Unfortunately that didn't help either. It did however give me an idea
which ultimately led to the solution, which turned out to be a patch
against
/usr/src/contrail/contrail-web-core/src/serverroot/orchestration/plugins/openstack/keystone.api.js:
--- keystone.api.js.old 2016-01-05 10:17:08.763947755 +0000
+++ keystone.api.js 2016-01-05 10:17:24.804394614 +0000
@@ -970,7 +970,7 @@
});
}
-var adminRoles = ['admin'];
+var adminRoles = ['Admin'];
function isAdminRoleInProjects (userRolesPerProject)
{
@@ -1754,7 +1754,7 @@
}
}
-var adminRoles = ['admin'];
+var adminRoles = ['Admin'];
function getAdminProjectList (req, appData, callback)
{
Restarted the web services and now I can log in.
Regards,
Hennie Marais
On 5 January 2016 at 11:54, Rahul Sharma <[email protected]> wrote:
> Its case sensitive "admin" != "Admin"
>
> Try adding "Admin" to
> /usr/src/contrail/contrail-web-core/src/serverroot/web/core/roleList.xml and
> restart web services.
>
> Or add "admin" role
>
> ________________________________________
> From: Hennie Marais <[email protected]>
> Sent: Tuesday, January 5, 2016 1:06 PM
> To: Rahul Sharma
> Cc: [email protected]
> Subject: Re: [Users] Can't login into Contrail WebUI
>
> Hi
>
> That's already the case:
> keystone role-list
> +----------------------------------+---------------+
> | id | name |
> +----------------------------------+---------------+
> | 223b60435d5d48ed87b1f4ac3653878e | Admin |
> | 8d4fd15146f14f24947b75758377572a | Member |
> | a152ec644e04427da3cb2066152bdc47 | ResellerAdmin |
> | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
> +----------------------------------+---------------+
>
> keystone tenant-list
> +----------------------------------+----------+---------+
> | id | name | enabled |
> +----------------------------------+----------+---------+
> | 3082dd3bda20452bada5d23b95c50c05 | admin | True |
> | 5e96512c96b842d6b245de103afab018 | services | True |
> +----------------------------------+----------+---------+
>
> keystone user-role-list --user admin --tenant admin
> +----------------------------------+-------+----------------------------------+----------------------------------+
> | id | name | user_id
> | tenant_id |
> +----------------------------------+-------+----------------------------------+----------------------------------+
> | 223b60435d5d48ed87b1f4ac3653878e | Admin |
> cec3bf881d6e4d92b2fc552416d3da0a | 3082dd3bda20452bada5d23b95c50c05 |
> +----------------------------------+-------+----------------------------------+----------------------------------+
>
> keystone user-role-list --user admin --tenant services
> +----------------------------------+-------+----------------------------------+----------------------------------+
> | id | name | user_id
> | tenant_id |
> +----------------------------------+-------+----------------------------------+----------------------------------+
> | 223b60435d5d48ed87b1f4ac3653878e | Admin |
> cec3bf881d6e4d92b2fc552416d3da0a | 5e96512c96b842d6b245de103afab018 |
> +----------------------------------+-------+----------------------------------+----------------------------------+
>
> Regards,
> Hennie Marais
>
> On 4 January 2016 at 15:41, Rahul Sharma <[email protected]> wrote:
>> Please have that user with admin only access to all projects.
>>
>>
>> ________________________________________
>> From: Users <[email protected]> on behalf of Hennie
>> Marais <[email protected]>
>> Sent: Monday, January 4, 2016 7:00 PM
>> To: [email protected]
>> Subject: [Users] Can't login into Contrail WebUI
>>
>> Hi
>>
>> I'm trying to install and setup Contrail 2.21 in our lab, but I've hit
>> a problem and don't know how to proceed from here.
>>
>> Our lab, at the moment, consists of an Ubuntu OpenStack setup (so
>> multiple hosts deployed with MAAS and OpenStack deployed using Juju),
>> with individual nodes for the different OpenStack services.
>>
>> I've been following the guide that can be found here:
>> https://www.juniper.net/techpubs/en_US/contrail2.21/information-products/pathway-pages/getting-started-pwp.pdf
>>
>> The fab commands all finish just fine and the compute nodes come back
>> up after their reboot. However, when I try to login to the Contrail
>> WebUI with the admin user, I get this:
>> https://i.imgur.com/RiQbAI0.png
>>
>> This is despite using the fact that I can log into the Horizon
>> dashboard using the admin user, and that I can see in the
>> contrail-webui-stdout.log log file that the system was able to
>> authenticate against keystone:
>> 2016-01-04T13:24:30.798Z - ESC[34mdebugESC[39m: After Successful auth
>> def_token:{"token":{"issued_at":"2016-01-04T13:24:30.769642","expires":"2016-01-04T14:24:30Z","id":"25261cbea87045fea85a441f9ce99ab7","tenant":{"description":"Created
>> by
>> Juju","enabled":true,"id":"3082dd3bda20452bada5d23b95c50c05","name":"admin"},"audit_ids":["qSl1ai9BSZaTXyrsEfky6w"]},"serviceCatalog":[{"endpoints":[{"adminURL":"http://192.168.60.32:8774/v2/3082dd3bda20452bada5d23b95c50c05","region":"RegionOne","internalURL":"http://192.168.60.32:8774/v2/3082dd3bda20452bada5d23b95c50c05","id":"6bc9f1a37ce94f3186f92e75d167361d","publicURL":"https://ncc.wingu.lab:8774/v2/3082dd3bda20452bada5d23b95c50c05"}],"endpoints_links":[],"type":"compute","name":"nova"},{"endpoints":[{"adminURL":"http://192.168.60.32:9696","region":"RegionOne","internalURL":"http://192.168.60.32:9696","id":"52f564306479480b9b7429e80f061ec2","publicURL":"https://ncc.wingu.lab:9696"}],"endpoints_links":[],"type":"network","name":"quantum"},{"endpoints":[{"adminURL":"http://192.168.60.35:8776/v2/3082dd3bda20452bada5d23b95c50c05","region":"RegionOne","internalURL":"http://192.168.60.35:8776/v2/3082dd3bda20452bada5d23b95c50c05","id":"4e7723a6abfa47baa7db3a1e2b0690b2","publicURL";
:"https://cinder.wingu.lab:8776/v2/3082dd3bda20452bada5d23b95c50c05"}],"endpoints_links":[],"type":"volumev2","name":"cinderv2"},{"endpoints":[{"adminURL":"http://192.168.60.32:3333","region":"RegionOne","internalURL":"http://192.168.60.32:3333","id":"1ba663c77f7e4383b5cb6b5a35209c4a","publicURL":"https://ncc.wingu.lab:3333"}],"endpoints_links":[],"type":"s3","name":"s3"},{"endpoints":[{"adminURL":"http://192.168.60.33:9292","region":"RegionOne","internalURL":"http://192.168.60.33:9292","id":"156a1c464de54f94851752e60cab6e32","publicURL":"https://glance.wingu.lab:9292"}],"endpoints_links":[],"type":"image","name":"glance"},{"endpoints":[{"adminURL":"http://192.168.60.37:8777","region":"RegionOne","internalURL":"http://192.168.60.37:8777","id":"83da2e7ee979474984ea0aa270696718","publicURL":"https://ceilometer.wingu.lab:8777"}],"endpoints_links":[],"type":"metering","name":"ceilometer"},{"endpoints":[{"adminURL":"http://192.168.60.40:8000/v1","region":"RegionOne","internalURL":"http:/
/192.168.60.40:8000/v1","id":"7c2532b1c69e4007ae354ffb5cc78283","publicURL":"https://heat.wingu.lab:8000/v1"}],"endpoints_links":[],"type":"cloudformation","name":"heat-cfn"},{"endpoints":[{"adminURL":"http://192.168.60.35:8776/v1/3082dd3bda20452bada5d23b95c50c05","region":"RegionOne","internalURL":"http://192.168.60.35:8776/v1/3082dd3bda20452bada5d23b95c50c05","id":"014083a7981d443597541c8aa59caabc","publicURL":"https://cinder.wingu.lab:8776/v1/3082dd3bda20452bada5d23b95c50c05"}],"endpoints_links":[],"type":"volume","name":"cinder"},{"endpoints":[{"adminURL":"http://192.168.60.32:8773/services/Cloud","region":"RegionOne","internalURL":"http://192.168.60.32:8773/services/Cloud","id":"2075d6c0b429462fab6bc4d7c6099390","publicURL":"https://ncc.wingu.lab:8773/services/Cloud"}],"endpoints_links":[],"type":"ec2","name":"ec2"},{"endpoints":[{"adminURL":"http://192.168.60.40:8004/v1/3082dd3bda20452bada5d23b95c50c05","region":"RegionOne","internalURL":"http://192.168.60.40:8004/v1/3082dd3bd
a20452bada5d23b95c50c05","id":"05b147de25f74fcab68236e259a9fe56","publicURL":"https://heat.wingu.lab:8004/v1/3082dd3bda20452bada5d23b95c50c05"}],"endpoints_links":[],"type":"orchestration","name":"heat"},{"endpoints":[{"adminURL":"http://192.168.60.36:80/swift","region":"RegionOne","internalURL":"http://192.168.60.36:80/swift/v1","id":"81a89493a9f94f6ab4c4c9f84c99dc7f","publicURL":"https://radosgw.wingu.lab:80/swift/v1"}],"endpoints_links":[],"type":"object-store","name":"swift"},{"endpoints":[{"adminURL":"http://192.168.60.31:35357/v2.0","region":"RegionOne","internalURL":"http://192.168.60.31:5000/v2.0","id":"6fd33d0b6b2f4e8c90e3f2064a3ce40b","publicURL":"https://keystone.wingu.lab:5000/v2.0"}],"endpoints_links":[],"type":"identity","name":"keystone"}],"user":{"username":"admin","roles_links":[],"id":"cec3bf881d6e4d92b2fc552416d3da0a","roles":[{"name":"Admin"}],"name":"admin"},"metadata":{"is_admin":0,"roles":["223b60435d5d48ed87b1f4ac3653878e"]}}
>> 2016-01-04T13:24:30.941Z - ESC[34mdebugESC[39m: Set authApiVersion:v2.0
>>
>> Any ideas what the problem can be and how to go about fixing it?
>>
>> Here is the contents of my testbed.py file (passwords and tokens
>> starred out) in case it's needed:
>> from fabric.api import env
>>
>> host1 = '[email protected]'
>> host2 = '[email protected]'
>> host3 = '[email protected]'
>>
>> ext_routers = [('mx1', '172.16.16.1'), ('mx2', '172.16.16.2'), ('mx3',
>> '172.16.16.3'), ('mx4', '172.16.16.4')]
>>
>> router_asn = 64512
>>
>> host_build = '[email protected]'
>>
>> env.roledefs = {
>> 'all': [host1, host2, host3],
>> 'openstack': [host1],
>> 'cfgm': [host1],
>> 'control': [host1],
>> 'compute': [host2, host3],
>> 'collector': [host1],
>> 'webui': [host1],
>> 'database': [host1],
>> 'build': [host_build],
>> }
>>
>> env.hostnames = {
>> 'all': ['compute01', 'compute02', 'contrail01']
>> }
>>
>> env.openstack_admin_password = '*****'
>>
>> env.passwords = {
>> host1: '*****',
>> host2: '*****',
>> host3: '*****',
>> host_build: '*****',
>> }
>>
>> env.ostypes = {
>> host1: 'ubuntu',
>> host2: 'ubuntu',
>> host3: 'ubuntu',
>> }
>>
>> env.keystone = {
>> 'keystone_ip' : '192.168.60.31',
>> 'auth_protocol' : 'http', #Default is http
>> 'auth_port' : '35357', #Default is 35357
>> 'admin_token' : '*****', #admin_token in keystone.conf
>> 'admin_user' : 'admin', #Default is admin
>> 'admin_password' : '*****', #Default is contrail123
>> 'service_tenant' : 'services', #Default is service
>> 'admin_tenant' : 'admin', #Default is admin
>> 'region_name' : 'RegionOne', #Default is RegionOne
>> 'insecure' : 'True', #Default = False
>> 'manage_neutron' : 'no', #Default = 'yes' ,
>> Does configure neutron user/role in keystone required.
>> }
>>
>> env.openstack = {
>> 'service_token' : '*****', #Common service token for for all
>> openstack services
>> 'amqp_host' : '192.168.60.177', #IP of AMQP Server to
>> be used in openstack
>> 'manage_amqp' : 'yes', #Default no, Manage
>> seperate AMQP for openstack services in openstack nodes.
>> }
>>
>> Regards,
>> Hennie Marais
>>
>> _______________________________________________
>> Users mailing list
>> [email protected]
>> http://lists.opencontrail.org/mailman/listinfo/users_lists.opencontrail.org
_______________________________________________
Users mailing list
[email protected]
http://lists.opencontrail.org/mailman/listinfo/users_lists.opencontrail.org
