Ask Your Question
1

can't login to dashboard: An error occurred authenticating. Please try again later. [closed]

asked 2013-08-28 10:13:37 -0500

gutschu gravatar image

updated 2013-09-03 03:17:24 -0500

Im running OpenStack Grizzly (identity, compute (cloud controller) and horizon) on a single server with Centos 6.4. Message system is QPID.

When im using keystone client evrything works great. As example:

[root@OPEN-SRV-G-HOR10 ~]# keystone --os-username admin --os-password=DipRoot --os-tenant-name admin --os-auth-url=http://10.10.10.135:35357/v2.0 user-list
+----------------------------------+---------+---------+--------------------+
|                id                |   name  | enabled |       email        |
+----------------------------------+---------+---------+--------------------+
| 3853d51ac9224f5688a20c330fdf860b |  admin  |   True  |  admin@domain.com  |
| 5f0c3317582348b294f9347aedb86150 |  cinder |   True  | cinder@domain.com  |
| 7065a77b89384b3a88a4754abe63f1da |   demo  |   True  |  demo@domain.com   |
| 9facb1f9fab64d388227f15d22cd5681 |  glance |   True  | glance@domain.com  |
| b9be2045f07d48068d61c67ed83ec8d1 |   nova  |   True  |  nova@domain.com   |
| e90a185497f64dadab1c231dfe62f3dd | quantum |   True  | quantum@domain.com |
+----------------------------------+---------+---------+--------------------+

or

keystone --os-username admin --os-password=DipRoot --os-tenant-name admin --os-auth-url=http://10.10.10.135:35357/v2.0 token-get  

+-----------+----------------------------------+
|  Property |              Value               |
+-----------+----------------------------------+
|  expires  |       2013-09-04T08:14:00Z       |
|     id    | 5a84eec0008a45f6b663e9f7eff63462 |
| tenant_id | 3859895950b24382a77c519032777ca7 |
|  user_id  | 3853d51ac9224f5688a20c330fdf860b |
+-----------+----------------------------------+

When I try to login trough dashboard, following error occurs: An error occurred authenticating. Please try again later.

Here is some additional nfo:

in /var/log/httpd/error_log i found folowing enties:

DEBUG:openstack_auth.backend:Beginning user authentication for user "admin".
[Tue Sep 03 02:28:27 2013] [error] INFO:urllib3.connectionpool:Starting new HTTP connection (1): 10.10.10.135
[Tue Sep 03 02:28:27 2013] [error] DeprecationWarning: BaseException.message has been deprecated as of Python 2.6DEBUG:openstack_auth.backend:Authorization Failed: [Errno 13] Permission denied

Config in in /etc/openstack-dashoboard/local_settings

import os

from django.utils.translation import ugettext_lazy as _

from openstack_dashboard import exceptions

DEBUG = False
TEMPLATE_DEBUG = DEBUG

HORIZON_CONFIG = {
    'dashboards': ('project', 'admin', 'settings',),
    'default_dashboard': 'project',
    'user_home': 'openstack_dashboard.views.get_user_home',
    'ajax_queue_limit': 10,
    'auto_fade_alerts': {
        'delay': 3000,
        'fade_duration': 1500,
        'types': ['alert-success', 'alert-info']
    },
    'help_url': "http://docs.openstack.org",
    'exceptions': {'recoverable': exceptions.RECOVERABLE,
                   'not_found': exceptions.NOT_FOUND,
                   'unauthorized': exceptions.UNAUTHORIZED},
}


LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
CACHES = {
    'default': {
        'BACKEND' : 'django.core.cache.backends.locmem.LocMemCache'
    }
}


OPENSTACK_HOST = "127.0.0.1"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"

OPENSTACK_KEYSTONE_BACKEND = {
    'name': 'native',
    'can_edit_user': True,
    'can_edit_project': True
}

OPENSTACK_HYPERVISOR_FEATURES = {
    'can_set_mount_point': False,

    'can_encrypt_volumes': False
}

OPENSTACK_QUANTUM_NETWORK = {
    'enable_lb': False
}

API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20

TIME_ZONE = "UTC"

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'null': {
            'level': 'DEBUG',
            'class': 'django.utils.log.NullHandler',
        },
        'console': {
            # Set the level to "DEBUG" for verbose output logging.
            'level': 'INFO',
            'class': 'logging.StreamHandler',
        },
    },
    'loggers': {
        # Logging from django.db.backends is VERY verbose, send to null
        # by default.
        'django.db.backends': {
            'handlers': ['null'],
            'propagate': False,
        },
        'requests': {
            'handlers': ['null'],
            'propagate': False,
        },
        'horizon': {
            'handlers': ['console'],
            'propagate': False,
        },
        'openstack_dashboard': {
            'handlers': ['console'],
            'propagate': False,
        },
        'novaclient': {
            'handlers': ['console'],
            'propagate': False,
        },
        'keystoneclient': {
            'handlers': ['console'],
            'propagate': False,
        },
        'glanceclient': {
            'handlers': ['console'],
            'propagate': False,
        },
        'nose.plugins.manager': {
            'handlers': ['console'],
            'propagate': False,
        }
    }
}

Is there an other config file to point to the keystone server then local_settings? an the folowing options?

OPENSTACK_HOST = "127.0.0.1"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"

openstack-status:

 [root@OPEN-SRV-G-HOR10 ~]# openstack-status
== Nova services ==
openstack-nova-api:           active
openstack-nova-cert:          active
openstack-nova-compute:       dead (disabled on boot)
openstack-nova-network:       dead (disabled on boot)
openstack-nova-scheduler:     active
openstack-nova-volume:        dead (disabled on boot)
openstack-nova-conductor:     active
== Keystone service ==
openstack-keystone:           active
== Horizon service ==
openstack-dashboard:          active
== Support services ==
mysqld:                       active
httpd:                        active
qpidd:                        active
memcached:                    active
== Keystone users ==
+----------------------------------+---------+---------+--------------------+
|                id                |   name  | enabled |       email        |
+----------------------------------+---------+---------+--------------------+
| 3853d51ac9224f5688a20c330fdf860b |  admin  |   True  |  admin@domain.com  |
| 5f0c3317582348b294f9347aedb86150 ...
(more)
edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2014-01-25 23:37:10.801313

Comments

show the keystone.log plz.

MAIKA gravatar imageMAIKA ( 2013-08-28 21:20:19 -0500 )edit

This is not an answer, please post this as a comment.

Jobin gravatar imageJobin ( 2013-08-28 21:30:26 -0500 )edit

Can you double check that your Horizon is pointing to the expected Keystone (10.10.10.135).

unmesh-gurjar gravatar imageunmesh-gurjar ( 2013-08-28 23:55:25 -0500 )edit

I updatet my question

gutschu gravatar imagegutschu ( 2013-09-03 03:17:57 -0500 )edit

I guess the user running the Horizon service does not have the permission to open a socket connection. Can you try restarting the apache2 service as root user?

unmesh-gurjar gravatar imageunmesh-gurjar ( 2013-09-03 04:06:18 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
3

answered 2013-09-03 04:40:28 -0500

Ashokb gravatar image

Check your SELINUX status, put it in permissive mode. Your error shouldnt appear. You need to investigate the cause by checking /var/log/audit/audit.log

PS: I just reproduced this error by setting SELINUX mode as enforcing.

edit flag offensive delete link more

Comments

that's it! Thank,you!

gutschu gravatar imagegutschu ( 2013-09-03 05:02:09 -0500 )edit

what is it? i can't see the message

levitoh gravatar imagelevitoh ( 2014-01-22 15:50:58 -0500 )edit
2

answered 2013-10-27 06:24:39 -0500

aland gravatar image

While turning SELinux off certainly does the trick, it is somewhat like using a sledgehammer to break a nut. The similar problem was solved for me with by allowing apache to initiate network connections itself, without disabling SELinux completely:

setsebool -P httpd_can_network_connect 1
edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2013-08-28 10:13:37 -0500

Seen: 16,372 times

Last updated: Jan 22 '14