Ask Your Question
0

cinder list ERROR: Unauthorized (HTTP 401)

asked 2016-02-21 21:48:14 -0500

slosh_liuxin gravatar image

updated 2016-02-21 21:51:39 -0500

Hi, i have problems on openstack kilo.When glance image-list is fine,but cinder list is no fine.This is info:

 - DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://controller:35357/v3 -H "Accept: application/json" -H    "User-Agent: python-keystoneclient"
  DEBUG:keystoneclient.session:RESP: [200] content-length: 250 vary: X-Auth-Token server: Apache/2.4.6 (CentOS)     mod_wsgi/3.4 Python/2.7.5 date: Mon, 22 Feb 2016 03:42:53 GMT content-type: application/json x-openstack-request-    id: req-13f9a1c1-fbbc-41a4-96cd-9dd6ab786954 
 RESP BODY: {"version": {"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base":     "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href":      "http://controller:35357/v3/", "rel": "self"}]}}

   DEBUG:keystoneclient.auth.identity.v3.base:Making authentication request to http://controller:35357/v3/auth/tokens
   DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://controller:8776/ -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
   DEBUG:keystoneclient.session:RESP: [200] date: Mon, 22 Feb 2016 03:42:53 GMT content-length: 292 content-type: application/json 
  RESP BODY: {"versions": [{"status": "SUPPORTED", "updated": "2014-06-28T12:20:21Z", "id": "v1.0", "links": [{"href": "http://controller:8776/v1/", "rel": "self"}]}, {"status": "CURRENT", "updated": "2012-11-21T11:33:21Z", "id": "v2.0", "links": [{"href": "http://controller:8776/v2/", "rel": "self"}]}]}

   DEBUG:keystoneclient.auth.identity.v3.base:Making authentication request to http://controller:35357/v3/auth/tokens
   DEBUG:keystoneclient.session:REQ: curl -g -i -X GET http://controller:8776/v2/de8fe81c89d44356846a7b8aec82eb56/os-services -H "User-Agent: python-cinderclient" -H "Accept: application/json" -H "X-Auth-Token:     {SHA1}8ad0a4fa35f238a746a8d0cdbc5a1ce3f8ea24b5"
   DEBUG:keystoneclient.session:RESP:
   DEBUG:keystoneclient.auth.identity.v3.base:Making authentication request to    http://controller:35357/v3/auth/tokens
  DEBUG:keystoneclient.session:RESP:
  ERROR: Unauthorized (HTTP 401)

  It is always called Unauthorized ,here is the error log:
   Feb 22 11:45:19 controller01 cinder-api: 2016-02-22 11:45:19.397 6683 ERROR keystonemiddleware.auth_token [-] Bad     response code while validating token: 400
   Feb 22 11:45:19 controller01 cinder-api: 2016-02-22 11:45:19.398 6683 WARNING keystonemiddleware.auth_token [-]    Identity response: {"error": {"message": "Expecting to find domain in project - the server could not comply with the    request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title":    "Bad Request"}}
   Feb 22 11:45:19 controller01 cinder-api: 2016-02-22 11:45:19.398 6683 WARNING keystonemiddleware.auth_token [-] Authorization failed for token



 And this is the cinder.conf with keystone:
  [keystone_authtoken]
  auth_uri = http://controller:5000
  auth_url = http://controller:35357
  auth_plugin=password
  porject_domain_id = default
  user_domain_id = default
  project_name = service
  username = cinder
  password = xxxxxxxx

So,who can tell me where is the problems?Any help will be need!!!!!!

edit retag flag offensive close merge delete
add a comment

3 answers

Sort by ยป oldest newest most voted
1

answered 2016-02-23 14:56:50 -0500

Radhakrishnan Rk gravatar image

updated 2016-02-24 16:07:40 -0500

Eduardo Gonzalez gravatar image

Hi,

Have you added "export OS_VOLUME_API_VERSION=2" in your openrc file . If not added, you will not be able to use cinder api. Keystone could be able to verify your token.

Sample admin-openrc file

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=admin

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=openstack

export OS_AUTH_URL=http://openstack:35357/v3

export OS_IMAGE_API_VERSION=2

export OS_VOLUME_API_VERSION=2

Best Regards,

Radhakrishnan R

edit flag offensive delete link more

Comments

Thank you very much!I solved this error,it is my fault!

slosh_liuxin gravatar imageslosh_liuxin ( 2016-02-23 17:47:45 -0500 )edit

Can you share how you resolved the error? If is one of the answer mark it as correct answer, please.

Regards

Eduardo Gonzalez gravatar imageEduardo Gonzalez ( 2016-02-25 15:44:54 -0500 )edit
add a comment
0

answered 2016-02-23 08:00:19 -0500

bingoarunprasath gravatar image

If you can see cinder/Volume service in "$ keystone catalog" command, then probably something wrong with the conf file. If you can't see that in catalog, check /etc/cinder/policy.json and make sure that the following lines are present -

"volume:create": [],
 "volume:get_all": [],

If any role is specified, make sure that your user has the same role.

Make sure cinder user is added to 'service' tenant as 'admin' role

$ keystone user-role-add --user cinder --tenant service --role admin

and also make sure that you followed all these steps correctly. (users, endpoints, service tenant) http://docs.openstack.org/juno/instal...

edit flag offensive delete link more

Comments

Thank you very much!I solved this error,it is my fault!

slosh_liuxin gravatar imageslosh_liuxin ( 2016-02-23 17:47:45 -0500 )edit
add a comment
0

answered 2016-02-21 23:57:44 -0500

Jeffrey Guan gravatar image

Please make sure that you are using the right password/username.

edit flag offensive delete link more

Comments

yes,i am very sure that!I can use the username/password login the dashboard.But can not see any messages with volumes on the dashboard.

slosh_liuxin gravatar imageslosh_liuxin ( 2016-02-22 17:52:12 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-02-21 21:48:14 -0500

Seen: 1,517 times

Last updated: Feb 24 '16

Related questions

what is the difference in authorization between AWS IAM and OpenStack keystone?

OpenStack service create fails on CentOS 7 with kilo release

how to change keystone endpoint URLs to https

Cinder - RDO - No valid host was found - multiple storage back end

Refresh revoked token in horizon/keystone

How to create a cinder volume with "multiattach=true" in Kilo-2015.1.1? [closed]

Should the reference cinder.conf provided on kilo's docs.openstack.org have 2 keystone_authtoken groups?

how to configure SSL for keystone

Could not attach volume to instance[solved]

Cinder volume cant attach or detach