Re: [Openstack] [Horizon][Keystone] Migration to keystone v3

2018-09-29 Thread Davide Panarese 
I found the source of the issue.
Into keystone configuration I set allow_rescope_scoped_token to false. Setting 
true this value horizon compute tab works.

But now the question is:
Why horizon try to rescope authentication token only for compute information?

Thanks

Davide Panarese
Cloud & Solution Architect

Enter  |  The open network and cloud provider

Via privata Stefanardo da Vimercate, 28 
20128 Milano
enter.eu

Mobile: +39 3386369591
Phone: +39 02 25514 837

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.

> On 28 Sep 2018, at 20:28, Erik McCormick  wrote:
> 
> Add yourself as an admin of the domain. I think it uses a domain scored token 
> for that tab. In V2 you would have only been admin of a project. 
> 
> -Erik
> 
> On Fri, Sep 28, 2018, 11:47 AM Davide Panarese  > wrote:
> It’s not nova-compute that report the issue but keystone authentication on 
> computing tab.
> As I said before, openstack cli working properly with all services, nova 
> included.
> 
> 
> 
> Davide Panarese
> Cloud & Solution Architect
> 
> Enter  |  The open network and cloud provider
> 
> Via privata Stefanardo da Vimercate, 28 
> 20128 Milano
> enter.eu 
> 
> Mobile: +39 3386369591
> Phone: +39 02 25514 837
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed. If 
> you have received this email in error please notify the system manager. This 
> message contains confidential information and is intended only for the 
> individual named. If you are not the named addressee you should not 
> disseminate, distribute or copy this e-mail. Please notify the sender 
> immediately by e-mail if you have received this e-mail by mistake and delete 
> this e-mail from your system. If you are not the intended recipient you are 
> notified that disclosing, copying, distributing or taking any action in 
> reliance on the contents of this information is strictly prohibited.
> 
>> On 28 Sep 2018, at 14:52, Eugen Block mailto:ebl...@nde.ag>> 
>> wrote:
>> 
>> Since nova-compute reports that failure, what is your auth_url in 
>> /etc/nova/nova.conf in the [placement] section?
>> 
>> 
>> 
>> Zitat von Davide Panarese mailto:dpanar...@enter.eu>>:
>> 
>>> @Paul
>>> Yes keystone:5000 is my endpoint.
>>> 
>>> @Eugen
>>> OPENSTACK_KEYSTONE_URL = "http://%s/v3  >> >" % OPENSTACK_HOST
>>> 
>>> Still not working.
>>> 
>>> 
>>> Davide Panarese
>>> 
>>> 
 On 28 Sep 2018, at 13:50, Eugen Block >>> > wrote:
 
 Hi,
 
 what is your current horizon configuration?
 
 control:~ # grep KEYSTONE_URL 
 /srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py
 OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3 " % 
 OPENSTACK_HOST
 
 Maybe this still configured to v2?
 
 Regards,
 Eugen
 
 
 Zitat von Davide Panarese mailto:dpanar...@enter.eu>>:
 
> Goodmorning every one,
> i'm finally approaching migration to keystone v3 but i want to maintain 
> keystone v2 compatibility for all users that have custom scripts for 
> authentication to our openstack.
> Migration seems to be pretty simple, change endpoint direct into database 
> changing MailScanner ha rilevato un possibile tentativo di frode 
> proveniente da "keystone:5000" http://keystone:5000/v2.0 
>  to http://keystone:5000 
>  >; 
> Openstack client have the capability to add /v2.0 or /v3 at the end of 
> url retrieved from catalog.
> But i'm stuck with horizon dashboard, login works but compute information 
> are not available and error log show:
> “ Forbidden: You are not authorized to perform the requested action: 
> rescope a scoped token. (HTTP 403)"
> All other tabs works properly.
> I think that is a keystone issue but i don't understand why with 
> openstack client works perfectly and with horizon not.
> Anyone can explain what i missed in migration?
> 
> Thanks a lot,
> Davide Panarese

Re: [Openstack] [Horizon][Keystone] Migration to keystone v3

2018-09-28 Thread Erik McCormick 
Add yourself as an admin of the domain. I think it uses a domain scored
token for that tab. In V2 you would have only been admin of a project.

-Erik

On Fri, Sep 28, 2018, 11:47 AM Davide Panarese  wrote:

> It’s not nova-compute that report the issue but keystone authentication on
> computing tab.
> As I said before, openstack cli working properly with all services, nova
> included.
>
>
>
> *Davide Panarese*
> Cloud & Solution Architect
>
> *Enter  |  The open network and cloud provider*
>
> Via privata Stefanardo da Vimercate, 28
> 20128 Milano
> enter.eu
>
> Mobile: +39 3386369591
> Phone: +39 02 25514 837
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>
> On 28 Sep 2018, at 14:52, Eugen Block  wrote:
>
> Since nova-compute reports that failure, what is your auth_url in
> /etc/nova/nova.conf in the [placement] section?
>
>
>
> Zitat von Davide Panarese :
>
> @Paul
> Yes keystone:5000 is my endpoint.
>
> @Eugen
> OPENSTACK_KEYSTONE_URL = "http://%s/v3 " % OPENSTACK_HOST
>
> Still not working.
>
>
> Davide Panarese
>
>
> On 28 Sep 2018, at 13:50, Eugen Block  wrote:
>
> Hi,
>
> what is your current horizon configuration?
>
> control:~ # grep KEYSTONE_URL
> /srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py
> OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3; % OPENSTACK_HOST
>
> Maybe this still configured to v2?
>
> Regards,
> Eugen
>
>
> Zitat von Davide Panarese :
>
> Goodmorning every one,
> i'm finally approaching migration to keystone v3 but i want to maintain
> keystone v2 compatibility for all users that have custom scripts for
> authentication to our openstack.
> Migration seems to be pretty simple, change endpoint direct into database
> changing http://keystone:5000/v2.0 to http://keystone:5000 <
> http://keystone:5000/>; Openstack client have the capability to add /v2.0
> or /v3 at the end of url retrieved from catalog.
> But i'm stuck with horizon dashboard, login works but compute information
> are not available and error log show:
> “ Forbidden: You are not authorized to perform the requested action:
> rescope a scoped token. (HTTP 403)"
> All other tabs works properly.
> I think that is a keystone issue but i don't understand why with openstack
> client works perfectly and with horizon not.
> Anyone can explain what i missed in migration?
>
> Thanks a lot,
> Davide Panarese
>
>
>
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
> --
> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non
> infetto.
> Seguire il link qui sotto per segnalarlo come spam:
> http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=D389145856.A899A
>
>
>
>
>
>
> --
> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non
> infetto.
> Seguire il link qui sotto per segnalarlo come spam:
> http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=9946B46CDF.A2B74
>
>
>
> ___
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Horizon][Keystone] Migration to keystone v3

2018-09-28 Thread Davide Panarese 
It’s not nova-compute that report the issue but keystone authentication on 
computing tab.
As I said before, openstack cli working properly with all services, nova 
included.



Davide Panarese
Cloud & Solution Architect

Enter  |  The open network and cloud provider

Via privata Stefanardo da Vimercate, 28 
20128 Milano
enter.eu

Mobile: +39 3386369591
Phone: +39 02 25514 837

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.

> On 28 Sep 2018, at 14:52, Eugen Block  wrote:
> 
> Since nova-compute reports that failure, what is your auth_url in 
> /etc/nova/nova.conf in the [placement] section?
> 
> 
> 
> Zitat von Davide Panarese :
> 
>> @Paul
>> Yes keystone:5000 is my endpoint.
>> 
>> @Eugen
>> OPENSTACK_KEYSTONE_URL = "http://%s/v3 " % OPENSTACK_HOST
>> 
>> Still not working.
>> 
>> 
>> Davide Panarese
>> 
>> 
>>> On 28 Sep 2018, at 13:50, Eugen Block  wrote:
>>> 
>>> Hi,
>>> 
>>> what is your current horizon configuration?
>>> 
>>> control:~ # grep KEYSTONE_URL 
>>> /srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py
>>> OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3; % OPENSTACK_HOST
>>> 
>>> Maybe this still configured to v2?
>>> 
>>> Regards,
>>> Eugen
>>> 
>>> 
>>> Zitat von Davide Panarese :
>>> 
 Goodmorning every one,
 i'm finally approaching migration to keystone v3 but i want to maintain 
 keystone v2 compatibility for all users that have custom scripts for 
 authentication to our openstack.
 Migration seems to be pretty simple, change endpoint direct into database 
 changing http://keystone:5000/v2.0 to http://keystone:5000 
 ; Openstack client have the capability to add /v2.0 
 or /v3 at the end of url retrieved from catalog.
 But i'm stuck with horizon dashboard, login works but compute information 
 are not available and error log show:
 “ Forbidden: You are not authorized to perform the requested action: 
 rescope a scoped token. (HTTP 403)"
 All other tabs works properly.
 I think that is a keystone issue but i don't understand why with openstack 
 client works perfectly and with horizon not.
 Anyone can explain what i missed in migration?
 
 Thanks a lot,
 Davide Panarese
>>> 
>>> 
>>> 
>>> 
>>> ___
>>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to : openstack@lists.openstack.org
>>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> 
>>> --
>>> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non 
>>> infetto.
>>> Seguire il link qui sotto per segnalarlo come 
>>> spam:http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=D389145856.A899A
>>> 
>>> 
> 
> 
> 
> 
> --
> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non 
> infetto.
> Seguire il link qui sotto per segnalarlo come 
> spam:http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=9946B46CDF.A2B74
> 
> 

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Horizon][Keystone] Migration to keystone v3

2018-09-28 Thread Davide Panarese 
@Paul
Yes keystone:5000 is my endpoint.

@Eugen
OPENSTACK_KEYSTONE_URL = "http://%s/v3 " % OPENSTACK_HOST

Still not working. 


Davide Panarese


> On 28 Sep 2018, at 13:50, Eugen Block  wrote:
> 
> Hi,
> 
> what is your current horizon configuration?
> 
> control:~ # grep KEYSTONE_URL 
> /srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py
> OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3; % OPENSTACK_HOST
> 
> Maybe this still configured to v2?
> 
> Regards,
> Eugen
> 
> 
> Zitat von Davide Panarese :
> 
>> Goodmorning every one,
>> i'm finally approaching migration to keystone v3 but i want to maintain 
>> keystone v2 compatibility for all users that have custom scripts for 
>> authentication to our openstack.
>> Migration seems to be pretty simple, change endpoint direct into database 
>> changing http://keystone:5000/v2.0 to http://keystone:5000 
>> ; Openstack client have the capability to add /v2.0 
>> or /v3 at the end of url retrieved from catalog.
>> But i'm stuck with horizon dashboard, login works but compute information 
>> are not available and error log show:
>> “ Forbidden: You are not authorized to perform the requested action: rescope 
>> a scoped token. (HTTP 403)"
>> All other tabs works properly.
>> I think that is a keystone issue but i don't understand why with openstack 
>> client works perfectly and with horizon not.
>> Anyone can explain what i missed in migration?
>> 
>> Thanks a lot,
>> Davide Panarese
> 
> 
> 
> 
> ___
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> 
> --
> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non 
> infetto.
> Seguire il link qui sotto per segnalarlo come 
> spam:http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=D389145856.A899A
> 
> 

___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Horizon][Keystone] Migration to keystone v3

2018-09-28 Thread Eugen Block 
Since nova-compute reports that failure, what is your auth_url in  
/etc/nova/nova.conf in the [placement] section?




Zitat von Davide Panarese :


@Paul
Yes keystone:5000 is my endpoint.

@Eugen
OPENSTACK_KEYSTONE_URL = "http://%s/v3 " % OPENSTACK_HOST

Still not working.


Davide Panarese



On 28 Sep 2018, at 13:50, Eugen Block  wrote:

Hi,

what is your current horizon configuration?

control:~ # grep KEYSTONE_URL  
/srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3; % OPENSTACK_HOST

Maybe this still configured to v2?

Regards,
Eugen


Zitat von Davide Panarese :


Goodmorning every one,
i'm finally approaching migration to keystone v3 but i want to  
maintain keystone v2 compatibility for all users that have custom  
scripts for authentication to our openstack.
Migration seems to be pretty simple, change endpoint direct into  
database changing http://keystone:5000/v2.0 to  
http://keystone:5000 ; Openstack client  
have the capability to add /v2.0 or /v3 at the end of url  
retrieved from catalog.
But i'm stuck with horizon dashboard, login works but compute  
information are not available and error log show:
“ Forbidden: You are not authorized to perform the requested  
action: rescope a scoped token. (HTTP 403)"

All other tabs works properly.
I think that is a keystone issue but i don't understand why with  
openstack client works perfectly and with horizon not.

Anyone can explain what i missed in migration?

Thanks a lot,
Davide Panarese





___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

--
Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato  
non infetto.
Seguire il link qui sotto per segnalarlo come  
spam:http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=D389145856.A899A








___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] [Horizon][Keystone] Migration to keystone v3

2018-09-28 Thread Eugen Block 

Hi,

what is your current horizon configuration?

control:~ # grep KEYSTONE_URL  
/srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3; % OPENSTACK_HOST

Maybe this still configured to v2?

Regards,
Eugen


Zitat von Davide Panarese :


Goodmorning every one,
i'm finally approaching migration to keystone v3 but i want to  
maintain keystone v2 compatibility for all users that have custom  
scripts for authentication to our openstack.
Migration seems to be pretty simple, change endpoint direct into  
database changing http://keystone:5000/v2.0 to http://keystone:5000  
; Openstack client have the capability to add  
/v2.0 or /v3 at the end of url retrieved from catalog.
But i'm stuck with horizon dashboard, login works but compute  
information are not available and error log show:
“ Forbidden: You are not authorized to perform the requested action:  
rescope a scoped token. (HTTP 403)"

All other tabs works properly.
I think that is a keystone issue but i don't understand why with  
openstack client works perfectly and with horizon not.

Anyone can explain what i missed in migration?

Thanks a lot,
Davide Panarese





___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

[Openstack] [Horizon][Keystone] Migration to keystone v3

2018-09-28 Thread Davide Panarese 
Goodmorning every one,
i'm finally approaching migration to keystone v3 but i want to maintain 
keystone v2 compatibility for all users that have custom scripts for 
authentication to our openstack.
Migration seems to be pretty simple, change endpoint direct into database 
changing http://keystone:5000/v2.0 to http://keystone:5000 
; Openstack client have the capability to add /v2.0 or 
/v3 at the end of url retrieved from catalog.
But i'm stuck with horizon dashboard, login works but compute information are 
not available and error log show:
“ Forbidden: You are not authorized to perform the requested action: rescope a 
scoped token. (HTTP 403)"
All other tabs works properly.
I think that is a keystone issue but i don't understand why with openstack 
client works perfectly and with horizon not.
Anyone can explain what i missed in migration?

Thanks a lot,
Davide Panarese
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack