ceilometer cli commands returns 403
I am running opentack newton and have installed ceilometer service. However my ceilometer cli commands are not working. I have sourced the admin rc file that has the correct values of various parameters.
I have also tried a debug statement and found out this. ceilometer --debug meter-list
Some excerpts from the logs
DEBUG (client) REQ: curl -g -i -X 'GET' 'http://controller:8777/v2/meters' -H 'User-Agent: ceilometerclient.openstack.common.apiclient' -H 'X-Auth-Token: {SHA1}53522111fa34135e7732e859e93797faa1be7a76'
DEBUG (connectionpool) Starting new HTTP connection (1): controller
DEBUG (connectionpool) http://controller:8777 "GET /v2/meters HTTP/1.1" 403 211
DEBUG (client) RESP: [403] {'Content-Length': '211', 'Keep-Alive': 'timeout=5, max=100', 'Server': 'Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5', 'Connection': 'Keep-Alive', 'Date': 'Thu, 05 Jan 2017 07:29:14 GMT', 'Content-Type': 'text/html; charset=iso-8859-1'}
DEBUG (client) RESP BODY: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
Can someone suggest what is the issue?
A few suggestions:
Check the ceilometer log files.
Perhaps something is wrong with the authentication configuration in ceilometer.conf, for example in the keystone_authtoken section of that file.
Or the policy.json file is buggy.
Agree with @bernd-bausch . Try to enable debug/verbose and check ceilometer's logs as well as httpd's logs.