Monasca: Forbidden or unreachable? [closed]
Hi, I installed Monasca with Docker. I use Keystone from my Openstack installation. I added these lines to docker-compose.yml in agent-forwarder, agent-collector etc...
OS_AUTH_URL: http://controller:5000/identity/v3
OS_USERNAME: monasca-agent
OS_PASSWORD: mypassword
OS_PROJECT_NAME: monasca
OS_PROJECT_DOMAIN_NAME: Default
OS_USER_DOMAIN_NAME: Default
The user is existent in Keystone and I can log into Openstack with this user. Now I get hundreds of this errors:
monasca_1 | 2018-07-09 17:20:16 [66] gunicorn.access [INFO] 172.18.0.8 - - [09/Jul/2018:17:20:16 +0000] POST /v2.0/metrics HTTP/1.1 401 97 "-" "monasca-agent keystoneauth1/3.3.0 python-requests/2.18.4 CPython/2.7.13" 0.004476
monasca_1 | 2018-07-09 17:20:17 [66] gunicorn.access [INFO] 172.18.0.8 - - [09/Jul/2018:17:20:17 +0000] POST /v2.0/metrics HTTP/1.1 401 97 "-" "monasca-agent keystoneauth1/3.3.0 python-requests/2.18.4 CPython/2.7.13" 0.139112
agent-forwarder_1 | 2018-07-09 17:20:17,190 | ERROR | forwarder | monasca_agent.forwarder.api.monasca_api(monasca_api.py:149) | Error sending message to Monasca API.
agent-forwarder_1 | Traceback (most recent call last):
agent-forwarder_1 | File "/usr/local/lib/python2.7/site-packages/monasca_agent/forwarder/api/monasca_api.py", line 141, in _send_message
agent-forwarder_1 | self._mon_client.metrics.create(**kwargs)
agent-forwarder_1 | File "/usr/local/lib/python2.7/site-packages/monascaclient/v2_0/metrics.py", line 31, in create
agent-forwarder_1 | body = self.client.create(url=url_str, json=data)
agent-forwarder_1 | File "/usr/local/lib/python2.7/site-packages/osc_lib/api/api.py", line 164, in create
agent-forwarder_1 | ret = self._request(method, url, session=session, **params)
agent-forwarder_1 | File "/usr/local/lib/python2.7/site-packages/osc_lib/api/api.py", line 141, in _request
agent-forwarder_1 | return session.request(url, method, **kwargs)
agent-forwarder_1 | File "/usr/local/lib/python2.7/site-packages/keystoneauth1/session.py", line 737, in request
agent-forwarder_1 | raise exceptions.from_response(resp, method, url)
agent-forwarder_1 | Unauthorized: Forbidden (HTTP 401) (Request-ID: req-de995882-dd2d-4892-b58e-a3d47c46e101)
agent-forwarder_1 | 2018-07-09 17:20:17,190 | WARNING | forwarder | monasca_agent.forwarder.api.monasca_api(monasca_api.py:168) | The Monasca API is DOWN or unreachable. Queuing the messages to send later...
So... the second last line says I get a 401 Error, the last line says the API is unreachable. What is true now? If it is unreachable, it cannot give a 401 Error (Forbidden). How to start debugging here? What can be the problem?
The 401 comes from Keystone authentication. My guess: The agent forwarder can’t log on, and therefore can’t reach Monasca.
Check the Keystone logs. Check if OS_* variables supercede your Docker config. In the worst case, trace network traffic generated by the agent forwarder.
Thanks! Indeed the problem was that the monasca user did not have the necessary roles.