Ask Your Question
0

PROBLEM: Authentication cannot be scoped to multiple targets

asked 2015-12-02 21:59:19 -0500

SergeyY gravatar image

updated 2015-12-04 08:34:27 -0500

Hi. Im trying to install openshift on openstack by heat scripts Im using Openstack Liberty on CentOS 7.

In log of master-node installation I found next message

cloud-init[3742]: + notify_success 'OpenShift node has been prepared for running ansible.'
cloud-init[3742]: + curl -i -X POST -H 'X-Auth-Token: 1329003b0e09445cad28cdaf33b9989c' -H 'Content-Type: application/json' -H 'Accept: application/json' http://controller:8004/v1/125e9b20ef9a4e3596aeb14e84ff1ee9/stacks/openshiftstack-openshift_master-hiytge3vucuj/2b7956a5-4a70-4b4d-8683-479551a90e32/resources/wait_handle/signal --data-binary '{"status": "SUCCESS", "reason": "OpenShift node has been prepared for running ansible.", "data": "OpenShift node has been prepared for running ansible."}'
cloud-init[3742]: % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
cloud-init[3742]: Dload  Upload   Total   Spent    Left  Speed
cloud-init[3742]: 0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0100   492  100   339  100   153    869    392 --:--:-- --:--:-- --:--:--   871
cloud-init[3742]: HTTP/1.1 400 Bad Request
cloud-init[3742]: Content-Type: application/json; charset=UTF-8
cloud-init[3742]: Content-Length: 339
cloud-init[3742]: X-Openstack-Request-Id: req-a92af72f-3d5f-4396-903a-3dc876635cf2
cloud-init[3742]: Date: Wed, 02 Dec 2015 08:35:49 GMT
cloud-init[3742]: {"explanation": "The server could not comply with the request since it is either malformed or otherwise incorrect.", "code": 400, "error": {"message": "Service cinder does not have required endpoint in service catalog for the resource type OS::Cinder::Volume", "traceback": null, "type": "ResourceTypeUnavailable"}, "title": "Bad Request"}+ exit 0

in heat-engine.log I found this message

015-12-02 17:30:25.265 5117 ERROR heat.engine.resource [req-62538ea4-cb4e-468b-9807-e7fc02dc3fdb - aba5bd9bbfcf4766bf00572ad35274ce] Authentication cannot be scoped to multiple targets. Pick one of: project, domain, trust or unscoped
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource Traceback (most recent call last):
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource   File "/usr/lib/python2.7/site-packages/heat/engine/resource.py", line 564, in is_service_available
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource     service_name=cls.default_client_name):
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource   File "/usr/lib/python2.7/site-packages/heat/engine/clients/client_plugin.py", line 219, in does_endpoint_exist
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource     endpoint_type=endpoint_type)
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource   File "/usr/lib/python2.7/site-packages/heat/engine/clients/client_plugin.py", line 96, in url_for
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource     url = get_endpoint()
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource   File "/usr/lib/python2.7/site-packages/heat/engine/clients/client_plugin.py", line 82, in get_endpoint
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource     return auth_plugin.get_endpoint(self._keystone_session, **kwargs)
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource   File "/usr/lib/python2.7/site-packages/keystoneclient/auth/identity/base.py", line 315, in get_endpoint
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource     service_catalog = self.get_access(session).service_catalog
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource   File "/usr/lib/python2.7/site-packages/keystoneclient/auth/identity/base.py", line 240, in get_access
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource     self.auth_ref = self.get_auth_ref(session)
2015-12-02 17:30:25.265 5117 ERROR heat.engine.resource   File ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
2

answered 2015-12-17 00:23:08 -0500

SergeyY gravatar image

I solve this problem. It was wrong configuration in /etc/heat/heat.conf section [trustee]

OpenStack Installation Guide say that we should write this

[trustee]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = heat
password = HEAT_PASS

But user "heat" when it work as trusted user use OS-TRUST to describe scope of authentication. it wrong way to provide both project_name and OS-TRUST.

I remove "project_name" and "project_domain_id" from config and it work perfect!

Hope it will be helpful for someone else.

edit flag offensive delete link more

Comments

Thanks, this worked for me.

jbelamaric gravatar imagejbelamaric ( 2016-03-01 22:05:37 -0500 )edit

FYI - The Liberty Install Guide has been https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=5a3618d4f51a64cc9ef16d9365aa7190b3f5914e (updated) to reflect the proper configuration.

retr0h gravatar imageretr0h ( 2016-03-30 13:30:19 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2015-12-02 21:59:19 -0500

Seen: 1,629 times

Last updated: Dec 17 '15