry about that. With the correct token, calling keystone from >>> the cli is working. However, the curl command is failing. Will this >>> cause an issue down the line as I start to install glance and nova? >>> >>> >>> #> keystone --token 012345SECRET99TOKEN012345 --endpoint >>> http://10.0.2.15:35357/v2.0 tenant-list >>> +----------------------------------+---------------+---------+ >>> | id | name | enabled | >>> +----------------------------------+---------------+---------+ >>> | 07a44f9d55694d638f41bc160c14b42e | openstackDemo | True | >>> | 0e4cc20586ae42329db51e0c6f807731 | service | True | >>> +----------------------------------+---------------+---------+ >>> #> curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials": >>> {"username": "adminUser", "password": "secretword"}}}' -H >>> "Content-type: application/json" http://10.0.2.15:35357/v2.0/tokens | >>> python -mjson.tool >>> % Total % Received % Xferd Average Speed Time Time Time >>> Current >>> Dload Upload Total Spent Left >>> Speed >>> 100 231 0 116 100 115 2771 2747 --:--:-- --:--:-- >>> --:--:-- 3052 >>> { >>> "error": { >>> "code": 401, >>> "message": "The request you have made requires authentication.", >>> "title": "Not Authorized" >>> } >>> } >>> >>> Regards, >>> Ahmed. >>> >>> >>> ------------------------------ >>> *From:* Dolph Mathews >>> [dolph.math...@gmail.com<https://exg5.exghost.com/owa/UrlBlockedError.aspx> >>> ] >>> *Sent:* Tuesday, October 02, 2012 12:12 PM >>> *To:* Ahmed Al-Mehdi >>> *Cc:* heckj; >>> openstack@lists.launchpad.net<https://exg5.exghost.com/owa/UrlBlockedError.aspx> >>> *Subject:* Re: [Openstack] Enabling logging in keystone. >>> >>> You're missing a "5" on the admin_token you've specified on the >>> command line. >>> >>> 012345SECRET99TOKEN01234 (your CLI arg) >>> 012345SECRET99TOKEN012345 (keystone.conf) >>> >>> -Dolph >>> >>> >>> On Tue, Oct 2, 2012 at 1:08 PM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: >>> >>> Hi Joe, >>> >>> I have put the conf file (renamed to ahmed_keystone.conf) into gist. >>> >>> git://gist.github.com/3821846.git >>> >>> Please let me know if you have any issues accessing the file. >>> >>> Thank you very much for helping me out. I have a feeling the issue >>> might be in the python script to populate keystone. When I previously input >>> the data manually, I got keystone configured properly. >>> >>> Regards, >>> Ahmed. >>> >>> >>> ________________________________________ >>> From: heckj [he...@mac.com] >>> Sent: Tuesday, October 02, 2012 10:56 AM >>> To: Ahmed Al-Mehdi >>> Cc: openstack@lists.launchpad.net >>> Subject: Re: [Openstack] Enabling logging in keystone. >>> >>> Ahmed - can you put your keystone.conf into a paste or gist and share >>> it with me? I'd be happy to help you debug this. >>> >>> I'm assuming you're running keystone on the system with the IP address >>> 10.0.2.15, correct? >>> >>> -joe >>> >>> On Oct 2, 2012, at 10:45 AM, Ahmed Al-Mehdi <ah...@coraid.com> wrote: >>> >>> > Hi Joe, >>> > >>> > I noticed I did not put the port number in the URL, now I am getting a >>> more meaningful error: >>> > >>> > #> keystone --token 012345SECRET99TOKEN01234 --endpoint >>> http://10.0.2.15:35357/v2.0 tenant-list >>> > No handlers could be found for logger "keystoneclient.client" >>> > Unable to authorize user >>> > >>> > Regards, >>> > Ahmed. >>> > >>> > ________________________________________ >>> > From: >>> > openstack-bounces+ahmed=coraid....@lists.launchpad.net[openstack-bounces+ahmed >>> =coraid....@lists.launchpad.net] On Behalf Of Ahmed Al-Mehdi [ >>> ah...@coraid.com] >>> > Sent: Tuesday, October 02, 2012 10:30 AM >>> > To: heckj >>> > Cc: openstack@lists.launchpad.net >>> > Subject: Re: [Openstack] Enabling logging in keystone. >>> > >>> > Hi Joe, >>> > >>> > Unfortunately before I read your response I re-installed my Ubuntuserver. >>> > I repeated the same steps mentioned in the OpenStackdocument "Deploy and >>> > Install OpenStack- RedHatUbuntu" >>> and also used the script mentioned in it ( >>> https://github.com/nimbis/keystone-init/blob/master/keystone-init.py) >>> to populate keystone. I reboot the server prior to running your suggested >>> command and now running into a different issue, which I feel maybe due to >>> not starting some service. Btw, my host OS is Ubuntu 12.04 (32 bit) >>> running inVirtualBox. >>> > >>> > Currently I am getting the following error: >>> > >>> > #> keystone --token 012345SECRET99TOKEN01234 --endpoint >>> http://10.0.2.15/v2.0 tenant-lis >>> >>> >> >> -- >> >> -Dolph >> > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp