Revision history [back]

click to hide/show revision 1
initial version

Further test:

Change neutron.conf to use :auth_strategy = noauth. Then problem disappear. Change it back, problem comes back. So I think problem should be in neutron, then check /var/log/neutron/neutron-server.log, I found neutron is complaing "Authorization failed for token".

2015-10-22 10:24:12.496 7692 INFO neutron.wsgi [-] (7692) accepted ('172.18.7.173', 43217)
2015-10-22 10:24:12.499 7692 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-10-22 10:24:12.500 7692 INFO neutron.wsgi [-] 172.18.7.173 - - [22/Oct/2015 10:24:12] "GET /v2.0/extensions.json HTTP/1.1" 401 283 0.002160
2015-10-22 10:24:12.649 7692 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2015-10-22 10:24:12.650 7692 INFO neutron.wsgi [-] 172.18.7.173 - - [22/Oct/2015 10:24:12] "GET /v2.0/extensions.json HTTP/1.1" 401 283 0.002272

I guess this caused keystone/admin.log give that confusing error: "Auth token not in the request header"

Then I confirm the problem should be in neutron-server side, I already turn on debug by adding "debug=True, verbose=True". but it did not give any more info. I hope I can see what sent to neutron-server and neutron-server complain what's wrong. Anywhere I can improve debug log level?

Finally I go back to go through the neutron.conf. In [default], I specified "auth=keystone", then go to [keystone_authtoken] , I found I have a bad typo:

auth_uri = http://controller:5000/v2.0
auth_uri = http://controller:35357

The second line should be auth_url. After changing to correct one, problem go away immediately. Here is correct neutron-server.log:

2015-10-22 10:33:29.145 7854 INFO neutron.wsgi [-] (7854) accepted ('172.18.7.174', 41474)
2015-10-22 10:33:29.148 7854 DEBUG keystoneclient.session [-] REQ: curl -g -i -X GET http://controller:35357 -H "Accept: application/json" -H "User-Agent: python-keystoneclient" _http_log_request /usr/lib/python2.7/dist-packages/keystoneclient/session.py:195
2015-10-22 10:33:29.192 7854 DEBUG keystoneclient.session [-] RESP: [300] content-length: 591 vary: X-Auth-Token keep-alive: timeout=5, max=100 server: Apache/2.4.7 (Ubuntu) connection: Keep-Alive date: Thu, 22 Oct 2015 17:33:29 GMT content-type: application/json x-distribution: Ubuntu 
RESP BODY: {"versions": {"values": [{"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href": "http://controller:35357/v3/", "rel": "self"}]}, {"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": [{"href": "http://controller:35357/v2.0/", "rel": "self"}, {"href": "http://docs.openstack.org/", "type": "text/html", "rel": "describedby"}]}]}}

I'm wondering how can this be improved to make debug easier.