Ask Your Question

havana - heat stack-list returns Invalid openstack identity credentials [closed]

asked 2013-11-26 09:47:07 -0500

antonnoble gravatar image

updated 2013-11-26 09:53:57 -0500

I realize this question has been posted before, but not in relation to Havana, nor was it ever answered.

When I run root@openstackcloud1:/etc/heat# heat stack-list Invalid OpenStack Identity credentials.

My heat.conf file shows:

[keystone_authoken] auth_host = openstackcloud1 auth_port = 35357 auth_protocol = http auth_uri = http://openstackcloud1:5000/v2.0 admin_tenant_name =service admin_user = heat admin_password = heat

[ec2authtoken] auth_uri = http://openstackcloud1:5000/v2.0 keystone_ec2_uri = http://openstackcloud1:5000/v2.0/ec2tokens

I create my user/tenant/role by following the Havana OpenStack Installation Guide for Ubuntu 12.04

Here is what I get when I run a debug

root@openstackcloud1:/etc/heat# heat -d stack-list INFO (connectionpool:202) Starting new HTTP connection (1): openstackcloud1 DEBUG (connectionpool:296) "POST /v2.0/tokens HTTP/1.1" 200 5523 DEBUG (http:111) curl -i -X GET -H 'X-Auth-Token: MIIJ-


'Content-Type: application/json' -H 'Accept: application/json' -H 'User-Agent: python-heatclient' http://openstackcloud1:8004/v1/728de3699e104a9b8a9f2ef8b15c84c7/stacks (http://openstackcloud1:8004/v1/728de3699e104a9b8a9f2ef8b15c84c7/stacks?) DEBUG (http:121) HTTP/1.1 401 Unauthorized date: Tue, 26 Nov 2013 15:44:05 GMT content-length: 23 content-type: text/plain www-authenticate: Keystone uri=''

Authentication required

Invalid OpenStack Identity credentials

Also, when I run

root@openstackcloud1:~# heat-api 2013-11-26 09:52:46.205 5563 INFO keystoneclient.middleware.auth_token [-] Starting keystone auth_token middleware 2013-11-26 09:52:46.205 5563 WARNING keystoneclient.middleware.auth_token [-] Configuring auth_uri to point to the public identity endpoint is required; clients may not be able to authenticate against an admin endpoint 2013-11-26 09:52:46.206 5563 INFO keystoneclient.middleware.auth_token [-] Using /tmp/keystone-signing-vSIHIY as cache directory for signing certificate 2013-11-26 09:52:46.207 5563 INFO heat.api [-] Starting Heat ReST API on ERROR: Could not bind to ('', 8004)after trying for 30 seconds

I get this error.

I noticed the keystone uri shows an https protocol, but for this install I have not specified anywhere for https? I can curl other services such as nova and glance just fine. It just appears to be an issue with Heat. Should I edit the api-paste.ini file as well? If so what should I put in it? Thanks in advance.

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by dheeru
close date 2013-11-28 00:12:00.196284

2 answers

Sort by ยป oldest newest most voted

answered 2013-11-27 14:57:26 -0500

antonnoble gravatar image

The Official Havana Installation Guide has some corrections that need to be made....

To authenticate against keystone for heat you need to edit your API-PASTE.ini


[filter:authtoken] auth_uri = http://controller:5000/v2.0 auth_port = 35357 auth_protocol = http auth_host = controller admin_user = heat admin_password = HEATPASS admin_tenant_name - service

edit flag offensive delete link more


Good that your issue is resolved. This is very basic configuration required for every component. Looks like it missed in the documentation. Good catch. Better to close this request now. Do let me know if I can close this request.

dheeru gravatar imagedheeru ( 2013-11-27 23:53:01 -0500 )edit

You can close this request. Thanks!

antonnoble gravatar imageantonnoble ( 2013-11-28 00:10:33 -0500 )edit

answered 2013-11-26 11:50:58 -0500

dheeru gravatar image
It is clear case not matching the credentials.

1. Please give complete keystone.conf
2. What are the OS_USERNAME, OS_TENANT_NAME etc you are setting when you running the heat stack_list command.
3. Your complete heat.conf also helps
edit flag offensive delete link more


Looks like I don't have enough karma to attach my heat and keystone.conf files. I really hate to copy paste due to the length of all the junk. I am using a sourced file with OS_USERNAME=admin and OS_TENANT_NAME=admin . Does this not all full admin rights to all services?

antonnoble gravatar imageantonnoble ( 2013-11-26 12:27:19 -0500 )edit

My heat.conf only has the authtoken settings (which I provided up top), log file directory, rabbit host and password settings and sql connection settings. I think all the other settings are pretty much default. My kesytone.conf is pretty basic as I am not using SSL. I can post if you specify how.

antonnoble gravatar imageantonnoble ( 2013-11-26 12:30:58 -0500 )edit

If I use my heat credentials OS_USERNAME=heat OS_TENANT_NAME=service OS_PASSWORD=heat I get the same results of Invalid credentials. I have nova, glance , and keystone all working properly. Just seems like an issue with heat.

antonnoble gravatar imageantonnoble ( 2013-11-26 12:34:58 -0500 )edit

please drop an email or send me an email. We can troubleshoot together google chat or something. Reply and response like this is not very effective. My email id

dheeru gravatar imagedheeru ( 2013-11-27 00:17:25 -0500 )edit

Do I have to follow the same procedure in Juno also ???

Alwan gravatar imageAlwan ( 2015-06-22 19:44:30 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-11-26 09:47:07 -0500

Seen: 2,216 times

Last updated: Nov 27 '13