Ask Your Question
1

after installing docker, NetworkError: Unable to communicate with keystone

asked 2014-07-22 18:37:40 -0500

naveenkothamasu gravatar image

updated 2014-07-23 14:13:29 -0500

Have been playing around with Havana for a while and thought of installing Docker as well. So followed https://wiki.openstack.org/wiki/Docke...

Per the doc, ran $ ./tools/docker/install_docker.sh and $ ./stack.sh. But devstack fails while creating a flavor. Exactly at nova flavor-create m1.nano 42 64 0 1 with the following error ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID: <some characters="">)

Verified n-api log, keystonemiddleware.auth_token [-] Invalid user token - rejecting request.

Strangely, the following curl commands (which doesn't involve tenant-id) work

curl 'http://137.69.145.40:5000/v2.0/tokens' -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d '{"auth": {"tenantName": "demo", "passwordCredentials": {"username": "admin", "password": "123"}}}' | python -mjson.tool

curl -H "X-Auth-Token: $OS_TOKEN" http://137.69.145.40:5000/v3/projects | python -mjson.tool

But, the curl command to fetch the list of flavors errors out saying "Authentication Required" (though the same $OS_TOKEN works for the above commands)

curl -X GET http://137.69.145.40:8774/v2/{tenant-... -H "X-Auth-Token: $OS_TOKEN" | python -mjson.tool

Any help is much appreciated. Thanks.

PS: Also I am sure that there is nothing wrong with the tenant-id. Before I installed docker, everything was working as expected.

The n-api log:

2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token   File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token.py", line 1132, in verify_token
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token     self._auth_version = self._choose_api_version()
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token   File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token.py", line 1209, in _choose_api_version
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token     versions_supported_by_server = self._get_supported_versions()
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token   File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token.py", line 1229, in _get_supported_versions
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token     response, data = self._json_request('GET', '/')
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token   File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token.py", line 1337, in _json_request
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token     response = self._http_request(method, path, **kwargs)
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token   File "/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token.py", line 1304, in _http_request
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token     raise NetworkError('Unable to communicate with keystone')
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token NetworkError: Unable to communicate with keystone
2014-07-23 10:37:08.437 18776 TRACE keystonemiddleware.auth_token
2014-07-23 10:37:08.438 18776 WARNING keystonemiddleware.auth_token [-] Authorization failed for token
2014-07-23 10:37:08.439 18776 INFO keystonemiddleware.auth_token [-] Invalid user token - rejecting request

2014-07-23 10:37:08.444 18776 INFO nova.osapi_compute.wsgi.server [-] 137.69.144.183 "POST /v2/2a0d37ce96e249ce855f53e522cd1324/flavors HTTP/1.1" status: 401 len: 262 time: 4.2080028

Update 2: I do not see identity_url anywhere in my nova.conf.

[keystone_authtoken]
signing_dir = /var/cache/nova
admin_password = 123
admin_user = nova
admin_tenant_name = service
auth_host = 137.69.144.183

But I guessed ... (more)

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-07-23 00:23:35 -0500

updated 2014-07-23 00:36:10 -0500

I don't think it has anything to do with docker. Today is milestone release and most probably stack.sh would have picked up latest release which would have broken your setup.

Also it has nothing to do with tenantId. In your curl command to get token, if you replace tenantName with tenantId, you will still be able to get token.

Most probably there is some problem with keystonemiddleware ( previously it used to be in keystoneclient, now the middleware code is separate project). Can you please increase the log level for middleware to see what is going on

edit flag offensive delete link more

Comments

@Haneef Ali: I updated the question with the log, could you please take a look?

naveenkothamasu gravatar imagenaveenkothamasu ( 2014-07-23 12:42:20 -0500 )edit

It says communication error. Can you check/paste the content of auth_token section from nova.conf. In the section there will be identity_url, and it should match you keystone url.

Also content of curl <url from="" auth_token_section=""> | python -m json.tool

Haneef Ali gravatar imageHaneef Ali ( 2014-07-23 13:06:09 -0500 )edit

@Haneef Ali I updated the question. I am not able to put in lot of content in the comment section. Thanks.

naveenkothamasu gravatar imagenaveenkothamasu ( 2014-07-23 14:14:20 -0500 )edit

Please add the following option under keystone_auth section, restart nova and try it one more time identity_uri = http://137.69.144.183:35357

If you use auth host, then you need to specify auth protocol and auth port. If you don't then it defaults to https. So the best option is to use idenity_uri

Haneef Ali gravatar imageHaneef Ali ( 2014-07-23 15:07:53 -0500 )edit

My issue could be (http vs https communication) https://bugs.launchpad.net/devstack/+... My stack.sh overrides my changes in nova.conf. So I tht I would set it in local.conf file,KEYSTONE_AUTH_PROTOCOL = http.But not sure if it is affecting the run, still fails with the same error. Any help?

naveenkothamasu gravatar imagenaveenkothamasu ( 2014-07-23 15:09:12 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-07-22 18:37:40 -0500

Seen: 387 times

Last updated: Jul 23 '14