Re: [Openstack] [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized
Oh... Got it, Angus. Thank you!
I finally got it that for when using curl, I have first to get an AUTH
token
from keystone, in order to use that returned token in the HTTP GET for
the API.
Just sharing what I did:
$ curl -d '{"auth":{"passwordCredentials":{"username": "ceilometer",
"password": "SECRET"}}}' -H "Content-type: application/json"
http://localhost:35357/v2.0/tokens
Returns:
{"access": {"token": {"issued_at": "2013-05-29T15:17:07.501333", "expires":
"2013-05-30T15:17:07Z", "id":
"MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0yOVQxNToxNzowNy41MDEzMzMiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMwVDE1OjE3OjA3WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICJkOTIwZmM4NWVjZDk0MjZlYmQ5ZTNmOGM3MzAwZjVkNCIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAiiB9a3o5N2piewbmZU3Ng9ShhPHB4WiigGUocdrNeE24+RktDoRrM+uZKptjd6aanlAGbrAUKpi5Uj-oNAbmKUt1CK-154aUaUpcy8NJFNwIZA2hBafbofOWU6FceVDIc1yztr0bZRdSD-vDl0hrISi0mL961yU+uXFQRxeNtqY="},
"serviceCatalog": [], "user": {"username": "admin", "roles_links": [],
"id": "d920fc85ecd9426ebd9e3f8c7300f5d4", "roles": [], "name": "admin"},
"metadata": {"is_admin": 0, "roles": []}}}
Where the token is the value of the "id" therefore, a GET to get all the
meters, can be:
$ curl -k -D -H "X-Auth-Token: MIICbgYJKoZIhvcNAQcCoIICXzCCAl
sCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3
MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0yOVQxNToxNz
owNy41MDEzMzMiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMwVDE1OjE3OjA3Wi
IsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXS
wgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIj
ogW10sICJpZCI6ICJkOTIwZmM4NWVjZDk0MjZlYmQ5ZTNmOGM3MzAwZjVkNC
IsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOi
B7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQ
swCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ
4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMA
cGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAiiB9a3o5N2piewbmZU3Ng9ShhP
HB4WiigGUocdrNeE24+RktDoRrM+uZKptjd6aanlAGbrAUKpi5Uj-oNAbmKUt1CK-
154aUaUpcy8NJFNwIZA2hBafbofOWU6FceVDIc1yztr0bZRdSD-
vDl0hrISi0mL961yU+uXFQRxeNtqY=" -X 'GET' -v http://localhost:8777/v2/meters
Which, indeed returned the metrics I was looking for.
Thank you a lot. I really appreciate it.
I tried using ceilometer-client (I just git cloned it, and ran "sudo python
setup.py install",
nothing went wrong apparently), but when trying to run it like this:
$ ceilometer --os-username ceilometer --os-password ficrowstran02
--os-tenant-name admin --os-auth-url http://localhost:5000/v2.0 statistics
Returns: "invalid literal for int() with base 10: ''
Maybe because my AUTH Token is exceeds the 32/64-bit addressing of a
integer? Not sure... I'll figure it out and do the follow-up here.
Thank you for the great help!
On Mon, May 27, 2013 at 10:21 PM, Angus Salkeld wrote:
> On 27/05/13 11:14 -0300, Bruno Oliveira wrote:
>
>> Hello stackers,
>>
>> I'm having a really hard time setting up ceilometer-api so I thought
>> if I could ask you guys for some enlightment.
>>
>> I can clearly see data being pulled in the screens that are running
>> /ceilometer-collector, ./ceilometer-agent-compute
>> ,./ceilometer-agent-central
>>
>> Even the screen running ceilometer-api-server starts with no problem.
>>
>> But I cannot reach the api at all via curl. Neither by using its
>> actual port (8777)
>> nor using the port set in the virtual host of apache. All I'm getting
>> is auth error
>>
>> $ curl http://127.0.0.1:8777 OR $ curl http://127.0.0.1:9090
>> ==**===
>>
>>
>> 401 Unauthorized
>>
>>
>> 401 Unauthorized
>> This server could not verify that you are authorized to access the
>> document you requested. Either you supplied the wrong credentials
>> (e.g., bad password), or your browser does not understand how to
>> supply the credentials required.
>> Authentication required
>> ==**===
>>
>
> Right, Authentication is required by the client, but you are not
> passing it any credentials.
>
> I'd suggest using python-ceilometerclient to do the auth for you:
> So use it like any other openstack client.
>
> try something like this:
>
> asalkeld@elf python-ceilometerclient (master)$ . ../devstack/openrc admin
> admin
> asalkeld@elf python-ceilometerclient (master)$ ceilometer resource-list
> +-**-++-+-**
> --**---+
> | Resource ID | Source | User ID | Project ID
> |
> +-**---
Re: [Openstack] [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized
Right now we only have a web API, which you can use via the client library, curl, or the command line tool. There are a few people working on integrating ceilometer data with horizon, but I don't know the status of that project. Doug On Tue, May 28, 2013 at 3:49 AM, Ildiko Vancsa wrote: > Hi All, > > I'm new to OpenStack and Ceilometer as well, so I have a few questions. :) > > Does Ceilometer supports a Web UI or it is available via command line and > curl only? I installed the environment with DevStack as I wanted to check > how it works and looks like and it sets ceilometer in the apache2 serveice > as an enabled site, but I could not find any information about how to set > it up correctly. > > Thanks and Best Regards, > Ildiko > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized
Hi Bruno, Please follow this link: http://docs.openstack.org/developer/ceilometer/configuration.html#keystone-middleware-authentication Generally, you just need add some entries in ceilometer.conf like this: [keystone_authtoken] signing_dir = /var/cache/ceilometer admin_tenant_name = service admin_password = passw0rd admin_user = ceilometer auth_protocol = http Thanks & Best regards, Fei Long Wang (王飞龙) -- Scrum Master, Cloud Solutions and OpenStack Development Tel: 8610-82450513 | T/L: 905-0513 Email: flw...@cn.ibm.com China Systems & Technology Laboratory in Beijing -- From: Bruno Oliveira To: OpenStack , Date: 05/27/2013 10:14 PM Subject:[Openstack] [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized Sent by:"Openstack" Hello stackers, I'm having a really hard time setting up ceilometer-api so I thought if I could ask you guys for some enlightment. I can clearly see data being pulled in the screens that are running /ceilometer-collector, ./ceilometer-agent-compute ,./ceilometer-agent-central Even the screen running ceilometer-api-server starts with no problem. But I cannot reach the api at all via curl. Neither by using its actual port (8777) nor using the port set in the virtual host of apache. All I'm getting is auth error $ curl http://127.0.0.1:8777 OR $ curl http://127.0.0.1:9090 = 401 Unauthorized 401 Unauthorized This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required. Authentication required = On top of that, the only thing I had to do in a non-standard basis, was to setup ceilometer virtual host to answer request on port 9090 of apache instead of the default 80 (since horizon is bind to it). Here's a copy of my running ceilometer.conf = /etc/ceilometer/ceilometer.conf = [DEFAULT] os_username=ceilometer os_password=MYSECRET os_tenant_name=admin os_auth_url=http://localhost:5000/v2.0 signing_dirname = /tmp/keystone-signing-ceilometer metering_api_port=8777 auth_strategy=keystone nova_control_exchange=nova hypervisor_inspector=libvirt libvirt_type=kvm glance_control_exchange=glance quantum_control_exchange=quantum debug=true verbose=true (...) *logging writing parameters here* (...) log_dir=/var/log/ceilometer rpc_backend=ceilometer.openstack.common.rpc.impl_kombu rabbit_host=localhost rabbit_port=5672 rabbit_userid=guest rabbit_password=ficrowstran02 rabbit_retry_backoff=2 rabbit_max_retries=0 database_connection=mongodb://localhost:27017/ceilometer sql_connection_debug=0 cinder_control_exchange=cinder enable_v1_api=true [rpc_notifier2] [matchmaker_redis] [publisher_meter] metering_secret=METERING_SECRET [keystone_authtoken] auth_host = localhost auth_port = 5000 admin_user = ceilometer admin_password = MYSECRET admin_tenant_name = admin auth_uri = http://localhost:5000/v2.0/ = The "ceilometer" user pointed at "admin_user" under the "[keystone_authtoken]" section, as well as in "os_username" under the "[DEFAULT]" section, was created in keystone and it'sbind to the admin tenant. $ keystone tenant-get admin +-+--+ | Property | Value | +-+--+ | description | | | enabled | True | | id | 670f5dd4070d44b6a8308277a236d1af | | name| admin | +-+--+ $ keystone user-get ceilometer +--+--+ | Property | Value | +--+--+ | email | ceilome...@example.com | | enabled | True | |id| a98ec068f5f349439acef431e826d7ff | | name |ceilometer| | tenantId | 670f5dd4070d44b6a8308277a236d1af | +--+--+ Finally, here's the ceilometer site running on apache. the user and group 'stackadmin' are valid users indeed in the machine $ id stackadmin uid=1000(stackadmin) gid=1000(stackadmin) groups=1000(stackadmin),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),111 (libvirtd),113(lpadmin),114(sambashare = /etc/apache2/sites-available/ceilometer = WSGIDaemonProcess ceilometer user=stackadmin group=stackadmin threads=5 WSGIScriptAlias / /opt/stack/ceilometer/ceilometer/api/app.wsgi SetEnv APACHE_RUN_USER stack
Re: [Openstack] [Ceilometer][Ceilometer-API] Ceilometer-API Error 401 Unauthorized
On 27/05/13 11:14 -0300, Bruno Oliveira wrote: Hello stackers, I'm having a really hard time setting up ceilometer-api so I thought if I could ask you guys for some enlightment. I can clearly see data being pulled in the screens that are running /ceilometer-collector, ./ceilometer-agent-compute ,./ceilometer-agent-central Even the screen running ceilometer-api-server starts with no problem. But I cannot reach the api at all via curl. Neither by using its actual port (8777) nor using the port set in the virtual host of apache. All I'm getting is auth error $ curl http://127.0.0.1:8777 OR $ curl http://127.0.0.1:9090 = 401 Unauthorized 401 Unauthorized This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required. Authentication required = Right, Authentication is required by the client, but you are not passing it any credentials. I'd suggest using python-ceilometerclient to do the auth for you: So use it like any other openstack client. try something like this: asalkeld@elf python-ceilometerclient (master)$ . ../devstack/openrc admin admin asalkeld@elf python-ceilometerclient (master)$ ceilometer resource-list +--++-+--+ | Resource ID | Source | User ID | Project ID | +--++-+--+ | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f || None| 1076d9bd669d422bbd74e1e2f54d1510 | +--++-+--+ asalkeld@elf python-ceilometerclient (master)$ ceilometer meter-list +--+---+---+--+-+--+ | Name | Type | Unit | Resource ID | User ID | Project ID | +--+---+---+--+-+--+ | image| gauge | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None | 1076d9bd669d422bbd74e1e2f54d1510 | | image.size | gauge | B | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None | 1076d9bd669d422bbd74e1e2f54d1510 | | image.update | delta | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None | 1076d9bd669d422bbd74e1e2f54d1510 | | image.upload | delta | image | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | None | 1076d9bd669d422bbd74e1e2f54d1510 | +--+---+---+--+-+--+ asalkeld@elf python-ceilometerclient (master)$ ceilometer sample-list -m image.update +--+--+---++---++ | Resource ID | Name | Type | Volume | Unit | Timestamp | +--+--+---++---++ | a8ce423c-c1a1-41e3-af7c-b38d92f5e36f | image.update | delta | 1.0| image | 2013-05-28T01:14:40.238000 | +--+--+---++---++ Remember you can only see the samples/meter/resources that you own or all if you are admin. -Angus On top of that, the only thing I had to do in a non-standard basis, was to setup ceilometer virtual host to answer request on port 9090 of apache instead of the default 80 (since horizon is bind to it). Here's a copy of my running ceilometer.conf = /etc/ceilometer/ceilometer.conf = [DEFAULT] os_username=ceilometer os_password=MYSECRET os_tenant_name=admin os_auth_url=http://localhost:5000/v2.0 signing_dirname = /tmp/keystone-signing-ceilometer metering_api_port=8777 auth_strategy=keystone nova_control_exchange=nova hypervisor_inspector=libvirt libvirt_type=kvm glance_control_exchange=glance quantum_control_exchange=quantum debug=true verbose=true (...) *logging writing parameters here* (...) log_dir=/var/log/ceilometer rpc_backend=ceilometer.openstack.common.rpc.impl_kombu rabbit_host=localhost rabbit_port=5672 rabbit_userid=guest rabbit_password=ficrowstran02 rabbit_retry_backoff=2 rabbit_max_retries=0 database_connection=mongodb://localhost:27017/ceilometer sql_connection_debug=0 cinder_control_exchange=cinder enable_v1_api=true [rpc_notifier2] [matchmaker_redis] [publisher_meter] metering_secret=METERING_SECRET [keystone_authtoken] auth_host = localhost auth_port = 5000 admin_user = ceilometer admin_password = MYSECRET admin_tenant_name = admin auth_uri = http
