Ask Your Question
0

Freezer API can't connect to Keystone v3 API

asked 2020-01-24 05:54:38 -0600

anonymous user

Anonymous

Hi all,

I'm new to Openstack and I'm trying to find backup solution. Since you developed Freezer, I wanted to test it but installation and configuration processes are painful to me. Anyway I could manage to install freezer-api and freezer-web-ui,python-freezerclient,freezer-agent,freezer-scheduler. I can see Disaster Recovery tab in panel. At this point when I click any link under Disaster Recovery, I get

'Error: [*] Error 401: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}'

The logs in freezer-api.log are;

2020-01-24 14:06:13.572 38758 DEBUG paste.httpserver.ThreadPool [-] Added task (0 tasks queued) add_task /usr/lib/python2.7/site-packages/paste/httpserver.py:648
2020-01-24 14:06:13.574 38758 WARNING keystonemiddleware.auth_token [-] Using the in-process token cache is deprecated as of the 4.2.0 release and may be removed in the 5.0.0 release or the 'O' development cycle. The in-process cache causes inconsistent results and high memory usage. When the feature is removed the auth_token middleware will not cache tokens by default which may result in performance issues. It is recommended to use  memcache for the auth_token token cache by setting the memcached_servers option.
2020-01-24 14:06:13.576 38758 DEBUG keystoneauth.session [-] REQ: curl -g -i -X GET http://10.151.233.21:35357 -H "Accept: application/json" -H "User-Agent: freezer-api/7.1.0 keystonemiddleware.auth_token/6.0.0 keystoneauth1/3.13.1 python-requests/2.21.0 CPython/2.7.5" _http_log_request /usr/lib/python2.7/site-packages/keystoneauth1/session.py:464
2020-01-24 14:06:15.457 38758 DEBUG keystoneauth.session [-] RESP: [300] Connection: Keep-Alive Content-Length: 269 Content-Type: application/json Date: Fri, 24 Jan 2020 11:06:13 GMT Keep-Alive: timeout=5, max=100 Location: http://10.151.233.21:35357/v3/ Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 Vary: X-Auth-Token x-openstack-request-id: req-bde00df7-6366-4570-9861-cf702b2f77d6 _http_log_response /usr/lib/python2.7/site-packages/keystoneauth1/session.py:495
2020-01-24 14:06:15.457 38758 DEBUG keystoneauth.session [-] RESP BODY: {"versions": {"values": [{"status": "stable", "updated": "2019-01-22T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.12", "links": [{"href": "http://10.151.233.21:35357/v3/", "rel": "self"}]}]}} _http_log_response /usr/lib/python2.7/site-packages/keystoneauth1/session.py:527
2020-01-24 14:06:15.457 38758 DEBUG keystoneauth.session [-] GET call to http://10.151.233.21:35357/ used request id req-bde00df7-6366-4570-9861-cf702b2f77d6 request /usr/lib/python2.7/site-packages/keystoneauth1/session.py:874
2020-01-24 14:06:15.460 38758 DEBUG keystoneauth.identity.v2 [-] Making authentication request to http://10.151.233.21:35357/v2.0/tokens get_auth_ref /usr/lib/python2.7/site-packages/keystoneauth1/identity/v2.py:61
2020-01-24 14:06:17.096 38758 DEBUG keystoneauth.session [-] Request returned failure status: 404 request /usr/lib/python2.7/site-packages/keystoneauth1/session.py:889
2020-01-24 14:06:17.097 38758 WARNING keystonemiddleware.auth_token [-] Authorization failed for token: InvalidToken: Token authorization failed
2020-01-24 14:06:21.212 38758 DEBUG paste.httpserver.ThreadPool [-] Added task (0 tasks queued) add_task /usr/lib ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2020-01-24 09:13:32 -0600

2020-01-24 14:06:15.457 38758 DEBUG keystoneauth.session [-] RESP BODY: {"versions": {"values": [{"status": "stable", "updated": "2019-01-22T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.12", "links": [{"href": "http://10.151.233.21:35357/v3/", "rel": "self"}]}]}} _http_log_response /usr/lib/python2.7/site-packages/keystoneauth1/session.py:527

The Keystone in this cloud only offers the v3 API, but:

2020-01-24 14:06:15.460 38758 DEBUG keystoneauth.identity.v2 [-] Making authentication request to http://10.151.233.21:35357/v2.0/tokens get_auth_ref /usr/lib/python2.7/site-packages/keystoneauth1/identity/v2.py:61

Freezer tries to authenticate using v2.

Somewhere in the Freezer config file, you need to correct the Keystone authentication URL and set it to v3.

edit flag offensive delete link more

Comments

That's exactly my problem but parameters seem fine

# Complete admin Identity API endpoint. This should specify the unversioned
# root endpoint e.g. https://localhost:35357/ (string value)
identity_uri = http://10.151.233.21:35357/
auth_version = v3
yavuzs gravatar imageyavuzs ( 2020-01-26 22:48:09 -0600 )edit

I'm not sure what identity_uri option is in freezer, but the problem seems to be during the step when keystonemiddleware tries to validate the incoming token - and tries to go to v2 Keystone for that. Check the values of auth_url and auth_version in the [keystone_authtoken] config section.

pas-ha gravatar imagepas-ha ( 2020-01-27 01:59:44 -0600 )edit

When I don't use identity_uri, the freezer-api automatically tries to connect https://127.0.0.1:35357. No other option used by freezer-api.

auth_uri = http://10.151.233.21:5000
requests.exceptions.SSLError: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: /v2.0/token
yavuzs gravatar imageyavuzs ( 2020-01-27 02:28:22 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2020-01-24 05:32:37 -0600

Seen: 95 times

Last updated: Jan 24