Ask Your Question
0

cinder unauthorized

asked 2015-02-12 08:35:57 -0600

Robin Dekens gravatar image

updated 2015-02-13 02:55:24 -0600

salvorapi gravatar image

Hello people,

when i enter the command cinder service-list i get the following: ERROR: Authentication failure: An unexpected error prevented the server from fulfilling your request. (HTTP 500)

I established that the cinder storage server is updating as it should be no error there but when i open the cinder-api log i get the following

2015-02-12 15:13:00.731 3451 INFO cinder.wsgi [-] osapi_volume listening on 0.0.0.0:8776 2015-02-12 15:13:00.732 3451 INFO cinder.openstack.common.service [-] Starting 2 workers 2015-02-12 15:13:00.733 3451 INFO cinder.openstack.common.service [-] Started child 3457 2015-02-12 15:13:00.736 3451 INFO cinder.openstack.common.service [-] Started child 3458 2015-02-12 15:13:00.736 3457 INFO eventlet.wsgi.server [-] (3457) wsgi starting up on http://0.0.0.0:8776/ 2015-02-12 15:13:00.740 3458 INFO eventlet.wsgi.server [-] (3458) wsgi starting up on http://0.0.0.0:8776/ 2015-02-12 15:13:13.697 3458 INFO eventlet.wsgi.server [-] (3458) accepted ('176.9.32.106', 46226) 2015-02-12 15:13:13.716 3458 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2015-02-12 15:13:14.232 3458 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2015-02-12 15:13:15.250 3458 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2015-02-12 15:13:17.267 3458 ERROR keystonemiddleware.auth_token [-] HTTP connection exception: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2015-02-12 15:13:17.268 3458 WARNING keystonemiddleware.auth_token [-] Authorization failed for token 2015-02-12 15:13:17.270 3458 INFO eventlet.wsgi.server [-] 176.9.32.106
- - [12/Feb/2015 15:13:17] "GET /v1/fbc92b5d4da64f759212afc61fe78d36/os-services HTTP/1.1" 401 259 3.570571 2015-02-12 15:13:17.382 3457 INFO eventlet.wsgi.server [-] (3457) accepted ('176.9.32.106', 46232) 2015-02-12 15:13:17.400 3457 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2015-02-12 15:13:17.916 3457 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2015-02-12 15:13:18.934 3457 WARNING keystonemiddleware.auth_token [-] Retrying on HTTP connection exception: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2015-02-12 15:13:20.944 3457 ERROR keystonemiddleware.auth_token [-] HTTP connection exception: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2015-02-12 15:13:20.944 3457 WARNING keystonemiddleware.auth_token [-] Authorization failed for token 2015-02-12 15:13:20.945 3457 INFO eventlet.wsgi.server [-] 176.9.32.106
- - [12/Feb/2015 15:13:20] "GET /v1/fbc92b5d4da64f759212afc61fe78d36/os-services HTTP/1.1" 401 259 3.561609 2015-02-12 15:14:59.636 3458 INFO eventlet.wsgi.server [-] (3458) accepted ('176.9.32.106', 46245) 2015-02-12 ...
(more)
edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-02-12 11:20:47 -0600

salvorapi gravatar image

Hi,

you have to write keystone service authentication inside api-paste.ini under /etc/cinder directory.

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = cinder_password

and remove from cinder.conf

edit flag offensive delete link more

Comments

trying it as i typ this....

Robin Dekens gravatar imageRobin Dekens ( 2015-02-13 02:12:51 -0600 )edit

little question though what difference does it make, if i put this in the api-paste.ini.

Robin Dekens gravatar imageRobin Dekens ( 2015-02-13 03:49:14 -0600 )edit

ok it worked. BUT..... why does it work here and not in the cinder.conf. Changed your config a little which worked also and is according to openstack manual specs

Robin Dekens gravatar imageRobin Dekens ( 2015-02-13 04:29:37 -0600 )edit

to this 

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory

auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = cinder
admin_password = cinder_password
Robin Dekens gravatar imageRobin Dekens ( 2015-02-13 04:29:58 -0600 )edit

Because cinder-api, like other Openstack components, use a web services framework called Paste ( http://pythonpaste.org/deploy/ ) that want this file for config. If you are a Python developer you can read this http://docs.openstack.org/developer/c...

salvorapi gravatar imagesalvorapi ( 2015-02-13 04:56:40 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-02-12 08:35:57 -0600

Seen: 1,057 times

Last updated: Feb 13 '15

Related questions

cinder-api and bind_host parameter

Glance error

Juno Authentication to Horizon error - too many connections

Account HEAD failed 401 Unauthorized [closed]

How do you get server fault details from nova?

error connecting to the cluster nova.compute.manager

Cinder backup restore - One in two tries goes in error_restoring state

How should I authenticate against keystone?

heat stack-list returns ERROR: Authentication required

Problem when verifyin installation of orchestration service