Ask Your Question
0

Neutron responds with invalid token

asked 2015-12-22 22:32:48 -0500

hanchao gravatar image

According to the openstack installation guide of liberty version in neutron part [1], I configured the [keystone_authtoken] section in "/etc/neutron/neutron.conf" file as follows:

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS

The "NEUTRON_PASS" is modified with the proper password. However, when I tried with neutron services, e.g. neutron net-list, in the controller node, I got the following errors from "/var/log/neutron/server.log".

2015-12-23 11:26:52.609 31463 ERROR keystonemiddleware.auth_token [-] Bad response code while validating token: 400
2015-12-23 11:26:52.623 31463 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "Expecting to find id or name in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}
2015-12-23 11:26:52.623 31463 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Failed to fetch token data from identity server

Then, I modified the [keystone_authtoken] section in "/etc/neutron/neutron.conf" file as below:

auth_uri = http://controller:5000/v2.0
auth_url = http://controller:35357
identity_uri = http://controller:5000
project_domain_id = default
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS

Now it seems Neutron is able to work and no error is logged. What could be the problem?

[1] http://docs.openstack.org/liberty/install-guide-rdo/neutron-controller-install-option2.html (http://docs.openstack.org/liberty/ins...)

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-12-23 11:11:53 -0500

Tony gravatar image

updated 2015-12-23 22:19:10 -0500

Bipin gravatar image

This page might be helpful. http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html

Particularly this following excerpt

admin_user
admin_password
admin_tenant_name

if admin_token is not set, or invalid, then admin_user, admin_password, and admin_tenant_name are defined as a service account which is expected to have been previously configured in Keystone to validate user tokens.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-12-22 22:32:48 -0500

Seen: 1,833 times

Last updated: Dec 23 '15