subject:"Re\: \[openstack\-dev\] Keystone Authorization Failed\: Forbidden \(HTTP 403\)"

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dhvanan Shah

Hi,

Problem resolved.

curl 10.16.37.221:5000 returned access denied. So I added a no proxy for
the host ip in the browser after which it began returning the JSON data.
After this I exported the same in my keystone_adminrc file as Chinmaya
pointed out. That solved the problem and it no longer gives the forbidden
error.

But the funny thing here is that I have had this setup running for quite
some time now and I have not added a no_proxy for the host ip and I also
haven't faced this issue before. So I am not sure what triggered this error
here now.

Thanks a lot for your inputs.

On Wed, Apr 27, 2016 at 5:30 PM, Dolph Mathews 
wrote:

>
> On Wed, Apr 27, 2016 at 6:53 AM, Dhvanan Shah  wrote:
>
>> Hi,
>>
>> Enabling the debug flag didn't give any additional information.
>>
>> 2 node Cluster means that I have one controller that also runs the
>> compute and an additional compute node, thus 2 node OpenStack Cluster.
>>
>> The problem here is not with the password as I am able to log in through
>> the dashboard. Any action performed gives a Forbidden error and
>> authorization failed for keystone.
>>
>> Any other things that I could look at?
>>
>
> Another long shot, but you might have an unintended surprise in your
> environment.
>
>   $ env | grep ^OS_
>
> More likely though, I'm guessing you don't actually have the "admin" role
> on the "admin" tenant that you're expecting. The 403 is indicating that you
> are authenticated successfully (your password is correct), but you don't
> have authorization to make the request (listing users, for example). You'd
> be able to login to horizon and spin up a VM, or do the same from the CLI,
> but not make the requests you're using to exercise the cloud admin role.
>
>
>> On Wed, Apr 27, 2016 at 4:55 PM, Dolph Mathews 
>> wrote:
>>
>>> Depending on which release of keystone you're running, try enabling
>>> either insecure_debug (more recent releases) or debug (older releases) to
>>> true in keystone.conf to get more detailed error messages from keystone.
>>>
>>>
>>> https://github.com/openstack/keystone/blob/3c4fe622ac5da00b04ccc8bc4e207a2e9ab0f863/etc/keystone.conf.sample#L87-L91
>>>
>>> That said, your configuration looks entirely correct to me, so I'm
>>> curious what the outcome is here. The only other red flag I see is that you
>>> mentioned a "2 node OpenStack cluster", and I'm not sure what that means in
>>> this context, exactly. How are the 2 nodes utilized?
>>>
>>> On Wed, Apr 27, 2016 at 5:43 AM, Dhvanan Shah  wrote:
>>>
 keystone --debug user-list gives this:

 /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
 DeprecationWarning: The keystone CLI is deprecated in favor of
 python-openstackclient. For a Python library, continue using
 python-keystoneclient.
   'python-keystoneclient.', DeprecationWarning)
 DEBUG:keystoneclient.auth.identity.v2:Making authentication request to
 http://10.16.37.221:5000/v2.0/tokens
 INFO:requests.packages.urllib3.connectionpool:Starting new HTTP
 connection (1): proxy.serc.iisc.ernet.in
 DEBUG:requests.packages.urllib3.connectionpool:"POST
 http://10.16.37.221:5000/v2.0/tokens HTTP/1.1" 403 3370
 DEBUG:keystoneclient.session:Request returned failure status: 403
 Authorization Failed: Forbidden (HTTP 403)

 nova --debug user list gives this:

 DEBUG (session:195) REQ: curl -g -i -X GET
 http://10.16.37.221:5000/v2.0 -H "Accept: application/json" -H
 "User-Agent: python-keystoneclient"
 INFO (connectionpool:203) Starting new HTTP connection (1):
 proxy.serc.iisc.ernet.in
 DEBUG (connectionpool:383) "GET http://10.16.37.221:5000/v2.0
 HTTP/1.1" 403 3275
 DEBUG (session:224) RESP:
 DEBUG (session:396) Request returned failure status: 403
 WARNING (base:133) Discovering versions from the identity service
 failed when creating the password plugin. Attempting to determine version
 from URL.
 DEBUG (v2:76) Making authentication request to
 http://10.16.37.221:5000/v2.0/tokens
 DEBUG (connectionpool:383) "POST http://10.16.37.221:5000/v2.0/tokens
 HTTP/1.1" 403 3370
 DEBUG (session:396) Request returned failure status: 403
 DEBUG (shell:914) Forbidden (HTTP 403)
 Forbidden: Forbidden (HTTP 403)
 ERROR (Forbidden): Forbidden (HTTP 403)

 On Wed, Apr 27, 2016 at 3:12 PM, Dhvanan Shah 
 wrote:

> On running openstack-status this is what I get (all the services are
> running, so not included that here)
>
> == Keystone users ==
> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
> DeprecationWarning: The keystone CLI is deprecated in favor of
> python-openstackclient. For a Python library, continue using
> python-keystoneclient.
>   'python-keystoneclient.', DeprecationWarning)
> Authorization

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dolph Mathews

On Wed, Apr 27, 2016 at 6:53 AM, Dhvanan Shah  wrote:

> Hi,
>
> Enabling the debug flag didn't give any additional information.
>
> 2 node Cluster means that I have one controller that also runs the compute
> and an additional compute node, thus 2 node OpenStack Cluster.
>
> The problem here is not with the password as I am able to log in through
> the dashboard. Any action performed gives a Forbidden error and
> authorization failed for keystone.
>
> Any other things that I could look at?
>

Another long shot, but you might have an unintended surprise in your
environment.

  $ env | grep ^OS_

More likely though, I'm guessing you don't actually have the "admin" role
on the "admin" tenant that you're expecting. The 403 is indicating that you
are authenticated successfully (your password is correct), but you don't
have authorization to make the request (listing users, for example). You'd
be able to login to horizon and spin up a VM, or do the same from the CLI,
but not make the requests you're using to exercise the cloud admin role.

> On Wed, Apr 27, 2016 at 4:55 PM, Dolph Mathews 
> wrote:
>
>> Depending on which release of keystone you're running, try enabling
>> either insecure_debug (more recent releases) or debug (older releases) to
>> true in keystone.conf to get more detailed error messages from keystone.
>>
>>
>> https://github.com/openstack/keystone/blob/3c4fe622ac5da00b04ccc8bc4e207a2e9ab0f863/etc/keystone.conf.sample#L87-L91
>>
>> That said, your configuration looks entirely correct to me, so I'm
>> curious what the outcome is here. The only other red flag I see is that you
>> mentioned a "2 node OpenStack cluster", and I'm not sure what that means in
>> this context, exactly. How are the 2 nodes utilized?
>>
>> On Wed, Apr 27, 2016 at 5:43 AM, Dhvanan Shah  wrote:
>>
>>> keystone --debug user-list gives this:
>>>
>>> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
>>> DeprecationWarning: The keystone CLI is deprecated in favor of
>>> python-openstackclient. For a Python library, continue using
>>> python-keystoneclient.
>>>   'python-keystoneclient.', DeprecationWarning)
>>> DEBUG:keystoneclient.auth.identity.v2:Making authentication request to
>>> http://10.16.37.221:5000/v2.0/tokens
>>> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP
>>> connection (1): proxy.serc.iisc.ernet.in
>>> DEBUG:requests.packages.urllib3.connectionpool:"POST
>>> http://10.16.37.221:5000/v2.0/tokens HTTP/1.1" 403 3370
>>> DEBUG:keystoneclient.session:Request returned failure status: 403
>>> Authorization Failed: Forbidden (HTTP 403)
>>>
>>> nova --debug user list gives this:
>>>
>>> DEBUG (session:195) REQ: curl -g -i -X GET http://10.16.37.221:5000/v2.0
>>> -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
>>> INFO (connectionpool:203) Starting new HTTP connection (1):
>>> proxy.serc.iisc.ernet.in
>>> DEBUG (connectionpool:383) "GET http://10.16.37.221:5000/v2.0 HTTP/1.1"
>>> 403 3275
>>> DEBUG (session:224) RESP:
>>> DEBUG (session:396) Request returned failure status: 403
>>> WARNING (base:133) Discovering versions from the identity service failed
>>> when creating the password plugin. Attempting to determine version from URL.
>>> DEBUG (v2:76) Making authentication request to
>>> http://10.16.37.221:5000/v2.0/tokens
>>> DEBUG (connectionpool:383) "POST http://10.16.37.221:5000/v2.0/tokens
>>> HTTP/1.1" 403 3370
>>> DEBUG (session:396) Request returned failure status: 403
>>> DEBUG (shell:914) Forbidden (HTTP 403)
>>> Forbidden: Forbidden (HTTP 403)
>>> ERROR (Forbidden): Forbidden (HTTP 403)
>>>
>>>
>>>
>>> On Wed, Apr 27, 2016 at 3:12 PM, Dhvanan Shah  wrote:
>>>
 On running openstack-status this is what I get (all the services are
 running, so not included that here)

 == Keystone users ==
 /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
 DeprecationWarning: The keystone CLI is deprecated in favor of
 python-openstackclient. For a Python library, continue using
 python-keystoneclient.
   'python-keystoneclient.', DeprecationWarning)
 Authorization Failed: Forbidden (HTTP 403)
 == Glance images ==
 Forbidden (HTTP 403)
 == Nova managed services ==
 No handlers could be found for logger
 "keystoneclient.auth.identity.generic.base"
 ERROR (Forbidden): Forbidden (HTTP 403)
 == Nova networks ==
 No handlers could be found for logger
 "keystoneclient.auth.identity.generic.base"
 ERROR (Forbidden): Forbidden (HTTP 403)
 == Nova instance flavors ==
 No handlers could be found for logger
 "keystoneclient.auth.identity.generic.base"
 ERROR (Forbidden): Forbidden (HTTP 403)
 == Nova instances ==
 No handlers could be found for logger
 "keystoneclient.auth.identity.generic.base"
 ERROR (Forbidden): Forbidden (HTTP 403)

 On Wed, Apr 27, 2016 at 3:09 PM,

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Chinmaya Bharadwaj

Hi,

Looks like its connecting to proxy first,

Starting new HTTP connection (1): proxy.serc.iisc.ernet.in



Try
export no_proxy= 

#Chinmaya

On 27 April 2016 at 17:23, Dhvanan Shah  wrote:

> Hi,
>
> Enabling the debug flag didn't give any additional information.
>
> 2 node Cluster means that I have one controller that also runs the compute
> and an additional compute node, thus 2 node OpenStack Cluster.
>
> The problem here is not with the password as I am able to log in through
> the dashboard. Any action performed gives a Forbidden error and
> authorization failed for keystone.
>
> Any other things that I could look at?
>
> On Wed, Apr 27, 2016 at 4:55 PM, Dolph Mathews 
> wrote:
>
>> Depending on which release of keystone you're running, try enabling
>> either insecure_debug (more recent releases) or debug (older releases) to
>> true in keystone.conf to get more detailed error messages from keystone.
>>
>>
>> https://github.com/openstack/keystone/blob/3c4fe622ac5da00b04ccc8bc4e207a2e9ab0f863/etc/keystone.conf.sample#L87-L91
>>
>> That said, your configuration looks entirely correct to me, so I'm
>> curious what the outcome is here. The only other red flag I see is that you
>> mentioned a "2 node OpenStack cluster", and I'm not sure what that means in
>> this context, exactly. How are the 2 nodes utilized?
>>
>> On Wed, Apr 27, 2016 at 5:43 AM, Dhvanan Shah  wrote:
>>
>>> keystone --debug user-list gives this:
>>>
>>> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
>>> DeprecationWarning: The keystone CLI is deprecated in favor of
>>> python-openstackclient. For a Python library, continue using
>>> python-keystoneclient.
>>>   'python-keystoneclient.', DeprecationWarning)
>>> DEBUG:keystoneclient.auth.identity.v2:Making authentication request to
>>> http://10.16.37.221:5000/v2.0/tokens
>>> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP
>>> connection (1): proxy.serc.iisc.ernet.in
>>> DEBUG:requests.packages.urllib3.connectionpool:"POST
>>> http://10.16.37.221:5000/v2.0/tokens HTTP/1.1" 403 3370
>>> DEBUG:keystoneclient.session:Request returned failure status: 403
>>> Authorization Failed: Forbidden (HTTP 403)
>>>
>>> nova --debug user list gives this:
>>>
>>> DEBUG (session:195) REQ: curl -g -i -X GET http://10.16.37.221:5000/v2.0
>>> -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
>>> INFO (connectionpool:203) Starting new HTTP connection (1):
>>> proxy.serc.iisc.ernet.in
>>> DEBUG (connectionpool:383) "GET http://10.16.37.221:5000/v2.0 HTTP/1.1"
>>> 403 3275
>>> DEBUG (session:224) RESP:
>>> DEBUG (session:396) Request returned failure status: 403
>>> WARNING (base:133) Discovering versions from the identity service failed
>>> when creating the password plugin. Attempting to determine version from URL.
>>> DEBUG (v2:76) Making authentication request to
>>> http://10.16.37.221:5000/v2.0/tokens
>>> DEBUG (connectionpool:383) "POST http://10.16.37.221:5000/v2.0/tokens
>>> HTTP/1.1" 403 3370
>>> DEBUG (session:396) Request returned failure status: 403
>>> DEBUG (shell:914) Forbidden (HTTP 403)
>>> Forbidden: Forbidden (HTTP 403)
>>> ERROR (Forbidden): Forbidden (HTTP 403)
>>>
>>>
>>>
>>> On Wed, Apr 27, 2016 at 3:12 PM, Dhvanan Shah  wrote:
>>>
 On running openstack-status this is what I get (all the services are
 running, so not included that here)

 == Keystone users ==
 /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
 DeprecationWarning: The keystone CLI is deprecated in favor of
 python-openstackclient. For a Python library, continue using
 python-keystoneclient.
   'python-keystoneclient.', DeprecationWarning)
 Authorization Failed: Forbidden (HTTP 403)
 == Glance images ==
 Forbidden (HTTP 403)
 == Nova managed services ==
 No handlers could be found for logger
 "keystoneclient.auth.identity.generic.base"
 ERROR (Forbidden): Forbidden (HTTP 403)
 == Nova networks ==
 No handlers could be found for logger
 "keystoneclient.auth.identity.generic.base"
 ERROR (Forbidden): Forbidden (HTTP 403)
 == Nova instance flavors ==
 No handlers could be found for logger
 "keystoneclient.auth.identity.generic.base"
 ERROR (Forbidden): Forbidden (HTTP 403)
 == Nova instances ==
 No handlers could be found for logger
 "keystoneclient.auth.identity.generic.base"
 ERROR (Forbidden): Forbidden (HTTP 403)


 On Wed, Apr 27, 2016 at 3:09 PM, Dhvanan Shah 
 wrote:

> Hi Jens,
>
> The password is correct when I echo $OS_PASSWORD.
> I downloaded the admin-openrc.sh file from the dashboard and sourced.
> I ran a nova list after that:
> No handlers could be found for logger
> "keystoneclient.auth.identity.generic.base"
> ERROR (Forbidden): Forbidden (HTTP 403)
>
> It still gives the error

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Jens Rosenboom

2016-04-27 12:43 GMT+02:00 Dhvanan Shah :
> keystone --debug user-list gives this:
>
> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
> DeprecationWarning: The keystone CLI is deprecated in favor of
> python-openstackclient. For a Python library, continue using
> python-keystoneclient.
>   'python-keystoneclient.', DeprecationWarning)
> DEBUG:keystoneclient.auth.identity.v2:Making authentication request to
> http://10.16.37.221:5000/v2.0/tokens
> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection
> (1): proxy.serc.iisc.ernet.in

After taking another look, this line looks suspicous, where does this
proxy get configured? It seems like it might be blocking access to
your keystone service. What is the output if you do a "curl
http://10.16.37.221:5000/v2.0;?

> DEBUG:requests.packages.urllib3.connectionpool:"POST
> http://10.16.37.221:5000/v2.0/tokens HTTP/1.1" 403 3370
> DEBUG:keystoneclient.session:Request returned failure status: 403
> Authorization Failed: Forbidden (HTTP 403)
>
> nova --debug user list gives this:
>
> DEBUG (session:195) REQ: curl -g -i -X GET http://10.16.37.221:5000/v2.0 -H
> "Accept: application/json" -H "User-Agent: python-keystoneclient"
> INFO (connectionpool:203) Starting new HTTP connection (1):
> proxy.serc.iisc.ernet.in
> DEBUG (connectionpool:383) "GET http://10.16.37.221:5000/v2.0 HTTP/1.1" 403
> 3275
> DEBUG (session:224) RESP:
> DEBUG (session:396) Request returned failure status: 403
> WARNING (base:133) Discovering versions from the identity service failed
> when creating the password plugin. Attempting to determine version from URL.
> DEBUG (v2:76) Making authentication request to
> http://10.16.37.221:5000/v2.0/tokens
> DEBUG (connectionpool:383) "POST http://10.16.37.221:5000/v2.0/tokens
> HTTP/1.1" 403 3370
> DEBUG (session:396) Request returned failure status: 403
> DEBUG (shell:914) Forbidden (HTTP 403)
> Forbidden: Forbidden (HTTP 403)
> ERROR (Forbidden): Forbidden (HTTP 403)

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dhvanan Shah

Hi,

Enabling the debug flag didn't give any additional information.

2 node Cluster means that I have one controller that also runs the compute
and an additional compute node, thus 2 node OpenStack Cluster.

The problem here is not with the password as I am able to log in through
the dashboard. Any action performed gives a Forbidden error and
authorization failed for keystone.

Any other things that I could look at?

On Wed, Apr 27, 2016 at 4:55 PM, Dolph Mathews 
wrote:

> Depending on which release of keystone you're running, try enabling either
> insecure_debug (more recent releases) or debug (older releases) to true in
> keystone.conf to get more detailed error messages from keystone.
>
>
> https://github.com/openstack/keystone/blob/3c4fe622ac5da00b04ccc8bc4e207a2e9ab0f863/etc/keystone.conf.sample#L87-L91
>
> That said, your configuration looks entirely correct to me, so I'm curious
> what the outcome is here. The only other red flag I see is that you
> mentioned a "2 node OpenStack cluster", and I'm not sure what that means in
> this context, exactly. How are the 2 nodes utilized?
>
> On Wed, Apr 27, 2016 at 5:43 AM, Dhvanan Shah  wrote:
>
>> keystone --debug user-list gives this:
>>
>> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
>> DeprecationWarning: The keystone CLI is deprecated in favor of
>> python-openstackclient. For a Python library, continue using
>> python-keystoneclient.
>>   'python-keystoneclient.', DeprecationWarning)
>> DEBUG:keystoneclient.auth.identity.v2:Making authentication request to
>> http://10.16.37.221:5000/v2.0/tokens
>> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP
>> connection (1): proxy.serc.iisc.ernet.in
>> DEBUG:requests.packages.urllib3.connectionpool:"POST
>> http://10.16.37.221:5000/v2.0/tokens HTTP/1.1" 403 3370
>> DEBUG:keystoneclient.session:Request returned failure status: 403
>> Authorization Failed: Forbidden (HTTP 403)
>>
>> nova --debug user list gives this:
>>
>> DEBUG (session:195) REQ: curl -g -i -X GET http://10.16.37.221:5000/v2.0
>> -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
>> INFO (connectionpool:203) Starting new HTTP connection (1):
>> proxy.serc.iisc.ernet.in
>> DEBUG (connectionpool:383) "GET http://10.16.37.221:5000/v2.0 HTTP/1.1"
>> 403 3275
>> DEBUG (session:224) RESP:
>> DEBUG (session:396) Request returned failure status: 403
>> WARNING (base:133) Discovering versions from the identity service failed
>> when creating the password plugin. Attempting to determine version from URL.
>> DEBUG (v2:76) Making authentication request to
>> http://10.16.37.221:5000/v2.0/tokens
>> DEBUG (connectionpool:383) "POST http://10.16.37.221:5000/v2.0/tokens
>> HTTP/1.1" 403 3370
>> DEBUG (session:396) Request returned failure status: 403
>> DEBUG (shell:914) Forbidden (HTTP 403)
>> Forbidden: Forbidden (HTTP 403)
>> ERROR (Forbidden): Forbidden (HTTP 403)
>>
>>
>>
>> On Wed, Apr 27, 2016 at 3:12 PM, Dhvanan Shah  wrote:
>>
>>> On running openstack-status this is what I get (all the services are
>>> running, so not included that here)
>>>
>>> == Keystone users ==
>>> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
>>> DeprecationWarning: The keystone CLI is deprecated in favor of
>>> python-openstackclient. For a Python library, continue using
>>> python-keystoneclient.
>>>   'python-keystoneclient.', DeprecationWarning)
>>> Authorization Failed: Forbidden (HTTP 403)
>>> == Glance images ==
>>> Forbidden (HTTP 403)
>>> == Nova managed services ==
>>> No handlers could be found for logger
>>> "keystoneclient.auth.identity.generic.base"
>>> ERROR (Forbidden): Forbidden (HTTP 403)
>>> == Nova networks ==
>>> No handlers could be found for logger
>>> "keystoneclient.auth.identity.generic.base"
>>> ERROR (Forbidden): Forbidden (HTTP 403)
>>> == Nova instance flavors ==
>>> No handlers could be found for logger
>>> "keystoneclient.auth.identity.generic.base"
>>> ERROR (Forbidden): Forbidden (HTTP 403)
>>> == Nova instances ==
>>> No handlers could be found for logger
>>> "keystoneclient.auth.identity.generic.base"
>>> ERROR (Forbidden): Forbidden (HTTP 403)
>>>
>>>
>>> On Wed, Apr 27, 2016 at 3:09 PM, Dhvanan Shah  wrote:
>>>
 Hi Jens,

 The password is correct when I echo $OS_PASSWORD.
 I downloaded the admin-openrc.sh file from the dashboard and sourced. I
 ran a nova list after that:
 No handlers could be found for logger
 "keystoneclient.auth.identity.generic.base"
 ERROR (Forbidden): Forbidden (HTTP 403)

 It still gives the error of forbidden access.
 I think the password is not the issue. Forbidden access might be
 something else. Do you want me to share anything else?

 On Wed, Apr 27, 2016 at 2:56 PM, Jens Rosenboom 
 wrote:

> 2016-04-27 10:30 GMT+02:00 Dhvanan Shah :
> > UPDATE:
> > I

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dolph Mathews

Depending on which release of keystone you're running, try enabling either
insecure_debug (more recent releases) or debug (older releases) to true in
keystone.conf to get more detailed error messages from keystone.

https://github.com/openstack/keystone/blob/3c4fe622ac5da00b04ccc8bc4e207a2e9ab0f863/etc/keystone.conf.sample#L87-L91

That said, your configuration looks entirely correct to me, so I'm curious
what the outcome is here. The only other red flag I see is that you
mentioned a "2 node OpenStack cluster", and I'm not sure what that means in
this context, exactly. How are the 2 nodes utilized?

On Wed, Apr 27, 2016 at 5:43 AM, Dhvanan Shah  wrote:

> keystone --debug user-list gives this:
>
> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
> DeprecationWarning: The keystone CLI is deprecated in favor of
> python-openstackclient. For a Python library, continue using
> python-keystoneclient.
>   'python-keystoneclient.', DeprecationWarning)
> DEBUG:keystoneclient.auth.identity.v2:Making authentication request to
> http://10.16.37.221:5000/v2.0/tokens
> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection
> (1): proxy.serc.iisc.ernet.in
> DEBUG:requests.packages.urllib3.connectionpool:"POST
> http://10.16.37.221:5000/v2.0/tokens HTTP/1.1" 403 3370
> DEBUG:keystoneclient.session:Request returned failure status: 403
> Authorization Failed: Forbidden (HTTP 403)
>
> nova --debug user list gives this:
>
> DEBUG (session:195) REQ: curl -g -i -X GET http://10.16.37.221:5000/v2.0
> -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
> INFO (connectionpool:203) Starting new HTTP connection (1):
> proxy.serc.iisc.ernet.in
> DEBUG (connectionpool:383) "GET http://10.16.37.221:5000/v2.0 HTTP/1.1"
> 403 3275
> DEBUG (session:224) RESP:
> DEBUG (session:396) Request returned failure status: 403
> WARNING (base:133) Discovering versions from the identity service failed
> when creating the password plugin. Attempting to determine version from URL.
> DEBUG (v2:76) Making authentication request to
> http://10.16.37.221:5000/v2.0/tokens
> DEBUG (connectionpool:383) "POST http://10.16.37.221:5000/v2.0/tokens
> HTTP/1.1" 403 3370
> DEBUG (session:396) Request returned failure status: 403
> DEBUG (shell:914) Forbidden (HTTP 403)
> Forbidden: Forbidden (HTTP 403)
> ERROR (Forbidden): Forbidden (HTTP 403)
>
>
>
> On Wed, Apr 27, 2016 at 3:12 PM, Dhvanan Shah  wrote:
>
>> On running openstack-status this is what I get (all the services are
>> running, so not included that here)
>>
>> == Keystone users ==
>> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
>> DeprecationWarning: The keystone CLI is deprecated in favor of
>> python-openstackclient. For a Python library, continue using
>> python-keystoneclient.
>>   'python-keystoneclient.', DeprecationWarning)
>> Authorization Failed: Forbidden (HTTP 403)
>> == Glance images ==
>> Forbidden (HTTP 403)
>> == Nova managed services ==
>> No handlers could be found for logger
>> "keystoneclient.auth.identity.generic.base"
>> ERROR (Forbidden): Forbidden (HTTP 403)
>> == Nova networks ==
>> No handlers could be found for logger
>> "keystoneclient.auth.identity.generic.base"
>> ERROR (Forbidden): Forbidden (HTTP 403)
>> == Nova instance flavors ==
>> No handlers could be found for logger
>> "keystoneclient.auth.identity.generic.base"
>> ERROR (Forbidden): Forbidden (HTTP 403)
>> == Nova instances ==
>> No handlers could be found for logger
>> "keystoneclient.auth.identity.generic.base"
>> ERROR (Forbidden): Forbidden (HTTP 403)
>>
>>
>> On Wed, Apr 27, 2016 at 3:09 PM, Dhvanan Shah  wrote:
>>
>>> Hi Jens,
>>>
>>> The password is correct when I echo $OS_PASSWORD.
>>> I downloaded the admin-openrc.sh file from the dashboard and sourced. I
>>> ran a nova list after that:
>>> No handlers could be found for logger
>>> "keystoneclient.auth.identity.generic.base"
>>> ERROR (Forbidden): Forbidden (HTTP 403)
>>>
>>> It still gives the error of forbidden access.
>>> I think the password is not the issue. Forbidden access might be
>>> something else. Do you want me to share anything else?
>>>
>>> On Wed, Apr 27, 2016 at 2:56 PM, Jens Rosenboom 
>>> wrote:
>>>
 2016-04-27 10:30 GMT+02:00 Dhvanan Shah :
 > UPDATE:
 > I am able to log into Horizon and perform all actions without any
 issue but
 > on my terminal, I am not able to do the same. The password that I
 thought
 > was wrong is not the issue as I logged in with the same password.
 > My keystone_adminrc file looks like this:
 >
 > unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
 > export OS_USERNAME=admin
 > export OS_PASSWORD=
 > export OS_AUTH_URL=http://10.16.37.221:35357/v2.0
 > export PS1='[\u@\h \W(keystone_admin)]\$ '
 >
 > export OS_TENANT_NAME=admin
 > export OS_REGION_NAME=RegionOne
 >
 >

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dhvanan Shah

keystone --debug user-list gives this:

/usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
DeprecationWarning: The keystone CLI is deprecated in favor of
python-openstackclient. For a Python library, continue using
python-keystoneclient.
  'python-keystoneclient.', DeprecationWarning)
DEBUG:keystoneclient.auth.identity.v2:Making authentication request to
http://10.16.37.221:5000/v2.0/tokens
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection
(1): proxy.serc.iisc.ernet.in
DEBUG:requests.packages.urllib3.connectionpool:"POST
http://10.16.37.221:5000/v2.0/tokens HTTP/1.1" 403 3370
DEBUG:keystoneclient.session:Request returned failure status: 403
Authorization Failed: Forbidden (HTTP 403)

nova --debug user list gives this:

DEBUG (session:195) REQ: curl -g -i -X GET http://10.16.37.221:5000/v2.0 -H
"Accept: application/json" -H "User-Agent: python-keystoneclient"
INFO (connectionpool:203) Starting new HTTP connection (1):
proxy.serc.iisc.ernet.in
DEBUG (connectionpool:383) "GET http://10.16.37.221:5000/v2.0 HTTP/1.1" 403
3275
DEBUG (session:224) RESP:
DEBUG (session:396) Request returned failure status: 403
WARNING (base:133) Discovering versions from the identity service failed
when creating the password plugin. Attempting to determine version from URL.
DEBUG (v2:76) Making authentication request to
http://10.16.37.221:5000/v2.0/tokens
DEBUG (connectionpool:383) "POST http://10.16.37.221:5000/v2.0/tokens
HTTP/1.1" 403 3370
DEBUG (session:396) Request returned failure status: 403
DEBUG (shell:914) Forbidden (HTTP 403)
Forbidden: Forbidden (HTTP 403)
ERROR (Forbidden): Forbidden (HTTP 403)

On Wed, Apr 27, 2016 at 3:12 PM, Dhvanan Shah  wrote:

> On running openstack-status this is what I get (all the services are
> running, so not included that here)
>
> == Keystone users ==
> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
> DeprecationWarning: The keystone CLI is deprecated in favor of
> python-openstackclient. For a Python library, continue using
> python-keystoneclient.
>   'python-keystoneclient.', DeprecationWarning)
> Authorization Failed: Forbidden (HTTP 403)
> == Glance images ==
> Forbidden (HTTP 403)
> == Nova managed services ==
> No handlers could be found for logger
> "keystoneclient.auth.identity.generic.base"
> ERROR (Forbidden): Forbidden (HTTP 403)
> == Nova networks ==
> No handlers could be found for logger
> "keystoneclient.auth.identity.generic.base"
> ERROR (Forbidden): Forbidden (HTTP 403)
> == Nova instance flavors ==
> No handlers could be found for logger
> "keystoneclient.auth.identity.generic.base"
> ERROR (Forbidden): Forbidden (HTTP 403)
> == Nova instances ==
> No handlers could be found for logger
> "keystoneclient.auth.identity.generic.base"
> ERROR (Forbidden): Forbidden (HTTP 403)
>
>
> On Wed, Apr 27, 2016 at 3:09 PM, Dhvanan Shah  wrote:
>
>> Hi Jens,
>>
>> The password is correct when I echo $OS_PASSWORD.
>> I downloaded the admin-openrc.sh file from the dashboard and sourced. I
>> ran a nova list after that:
>> No handlers could be found for logger
>> "keystoneclient.auth.identity.generic.base"
>> ERROR (Forbidden): Forbidden (HTTP 403)
>>
>> It still gives the error of forbidden access.
>> I think the password is not the issue. Forbidden access might be
>> something else. Do you want me to share anything else?
>>
>> On Wed, Apr 27, 2016 at 2:56 PM, Jens Rosenboom 
>> wrote:
>>
>>> 2016-04-27 10:30 GMT+02:00 Dhvanan Shah :
>>> > UPDATE:
>>> > I am able to log into Horizon and perform all actions without any
>>> issue but
>>> > on my terminal, I am not able to do the same. The password that I
>>> thought
>>> > was wrong is not the issue as I logged in with the same password.
>>> > My keystone_adminrc file looks like this:
>>> >
>>> > unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
>>> > export OS_USERNAME=admin
>>> > export OS_PASSWORD=
>>> > export OS_AUTH_URL=http://10.16.37.221:35357/v2.0
>>> > export PS1='[\u@\h \W(keystone_admin)]\$ '
>>> >
>>> > export OS_TENANT_NAME=admin
>>> > export OS_REGION_NAME=RegionOne
>>> >
>>> >
>>> > Please suggest what I could do!
>>>
>>> Does your password contain special characters that might get mangled
>>> by the shell? You could compare the output of "echo $OS_PASSWORD" to
>>> verify.
>>>
>>> Otherwise, if the dashboard is working for you, you can go to
>>> Project/Compute/Access/API Access and use the "Download
>>> OpenStack RC File" link there.
>>>
>>>
>>> __
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
>>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>
>>
>>
>> --
>> Dhvanan Shah
>>
>
>
>
> --
> Dhvanan Shah
>

-- 
Dhvanan Shah

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dhvanan Shah

On running openstack-status this is what I get (all the services are
running, so not included that here)

== Keystone users ==
/usr/lib/python2.7/site-packages/keystoneclient/shell.py:65:
DeprecationWarning: The keystone CLI is deprecated in favor of
python-openstackclient. For a Python library, continue using
python-keystoneclient.
  'python-keystoneclient.', DeprecationWarning)
Authorization Failed: Forbidden (HTTP 403)
== Glance images ==
Forbidden (HTTP 403)
== Nova managed services ==
No handlers could be found for logger
"keystoneclient.auth.identity.generic.base"
ERROR (Forbidden): Forbidden (HTTP 403)
== Nova networks ==
No handlers could be found for logger
"keystoneclient.auth.identity.generic.base"
ERROR (Forbidden): Forbidden (HTTP 403)
== Nova instance flavors ==
No handlers could be found for logger
"keystoneclient.auth.identity.generic.base"
ERROR (Forbidden): Forbidden (HTTP 403)
== Nova instances ==
No handlers could be found for logger
"keystoneclient.auth.identity.generic.base"
ERROR (Forbidden): Forbidden (HTTP 403)

On Wed, Apr 27, 2016 at 3:09 PM, Dhvanan Shah  wrote:

> Hi Jens,
>
> The password is correct when I echo $OS_PASSWORD.
> I downloaded the admin-openrc.sh file from the dashboard and sourced. I
> ran a nova list after that:
> No handlers could be found for logger
> "keystoneclient.auth.identity.generic.base"
> ERROR (Forbidden): Forbidden (HTTP 403)
>
> It still gives the error of forbidden access.
> I think the password is not the issue. Forbidden access might be something
> else. Do you want me to share anything else?
>
> On Wed, Apr 27, 2016 at 2:56 PM, Jens Rosenboom 
> wrote:
>
>> 2016-04-27 10:30 GMT+02:00 Dhvanan Shah :
>> > UPDATE:
>> > I am able to log into Horizon and perform all actions without any issue
>> but
>> > on my terminal, I am not able to do the same. The password that I
>> thought
>> > was wrong is not the issue as I logged in with the same password.
>> > My keystone_adminrc file looks like this:
>> >
>> > unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
>> > export OS_USERNAME=admin
>> > export OS_PASSWORD=
>> > export OS_AUTH_URL=http://10.16.37.221:35357/v2.0
>> > export PS1='[\u@\h \W(keystone_admin)]\$ '
>> >
>> > export OS_TENANT_NAME=admin
>> > export OS_REGION_NAME=RegionOne
>> >
>> >
>> > Please suggest what I could do!
>>
>> Does your password contain special characters that might get mangled
>> by the shell? You could compare the output of "echo $OS_PASSWORD" to
>> verify.
>>
>> Otherwise, if the dashboard is working for you, you can go to
>> Project/Compute/Access/API Access and use the "Download
>> OpenStack RC File" link there.
>>
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
>
> --
> Dhvanan Shah
>

-- 
Dhvanan Shah
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dhvanan Shah

Hi Jens,

The password is correct when I echo $OS_PASSWORD.
I downloaded the admin-openrc.sh file from the dashboard and sourced. I ran
a nova list after that:
No handlers could be found for logger
"keystoneclient.auth.identity.generic.base"
ERROR (Forbidden): Forbidden (HTTP 403)

It still gives the error of forbidden access.
I think the password is not the issue. Forbidden access might be something
else. Do you want me to share anything else?

On Wed, Apr 27, 2016 at 2:56 PM, Jens Rosenboom 
wrote:

> 2016-04-27 10:30 GMT+02:00 Dhvanan Shah :
> > UPDATE:
> > I am able to log into Horizon and perform all actions without any issue
> but
> > on my terminal, I am not able to do the same. The password that I thought
> > was wrong is not the issue as I logged in with the same password.
> > My keystone_adminrc file looks like this:
> >
> > unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
> > export OS_USERNAME=admin
> > export OS_PASSWORD=
> > export OS_AUTH_URL=http://10.16.37.221:35357/v2.0
> > export PS1='[\u@\h \W(keystone_admin)]\$ '
> >
> > export OS_TENANT_NAME=admin
> > export OS_REGION_NAME=RegionOne
> >
> >
> > Please suggest what I could do!
>
> Does your password contain special characters that might get mangled
> by the shell? You could compare the output of "echo $OS_PASSWORD" to
> verify.
>
> Otherwise, if the dashboard is working for you, you can go to
> Project/Compute/Access/API Access and use the "Download
> OpenStack RC File" link there.
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Dhvanan Shah
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Jens Rosenboom

2016-04-27 10:30 GMT+02:00 Dhvanan Shah :
> UPDATE:
> I am able to log into Horizon and perform all actions without any issue but
> on my terminal, I am not able to do the same. The password that I thought
> was wrong is not the issue as I logged in with the same password.
> My keystone_adminrc file looks like this:
>
> unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
> export OS_USERNAME=admin
> export OS_PASSWORD=
> export OS_AUTH_URL=http://10.16.37.221:35357/v2.0
> export PS1='[\u@\h \W(keystone_admin)]\$ '
>
> export OS_TENANT_NAME=admin
> export OS_REGION_NAME=RegionOne
>
>
> Please suggest what I could do!

Does your password contain special characters that might get mangled
by the shell? You could compare the output of "echo $OS_PASSWORD" to
verify.

Otherwise, if the dashboard is working for you, you can go to
Project/Compute/Access/API Access and use the "Download
OpenStack RC File" link there.

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dhvanan Shah

UPDATE:
I am able to log into Horizon and perform all actions without any issue but
on my terminal, I am not able to do the same. The password that I thought
was wrong is not the issue as I logged in with the same password.
My keystone_adminrc file looks like this:

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
export OS_USERNAME=admin
export OS_PASSWORD=
export OS_AUTH_URL=http://10.16.37.221:35357/v2.0
export PS1='[\u@\h \W(keystone_admin)]\$ '

export OS_TENANT_NAME=admin
export OS_REGION_NAME=RegionOne


Please suggest what I could do!

On Wed, Apr 27, 2016 at 1:41 PM, Dhvanan Shah  wrote:

> All the services are running properly, it is just that the any action
> performed says I am not authenticated or Forbidden (403) which means that
> there is an authorization problem. In my keystone_adminrc file I have
> exported all the environment variables and also set the admin password. Can
> it be the case that this admin password is wrong because of which it is not
> authenticating the admin right. If so how can I change the admin password?
>
> On Wed, Apr 27, 2016 at 12:05 PM, Dhvanan Shah  wrote:
>
>> http://10.16.37.221:35357/v2.0/tokens/34e4b79b157a4526bc8ebb80b82cbf62
>>
>> This link corresponding to the above token shows this error message -
>>
>> {"error": {"message": "The request you have made requires authentication.", 
>> "code": 401, "title": "Unauthorized"}}
>>
>>
>> So there is a problem in authentication from the keystone.I haven't changed 
>> the admin password.
>>
>>
>> On Wed, Apr 27, 2016 at 12:01 PM, Dhvanan Shah  wrote:
>>
>>> Hi,
>>>
>>> I have a 2 node OpenStack cluster setup running on CentOS. Due to some
>>> reason now I'm unable to perform any actions as it is not able to authorize
>>> me, it shows an error message saying "Authorization Failed: Forbidden (HTTP
>>> 403)" for Keystone when I run the command openstack-status and for
>>> nova-managed services it says "No handlers could be found for logger
>>> "keystoneclient.auth.identity.generic.base"
>>> ERROR (Forbidden): Forbidden (HTTP 403)".
>>>
>>> The keystone logs at /var/log/keystone show no problem that might have
>>> occured.
>>> The nova api logs show this :
>>> 2016-04-27 04:18:31.279 4314 DEBUG keystoneclient.session [-] REQ: curl
>>> -g -i -X GET
>>> http://10.16.37.221:35357/v2.0/tokens/34e4b79b157a4526bc8ebb80b82cbf62
>>> -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H
>>> "X-Auth-Token: {SHA1}9d202e0a726633f660321097015cd9d67ac4df19"
>>> _http_log_request
>>> /usr/lib/python2.7/site-packages/keystoneclient/session.py:195
>>> 2016-04-27 04:18:31.290 4314 DEBUG keystoneclient.session [-] RESP:
>>> _http_log_response
>>> /usr/lib/python2.7/site-packages/keystoneclient/session.py:224
>>> 2016-04-27 04:18:31.290 4314 DEBUG keystoneclient.session [-] Request
>>> returned failure status: 404 request
>>> /usr/lib/python2.7/site-packages/keystoneclient/session.py:396
>>> 2016-04-27 04:18:31.290 4314 WARNING keystonemiddleware.auth_token [-]
>>> Authorization failed for token
>>> 2016-04-27 04:18:31.290 4314 WARNING keystonemiddleware.auth_token [-]
>>> Identity response: {"error": {"message": "Could not find token:
>>> 34e4b79b157a4526bc8ebb80b82cbf62", "code": 404, "title": "Not Found"}}
>>> 2016-04-27 04:18:31.290 4314 WARNING keystonemiddleware.auth_token [-]
>>> Authorization failed for token
>>>
>>>
>>> Could someone please help me out as to how I could debug this issue.
>>>
>>> Thanks,
>>> Dhvanan Shah
>>>
>>
>>
>>
>> --
>> Dhvanan Shah
>>
>
>
>
> --
> Dhvanan Shah
>



-- 
Dhvanan Shah
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dhvanan Shah

All the services are running properly, it is just that the any action
performed says I am not authenticated or Forbidden (403) which means that
there is an authorization problem. In my keystone_adminrc file I have
exported all the environment variables and also set the admin password. Can
it be the case that this admin password is wrong because of which it is not
authenticating the admin right. If so how can I change the admin password?

On Wed, Apr 27, 2016 at 12:05 PM, Dhvanan Shah  wrote:

> http://10.16.37.221:35357/v2.0/tokens/34e4b79b157a4526bc8ebb80b82cbf62
>
> This link corresponding to the above token shows this error message -
>
> {"error": {"message": "The request you have made requires authentication.", 
> "code": 401, "title": "Unauthorized"}}
>
>
> So there is a problem in authentication from the keystone.I haven't changed 
> the admin password.
>
>
> On Wed, Apr 27, 2016 at 12:01 PM, Dhvanan Shah  wrote:
>
>> Hi,
>>
>> I have a 2 node OpenStack cluster setup running on CentOS. Due to some
>> reason now I'm unable to perform any actions as it is not able to authorize
>> me, it shows an error message saying "Authorization Failed: Forbidden (HTTP
>> 403)" for Keystone when I run the command openstack-status and for
>> nova-managed services it says "No handlers could be found for logger
>> "keystoneclient.auth.identity.generic.base"
>> ERROR (Forbidden): Forbidden (HTTP 403)".
>>
>> The keystone logs at /var/log/keystone show no problem that might have
>> occured.
>> The nova api logs show this :
>> 2016-04-27 04:18:31.279 4314 DEBUG keystoneclient.session [-] REQ: curl
>> -g -i -X GET
>> http://10.16.37.221:35357/v2.0/tokens/34e4b79b157a4526bc8ebb80b82cbf62
>> -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H
>> "X-Auth-Token: {SHA1}9d202e0a726633f660321097015cd9d67ac4df19"
>> _http_log_request
>> /usr/lib/python2.7/site-packages/keystoneclient/session.py:195
>> 2016-04-27 04:18:31.290 4314 DEBUG keystoneclient.session [-] RESP:
>> _http_log_response
>> /usr/lib/python2.7/site-packages/keystoneclient/session.py:224
>> 2016-04-27 04:18:31.290 4314 DEBUG keystoneclient.session [-] Request
>> returned failure status: 404 request
>> /usr/lib/python2.7/site-packages/keystoneclient/session.py:396
>> 2016-04-27 04:18:31.290 4314 WARNING keystonemiddleware.auth_token [-]
>> Authorization failed for token
>> 2016-04-27 04:18:31.290 4314 WARNING keystonemiddleware.auth_token [-]
>> Identity response: {"error": {"message": "Could not find token:
>> 34e4b79b157a4526bc8ebb80b82cbf62", "code": 404, "title": "Not Found"}}
>> 2016-04-27 04:18:31.290 4314 WARNING keystonemiddleware.auth_token [-]
>> Authorization failed for token
>>
>>
>> Could someone please help me out as to how I could debug this issue.
>>
>> Thanks,
>> Dhvanan Shah
>>
>
>
>
> --
> Dhvanan Shah
>



-- 
Dhvanan Shah
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

2016-04-27 Thread Dhvanan Shah

http://10.16.37.221:35357/v2.0/tokens/34e4b79b157a4526bc8ebb80b82cbf62

This link corresponding to the above token shows this error message -

{"error": {"message": "The request you have made requires
authentication.", "code": 401, "title": "Unauthorized"}}


So there is a problem in authentication from the keystone.I haven't
changed the admin password.


On Wed, Apr 27, 2016 at 12:01 PM, Dhvanan Shah  wrote:

> Hi,
>
> I have a 2 node OpenStack cluster setup running on CentOS. Due to some
> reason now I'm unable to perform any actions as it is not able to authorize
> me, it shows an error message saying "Authorization Failed: Forbidden (HTTP
> 403)" for Keystone when I run the command openstack-status and for
> nova-managed services it says "No handlers could be found for logger
> "keystoneclient.auth.identity.generic.base"
> ERROR (Forbidden): Forbidden (HTTP 403)".
>
> The keystone logs at /var/log/keystone show no problem that might have
> occured.
> The nova api logs show this :
> 2016-04-27 04:18:31.279 4314 DEBUG keystoneclient.session [-] REQ: curl -g
> -i -X GET
> http://10.16.37.221:35357/v2.0/tokens/34e4b79b157a4526bc8ebb80b82cbf62 -H
> "User-Agent: python-keystoneclient" -H "Accept: application/json" -H
> "X-Auth-Token: {SHA1}9d202e0a726633f660321097015cd9d67ac4df19"
> _http_log_request
> /usr/lib/python2.7/site-packages/keystoneclient/session.py:195
> 2016-04-27 04:18:31.290 4314 DEBUG keystoneclient.session [-] RESP:
> _http_log_response
> /usr/lib/python2.7/site-packages/keystoneclient/session.py:224
> 2016-04-27 04:18:31.290 4314 DEBUG keystoneclient.session [-] Request
> returned failure status: 404 request
> /usr/lib/python2.7/site-packages/keystoneclient/session.py:396
> 2016-04-27 04:18:31.290 4314 WARNING keystonemiddleware.auth_token [-]
> Authorization failed for token
> 2016-04-27 04:18:31.290 4314 WARNING keystonemiddleware.auth_token [-]
> Identity response: {"error": {"message": "Could not find token:
> 34e4b79b157a4526bc8ebb80b82cbf62", "code": 404, "title": "Not Found"}}
> 2016-04-27 04:18:31.290 4314 WARNING keystonemiddleware.auth_token [-]
> Authorization failed for token
>
>
> Could someone please help me out as to how I could debug this issue.
>
> Thanks,
> Dhvanan Shah
>



-- 
Dhvanan Shah
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

Re: [openstack-dev] Keystone Authorization Failed: Forbidden (HTTP 403)

13 matches

Site Navigation

Mail list logo

Footer information