Ask Your Question
0

ceilometer cli commands returns 403

asked 2017-01-05 01:35:56 -0600

DarkKnight gravatar image

I am running opentack newton and have installed ceilometer service. However my ceilometer cli commands are not working. I have sourced the admin rc file that has the correct values of various parameters.

I have also tried a debug statement and found out this. ceilometer --debug meter-list

Some excerpts from the logs

DEBUG (client) REQ: curl -g -i -X 'GET' 'http://controller:8777/v2/meters' -H 'User-Agent: ceilometerclient.openstack.common.apiclient' -H 'X-Auth-Token: {SHA1}53522111fa34135e7732e859e93797faa1be7a76'
DEBUG (connectionpool) Starting new HTTP connection (1): controller
DEBUG (connectionpool) http://controller:8777 "GET /v2/meters HTTP/1.1" 403 211
DEBUG (client) RESP: [403] {'Content-Length': '211', 'Keep-Alive': 'timeout=5, max=100', 'Server': 'Apache/2.4.6 (CentOS) PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5', 'Connection': 'Keep-Alive', 'Date': 'Thu, 05 Jan 2017 07:29:14 GMT', 'Content-Type': 'text/html; charset=iso-8859-1'}

DEBUG (client) RESP BODY: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>

Can someone suggest what is the issue?

edit retag flag offensive close merge delete

Comments

A few suggestions:

Check the ceilometer log files.

Perhaps something is wrong with the authentication configuration in ceilometer.conf, for example in the keystone_authtoken section of that file.

Or the policy.json file is buggy.

Bernd Bausch gravatar imageBernd Bausch ( 2017-01-05 19:41:05 -0600 )edit

Agree with @bernd-bausch . Try to enable debug/verbose and check ceilometer's logs as well as httpd's logs.

yprokule gravatar imageyprokule ( 2017-01-06 05:57:01 -0600 )edit
add a comment

3 answers

Sort by ยป oldest newest most voted
1

answered 2017-01-18 08:21:31 -0600

gianpietro gravatar image

updated 2017-01-19 23:11:57 -0600

Had the same problem. What I did to make it work:

  1. Copied the default wsgi file to a new one:

    sudo cp /usr/lib/python2.7/dist-packages/ceilometer/api/app.wsgi /var/www/cgi-bin/ceilometer/app/app.wsgi

  2. Changed the WSGIScriptAlias line in /etc/apache2/sites-available/ceilometer.conf

    WSGIScriptAlias / "/var/www/cgi-bin/ceilometer/app/app.wsgi"

Side note: it seems 'ceilometer-api' component is not needed (even though the guide asks us to install it). If you check the ceilometer-api logs it's trying to enable its service on port 8777, which Apache already enabled. Anyway, Ceilometer API through port 8777 is deprecated in favor of Gnocchi and other components

edit flag offensive delete link more

Comments

@gianpietro - so it works for U ?

yprokule gravatar imageyprokule ( 2017-01-19 10:03:40 -0600 )edit
1

Yes, working fine after replacing the file and reloading apache.

gianpietro gravatar imagegianpietro ( 2017-01-19 10:45:30 -0600 )edit

The procedure indicated by @gianpietro works very well (installation for Ubuntu)

ctomas gravatar imagectomas ( 2017-01-24 14:15:58 -0600 )edit

@gianpietro: I was seeking some clarifications. There are two ways of how to start the ceilometer-api service. One of them is to start it as CGI script inside a webserver, HTTPD in this case. Other way is to start it as a python process. Correct me if i have got it wrong.

DarkKnight gravatar imageDarkKnight ( 2017-01-31 01:21:38 -0600 )edit

@DarkKnight: I understand the same. The service starts by default inside httpd, so if we install the ceilometer-api component as the newton guide shows (wrongly I guess, as it's deprecated) it will try to start its service as a python process and fail as the port is already taken.

gianpietro gravatar imagegianpietro ( 2017-01-31 08:32:21 -0600 )edit
add a comment
0

answered 2017-01-16 20:02:35 -0600

Hocinee gravatar image

I have the same probleme, had you found the solution !

edit flag offensive delete link more

Comments

it seems wsgi service got some permission issues.

zero gravatar imagezero ( 2017-01-17 07:55:38 -0600 )edit

Change the port on which on which the ceilometer api service runs.

DarkKnight gravatar imageDarkKnight ( 2017-01-19 03:44:10 -0600 )edit

@DarkKnight - so how changing port helps ? U either start ceilometer-api from apache's mod_wsgi or with regular systemctl start openstack-ceilometer-api

yprokule gravatar imageyprokule ( 2017-01-19 10:05:16 -0600 )edit
add a comment
0

answered 2017-01-17 07:47:43 -0600

zero gravatar image

updated 2017-01-17 07:52:46 -0600

The Openstack official Document may lost this config

<Directory />
        Require all granted
</Directory>

you can change http like this 

Listen 8777

<VirtualHost *:8777>
WSGIDaemonProcess ceilometer-api processes=2 threads=10 user=ceilometer group=ceilometer display-name=%{GROUP}
WSGIProcessGroup ceilometer-api
WSGIScriptAlias / /usr/lib/python2.7/site-packages/ceilometer/api/app.wsgi
WSGIApplicationGroup %{GLOBAL}
ErrorLog /var/log/httpd/ceilometer_error.log
CustomLog /var/log/httpd/ceilometer_access.log combined

<Directory />
    Require all granted
</Directory>

</VirtualHost>

WSGISocketPrefix /var/run/httpd
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2017-01-05 01:35:56 -0600

Seen: 442 times

Last updated: Jan 19 '17

Related questions

Celiometer "db sync" error

Ceilometer database is not showing in sql?

Kilo version Insance meter event_type

Openstack security group rules implemented ?

What is the authorization scope of a federated user ?

ceilometer meter-list ; Internal Server Error (HTTP 500)

How to create Custom alarm action using Ceilometer?

Ceilometer alarm create fail (Table 'aodh.alarm' doesn't exist)

openstack ansible keystone

Enabling Gnocchi in DevStack fails