Re: [Openstack] Ceilometer-api Auth Error
The auth-token you got in out.txt seems fine to me... Judging by the first output, and the 401 Unauthorized, sounds more like a misconfig of the ceilometer user in keystone... The same way you got an admin tenant, you should probably have an admin user in keystone. Could you possibly try to curl the auth token using it ? And then, use that token to list the ceilometer /meters or /resources. Let us know. Thanks -- Bruno Oliveira Developer, Software Engineer On Fri, Jun 7, 2013 at 10:35 AM, Claudio Marques wrote: > Hi guys > (Sorry about the previous e-mail - I have sent it by mistake) > > I've changed all the configuration from localhost to the correct ip_addr - > as Bruno guided me, and started all over again. > > Here's the output of all the tenants I have in OpenStack: > > keystone tenant-list > +--+-+-+ > |id| name| enabled | > +--+-+-+ > | 68c5e7308a234d889d9591b51891a30a |admin| True | > | 0b0318f87f384247ae8b658f844ed9a4 | project_one | True | > | 0300e74768a8445aa268f20a9846a7c1 | service | True | > +--+-+-+ > > I have created the ceilometer user in the keystone with the following > command: > > keystone user-create --name=ceilometer --pass=ceilometer_pass --tenant-id > 68c5e7308a234d889d9591b51891a30a --email=ceilome...@domain.com > > Just to check if everything was ok: > > keystone user-get ceilometer > +--+--+ > | Property | Value | > +--+--+ > | email | ceilome...@domain.com | > | enabled | True | > |id| a47c062e52f4407baf19db1a8613f5bf | > | name |ceilometer| > | tenantId | 68c5e7308a234d889d9591b51891a30a | > +--+--+ > > Then I created a service for ceilometer: > > keystone service-create --name=ceilometer -–type=metering > -–description=”Ceilometer Service” > > And then i createted an Endpoint in Keystone for ceilometer by using the > following command: > > keystone endpoint-create --region RegionOne --service_id > 22881e9089b342a58bde91712f090c6b --publicurl "http://10.0.1.167:8777/"; > --adminurl "http://10.10.10.53:8777/"; --internalurl > "http://10.10.10.53:8777/"; > > Cheking the endpoint list I get: > > keystone endpoint-list > +--+---+-+--+--+--+ > |id| region |publicurl > | internalurl| adminurl > |service_id| > +--+---+-+--+--+--+ > | 4375fcf13fb843f497ae01a186e95098 | RegionOne | > http://10.0.1.167:8776/v1/$(tenant_id)s | > http://10.10.10.51:8776/v1/$(tenant_id)s | > http://10.10.10.51:8776/v1/$(tenant_id)s | a2a9c0733d124d2389c58cec06e24eae > | > | 5a37d2960f094677b3068f7b112addef | RegionOne | > http://10.0.1.167:9696/ | http://10.10.10.51:9696/ | > http://10.10.10.51:9696/ | 9fe761c9d83647f2953b5fbe037aa548 | > | 5cf12f7972de48e2bf342a3c961334d3 | RegionOne | > http://10.0.1.167:5000/v2.0 | http://10.10.10.51:5000/v2.0 > | http://10.10.10.51:35357/v2.0 | > e50dff43e6184d15a3764fc220a7272a | > | 9a8b00e0065643d4b100de944d7a30b0 | RegionOne | > http://10.0.1.167:8773/services/Cloud | > http://10.10.10.51:8773/services/Cloud | > http://10.10.10.51:8773/services/Admin | 0908f8a92c2e406b9f99839d9d8076c2 | > | c85f6c95b5804d88a728f69cb1e125c5 | RegionOne | > http://10.0.1.167:9292/v2|http://10.10.10.51:9292/v2 > |http://10.10.10.51:9292/v2| > fc70a5946d2c4fadb36ce14461c2a7a0 | > | ea7d0c2d4d8d4f37b6f505994a30a7ea | RegionOne | > http://10.0.1.167:8777/ | http://10.10.10.51:8777/ | > http://10.10.10.51:8777/ | 22881e9089b342a58bde91712f090c6b | > | f4543edef18d4a42a22a2d566bca72d2 | RegionOne | > http://10.0.1.167:8774/v2/$(tenant_id)s | > http://10.10.10.51:8774/v2/$(tenant_id)s | > http://10.10.10.51:8774/v2/$(tenant_id)s | 0d780e90409e45ceaa870f5c0b16d6a6 > | > +--+---+-+--+--+--+ > > > > My credentials in OpenStack are > > user: ceilometer > password: ceilometer_pass > tenantid: 68c5e7308a234d889d9591b51891a30a > tenantName: admin >
Re: [Openstack] Ceilometer-api Auth Error
thentication required* >> * >> * >> * >> * >> * * >> ** Closing connection 1* >> >> No data is returned in any case. >> >> I manually installed 3 node openStack and ceilometer , so i am not using >> devStack. >> >> Even when i try to send manually credentials of the admin user: >> >> *ceilometer --os-username admin --os-password password --os-tenant-name >> admin --os-auth-url http://localhost:5000/v2.0 resource-list* >> >> the result is this: >> >> *No handlers could be found for logger "ceilometerclient.common.http"* >> *Invalid OpenStack Identity credentials.* >> >> Is there any possibility that keystone is not validating all the Tokens? >> >> >> Claudio Marques >> >> >> -- >> Date: Thu, 6 Jun 2013 09:42:38 -0400 >> From: doug.hellm...@dreamhost.com >> To: clau...@onesource.pt >> CC: openstack@lists.launchpad.net >> Subject: Re: [Openstack] Ceilometer-api Auth Error >> >> >> >> >> >> On Thu, Jun 6, 2013 at 7:22 AM, Claudio Marques wrote: >> >> Hi Stackers >> >> >> Hi have a problem with ceilometer-api. I want access it via curl or http >> and every time i try to do it i simple get the same errors. >> >> This server could not verify that you are authorized to access the >> document you requested. Either you supplied the wrong credentials (e.g., >> bad password), or your browser does not understand how to supply the >> credentials required. >> >> My ceilometer.conf file is like this: >> >> [DEFAULT] >> os_username=admin >> os_password=admin_pass >> os_tenant_name=admin >> os_auth_url=http://10.0.1.167:5000/v2.0/ >> signing_dirname = /tmp/keystone-signing-ceilometer >> metering_api_port=8777 >> auth_strategy=keystone >> nova_control_exchange=nova >> hypervisor_inspector=libvirt >> libvirt_type=qemu >> glance_control_exchange=glance >> quantum_control_exchange=quantum >> debug=true >> verbose=true >> >> log_dir=/var/log/ceilometer >> rpc_backend=ceilometer.openstack.common.rpc.impl_kombu >> rabbit_host=localhost >> rabbit_port=5672 >> rabbit_userid=guest >> rabbit_password=guest >> rabbit_retry_backoff=2 >> rabbit_max_retries=0 >> rabbit_use_ssl=False >> >> database_connection=mongodb://10.0.1.25:27017/ceilometer >> sql_connection_debug=0 >> cinder_control_exchange=cinder >> enable_v1_api=true >> >> [keystone_authtoken] >> >> auth_host = localhost >> auth_port = 5000 >> admin_user = admin >> admin_password = admin_pass >> admin_tenant_name = admin >> auth_uri = http://10.0.1.167:5000/v2.0/ >> >> What auth chould i pass in order to get metrics form ceilometer? >> >> >> The ceilometer API uses keystone authentication, just like the other >> OpenStack services. If you pass credentials for a regular user, you can see >> data about the tenant/project you're authenticating with. If you pass >> credentials for an admin user, you can see all data. >> >> Doug >> >> >> >> Thank's for any reply >> >> >> >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> >> >> ___ Mailing list: >> https://launchpad.net/~openstack Post to : >> openstack@lists.launchpad.netUnsubscribe : >> https://launchpad.net/~openstack More help : >> https://help.launchpad.net/ListHelp >> >> ___ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Ceilometer-api Auth Error
On Thu, Jun 6, 2013 at 10:43 AM, claudio marques wrote: > Hi Doug > > I send authentications from the admin user. In order for me to explain you > better the issue i will paste here the phases that i am trying to do: > > I use curl and send the admin user/password and ask for a token: > > curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": > "admin_pass"}}}' -H "Content-type: application/json" > http://localhost:35357/v2.0/tokens > > It returns this > > {"access": {"token": {"issued_at": "2013-06-06T14:11:26.005501", > "expires": "2013-06-07T14:11:26Z", "id": > "MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE="}, > "serviceCatalog": [], "user": {"username": "admin", "roles_links": [], > "id": "0b14e1644ffa4336967087458cd85c56", "roles": [], "name": "admin"}, > "metadata": {"is_admin": 0, "roles": []}}} > > Then, i use curl again with the token that i just received with the > following command > > > curl -k -D -H "X-Auth-Token: > MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE=" > -X 'GET' -v http://localhost:8777/v2/meters > > The return value is this > > ** getaddrinfo(3) failed for X-Auth-Token:80* > ** Couldn't resolve host 'X-Auth-Token'* > ** Closing connection 0* > *curl: (6) Couldn't resolve host 'X-Auth-Token'* > It looks like curl does not like the way you are passing some of the parameters. It is interpreting the header name as a host name. Doug > ** About to connect() to localhost port 8777 (#1)* > ** Trying 127.0.0.1...* > ** Connected to localhost (127.0.0.1) port 8777 (#1)* > *> GET /v2/meters HTTP/1.1* > *> User-Agent: curl/7.29.0* > *> Host: localhost:8777* > *> Accept: */** > *>* > ** HTTP 1.0, assume close after body* > *< HTTP/1.0 401 Unauthorized* > *< Date: Thu, 06 Jun 2013 14:14:06 GMT* > *< Server: WSGIServer/0.1 Python/2.7.4* > *< WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'* > *< Content-Length: 381* > *< Content-Type: text/html; charset=UTF-8* > *<* > ** > * * > * 401 Unauthorized* > * * > * * > * 401 Unauthorized* > * This server could not verify that you are authorized to access the > document you requested. Either you supplied the wrong credentials (e.g., > bad password), or your browser does not understand how to supply the > credentials required.* > *Authentication required* > * > * > * > * > * * > ** Closing connection 1* > > No data is returned in any case. > > I manually installed 3 node openStack and ceilometer , so i am not using > devStack. > > Even when i try to send manually credentials of the admin user: > > *ceilometer --os-username admin --os-password password --os-tenant-name > admin --os-auth-url http://localhost:5000/v2.0 resource-list* > > the result is this: > > *No handlers could be found for logger "ceilometerclient.common.http"* > *Inv
Re: [Openstack] Ceilometer-api Auth Error
Working with ceilometer-keystone-auth can be tricky... I had the same issue before, so here's the deal to get past it. I'm taking that: A. you're curl' ing within the same server where ceilometer-api is running, so where you see "localhost", change for the hostname or ip_addr of the proper ceilometer-api host B. That you have already setup/created a user, service and endpoint for it (1) *First things first, for my credentials they are: >> user: ceilometer >> password: SECRET >> tenantid: 670f5dd4070d44b6a8308277a236d1af >> tenantName: admin +--+--+ | Property | Value | +--+--+ | email | ceilome...@example.com | | enabled | True | |id| a98ec068f5f349439acef431e826d7ff | | name |ceilometer| | tenantId | 670f5dd4070d44b6a8308277a236d1af | +--+--+ (2) Curl to get a valid token: $ curl -X 'POST' -v http://localhost:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "ceilometer", "password":"SECRET"}, "tenantId":"670f5dd4070d44b6a8308277a236d1af"}}' -H 'Content-type: application/json' | python -mjson.tool Optionally you can use "tenantName" instead of "tenantId" $ curl -X 'POST' -v http://localhost:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "ceilometer", "password":"SECRET"}, "tenantName":"admin"}}' -H 'Content-type: application/json' | python -mjson.tool NOTE1: notice that the curl you did to get credentials is, afaik, no longer valid for v2.0; Now you also got to tell the "tenantId" or the "tenantName"; NOTE2: python mjson.tool is just for the sake of having something legible in your terminal Your output should be something pretty big: BEGIN OF CURL AUTH RETURN = { "access": { "metadata": { "is_admin": 0, "roles": [ "9fe2ff9ee4384b1894a90878d3e92bab" ] }, "serviceCatalog": [ { "endpoints": [ { "adminURL": "http://177.x.y.z:8774/v2/670f5dd4070d44b6a8308277a236d1af";, "id": "9856d6387e1341668894d3de0648c4dc", "internalURL": "http://177.x.y.z:8774/v2/670f5dd4070d44b6a8308277a236d1af";, "publicURL": "http://177.x.y.z:8774/v2/670f5dd4070d44b6a8308277a236d1af";, "region": "RegionOne" } ], "endpoints_links": [], "name": "nova", "type": "compute" }, { "endpoints": [ { "adminURL": "http://177.x.y.z:9696/";, "id": "36d7fd2574914214a1ccdd134733e398", "internalURL": "http://177.x.y.z:9696/";, "publicURL": "http://177.x.y.z:9696/";, "region": "RegionOne" } ], "endpoints_links": [], "name": "quantum", "type": "network" }, { "endpoints": [ { "adminURL": "http://177.x.y.z:";, "id": "3f65aa3dc4b24ebdb55cd3c4f39430d0", "internalURL": "http://177.x.y.z:";, "publicURL": "http://177.x.y.z:";, "region": "RegionOne" } ], "endpoints_links": [], "name": "s3", "type": "s3" }, { "endpoints": [ { "adminURL": "http://177.x.y.z:9292";, "id": "72637289af824206893f9f536133bd95", "internalURL": "http://177.x.y.z:9292";, "publicURL": "http://177.x.y.z:9292";, "region": "RegionOne" } ], "endpoints_links": [], "name": "glance", "type": "image" }, { "endpoints": [ { "adminURL": "http:// http://177.x.y.z:8777";, "id": "40e18f4dedb9446888a1cc32654f9878", "internalURL": "http:// http://177.x.y.z:8777";, "publicURL": "http:// http://177.x.y.z:8777";, "region": "RegionOne" } ], "endpoints_links": [], "name": "ceilometer", "type": "metering" },
Re: [Openstack] Ceilometer-api Auth Error
Hello, claudio I don't think you get the real token, because you did't specify the tenantName or tenantID in curl command, even if you used admin and admin_pass. Please read this document http://docs.openstack.org/api/quick-start/content/ for details. 2013/6/6 claudio marques > Hi Doug > > I send authentications from the admin user. In order for me to explain you > better the issue i will paste here the phases that i am trying to do: > > I use curl and send the admin user/password and ask for a token: > > curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": > "admin_pass"}}}' -H "Content-type: application/json" > http://localhost:35357/v2.0/tokens > > It returns this > > {"access": {"token": {"issued_at": "2013-06-06T14:11:26.005501", > "expires": "2013-06-07T14:11:26Z", "id": > "MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE="}, > "serviceCatalog": [], "user": {"username": "admin", "roles_links": [], > "id": "0b14e1644ffa4336967087458cd85c56", "roles": [], "name": "admin"}, > "metadata": {"is_admin": 0, "roles": []}}} > > Then, i use curl again with the token that i just received with the > following command > > > curl -k -D -H "X-Auth-Token: > MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE=" > -X 'GET' -v http://localhost:8777/v2/meters > > The return value is this > > ** getaddrinfo(3) failed for X-Auth-Token:80* > ** Couldn't resolve host 'X-Auth-Token'* > ** Closing connection 0* > *curl: (6) Couldn't resolve host 'X-Auth-Token'* > ** About to connect() to localhost port 8777 (#1)* > ** Trying 127.0.0.1...* > ** Connected to localhost (127.0.0.1) port 8777 (#1)* > *> GET /v2/meters HTTP/1.1* > *> User-Agent: curl/7.29.0* > *> Host: localhost:8777* > *> Accept: */** > *>* > ** HTTP 1.0, assume close after body* > *< HTTP/1.0 401 Unauthorized* > *< Date: Thu, 06 Jun 2013 14:14:06 GMT* > *< Server: WSGIServer/0.1 Python/2.7.4* > *< WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'* > *< Content-Length: 381* > *< Content-Type: text/html; charset=UTF-8* > *<* > ** > * * > * 401 Unauthorized* > * * > * * > * 401 Unauthorized* > * This server could not verify that you are authorized to access the > document you requested. Either you supplied the wrong credentials (e.g., > bad password), or your browser does not understand how to supply the > credentials required.* > *Authentication required* > * > * > * > * > * * > ** Closing connection 1* > > No data is returned in any case. > > I manually installed 3 node openStack and ceilometer , so i am not using > devStack. > > Even when i try to send manually credentials of the admin user: > > *ceilometer --os-username admin --os-password password --os-tenant-name > admin --os-auth-url http://localhost:5000/v2.0 resource-list* > > the result is this: > >
Re: [Openstack] Ceilometer-api Auth Error
Hi Doug I send authentications from the admin user. In order for me to explain you better the issue i will paste here the phases that i am trying to do: I use curl and send the admin user/password and ask for a token: curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "admin_pass"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens It returns this {"access": {"token": {"issued_at": "2013-06-06T14:11:26.005501", "expires": "2013-06-07T14:11:26Z", "id": "MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE="}, "serviceCatalog": [], "user": {"username": "admin", "roles_links": [], "id": "0b14e1644ffa4336967087458cd85c56", "roles": [], "name": "admin"}, "metadata": {"is_admin": 0, "roles": []}}} Then, i use curl again with the token that i just received with the following command curl -k -D -H "X-Auth-Token: MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE=" -X 'GET' -v http://localhost:8777/v2/meters The return value is this * getaddrinfo(3) failed for X-Auth-Token:80* Couldn't resolve host 'X-Auth-Token'* Closing connection 0curl: (6) Couldn't resolve host 'X-Auth-Token'* About to connect() to localhost port 8777 (#1)* Trying 127.0.0.1...* Connected to localhost (127.0.0.1) port 8777 (#1)> GET /v2/meters HTTP/1.1> User-Agent: curl/7.29.0> Host: localhost:8777> Accept: */*>* HTTP 1.0, assume close after body< HTTP/1.0 401 Unauthorized< Date: Thu, 06 Jun 2013 14:14:06 GMT< Server: WSGIServer/0.1 Python/2.7.4< WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'< Content-Length: 381< Content-Type: text/html; charset=UTF-8< 401 Unauthorized 401 Unauthorized This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.Authentication required * Closing connection 1 No data is returned in any case. I manually installed 3 node openStack and ceilometer , so i am not using devStack. Even when i try to send manually credentials of the admin user: ceilometer --os-username admin --os-password password --os-tenant-name admin --os-auth-url http://localhost:5000/v2.0 resource-list the result is this: No handlers could be found for logger "ceilometerclient.common.http"Invalid OpenStack Identity credentials. Is there any possibility that keystone is not validating all the Tokens? Claudio Marques Date: Thu, 6 Jun 2013 09:42:38 -0400 From: doug.hellm...@dreamhost.com To: clau...@onesource.pt CC: openstack@lists.launchpad.net Subject: Re: [Openstack] Ceilometer-api Auth Error On Thu, Jun 6, 2013 at 7:22 AM, Claudio Marques wrote: Hi Stackers Hi have a problem with ceilometer-api. I want access it via curl or http and every time i try to do it i simple get the same errors. This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad passw
Re: [Openstack] Ceilometer-api Auth Error
On Thu, Jun 6, 2013 at 7:22 AM, Claudio Marques wrote: > Hi Stackers > > > Hi have a problem with ceilometer-api. I want access it via curl or http > and every time i try to do it i simple get the same errors. > > This server could not verify that you are authorized to access the > document you requested. Either you supplied the wrong credentials (e.g., > bad password), or your browser does not understand how to supply the > credentials required. > > My ceilometer.conf file is like this: > > [DEFAULT] > os_username=admin > os_password=admin_pass > os_tenant_name=admin > os_auth_url=http://10.0.1.167:5000/v2.0/ > signing_dirname = /tmp/keystone-signing-ceilometer > metering_api_port=8777 > auth_strategy=keystone > nova_control_exchange=nova > hypervisor_inspector=libvirt > libvirt_type=qemu > glance_control_exchange=glance > quantum_control_exchange=quantum > debug=true > verbose=true > > log_dir=/var/log/ceilometer > rpc_backend=ceilometer.openstack.common.rpc.impl_kombu > rabbit_host=localhost > rabbit_port=5672 > rabbit_userid=guest > rabbit_password=guest > rabbit_retry_backoff=2 > rabbit_max_retries=0 > rabbit_use_ssl=False > > database_connection=mongodb://10.0.1.25:27017/ceilometer > sql_connection_debug=0 > cinder_control_exchange=cinder > enable_v1_api=true > > [keystone_authtoken] > > auth_host = localhost > auth_port = 5000 > admin_user = admin > admin_password = admin_pass > admin_tenant_name = admin > auth_uri = http://10.0.1.167:5000/v2.0/ > > What auth chould i pass in order to get metrics form ceilometer? > The ceilometer API uses keystone authentication, just like the other OpenStack services. If you pass credentials for a regular user, you can see data about the tenant/project you're authenticating with. If you pass credentials for an admin user, you can see all data. Doug > > Thank's for any reply > > > > > ___ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp