I found the source of the issue. Into keystone configuration I set allow_rescope_scoped_token to false. Setting true this value horizon compute tab works.
But now the question is: Why horizon try to rescope authentication token only for compute information? Thanks Davide Panarese Cloud & Solution Architect Enter | The open network and cloud provider Via privata Stefanardo da Vimercate, 28 20128 Milano enter.eu Mobile: +39 3386369591 Phone: +39 02 25514 837 This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. > On 28 Sep 2018, at 20:28, Erik McCormick <emccorm...@cirrusseven.com> wrote: > > Add yourself as an admin of the domain. I think it uses a domain scored token > for that tab. In V2 you would have only been admin of a project. > > -Erik > > On Fri, Sep 28, 2018, 11:47 AM Davide Panarese <dpanar...@enter.eu > <mailto:dpanar...@enter.eu>> wrote: > It’s not nova-compute that report the issue but keystone authentication on > computing tab. > As I said before, openstack cli working properly with all services, nova > included. > > > > Davide Panarese > Cloud & Solution Architect > > Enter | The open network and cloud provider > > Via privata Stefanardo da Vimercate, 28 > 20128 Milano > enter.eu <http://enter.eu/> > > Mobile: +39 3386369591 > Phone: +39 02 25514 837 > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you have received this email in error please notify the system manager. This > message contains confidential information and is intended only for the > individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately by e-mail if you have received this e-mail by mistake and delete > this e-mail from your system. If you are not the intended recipient you are > notified that disclosing, copying, distributing or taking any action in > reliance on the contents of this information is strictly prohibited. > >> On 28 Sep 2018, at 14:52, Eugen Block <ebl...@nde.ag <mailto:ebl...@nde.ag>> >> wrote: >> >> Since nova-compute reports that failure, what is your auth_url in >> /etc/nova/nova.conf in the [placement] section? >> >> >> >> Zitat von Davide Panarese <dpanar...@enter.eu <mailto:dpanar...@enter.eu>>: >> >>> @Paul >>> Yes keystone:5000 is my endpoint. >>> >>> @Eugen >>> OPENSTACK_KEYSTONE_URL = "http://%s/v3 <http://%s/v3> <http://%s/v3 >>> <http://%s/v3>>" % OPENSTACK_HOST >>> >>> Still not working. >>> >>> >>> Davide Panarese >>> >>> >>>> On 28 Sep 2018, at 13:50, Eugen Block <ebl...@nde.ag >>>> <mailto:ebl...@nde.ag>> wrote: >>>> >>>> Hi, >>>> >>>> what is your current horizon configuration? >>>> >>>> control:~ # grep KEYSTONE_URL >>>> /srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py >>>> OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3 <http://%s:5000/v3>" % >>>> OPENSTACK_HOST >>>> >>>> Maybe this still configured to v2? >>>> >>>> Regards, >>>> Eugen >>>> >>>> >>>> Zitat von Davide Panarese <dpanar...@enter.eu <mailto:dpanar...@enter.eu>>: >>>> >>>>> Goodmorning every one, >>>>> i'm finally approaching migration to keystone v3 but i want to maintain >>>>> keystone v2 compatibility for all users that have custom scripts for >>>>> authentication to our openstack. >>>>> Migration seems to be pretty simple, change endpoint direct into database >>>>> changing MailScanner ha rilevato un possibile tentativo di frode >>>>> proveniente da "keystone:5000" http://keystone:5000/v2.0 >>>>> <http://keystone:5000/v2.0> to http://keystone:5000 >>>>> <http://keystone:5000/> <http://keystone:5000/ <http://keystone:5000/>>; >>>>> Openstack client have the capability to add /v2.0 or /v3 at the end of >>>>> url retrieved from catalog. >>>>> But i'm stuck with horizon dashboard, login works but compute information >>>>> are not available and error log show: >>>>> “ Forbidden: You are not authorized to perform the requested action: >>>>> rescope a scoped token. (HTTP 403)" >>>>> All other tabs works properly. >>>>> I think that is a keystone issue but i don't understand why with >>>>> openstack client works perfectly and with horizon not. >>>>> Anyone can explain what i missed in migration? >>>>> >>>>> Thanks a lot, >>>>> Davide Panarese >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Mailing list: >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >>>> Post to : openstack@lists.openstack.org >>>> <mailto:openstack@lists.openstack.org> >>>> Unsubscribe : >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >>>> >>>> -- >>>> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non >>>> infetto. >>>> Seguire il link qui sotto per segnalarlo come >>>> spam:http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=D389145856.A899A >>>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=D389145856.A899A> >>>> >>>> >> >> >> >> >> -- >> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non >> infetto. >> Seguire il link qui sotto per segnalarlo come >> spam:http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=9946B46CDF.A2B74 >> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=9946B46CDF.A2B74> >> >> > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> > Post to : openstack@lists.openstack.org > <mailto:openstack@lists.openstack.org> > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> > > -- > Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non > infetto. > Clicca qui per segnalarlo come spam. > <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=953D5406E1.AD5CD> > Clicca qui per metterlo in blacklist > <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=953D5406E1.AD5CD> > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
