Ask Your Question
0

Liberty on Ubuntu 14.04 Nova service-list Error 401

asked 2015-11-17 07:56:43 -0500

VonGoofy gravatar image

updated 2015-11-19 00:57:22 -0500

I have upgraded multinode openstack liberty installation recently and I got all services running except the nova service. I have upgraded from icehouse to liberty and due to all the configuration changes I don't know if my nova.conf is correct anymore. I have update it to the latest config but it seems that it's not communicating with keystone. This is nova on Controller node to be clear.

When I do:

nova service-list
ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID: req-b1816082-ba85-42f5-9d37-f8bdffeaa729)

nova.conf:

[DEFAULT]
log_dir = /var/log/nova
state_path = /var/lib/nova
verbose = True
api_paste_config = /etc/nova/api-paste.ini
compute_scheduler_driver = nova.scheduler.filter_scheduler.FilterScheduler
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://10.0.0.1:8774/v2/
root_helper = sudo nova-rootwrap /etc/nova/rootwrap.conf
auto_assign_floating_ip = True
vif_plugging_is_fatal = False
vif_plugging_timeout = 0
multihost = True
compute_driver = libvirt.LibvirtDriver
allow_same_net_traffic = False
auth_strategy = keystone
my_ip = 10.0.0.1
enabled_apis = osapi_compute,metadata

# Vnc configuration
vnc_enabled = true
novnc_enabled = true
ssl_only = true
cert = /home/ubuntu/cert-ssl/cert.cer
key = /home/ubuntu/cert-ssl/private.key
novncproxy_port = 6080

linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api = neutron
network_api_class = nova.network.neutronv2.api.API
compute_driver = libvirt.LibvirtDriver

# Cinder #
volume_api_class = nova.volume.cinder.API
osapi_volume_listen_port = 5900

# Network settings
[neutron]
url = http://10.0.0.1:9696
auth_uri = http://10.0.0.1:5000/v2.0/
identity_uri = http://10.0.0.1:35357
admin_tenant_name = service
admin_username = neutron
admin_password = adminPassword
metadata_proxy_shared_secret  =  sharedsecret
libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
service_metadata_proxy = True

[libvirt]
virt_type = kvm

[keystone_authtoken]
auth_uri = http://10.0.0.1:5000/v2.0/
identity_uri = http://10.0.0.1:35357
admin_tenant_name = service
admin_username = nova
admin_password = adminPassword

[glance]
api_servers = 10.0.0.1:9292
image_service = nova.image.glance.GlanceImageService

[cinder]
os_region_name = RegionOne

[database]
connection = mysql://nova:nova@10.0.0.1/nova

[vnc]
enabled = True
keymap = en-us
novncproxy_base_url = https://10.0.0.1:6080/vnc_auto.html
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.0.0.1

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

Edit (added rabbit settings to the nova.conf):

[oslo_messaging_rabbit]
rabbit_host = 10.0.0.1
rabbit_userid = openstack
rabbit_password = openstack
rabbit_virtual_host = /

Edit2:

I have a creds file that I source, but it's the same thing.

export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_REGION_NAME=RegionOne
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL='http://10.0.0.1:5000/v3'
export OS_IDENTITY_API_VERSION=3
export OS_AUTH_TYPE=password

I have added oslo rabbit settings to nova.conf and still the same error. I guess the problem could be here somewhere? What am I missing here? Everything is exported correctly, all other services are running ok, neutron, keystone (issuing tokens without a problem), glance and cinder.

edit retag flag offensive close merge delete

3 answers

Sort by » oldest newest most voted
0

answered 2015-11-19 07:44:36 -0500

VonGoofy gravatar image

updated 2015-11-20 06:21:59 -0500

I have deleted nova user and create new one using the offical documentation and I still get error 401.

http://docs.openstack.org/liberty/install-guide-ubuntu/nova-controller-install.html

Edit:

Problem resolved, there was a wrong entry in api-paste.ini in /etc/nova.

Everything works without a problem now.

edit flag offensive delete link more
0

answered 2015-11-17 17:28:44 -0500

G3EK gravatar image

Hello,

Have you source you openrc file ?

Normaly this file look like :

#!/bin/sh
export OS_NO_CACHE='true'
export OS_TENANT_NAME='admin'
export OS_USERNAME='admin'
export OS_PASSWORD='adminPassword'
export OS_AUTH_URL='http://10.0.0.1:35357/v2.0/'
export OS_ENDPOINT_TYPE='internalURL'
export ENDPOINT_TYPE='internalURL'
export OS_AUTH_STRATEGY='keystone'
export OS_REGION_NAME='RegionOne'

A 401 means you are not authorize to CURL the page, so you have problem with your authentification. By giving the good variable like showed above, you should be able to get another return code.

Second look, I can't see any MQ service link to your configuration. Do you use rabbitMQ? If yes, you need to add it to your configuration file, if you want it to correctly work.

Regards,

G3EK

edit flag offensive delete link more

Comments

This problem is killing me, and I need it resolved very soon. I have made edits above. I can get a token using curl, but seems like keystone is not issuing token to nova so nova can't access the api.

VonGoofy gravatar imageVonGoofy ( 2015-11-18 06:54:24 -0500 )edit
0

answered 2015-11-18 10:02:19 -0500

Arnoud gravatar image

What's the output of nova --debug service-list?

edit flag offensive delete link more

Comments

Here is the paste of the debug output: http://paste.openstack.org/show/479317/

VonGoofy gravatar imageVonGoofy ( 2015-11-18 12:34:38 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-11-17 07:55:13 -0500

Seen: 481 times

Last updated: Nov 20 '15