Ask Your Question

Can we configure Keystone and Cinder (API Sch Vol) on different nodes [closed]

asked 2015-03-17 12:40:53 -0500

Vineeth gravatar image

I am trying to configure a setup where Keystone is configured on Node 1 and Cinder (API + Vol + Sch) is configured on Node2. I am pointing Cinder endpoints (v1 & v2) to Node2 and Keystone configurations in cinder.conf to Node1.

I get this error when i try to run cinder list. root@lglbv247:/home/osuser# cinder list ERROR: Unauthorized (HTTP 401) (Request-ID: req-7190fd75-93e4-4316-8aba-0b60b648395d)

This is the log i get in Keystone. 2015-03-14 02:27:07.145 8283 INFO eventlet.wsgi.server [-] (8283) accepted ('', 45653) 2015-03-14 02:27:07.322 8283 WARNING keystonemiddleware.auth_token [-] Authorization failed for token 2015-03-14 02:27:07.324 8283 INFO eventlet.wsgi.server [-] - - [14/Mar/2015 02:27:07] "GET /v1/391976b73fe5475bb483c5e094c78503/volumes/detail HTTP/1.1"

Am i missing something here? Looks like it is getting Authenticated but Authorization is failing.

Here is the Keystone endpoints. +----------------------------------+-----------+-------------------------------------+-------------------------------------+-------------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id | +----------------------------------+-----------+-------------------------------------+-------------------------------------+-------------------------------------+----------------------------------+ | 419050a4cc624433a9f07f16df185a98 | regionOne | http://cinder:8776/v2/%25(tenant_id)s (http://cinder:8776/v2/%(tenant_id)s) | http://cinder:8776/v2/%25(tenant_id)s (http://cinder:8776/v2/%(tenant_id)s) | http://cinder:8776/v2/%25(tenant_id)s (http://cinder:8776/v2/%(tenant_id)s) | 7d56542b3f154ddbbd263eb052ca6f43 | | 7983790c385d419ebe79ae7efb99a194 | regionOne | http://cinder:8776/v1/%25(tenant_id)s (http://cinder:8776/v1/%(tenant_id)s) | http://cinder:8776/v1/%25(tenant_id)s (http://cinder:8776/v1/%(tenant_id)s) | http://cinder:8776/v1/%25(tenant_id)s (http://cinder:8776/v1/%(tenant_id)s) | 903a76731aae40cbb9a188c76754c7a8 | | 9e25084526f049c2b544ac9a14d58286 | regionOne | | | | 6f2a511395814a5dbde5080899030a86 | +----------------------------------+-----------+-------------------------------------+-------------------------------------+-------------------------------------+----------------------------------+

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by smaffulli
close date 2015-03-24 13:16:47.071356

1 answer

Sort by ยป oldest newest most voted

answered 2015-03-19 08:07:43 -0500

Check if you can get the token by using your cinder username and password from both cinder node and keystone node. If that is working, check the policy.json file for cinder service. You need to look if proper permission was there for the 'role' of the current user from you are trying to access it.

edit flag offensive delete link more


Thankyou Arun Prashanth. I was able to get a valid token with the cinder credentials. My Cinder node was running at 3 day older time to Keystone. Somehow had not noticed this and it started to work fine once i changed the time.

Vineeth gravatar imageVineeth ( 2015-03-19 10:12:14 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2015-03-17 12:40:53 -0500

Seen: 115 times

Last updated: Mar 19 '15