Magnum commands return ERROR: Not Authorized
Magnum commands return "ERROR: Not Authorized"
I keep getting ERROR: Not Authorized[1] when executing any magnum command. It seems to fail some endpoint check after studying the trace-back.
There are no outputs from commands in mangum-api.log nor magnum-conductor.log.
There are some logging info in keystone.log[2] which I do not understand.
I have followed the official installation guide from http://docs.openstack.org/mitaka/install-guide-ubuntu/ (http://docs.openstack.org/mitaka/install-guide-ubuntu) when installing the openstack "base"
I have two nodes, controller and compute node containing (compute node only contains nova-compute):
- Identity service
- Image service (can store images)
- Compute service (can deploy cirros instance and login to it)
- Networking service (with LBaaS, not tested completely)
- Dashboard
- Block Storage service
- Orchestration service (Stack deployment tested and working)
- Telemetry service
I've tried installing magnum several times, both from git repository stable/mitaka and master following https://github.com/openstack/magnum/blob/master/doc/source/install-guide-from-source.rst (install-guide-from-source.rst). I've also tried to install it from trusty-updates/mitaka with apt-get install magnum-api magnum-conductor
I've configured /etc/magnum/magnum.conf[3] and tried many different documentation versions and sources including the one mentioned above.
/etc/heat/policy.json contains
...
"stacks:global_index": "rule:context_is_admin",
...
admin-openrc:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
Everything seems to work fine except for magnum which dont want to authenticate or find endpoint or whatever it is...
[1] magnum command using debug:
magnum --debug service-list
DEBUG (extension:157) found extension EntryPoint.parse('v2token = keystoneauth1.loading._plugins.identity.v2:Token')
DEBUG (extension:157) found extension EntryPoint.parse('admin_token = keystoneauth1.loading._plugins.admin_token:AdminToken')
DEBUG (extension:157) found extension EntryPoint.parse('v3oidcauthcode = keystoneauth1.loading._plugins.identity.v3:OpenIDConnectAuthorizationCode')
DEBUG (extension:157) found extension EntryPoint.parse('v2password = keystoneauth1.loading._plugins.identity.v2:Password')
DEBUG (extension:157) found extension EntryPoint.parse('v3password = keystoneauth1.loading._plugins.identity.v3:Password')
DEBUG (extension:157) found extension EntryPoint.parse('v3oidcpassword = keystoneauth1.loading._plugins.identity.v3:OpenIDConnectPassword')
DEBUG (extension:157) found extension EntryPoint.parse('token = keystoneauth1.loading._plugins.identity.generic:Token')
DEBUG (extension:157) found extension EntryPoint.parse('v3token = keystoneauth1.loading._plugins.identity.v3:Token')
DEBUG (extension:157) found extension EntryPoint.parse('password = keystoneauth1.loading._plugins.identity.generic:Password')
DEBUG (extension:157) found extension EntryPoint.parse('password-ceilometer-legacy = ceilometer.keystone_client:LegacyCeilometerKeystoneLoader')
DEBUG (session:248) REQ: curl -g -i -X GET http://controller:35357/v3 -H "Accept: application/json" -H "User-Agent: keystoneauth1/2.4.0 python-requests/2.9.1 CPython/2.7.6"
INFO (connectionpool:208) Starting new HTTP connection (1): controller
DEBUG (connectionpool:388) "GET /v3 HTTP/1.1" 200 250
DEBUG (session:277) RESP: [200] Content-Length: 250 Vary: X-Auth-Token Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: Keep-Alive Date: Sun, 10 Jul 2016 19:20:29 GMT x-openstack-request-id: req-c8b901cf-6215-4e0b-a618-860234814b18 Content-Type: application/json X-Distribution: Ubuntu
RESP BODY: {"version": {"status": "stable", "updated": "2016-04-04T00:00:00Z", "media-types": [{"base": "application ...
