Re: [Openstack] authentication failure for glance client in the latest devstack dev environment
My system is Ubuntu 12.04 64bit. My "nova list" also failed with a HTTP 401 status error, with the following output on nova-api: 2012-11-09 18:30:09 ERROR keystone.common.cms [-] Verify error: Verification failure 139967656924832:error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length:rsa_sign.c:175: 139967656924832:error:2E09A09E:CMS routines:CMS_SignerInfo_verify_content:verification failure:cms_sd.c:900: 139967656924832:error:2E09D06D:CMS routines:CMS_verify:content verify error:cms_smime.c:425: 2012-11-09 18:30:09 WARNING keystone.middleware.auth_token [-] Authorization failed for token .. 2012-11-09 18:30:09 INFO keystone.middleware.auth_token [-] Invalid user token - rejecting request 2012-11-09 18:30:09 INFO nova.osapi_compute.wsgi.server [-] 10.239.36.61 "GET /v2/447239d7ddfd4ae89393c9ecf538d703/servers/det ail HTTP/1.1" status: 401 len: 461 time: 0.0153220 However, the "keystone" command-line client works fine. Best Regards, Lianhao > -Original Message- > From: openstack-bounces+lianhao.lu=intel@lists.launchpad.net > [mailto:openstack-bounces+lianhao.lu=intel....@lists.launchpad.net] > On Behalf Of Lu, Lianhao > Sent: Friday, November 09, 2012 4:31 PM > To: openstack@lists.launchpad.net; openstack-...@lists.openstack.org > Subject: [Openstack] authentication failure for glance client in the latest > devstack dev environment > > Hi fellows, > > Today I just updated my devstack to setup a new openstack dev environment > with "RECLONE" set to "yes" in localrc. The stack.sh failed at > the very end in "glance image-create" with the error of "Invalid OpenStack > Identify credential". > > I then tried to run "glance image-list" in the command line after "source > openrc admin", it also failed with the same error. > > When the error happens, glance-api server reported the following errors on > the screen: > > 2012-11-09 16:20:31 16950 ERROR keystone.middleware.auth_token [-] HTTP > connection exception: [Errno 1] _ssl.c:504: > error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol > 2012-11-09 16:20:31 16950 WARNING keystone.middleware.auth_token [-] > Authorization failed for token > MIIL7wYJKoZIhvcNAQcCoIIL4DCCC9wCAQExCTAHBgUrDgMCGjCCCkUGCSqGSIb3DQEHAaCCCjYEggoyeyJhY2Nlc3MiOiB7InRva2VuIjogeyJp > c3N1ZWRfYXQiOiAiMDg6MjA6MzEuNjM3.(..omit here) > A8uKBr1VlQoeF2Y-ND+DhZV+vjrM8i6FcGfeFq6Vra-1ktoQjkfh88XmG2tCcwrlGo0nVM4OrRaIs8F9Iwc4EIXHA+Aw73MzqUIRVSE8ahiFg9nNM > = > 2012-11-09 16:20:31 16950 INFO keystone.middleware.auth_token [-] Invalid > user token - deferring reject downstream > > > And the keystone reported the following: > > (eventlet.wsgi.server): 2012-11-09 16:28:21,276 DEBUG wsgi write 127.0.0.1 - > - [09/Nov/2012 16:28:21] "POST /v2.0/tokens HTTP/1.1" 200 > 6780 0.095150 > > localhost - - [09/Nov/2012 16:28:21] code 400, message Bad request syntax > ("\x16\x03\x01\x00\xcd\x01\x00\x00\xc9\x03\x02P\x9c\xbe\xa5#\xc8D\xf8\xe9\xe9\x97\xc5w\x19LX\xfc\xb8\x04v\xb1w'\x04A\xa7}\xa8\x > 0c") > localhost - - [09/Nov/2012 16:28:21] "��P���#�DwLX�v�w'A�}�" 400 - > > > Does anyone know what's going wrong here? > > Yours, > -Lianhao > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] authentication failure for glance client in the latest devstack dev environment
Hi fellows, Today I just updated my devstack to setup a new openstack dev environment with "RECLONE" set to "yes" in localrc. The stack.sh failed at the very end in "glance image-create" with the error of "Invalid OpenStack Identify credential". I then tried to run "glance image-list" in the command line after "source openrc admin", it also failed with the same error. When the error happens, glance-api server reported the following errors on the screen: 2012-11-09 16:20:31 16950 ERROR keystone.middleware.auth_token [-] HTTP connection exception: [Errno 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2012-11-09 16:20:31 16950 WARNING keystone.middleware.auth_token [-] Authorization failed for token MIIL7wYJKoZIhvcNAQcCoIIL4DCCC9wCAQExCTAHBgUrDgMCGjCCCkUGCSqGSIb3DQEHAaCCCjYEggoyeyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMDg6MjA6MzEuNjM3.(..omit here) A8uKBr1VlQoeF2Y-ND+DhZV+vjrM8i6FcGfeFq6Vra-1ktoQjkfh88XmG2tCcwrlGo0nVM4OrRaIs8F9Iwc4EIXHA+Aw73MzqUIRVSE8ahiFg9nNM= 2012-11-09 16:20:31 16950 INFO keystone.middleware.auth_token [-] Invalid user token - deferring reject downstream And the keystone reported the following: (eventlet.wsgi.server): 2012-11-09 16:28:21,276 DEBUG wsgi write 127.0.0.1 - - [09/Nov/2012 16:28:21] "POST /v2.0/tokens HTTP/1.1" 200 6780 0.095150 localhost - - [09/Nov/2012 16:28:21] code 400, message Bad request syntax ("\x16\x03\x01\x00\xcd\x01\x00\x00\xc9\x03\x02P\x9c\xbe\xa5#\xc8D\xf8\xe9\xe9\x97\xc5w\x19LX\xfc\xb8\x04v\xb1w'\x04A\xa7}\xa8\x0c") localhost - - [09/Nov/2012 16:28:21] "��P���#�DwLX�v�w'A�}�" 400 - Does anyone know what's going wrong here? Yours, -Lianhao ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] keystone installed by devstack redirect http request
You're right. The 301 is returned by my http proxy server. The reason is that the httplib2 python module keystone client uses would use the proxy server in the environment variable http_proxy, but the content of no_proxy environment variable is not actually used in establishing the connection. Best Regards, Lianhao From: anti...@gmail.com [mailto:anti...@gmail.com] On Behalf Of Dolph Mathews Sent: Friday, August 24, 2012 8:58 PM To: Lu, Lianhao Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] keystone installed by devstack redirect http request Keystone doesn't return 301's (ever). However, your 301 response headers show: Server: BlueCoat-Security-Appliance I'm guessing that wasn't installed by devstack :) -Dolph On Fri, Aug 24, 2012 at 3:03 AM, Lu, Lianhao mailto:lianhao...@intel.com>> wrote: Hi gang, I used the devstack to install a "all-one-one" develop environment, but the keystone service seemed not working for me. The host OS is Ubuntu 12.04 with a statically assigned IP address 192.168.79.201. Since this host is in the internal network, I have to use a gateway(with 2 NICs of ip addresses 192.168.79.1 and 10.239.48.224) to login into the 192.168.79.201 host from the 10.239.48.0/24<http://10.239.48.0/24> network to run devstack. After running devstack successfully, I found that the keystone service was not usable. It mysteriously redirected http requests to the gateway 10.239.48.224(see below for the http response and keystone configurations). Does anyone know why I saw the redirect here? Thanks! Best Regards, -Lianhao $ keystone --debug tenant-list connect: (127.0.0.1, 5000) send: 'POST /v2.0/tokens HTTP/1.1\r\nHost: 127.0.0.1:5000<http://127.0.0.1:5000>\r\nContent-Length: 100\r\ncontent-type: application/json\r\naccept-encoding: gzip, deflate\r\nuser-agent: python-keystoneclient\r\n\r\n{"auth": {"tenantName": "demo", "passwordCredentials": {"username": "admin", "password": "123456"}}}' reply: 'HTTP/1.1 301 Moved Permanently\r\n' header: Server: BlueCoat-Security-Appliance header: Location:http://10.239.48.224 header: Connection: Close connect: (10.239.48.224, 80) send: 'POST / HTTP/1.1\r\nHost: 10.239.48.224\r\nContent-Length: 100\r\ncontent-type: application/json\r\naccept-encoding: gzip, deflate\r\nuser-agent: python-keystoneclient\r\n\r\n{"auth": {"tenantName": "demo", "passwordCredentials": {"username": "admin", "password": "123456"}}}' -- -Dolph ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] keystone installed by devstack redirect http request
Hi gang, I used the devstack to install a "all-one-one" develop environment, but the keystone service seemed not working for me. The host OS is Ubuntu 12.04 with a statically assigned IP address 192.168.79.201. Since this host is in the internal network, I have to use a gateway(with 2 NICs of ip addresses 192.168.79.1 and 10.239.48.224) to login into the 192.168.79.201 host from the 10.239.48.0/24 network to run devstack. After running devstack successfully, I found that the keystone service was not usable. It mysteriously redirected http requests to the gateway 10.239.48.224(see below for the http response and keystone configurations). Does anyone know why I saw the redirect here? Thanks! Best Regards, -Lianhao $ keystone --debug tenant-list connect: (127.0.0.1, 5000) send: 'POST /v2.0/tokens HTTP/1.1\r\nHost: 127.0.0.1:5000\r\nContent-Length: 100\r\ncontent-type: application/json\r\naccept-encoding: gzip, deflate\r\nuser-agent: python-keystoneclient\r\n\r\n{"auth": {"tenantName": "demo", "passwordCredentials": {"username": "admin", "password": "123456"}}}' reply: 'HTTP/1.1 301 Moved Permanently\r\n' header: Server: BlueCoat-Security-Appliance header: Location:http://10.239.48.224 header: Connection: Close connect: (10.239.48.224, 80) send: 'POST / HTTP/1.1\r\nHost: 10.239.48.224\r\nContent-Length: 100\r\ncontent-type: application/json\r\naccept-encoding: gzip, deflate\r\nuser-agent: python-keystoneclient\r\n\r\n{"auth": {"tenantName": "demo", "passwordCredentials": {"username": "admin", "password": "123456"}}}' $ cat /etc/keystone/keystone.conf [DEFAULT] admin_token = 123456 [sql] connection = mysql://root:123456@localhost/keystone?charset=utf8 [catalog] template_file = /etc/keystone/default_catalog.templates driver = keystone.catalog.backends.templated.TemplatedCatalog [ec2] driver = keystone.contrib.ec2.backends.sql.Ec2 [filter:debug] paste.filter_factory = keystone.common.wsgi:Debug.factory [filter:token_auth] paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory [filter:admin_token_auth] paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory [filter:xml_body] paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory [filter:json_body] paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory [filter:user_crud_extension] paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory [filter:crud_extension] paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory [filter:ec2_extension] paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory [filter:s3_extension] paste.filter_factory = keystone.contrib.s3:S3Extension.factory [filter:url_normalize] paste.filter_factory = keystone.middleware:NormalizingFilter.factory [filter:stats_monitoring] paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory [filter:stats_reporting] paste.filter_factory = keystone.contrib.stats:StatsExtension.factory [app:public_service] paste.app_factory = keystone.service:public_app_factory [app:admin_service] paste.app_factory = keystone.service:admin_app_factory [pipeline:public_api] pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service [pipeline:admin_api] pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug stats_reporting ec2_extension s3_extension crud_extension admin_service [app:public_version_service] paste.app_factory = keystone.service:public_version_app_factory [app:admin_version_service] paste.app_factory = keystone.service:admin_version_app_factory [pipeline:public_version_api] pipeline = stats_monitoring url_normalize xml_body public_version_service [pipeline:admin_version_api] pipeline = stats_monitoring url_normalize xml_body admin_version_service [composite:main] use = egg:Paste#urlmap /v2.0 = public_api / = public_version_api [composite:admin] use = egg:Paste#urlmap /v2.0 = admin_api / = admin_version_api $ cat /etc/keystone/default_catalog.templates catalog.RegionOne.identity.publicURL = http://192.168.79.201:$(public_port)s/v2.0 catalog.RegionOne.identity.adminURL = http://192.168.79.201:$(admin_port)s/v2.0 catalog.RegionOne.identity.internalURL = http://192.168.79.201:$(public_port)s/v2.0 catalog.RegionOne.identity.name = Identity Service catalog.RegionOne.compute.publicURL = http://192.168.79.201:8774/v2/$(tenant_id)s catalog.RegionOne.compute.adminURL = http://192.168.79.201:8774/v2/$(tenant_id)s catalog.RegionOne.compute.internalURL = http://192.168.79.201:8774/v2/$(tenant_id)s catalog.RegionOne.compute.name = Compute Service catalog.RegionOne.volume.publicURL = http://192.168.79.201:8776/v1/$(tenant_id)s catalog.RegionOne.volume.adminURL = http://192.168.79.201:8776/v1/$(tenant_id)s catalog.RegionOne.volume.internalURL = http://192.168.79.201:8776/v1/$(tenant_id)s catalog.RegionOne.volume.name = Volume Service catalog.RegionOne.ec2.pu