Monasca: Forbidden or unreachable? [closed]

asked 2018-07-09 12:37:49 -0500

ICBeter gravatar image

Hi, I installed Monasca with Docker. I use Keystone from my Openstack installation. I added these lines to docker-compose.yml in agent-forwarder, agent-collector etc...

  OS_AUTH_URL: http://controller:5000/identity/v3
  OS_USERNAME: monasca-agent
  OS_PASSWORD: mypassword
  OS_PROJECT_NAME: monasca

The user is existent in Keystone and I can log into Openstack with this user. Now I get hundreds of this errors:

monasca_1               | 2018-07-09 17:20:16 [66] gunicorn.access [INFO] - - [09/Jul/2018:17:20:16 +0000] POST /v2.0/metrics HTTP/1.1 401 97 "-" "monasca-agent keystoneauth1/3.3.0 python-requests/2.18.4 CPython/2.7.13" 0.004476
monasca_1               | 2018-07-09 17:20:17 [66] gunicorn.access [INFO] - - [09/Jul/2018:17:20:17 +0000] POST /v2.0/metrics HTTP/1.1 401 97 "-" "monasca-agent keystoneauth1/3.3.0 python-requests/2.18.4 CPython/2.7.13" 0.139112
agent-forwarder_1       | 2018-07-09 17:20:17,190 | ERROR | forwarder | monasca_agent.forwarder.api.monasca_api( | Error sending message to Monasca API.
agent-forwarder_1       | Traceback (most recent call last):
agent-forwarder_1       |   File "/usr/local/lib/python2.7/site-packages/monasca_agent/forwarder/api/", line 141, in _send_message
agent-forwarder_1       |     self._mon_client.metrics.create(**kwargs)
agent-forwarder_1       |   File "/usr/local/lib/python2.7/site-packages/monascaclient/v2_0/", line 31, in create
agent-forwarder_1       |     body = self.client.create(url=url_str, json=data)
agent-forwarder_1       |   File "/usr/local/lib/python2.7/site-packages/osc_lib/api/", line 164, in create
agent-forwarder_1       |     ret = self._request(method, url, session=session, **params)
agent-forwarder_1       |   File "/usr/local/lib/python2.7/site-packages/osc_lib/api/", line 141, in _request
agent-forwarder_1       |     return session.request(url, method, **kwargs)
agent-forwarder_1       |   File "/usr/local/lib/python2.7/site-packages/keystoneauth1/", line 737, in request
agent-forwarder_1       |     raise exceptions.from_response(resp, method, url)
agent-forwarder_1       | Unauthorized: Forbidden (HTTP 401) (Request-ID: req-de995882-dd2d-4892-b58e-a3d47c46e101)
agent-forwarder_1       | 2018-07-09 17:20:17,190 | WARNING | forwarder | monasca_agent.forwarder.api.monasca_api( | The Monasca API is DOWN or unreachable. Queuing the messages to send later...

So... the second last line says I get a 401 Error, the last line says the API is unreachable. What is true now? If it is unreachable, it cannot give a 401 Error (Forbidden). How to start debugging here? What can be the problem?

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by ICBeter
close date 2018-07-11 16:32:26.942668


The 401 comes from Keystone authentication. My guess: The agent forwarder can’t log on, and therefore can’t reach Monasca.

Check the Keystone logs. Check if OS_* variables supercede your Docker config. In the worst case, trace network traffic generated by the agent forwarder.

Bernd Bausch gravatar imageBernd Bausch ( 2018-07-09 17:12:58 -0500 )edit

Thanks! Indeed the problem was that the monasca user did not have the necessary roles.

ICBeter gravatar imageICBeter ( 2018-07-11 16:31:54 -0500 )edit