neutron: Running without keystone AuthN requires that tenant_id is specified

asked 2015-08-11 11:11:40 -0500

Shane gravatar image

I was getting the error when trying to add new security rule.

I've had no problem before I messed with some of the settings, mainly with vpnaas. (I was hoping reverting those changes would get me back to normal, but it sadly did not.)

I've also done a bit of research, and found that this could be about neutron not using keystone as auth_strategy. I've checked that already, along with the correct nova_admin_tenant_id, which is set to the tenant_id for services.

 2015-08-11 23:46:49.397 1313 ERROR neutron.api.v2.resource [req-c712c056-2f0d-4978-8237-839ca0c000bb ] create failed
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource Traceback (most recent call last):
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource   File "/usr/lib/python2.7/site-packages/neutron/api/v2/resource.py", line 83, in resource
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource     result = method(request=request, **args)
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource   File "/usr/lib/python2.7/site-packages/neutron/api/v2/base.py", line 391, in create
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource     allow_bulk=self._allow_bulk)
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource   File "/usr/lib/python2.7/site-packages/neutron/api/v2/base.py", line 617, in prepare_request_body
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource     Controller._populate_tenant_id(context, res_dict, is_create)
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource   File "/usr/lib/python2.7/site-packages/neutron/api/v2/base.py", line 579, in _populate_tenant_id
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource     raise webob.exc.HTTPBadRequest(msg)
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource HTTPBadRequest: Running without keystone AuthN requires  that tenant_id is specified
2015-08-11 23:46:49.397 1313 TRACE neutron.api.v2.resource

I need some ways to debug this. I've also heard about keystone not issuing scoped token, so the token didn't include tenant_id option? Is that a possible cause?

I can successfully create new rule with CLI (with --tenant_id option)

Help needed!

I'm running OpenStack Kilo on CentOS 7, I used Packstack to deploy this.

edit retag flag offensive close merge delete