Ask Your Question

[Havana] Neutron: Unauthorized: Authentication required [closed]

asked 2013-12-06 08:02:16 -0600

TypoPhil gravatar image

updated 2013-12-09 02:50:43 -0600


I'm trying to finish a setup of OpenStack with Neutron on a dedicated Networking Node for testing purposes. I'm using this guide

though I'm on 13.10.

Right now, I'm at

I'm running into the following error, with the first command. The command being:

neutron --verbose net-create ext-net -- --router:external=True --provider:network_type vlan --provider: physical_network physnet1 --provider:segmentation_id 2

And the resulting error being:

(...) DEBUG: neutronclient.client RESP:{'date': 'Fri, 06 Dec 2013 13:37:20 GMT', 'status': '401', 'content-length': '23', 'content-type': 'text/plain', 'www-authenticate': "Keystone uri='http://openstack.poc:35357'"} Authentication required

ERROR: Authentication required DEBUG: clean_up CreateNetwork DEBUG: got an error: Authentication required

--debug shows:

Authentication required Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/neutronclient/", line 517, in run_subcommand return run_command(cmd, cmd_parser, sub_argv) File "/usr/lib/python2.7/dist-packages/neutronclient/", line 78, in run_command return File "/usr/lib/python2.7/dist-packages/neutronclient/common/", line 35, in run return super(OpenStackCommand, self).run(parsed_args) File "/usr/lib/python2.7/dist-packages/cliff/", line 84, in run column_names, data = self.take_action(parsed_args) File "/usr/lib/python2.7/dist-packages/neutronclient/common/", line 41, in take_action return self.get_data(parsed_args) File "/usr/lib/python2.7/dist-packages/neutronclient/neutron/v2_0/", line 399, in get_data data = obj_creator(body) File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/", line 108, in with_params ret = self.function(instance, args, *kwargs) File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/", line 335, in create_network return, body=body) File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/", line 1188, in post headers=headers, params=params) File "/usr/lib/python2.7/dist-packages/neutronclient/v2_0/", line 1103, in do_request resp, replybody = self.httpclient.do_request(action, method, body=body) File "/usr/lib/python2.7/dist-packages/neutronclient/", line 192, in do_request self.endpoint_url + url, method, **kwargs) File "/usr/lib/python2.7/dist-packages/neutronclient/", line 156, in _cs_request raise exceptions.Unauthorized(message=body) Unauthorized: Authentication required

I retraced the setup steps, to check if I missed something. I also set the password in keystone again (same value).

The user is there: ubuntu@openstack:~$ keystone user-get neutron +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 10f59cc91df741e880b65fdd12c5e6af | | name | neutron | +----------+----------------------------------+

The service is there:

ubuntu@openstack:~$ keystone service-get neutron +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | OpenStack Networking Service | | id | 1903b65e55c647739511b65695e5b924 | | name | neutron | | type | network | +-------------+----------------------------------+

The endpoint is there also: | 231bde4a34ee4e1b98dda918b30cd350 | regionOne | http://openstack.poc:9696 | http://openstack.poc:9696 | http://openstack.poc:9696 | 1903b65e55c647739511b65695e5b924 |

Other than "Authentication required", I cannot find any hint's as to where the root cause lies. It seems, that this auth request doesn't even get to keystone, as there is nothing in keystones log files ... (more)

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by dheeru
close date 2013-12-09 10:41:18.479038

2 answers

Sort by ยป oldest newest most voted

answered 2013-12-06 09:49:08 -0600

dheeru gravatar image
1. Please run the command with --debug option and send me the output. This may tell us the credentials used.
2. Check nova.conf. Hope you have mentioned the right neutron configuration in nova.conf and neutron.conf. Atleast I have done troubleshooting with two customers. They had mispelt the neutron_admin_tenant etc.
3. Ensure that you have similar configuration where ever neutron.conf exist.
4. Hope api-paste in neutron.conf is really commented out.
edit flag offensive delete link more


Hope you are able to resolve the issue. Please do let us know if you need any help.

dheeru gravatar imagedheeru ( 2013-12-06 22:39:45 -0600 )edit

Hello, thanks for the answer. Was busy over the weekend. I'll check it, post the information required and let you know, once I re-re-checked the neutron.conf files. Thanks again, Phil

TypoPhil gravatar imageTypoPhil ( 2013-12-09 01:24:16 -0600 )edit

Update: 1. I updated my question with output for --debug and --verbose in full. 2. I checked nova.conf, it looks just as it should, the only question here could be if 'neutron_admin_auth_url' should really point to keystone(35357) 3. I checked and yes, no typos, all similar. 4. Yes, it really is.

TypoPhil gravatar imageTypoPhil ( 2013-12-09 02:22:27 -0600 )edit

By the way, is it ok for some endpoints to be URI:PORT and some are URI:PORT/v2.0?

TypoPhil gravatar imageTypoPhil ( 2013-12-09 02:23:07 -0600 )edit

answered 2013-12-09 06:16:37 -0600

TypoPhil gravatar image


ok, it works now. I was able to create a net. But first things first, dheeru asked me to make sure that api-paste was commented out in neutron.conf. It was. I tripple checked. However, I found that it was used nevertheless!

I diffed it against nova's api-paste.ini and found that on the last few lines a launchpad bug was mentioned. As a workaround "auth_version = v2.0" is added to api-paste.ini, in the "[filter:authtoken]" section.

Which lists a workaround for another bug etc.

Adding this to neutron's api-paste.ini solved the problem.

Many Thanks for the help offered, it's much appreciated.


edit flag offensive delete link more


I face this problem again,and I install Hanava,then in the /etc/neutron/neutron.conf of the controller node,I add the auth_host = auth_port = 35357 auth_protocol = http at the [keystone_authtoken] then I can use neutron net-list,I hope this could help you.

shengchao liu gravatar imageshengchao liu ( 2014-06-08 02:51:59 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2013-12-06 08:02:16 -0600

Seen: 4,802 times

Last updated: Dec 09 '13