Ask Your Question
0

authorization failed (keystone logs)

asked 2015-07-30 22:14:03 -0500

celius202 gravatar image

Hello,

Occasionally keystone logs shows

DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /usr/lib/python2.7/site-packages/keystone/middleware/core.py:229
INFO keystone.common.wsgi [-] POST /tokens?
WARNING keystone.common.wsgi [-] Authorization failed. Invalid user / password (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from 10.0.0.139

I really wonder who causes this problem and want to know how to fix it. Anyone help?

edit retag flag offensive close merge delete

Comments

You are running keystone in debug set to true so you may see a lot more than you need to. Is this halting you from doing anything, have you possibly changed a password for a service account or left a script running with bad creds maybe. Try looking at the line of code it's referencing.

omar-munoz gravatar imageomar-munoz ( 2015-07-31 11:42:44 -0500 )edit

@Omar, do you recommend a solution to this issue ? I have been facing it for the past three days ...

SyCode7 gravatar imageSyCode7 ( 2016-04-12 06:41:43 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-08-25 23:50:54 -0500

jianzj gravatar image

From log content, it has been shown that "Invalid user / password", and in source code, you could find logic in ./keystone/identity/backends/sql.py , this problem may be your user does not exist or your password is not correct.

I have one suggestion, suppose your keystone service works well.

You could use ADMIN_TOKEN to check if this user does exist. ADMIN_TOKEN is in the configuration file, "/etc/keystone/keystone.conf", and you could get it from "admin_token" , if it is commented, please remove the comment to enable it.

Then , I suppose you could use python-openstackclient, run command : openstack --os-token $admin_token --os-url http://$IP:5000/v3 --os-identity-api-version 3 user list

to check .

If this user does exist, you could also use admin token to reset this password, to run command openstack --os-token $admin_token --os-url http://$IP:5000/v3 --os-identity-api-version 3 user set

There are some parameters that need to be set, you could run "openstack help user set" for help.

Or you just recreate a new user.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-07-30 22:14:03 -0500

Seen: 1,458 times

Last updated: Aug 25 '15