Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

[Trove] `trove list` results in ERROR: Unauthorized (HTTP 401)

If as OpenStack user admin, that means, with sourced keystonerc_admin, I run trove list or trove datastore-list I get

ERROR: Unauthorized (HTTP 401).

The same happens with user trove (see below).

The log files trove.log and keystone.log show (full excerpts below):

trove.log:

  • Unexpected response from keystone service: {u'error': {u'message': u"object of type 'NoneType' has no len()", u'code': 400, u'title': u'Bad Request'}}
  • ServiceError: invalid json response
  • Authorization failed for token

keystone.log:

  • TypeError: object of type 'NoneType' has no len()

I run the stable branch of OpenStack Icehouse on Scientific Linux 6 (based on RHEL), installed with Packstack, with Trove release 2014.2.b2 and python-troveclient 1.0.5 (newest release/tag for both of them).

I think it is a problem with the users and tenants I configured for Trove. Someone having the same problem with Glance could fix it by putting the right login information into glance.conf, see a bug report on Launchpad.

For configuration of Trove I followed the OpenStack documentation [1], Trove's documentation for manual install [2] and the DevStack code [3]. These three use different combinations of users and tenants.

Does someone of you know which users and tenants have to be used?

At the moment, I have the following configuration:

Users and tenants:

  • tenant trove
  • user trove is member and admin in tenant trove and services, which is the service tenant in my installation of OpenStack
  • user admin is member and admin in tenant trove, and for testing even member and admin in services, but this didn't help

Trove's api-paste.ini:

[filter:authtoken]
admin_user=trove
admin_password=***
admin_tenant_name=services

trove-taskmanager.conf, trove-conductor.conf and trove-guestagent.conf:

[DEFAULT]
nova_proxy_admin_user=admin
nova_proxy_admin_pass=***
nova_proxy_admin_tenant_name=trove

[1] uses tenant services here.

trove.log

INFO eventlet.wsgi [-] (6221) accepted ('***.***.***.***', 45415)
DEBUG keystoneclient.middleware.auth_token [-] Authenticating user token __call__ /usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:666
DEBUG keystoneclient.middleware.auth_token [-] Removing headers from request environment: X-Identity-Status,X-Domain-Id,X-Domain-Name,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-User-Id,X-User-Name,X-User-Domain-Id,X-User-Domain-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant-Id,X-Tenant-Name,X-Tenant,X-Role _remove_auth_headers /usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:725
WARNING keystoneclient.middleware.auth_token [-] Unexpected response from keystone service: {u'error': {u'message': u"object of type 'NoneType' has no len()", u'code': 400, u'title': u'Bad Request'}}
DEBUG keystoneclient.middleware.auth_token [-] Token validation failure. _validate_user_token /usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:943
TRACE keystoneclient.middleware.auth_token Traceback (most recent call last):
TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 930, in _validate_user_token
TRACE keystoneclient.middleware.auth_token     verified = self.verify_signed_token(user_token, token_ids)
TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1347, in verify_signed_token
TRACE keystoneclient.middleware.auth_token     if self.is_signed_token_revoked(token_ids):
TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1299, in is_signed_token_revoked
TRACE keystoneclient.middleware.auth_token     if self._is_token_id_in_revoked_list(token_id):
TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1306, in _is_token_id_in_revoked_list
TRACE keystoneclient.middleware.auth_token     revocation_list = self.token_revocation_list
TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1413, in token_revocation_list 
TRACE keystoneclient.middleware.auth_token     self.token_revocation_list = self.fetch_revocation_list() 
TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1446, in fetch_revocation_list 
TRACE keystoneclient.middleware.auth_token     headers = {'X-Auth-Token': self.get_admin_token()}
TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 777, in get_admin_token
TRACE keystoneclient.middleware.auth_token     self.admin_token_expiry) = self._request_admin_token()
TRACE keystoneclient.middleware.auth_token   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 890, in _request_admin_token
TRACE keystoneclient.middleware.auth_token     raise ServiceError('invalid json response')
TRACE keystoneclient.middleware.auth_token ServiceError: invalid json response
TRACE keystoneclient.middleware.auth_token
DEBUG keystoneclient.middleware.auth_token [-] Marking token as unauthorized in cache _cache_store_invalid /usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:1239
WARNING keystoneclient.middleware.auth_token [-] Authorization failed for token 
INFO keystoneclient.middleware.auth_token [-] Invalid user token - rejecting request 
INFO eventlet.wsgi [-] ***.***.***.*** - - [21/Aug/2014 14:55:27] "GET /v1.0/b426bf07c5cd48d1b2525699bca29cdb/instances HTTP/1.1" 401 199 0.011922

keystone.log

INFO eventlet.wsgi.server [-] ***.***.***.*** - - [21/Aug/2014 14:55:27] "POST /v2.0/tokens HTTP/1.1" 200 10323 0.213025
ERROR keystone.common.wsgi [-] object of type 'NoneType' has no len()
TRACE keystone.common.wsgi Traceback (most recent call last):
TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 207, in __call__
TRACE keystone.common.wsgi     result = method(context, **params)
TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 98, in authenticate
TRACE keystone.common.wsgi     context, auth)
TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 256, in _authenticate_local
TRACE keystone.common.wsgi     if len(username) > CONF.max_param_size:
TRACE keystone.common.wsgi TypeError: object of type 'NoneType' has no len()
TRACE keystone.common.wsgi
INFO eventlet.wsgi.server [-] ***.***.***.*** - - [21/Aug/2014 14:55:27] "POST /v2.0/tokens HTTP/1.1" 400 239 0.004268