Dear Davide, Below are the steps I have followed to configure heat in kilo. Please let me know if I am missing something here.
mysql -u root -p CREATE DATABASE heat; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ IDENTIFIED BY 'heat'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ IDENTIFIED BY 'heat'; export OS_TENANT_NAME='openstack' export OS_USERNAME='admin' export OS_PASSWORD='Chang3M3' export OS_AUTH_URL='https://identity.cncloud.com:5000/v2.0' export OS_AUTH_STRATEGY='keystone' export OS_REGION_NAME='RegionOne' keystone user-create --name heat --pass heat keystone user-role-add --user heat --role admin --tenant services keystone service-create --name heat --description "Orchestration" --type orchestration keystone service-create --name heat-cfn --description "Orchestration" --type cloudformation keystone endpoint-create --service heat --publicurl " http://54.174.88.227:8004/v1/%(tenant_id)s" --adminurl " http://54.174.88.227:8004/v1/%(tenant_id)s" --internalurl " http://54.174.88.227:8004/v1/%(tenant_id)s" keystone endpoint-create --service heat-cfn --publicurl " http://54.174.88.227:8000/v1/%(tenant_id)s" --adminurl " http://54.174.88.227:8000/v1/%(tenant_id)s" --internalurl " http://54.174.88.227:8000/v1/%(tenant_id)s" keystone role-create --name heat_stack_owner keystone user-role-add --user admin --tenant openstack --role heat_stack_owner keystone role-create --name heat_stack_user heat-keystone-setup-domain \ –stack-user-domain-name heat_user_domain \ –stack-domain-admin heat_domain_admin \ –stack-domain-admin-password $HeatPass | tee heat-keystone-setup-domain.out heact.conf: [DEFAULT] debug = true verbose = true rpc_backend = zmq heat_metadata_server_url = http://54.174.88.227:8000 heat_waitcondition_server_url = http://54.174.88.227:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = Chang3M3 stack_user_domain_name = heat_user_domain stack_user_domain_id=f798141e117a417996a736ba8f57f368 rpc_zmq_host = 54.174.88.227 [database] connection = mysql://heat:[email protected]/heat [keystone_authtoken] auth_uri = https://identity.cncloud.com:5000/v2.0 identity_url = https://identity.cncloud.com:35357 #memcached_servers = controller:11211 project_name = services auth_type = password admin_tenant_name = services admin_user = heat admin_password = heat [ec2authtoken] auth_uri = https://identity.cncloud.com:5000/v2.0 heat-manage db_sync service heat-api restart service heat-api-cfn restart service heat-engine restart export OS_TENANT_NAME='services' export OS_USERNAME='heat' export OS_PASSWORD='heat' export OS_AUTH_URL='https://identity.cncloud.com:5000/v2.0' export OS_AUTH_STRATEGY='keystone' export OS_REGION_NAME='RegionOne' heat stack-list ERROR : Authentication Required. Regards, NareshA. On Wed, Feb 1, 2017 at 4:07 PM, NareshA kumar <[email protected]> wrote: > Davide, > Yes I am using the heat credentials as you have mentioned. But still I am > getting Authentication required error. > > Regards, > NareshA. > > On Wed, Feb 1, 2017 at 4:01 PM, NareshA kumar <[email protected]> > wrote: > >> Davide, >> Yes I am using the heat credentials as you have mentioned. But still I am >> getting Authentication required error. >> >> I am attaching heat-api.log here for your reference. I am guessing that I >> would have missed something while creating heat domains. >> >> Regards, >> NareshA. >> >> On Wed, Feb 1, 2017 at 3:14 PM, Davide Panarese <[email protected]> >> wrote: >> >>> If you use heat creadential for token request it works? >>> >>> export OS_AUTH_URL=https://identity.cncloud.com:5000/v2.0 >>> export OS_REGION_NAME=RegionOne >>> export OS_USERNAME=heat >>> export OS_TENANT_NAME=services >>> export OS_PASSWORD=heat >>> >>> keystone token-get >>> >>> Davide >>> >>> On 01 Feb 2017, at 10:10, NareshA kumar <[email protected]> >>> wrote: >>> >>> I have associated heat user to services tenant and gave it a admin role. >>> >>> keystone user-role-list --user heat --tenant services >>> +----------------------------------+-------+---------------- >>> ------------------+----------------------------------+ >>> | id | name | user_id >>> | tenant_id | >>> +----------------------------------+-------+---------------- >>> ------------------+----------------------------------+ >>> | 2b995253c23e4c1db8cd374346a4ecd4 | admin | >>> 645eb7e9f04f4a2b8df65272a23c1394 | 024890084b7642e9b8535b52a86584ea | >>> +----------------------------------+-------+---------------- >>> ------------------+----------------------------------+ >>> >>> heat --debug stack-list >>> >>> DEBUG (session) REQ: curl -g -i -X GET https://identity.cncloud.com:5 >>> 000/v2.0 -H "Accept: application/json" -H "User-Agent: >>> python-keystoneclient" >>> DEBUG (session) RESP: [200] x-openstack-request-id: >>> req-2515497e-671b-475e-b48c-0cb6f2ccfe2f content-length: 347 via: 1.1 >>> identity.cncloud.com:5000 access-control-expose-headers: Accept, >>> Content-Type, X-Auth-Token, X-Subject-Token vary: X-Auth-Token server: >>> Apache/2.4.7 (Ubuntu) connection: close access-control-allow-methods: GET >>> POST OPTIONS PUT DELETE PATCH date: Wed, 01 Feb 2017 09:07:01 GMT >>> access-control-allow-origin: * access-control-allow-headers: Accept, >>> Content-Type, X-Auth-Token, X-Subject-Token content-type: application/json >>> x-distribution: Ubuntu >>> RESP BODY: {"version": {"status": "stable", "updated": >>> "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", >>> "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", >>> "links": [{"href": "https://identity.cncloud.com:5000/v2.0/";, "rel": >>> "self"}, {"href": "http://docs.openstack.org/";, "type": "text/html", >>> "rel": "describedby"}]}} >>> >>> DEBUG (v2) Making authentication request to >>> https://identity.cncloud.com:5000/v2.0/tokens >>> DEBUG (session) REQ: curl -g -i -X GET *MailScanner warning: numerical >>> links are often malicious:* http://54.174.88.227:8004/v1/0 >>> c28d40bdcf0472d8dfb214a5c0286c4/stacks >>> <http://54.174.88.227:8004/v1/0c28d40bdcf0472d8dfb214a5c0286c4/stacks>? >>> -H "Accept: application/json" -H "User-Agent: python-heatclient" -H >>> "X-Region-Name: RegionOne" -H "X-Auth-Token: >>> {SHA1}9cc75daaff59cdb14a75bfb74ca6d77ebb8d8ac6" >>> -H "Content-Type: application/json" -H "X-Auth-Url: >>> https://identity.cncloud.com:5000/v2.0"; >>> DEBUG (session) RESP: >>> DEBUG (v2) Making authentication request to >>> https://identity.cncloud.com:5000/v2.0/tokens >>> DEBUG (session) RESP: >>> Traceback (most recent call last): >>> File "/usr/bin/heat", line 10, in <module> >>> sys.exit(main()) >>> File "/usr/lib/python2.7/dist-packages/heatclient/shell.py", line >>> 706, in main >>> HeatShell().main(args) >>> File "/usr/lib/python2.7/dist-packages/heatclient/shell.py", line >>> 656, in main >>> args.func(client, args) >>> File "/usr/lib/python2.7/dist-packages/heatclient/v1/shell.py", line >>> 581, in do_stack_list >>> utils.print_list(stacks, fields, sortby_index=3) >>> File >>> "/usr/lib/python2.7/dist-packages/heatclient/openstack/common/cliutils.py", >>> line 169, in print_list >>> for o in objs: >>> File "/usr/lib/python2.7/dist-packages/heatclient/v1/stacks.py", line >>> 100, in paginate >>> stacks = self._list(url, 'stacks') >>> File >>> "/usr/lib/python2.7/dist-packages/heatclient/openstack/common/apiclient/base.py", >>> line 117, in _list >>> body = self.client.get(url).json() >>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >>> line 292, in get >>> return self.client_request("GET", url, **kwargs) >>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >>> line 285, in client_request >>> resp, body = self.json_request(method, url, **kwargs) >>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >>> line 266, in json_request >>> resp = self._http_request(url, method, **kwargs) >>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >>> line 361, in _http_request >>> raise exc.from_response(resp) >>> heatclient.exc.HTTPUnauthorized: ERROR: Authentication required >>> >>> >>> Regards, >>> NareshA. >>> >>> On Wed, Feb 1, 2017 at 2:16 PM, Davide Panarese <[email protected]> >>> wrote: >>> >>>> Could you debug heat api call with heat —debug stack-list? >>>> Did you associate heat user to service tenant and give it admin role? >>>> >>>> Davide >>>> >>>> On 31 Jan 2017, at 19:54, NareshA kumar <[email protected]> >>>> wrote: >>>> >>>> Hi, >>>> I am installing heat in kilo with keystone v2 APIs. As per document I >>>> have configured the endpoints and heat.conf. "heat stack-list" gives me >>>> Authentication required error. In heat-api.log I am seeing "Authorization >>>> failed for token" message. >>>> Can anyone help me solve this issue? >>>> >>>> Regards, >>>> NareshA. >>>> >>>> -- >>>> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non >>>> infetto. >>>> Clicca qui per segnalarlo come spam. >>>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=32A47402B1.A84A6> >>>> Clicca qui per metterlo in blacklist >>>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=32A47402B1.A84A6> >>>> _______________________________________________ >>>> Mailing list: http://lists.openstack.org/cgi >>>> -bin/mailman/listinfo/openstack >>>> Post to : [email protected] >>>> Unsubscribe : http://lists.openstack.org/cgi >>>> -bin/mailman/listinfo/openstack >>>> >>>> >>>> >>> >>> -- >>> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non >>> infetto. >>> Clicca qui per segnalarlo come spam. >>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=557444011D.A905A> >>> Clicca qui per metterlo in blacklist >>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=557444011D.A905A> >>> _______________________________________________ >>> Mailing list: http://lists.openstack.org/cgi >>> -bin/mailman/listinfo/openstack >>> Post to : [email protected] >>> Unsubscribe : http://lists.openstack.org/cgi >>> -bin/mailman/listinfo/openstack >>> >>> >>> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
