Ask Your Question
0

Multi-Region authentication

asked 2018-04-13 10:19:15 -0500

mkhan gravatar image

updated 2018-04-13 17:33:53 -0500

My environment(PIKE) has two regions, RegionOne and RegionTwo. Keystone is working perfectly fine when switching between two regions. I have also created endpoints for the glance and another service as well in RegionOne for RegionTwo Points. C:\fakepath\Screen Shot 2018-04-13 at 11.13.00 AM.png

when I ran openstack endpoint list it display all the endpoints but when I ran glance --os-region-name RegionTwo --debug image-list its show me this error C:\fakepath\Screen Shot 2018-04-13 at 11.15.47 AM.png

Request returned failure status 401.
DEBUG:glanceclient.common.http:Request returned failure status 401.
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 699, in main
    OpenStackImagesShell().main(argv)
  File "/usr/lib/python2.7/site-packages/glanceclient/shell.py", line 605, in main
    raise exc.CommandError("Invalid OpenStack Identity credentials.")
CommandError: Invalid OpenStack Identity credentials.

when test the same same command in regiontwo susch as glance image-list it works fine but not working from different region

018-04-13 11:07:41.168 18701 WARNING keystonemiddleware.auth_token [-] Authorization failed for token: InvalidToken: Token authorization failed
2018-04-13 11:07:41.170 18701 INFO eventlet.wsgi.server [-] 10.10.150.148 - - [13/Apr/2018 11:07:41] "GET /v2/images?limit=20 HTTP/1.1" 401 572 0.164411
2018-04-13 11:17:38.418 18701 WARNING keystonemiddleware.auth_token [-] Authorization failed for token: NotFound: This is not a recognized Fernet token gAAAAABa0Me7e6utYFNXDrBT7xtBzPe45w7ibfYZuJQssCZ1g_EyTqunXgJNamqZC0yg7yCBHSNftBZ8rHI-CKdSIMnraYNcWLAqQwx3cFaYxurEesYx5QnyQpuuhMeIRTuXdr8BvWNhuEmrsDN81hFGVUvE-vXA0rqmOpkE1QgKlpxCB_Uh-zk= (HTTP 404) (Request-ID: req-cbd8ff3c-5b86-4353-9e9a-82f07019571f)
2018-04-13 11:17:38.420 18701 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "This is not a recognized Fernet token gAAAAABa0Me7e6utYFNXDrBT7xtBzPe45w7ibfYZuJQssCZ1g_EyTqunXgJNamqZC0yg7yCBHSNftBZ8rHI-CKdSIMnraYNcWLAqQwx3cFaYxurEesYx5QnyQpuuhMeIRTuXdr8BvWNhuEmrsDN81hFGVUvE-vXA0rqmOpkE1QgKlpxCB_Uh-zk=", "code": 404, "title": "Not Found"}}: NotFound: This is not a recognized Fernet token gAAAAABa0Me7e6utYFNXDrBT7xtBzPe45w7ibfYZuJQssCZ1g_EyTqunXgJNamqZC0yg7yCBHSNftBZ8rHI-CKdSIMnraYNcWLAqQwx3cFaYxurEesYx5QnyQpuuhMeIRTuXdr8BvWNhuEmrsDN81hFGVUvE-vXA0rqmOpkE1QgKlpxCB_Uh-zk= (HTTP 404) (Request-ID: req-cbd8ff3c-5b86-4353-9e9a-82f07019571f)
2018-04-13 11:17:38.420 18701 WARNING keystonemiddleware.auth_token [-] Authorization failed for token: InvalidToken: Token authorization failed
2018-04-13 11:17:38.422 18701 INFO eventlet.wsgi.server [-] 10.10.150.148 - - [13/Apr/2018 11:17:38] "GET /v2/images?limit=20 HTTP/1.1" 401 572 0.131338
2018-04-13 11:17:39.142 18699 WARNING keystonemiddleware.auth_token [-] Authorization failed for token: NotFound: This is not a recognized Fernet token gAAAAABa0MoRoo0lngtou8uis4G1UeH5lmLepApLVZ_Y2lrXT6CtY0ybh0yYqGrMVp58HIX5IpdAWowI3DGRLCzpdBf4-fZ9eFkLQc02EUlCZd-JOderO2QbTFjKQt1RUerdQRmA5NzCk3fGeggJD-fcpjQY_M2wid3OhwKAkTj_OvBA94NA2bk= (HTTP 404) (Request-ID: req-7f2693b2-168b-4898-903e-f5d245e129a2)
2018-04-13 11:17:39.154 18699 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "This is not a recognized Fernet token gAAAAABa0MoRoo0lngtou8uis4G1UeH5lmLepApLVZ_Y2lrXT6CtY0ybh0yYqGrMVp58HIX5IpdAWowI3DGRLCzpdBf4-fZ9eFkLQc02EUlCZd-JOderO2QbTFjKQt1RUerdQRmA5NzCk3fGeggJD-fcpjQY_M2wid3OhwKAkTj_OvBA94NA2bk=", "code": 404, "title": "Not Found"}}: NotFound: This is not a recognized Fernet token gAAAAABa0MoRoo0lngtou8uis4G1UeH5lmLepApLVZ_Y2lrXT6CtY0ybh0yYqGrMVp58HIX5IpdAWowI3DGRLCzpdBf4-fZ9eFkLQc02EUlCZd-JOderO2QbTFjKQt1RUerdQRmA5NzCk3fGeggJD-fcpjQY_M2wid3OhwKAkTj_OvBA94NA2bk= (HTTP 404) (Request-ID: req-7f2693b2-168b-4898-903e-f5d245e129a2)
2018-04-13 11:17:39.154 18699 WARNING keystonemiddleware.auth_token [-] Authorization failed for token: InvalidToken: Token authorization failed
2018-04-13 11:17:39.156 18699 INFO eventlet.wsgi.server [-] 10.10.150.148 - - [13/Apr/2018 11:17:39] "GET /v2/images?limit=20 HTTP/1.1" 401 572 0.130965
edit retag flag offensive close merge delete

Comments

The 2nd screenshot indicates that you configured an auth url of 10.10.150.149 instead of ...148 in region 2 Glance.

You seem to contradict yourself saying that image-list doesn’t work, and works in region 2, and I don’t understand what action provokes the InvalidToken error.

Bernd Bausch gravatar imageBernd Bausch ( 2018-04-13 17:52:45 -0500 )edit

The keystone authentication works fine between two regions. I have glance endpoint in region1 and keystone identity in the region1 for the region2. Attached screenshots will show the endpoints of both regions. The entire environment is deployed by RDO.

mkhan gravatar imagemkhan ( 2018-04-15 11:43:35 -0500 )edit

I have deployed multi-regions on Mitaka but on a pike, the same way deployment giving me issues with authentication on other than Keystone API

mkhan gravatar imagemkhan ( 2018-04-15 11:49:59 -0500 )edit

The 2nd screenshot indicates that you configured an auth url of 10.10.150.149 instead of ...148 in region 2 glance-api.conf.

What you mean by "authentication on other than Keystone API"? What else do you use for authentication?

Bernd Bausch gravatar imageBernd Bausch ( 2018-04-15 18:13:35 -0500 )edit

when I run this command from RegionOne

[root@pike-gnocchi ~]# source keystonerc_admin 
[root@pike-gnocchi ~(keystone_admin)]# openstack endpoint list | grep keystone
| 263e7f4df4af40099d857585114070d0 | RegionTwo | keystone     | identity     | True    | internal  | http://10.10.150.148:5000/v3
mkhan gravatar imagemkhan ( 2018-04-16 09:28:55 -0500 )edit

1 answer

Sort by » oldest newest most voted
0

answered 2018-04-15 11:44:03 -0500

mkhan gravatar image

updated 2018-04-20 09:18:02 -0500

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2018-04-13 10:19:15 -0500

Seen: 291 times

Last updated: Apr 20