Ask Your Question
0

Keystone user-list authentication error. [closed]

asked 2014-08-10 15:09:41 -0500

bcstodds gravatar image

updated 2014-08-11 01:39:04 -0500

Hello,

I am running through the OpenStack lab for running openstack on a virtual machine and have run into an issue that I can't seem to get past.

I am following this guide: http://docs.openstack.org/training-guides/content/lab000-openstack-training-labs.html (http://docs.openstack.org/training-gu...)

And am currently in this section: http://docs.openstack.org/training-guides/content/lab001-control-node.xml.html (http://docs.openstack.org/training-gu...) On the last step for setting up Keystone.

At this point I have been able to follow all of the steps in the guide without issue, and used the keystone_basic.sh and keystone_endpoints_basic.sh that can be found here: https://bugs.launchpad.net/openstack-training-guides/+bug/1282056 (https://bugs.launchpad.net/openstack-...)

At this point though, when I run the command 'keystone user-list' I get the output:

root@compute:/home/<username># keystone user-list

The request you have made requires authentication. (HTTP 401)

I'm not sure why I am having authentication issues though since I have sourced a file Credentials.sh with the username and password that I have set up so far (as described in the guide).

Is there something obvious I am missing so far?

Thanks,

-Ben

EDIT (debug content without usernames or passwords):

<username>@compute:~/openstack-config$ keystone --debug user-list

REQ: curl -i -X POST http://192.168.100.51:5000/v2.0/tokens -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient"

REQ BODY: {"auth": {"tenantName": "<username>", "passwordCredentials": {"username": "<username>", "password": "<password>"}}}

RESP: [401] CaseInsensitiveDict({'date': 'Mon, 11 Aug 2014 06:25:19 GMT', 'vary': 'X-Auth-Token', 'content-length': '114', 'content-type': 'application/json'})

RESP BODY: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

Request returned failure status: 401

The request you have made requires authentication. (HTTP 401)

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by bcstodds
close date 2014-08-12 11:36:41.615544

add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-08-11 00:47:15 -0500

Haneef Ali gravatar image

Try keystone --debug user-list and copy paste the output. Without debug info, it is difficult to guess. I don't think user-list is exposed on port 5000, you should use port 35357thy

edit flag offensive delete link more

Comments

Editing my main post since I can't copy all the text into a comment. It still seems to be just an authentication error, but authentication should be covered via sourcing the credentials as in the tutorial I've been following.

I'm not sure what changes I'd have to make to the posted guide to fix it.

bcstodds gravatar imagebcstodds ( 2014-08-11 01:31:45 -0500 )edit

Editing the port number in the URL in the credentials file and resourcing doesn't change the output of the command I've run either (aside from the port in the post request being 35357 as suggested.

bcstodds gravatar imagebcstodds ( 2014-08-11 01:38:06 -0500 )edit
1
Look at keystone.log for exact details. Most probably  you don't have that credentials created in the data base.
Login to mysql and check whether the user , tenant table have respective user and tenant. Also check whether there is a role association between user and tenant. You can check this in roles table.

MySql credentials will be in keystone.conf. Its default location is /etc/keystone/keystone.conf.

Your request is failing during token-get. Port 35357  is required only for user-list which  is called only if you get a valid token.

Alternate way:
keystone.conf  will have ADMIN token. Enable that config setting and restart keystone. Then set the env varaible OS_SERVICE_TOKEN =<admin token="" valie="" from="" keystone.conf="">.  Then try keystone user-list. This bypasses authentication. So if you have users created, it will list them
Haneef Ali gravatar imageHaneef Ali ( 2014-08-11 02:04:24 -0500 )edit

Making the request only adds one line to the log, which is:

2014-08-11 12:30:57.742 1641 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 192.168.100.51

I'll give your alternative a try also.

bcstodds gravatar imagebcstodds ( 2014-08-11 11:31:26 -0500 )edit

That produces the message:

Expecting an endpoint provided via either --os-endpoint or env[OS_SERVICE_ENDPOINT]

Which I would think would be covered by keystone_endpoints_basic.sh from the tutorial.

bcstodds gravatar imagebcstodds ( 2014-08-11 12:23:02 -0500 )edit
see more comments

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-08-10 14:36:37 -0500

Seen: 7,343 times

Last updated: Aug 11 '14

Related questions

FIDO support in OpenStack

keystone user-list error Authorization Failed: The resource could not be found. (HTTP 404)

my nova doesn't work now, shows url's project_id doesn't match context's project_id. The url's project_id I thought is the role of admin added to the nova at tenant service, but my question is, how can I check the "context's project_id"?

keystone user-list doesn't work

cloud foundry access via openstack dashboard

Snapshots taking long time

Where can I find documentation about how to plan vNF demand for openstack?

Can I set tenant-id programmatically?

can't ping external router gateway

Tacker Installation Failure