Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Newbie question, Installation guide juno ubuntu, tenants not showing

My first post on this site, so I hope I don't goof up too much. I'm completely new to OpenStack, but I thought it would be fun project to play with in my spare time.

I found an abandoned server on one of our racks and kinda nicked it. Put VMWare hypervisor on it, created a few machines, put Ubuntu 14.04 server on them and started installing OpenStack.

I'm following the jan 20th Juno installation guide and started building the 3-node setup (controller, network, compute1)

I've been going through the manual without any problems, but ran into a snag at the 'Verify operation' section at page 37. after unsetting OS_SERVICE_..., tenant-list only shows the admin-tenant, where it's supposed to show all three tenants.

openstack_user@controller:~$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"

openstack_user@controller:~$ uname -or
3.13.0-44-generic GNU/Linux


openstack_user@controller:~$ unset OS_SERVICE_TOKEN
openstack_user@controller:~$ unset OS_SERVICE_ENDPOINT

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url http://controller:35357/v2.0 token-get
+-----------+----------------------------------+
|  Property |              Value               |
+-----------+----------------------------------+
|  expires  |       2015-02-05T10:36:03Z       |
|     id    | 3fae6db2c6b6469d9938b6741663c60a |
| tenant_id | 0c49889b611f40319af62877fd602327 |
|  user_id  | 21e4e9d4a2b841afb736ff99f5f92b33 |
+-----------+----------------------------------+

openstack_user@controller:~$ date
Thu Feb  5 10:37:59 CET 2015

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url http://controller:35357/v2.0 tenant-list
+----------------------------------+-------+---------+
|                id                |  name | enabled |
+----------------------------------+-------+---------+
| 0c49889b611f40319af62877fd602327 | admin |   True  |
+----------------------------------+-------+---------+

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url http://controller:35357/v2.0 user-list
The resource could not be found. (HTTP 404)

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url http://controller:35357/v2.0 role-list
The resource could not be found. (HTTP 404)

openstack_user@controller:~$ sudo tail /var/log/keystone/keystone-all.log
2015-02-05 12:17:56.743 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 12:17:56] "POST /v2.0/tokens HTTP/1.1" 200 971 0.086453
2015-02-05 12:17:56.751 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 12:17:56] "GET /v2.0/tenants/0c49889b611f40319af62877fd602327/users/21e4e9d4a2b841afb736ff99f5f92b33/roles HTTP/1.1" 404 252 0.011384
2015-02-05 13:28:21.483 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:28:21] "POST /v2.0/tokens HTTP/1.1" 200 971 0.094130
2015-02-05 13:28:21.495 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:28:21] "GET /v2.0/tenants/0c49889b611f40319af62877fd602327/users/21e4e9d4a2b841afb736ff99f5f92b33/roles HTTP/1.1" 404 252 0.014653
2015-02-05 13:30:19.179 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:30:19] "POST /v2.0/tokens HTTP/1.1" 200 971 0.092760
2015-02-05 13:30:19.195 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:30:19] "GET /v2.0/tenants HTTP/1.1" 200 296 0.021879
2015-02-05 13:32:14.491 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:32:14] "POST /v2.0/tokens HTTP/1.1" 200 971 0.096320
2015-02-05 13:32:14.492 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:32:14] "GET /v2.0/users HTTP/1.1" 404 252 0.012260
2015-02-05 13:35:23.706 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:35:23] "POST /v2.0/tokens HTTP/1.1" 200 971 0.089094
2015-02-05 13:35:23.715 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:35:23] "GET /v2.0/OS-KSADM/roles HTTP/1.1" 404 252 0.012401

I've been going through the manual over and over again, trying to find something I missed, but every step seems to be accounted for. One thing I noticed is that get-token deliveres a token that expires immediately. I don't know if that is how it's supposed to be, but I can imagine that could be a problem.

I reset the OS-SERVICE variables and did some more poking and prodding. To my slightly bewildered eyes, everyting looks fine, but possibly (probably) I'm missing something.

openstack_user@controller:~$ export OS_SERVICE_TOKEN=4056004ed84c234b1d09
openstack_user@controller:~$ export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

openstack_user@controller:~$ keystone tenant-list
+----------------------------------+---------+---------+
|                id                |   name  | enabled |
+----------------------------------+---------+---------+
| 0c49889b611f40319af62877fd602327 |  admin  |   True  |
| 0b24c59aea9d44169b0aefc2705e9f3e |   demo  |   True  |
| 5e0b4f7e5a51412b9d7e35997d9a439b | service |   True  |
+----------------------------------+---------+---------+

openstack_user@controller:~$ keystone user-list
+----------------------------------+-------+---------+---------------------------+
|                id                |  name | enabled |           email           |
+----------------------------------+-------+---------+---------------------------+
| 21e4e9d4a2b841afb736ff99f5f92b33 | admin |   True  |     admin@OStest.local    |
| 5b898b8cff2948458377269cca6efd2a |  demo |   True  |      demo@OStest.local    |
+----------------------------------+-------+---------+---------------------------+

openstack_user@controller:~$ keystone role-list
+----------------------------------+----------+
|                id                |   name   |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 8421ba6d24d3442fad3f734b8defa5d5 |  admin   |
+----------------------------------+----------+

openstack_user@controller:~$ keystone tenant-get admin
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |           Admin Tenant           |
|   enabled   |               True               |
|      id     | 0c49889b611f40319af62877fd602327 |
|     name    |              admin               |
+-------------+----------------------------------+

openstack_user@controller:~$ keystone tenant-get demo
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |           Demo Tenant            |
|   enabled   |               True               |
|      id     | 0b24c59aea9d44169b0aefc2705e9f3e |
|     name    |               demo               |
+-------------+----------------------------------+

openstack_user@controller:~$ keystone tenant-get service
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |          Service Tenant          |
|   enabled   |               True               |
|      id     | 5e0b4f7e5a51412b9d7e35997d9a439b |
|     name    |             service              |
+-------------+----------------------------------+

As said before, I'm completely new to OpenStack and I really don't know enough yet to be able to decide where to start troubleshooting. I've been googling and reading up for a few days but I feel I'm mostly shooting at targets that have nothing to do with this problem. So any clues, ideas or pointers would be appreciated.

Newbie question, Installation guide juno ubuntu, tenants not showing

My first post on this site, so I hope I don't goof up too much. I'm completely new to OpenStack, but I thought it would be fun project to play with in my spare time.

I found an abandoned server on one of our racks and kinda nicked it. Put VMWare hypervisor on it, created a few machines, put Ubuntu 14.04 server on them and started installing OpenStack.

I'm following the jan 20th Juno installation guide and started building the 3-node setup (controller, network, compute1)

I've been going through the manual without any problems, but ran into a snag at the 'Verify operation' section at page 37. after unsetting OS_SERVICE_..., tenant-list only shows the admin-tenant, where it's supposed to show all three tenants.

openstack_user@controller:~$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"

openstack_user@controller:~$ uname -or
3.13.0-44-generic GNU/Linux


openstack_user@controller:~$ unset OS_SERVICE_TOKEN
openstack_user@controller:~$ unset OS_SERVICE_ENDPOINT

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url http://controller:35357/v2.0 token-get
+-----------+----------------------------------+
|  Property |              Value               |
+-----------+----------------------------------+
|  expires  |       2015-02-05T10:36:03Z       |
|     id    | 3fae6db2c6b6469d9938b6741663c60a |
| tenant_id | 0c49889b611f40319af62877fd602327 |
|  user_id  | 21e4e9d4a2b841afb736ff99f5f92b33 |
+-----------+----------------------------------+

openstack_user@controller:~$ date
Thu Feb  5 10:37:59 CET 2015

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url http://controller:35357/v2.0 tenant-list
+----------------------------------+-------+---------+
|                id                |  name | enabled |
+----------------------------------+-------+---------+
| 0c49889b611f40319af62877fd602327 | admin |   True  |
+----------------------------------+-------+---------+

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url http://controller:35357/v2.0 user-list
The resource could not be found. (HTTP 404)

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url http://controller:35357/v2.0 role-list
The resource could not be found. (HTTP 404)

openstack_user@controller:~$ sudo tail /var/log/keystone/keystone-all.log
2015-02-05 12:17:56.743 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 12:17:56] "POST /v2.0/tokens HTTP/1.1" 200 971 0.086453
2015-02-05 12:17:56.751 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 12:17:56] "GET /v2.0/tenants/0c49889b611f40319af62877fd602327/users/21e4e9d4a2b841afb736ff99f5f92b33/roles HTTP/1.1" 404 252 0.011384
2015-02-05 13:28:21.483 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:28:21] "POST /v2.0/tokens HTTP/1.1" 200 971 0.094130
2015-02-05 13:28:21.495 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:28:21] "GET /v2.0/tenants/0c49889b611f40319af62877fd602327/users/21e4e9d4a2b841afb736ff99f5f92b33/roles HTTP/1.1" 404 252 0.014653
2015-02-05 13:30:19.179 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:30:19] "POST /v2.0/tokens HTTP/1.1" 200 971 0.092760
2015-02-05 13:30:19.195 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:30:19] "GET /v2.0/tenants HTTP/1.1" 200 296 0.021879
2015-02-05 13:32:14.491 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:32:14] "POST /v2.0/tokens HTTP/1.1" 200 971 0.096320
2015-02-05 13:32:14.492 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:32:14] "GET /v2.0/users HTTP/1.1" 404 252 0.012260
2015-02-05 13:35:23.706 2936 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:35:23] "POST /v2.0/tokens HTTP/1.1" 200 971 0.089094
2015-02-05 13:35:23.715 2938 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [05/Feb/2015 13:35:23] "GET /v2.0/OS-KSADM/roles HTTP/1.1" 404 252 0.012401

I've been going through the manual over and over again, trying to find something I missed, but every step seems to be accounted for. One thing I noticed is that get-token deliveres a token that expires immediately. I don't know if that is how it's supposed to be, but I can imagine that could be a problem.

I reset the OS-SERVICE variables and did some more poking and prodding. To my slightly bewildered eyes, everyting looks fine, but possibly (probably) I'm missing something.

openstack_user@controller:~$ export OS_SERVICE_TOKEN=4056004ed84c234b1d09
openstack_user@controller:~$ export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

openstack_user@controller:~$ keystone tenant-list
+----------------------------------+---------+---------+
|                id                |   name  | enabled |
+----------------------------------+---------+---------+
| 0c49889b611f40319af62877fd602327 |  admin  |   True  |
| 0b24c59aea9d44169b0aefc2705e9f3e |   demo  |   True  |
| 5e0b4f7e5a51412b9d7e35997d9a439b | service |   True  |
+----------------------------------+---------+---------+

openstack_user@controller:~$ keystone user-list
+----------------------------------+-------+---------+---------------------------+
|                id                |  name | enabled |           email           |
+----------------------------------+-------+---------+---------------------------+
| 21e4e9d4a2b841afb736ff99f5f92b33 | admin |   True  |     admin@OStest.local    |
| 5b898b8cff2948458377269cca6efd2a |  demo |   True  |      demo@OStest.local    |
+----------------------------------+-------+---------+---------------------------+

openstack_user@controller:~$ keystone role-list
+----------------------------------+----------+
|                id                |   name   |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 8421ba6d24d3442fad3f734b8defa5d5 |  admin   |
+----------------------------------+----------+

openstack_user@controller:~$ keystone tenant-get admin
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |           Admin Tenant           |
|   enabled   |               True               |
|      id     | 0c49889b611f40319af62877fd602327 |
|     name    |              admin               |
+-------------+----------------------------------+

openstack_user@controller:~$ keystone tenant-get demo
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |           Demo Tenant            |
|   enabled   |               True               |
|      id     | 0b24c59aea9d44169b0aefc2705e9f3e |
|     name    |               demo               |
+-------------+----------------------------------+

openstack_user@controller:~$ keystone tenant-get service
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |          Service Tenant          |
|   enabled   |               True               |
|      id     | 5e0b4f7e5a51412b9d7e35997d9a439b |
|     name    |             service              |
+-------------+----------------------------------+

As said before, I'm completely new to OpenStack and I really don't know enough yet to be able to decide where to start troubleshooting. I've been googling and reading up for a few days but I feel I'm mostly shooting at targets that have nothing to do with this problem. So any clues, ideas or pointers would be appreciated.

Update

To clarify what (I think) is supposed to happen, a snippet from the 'installation guide'

Verify operation

This section describes how to verify operation of the Identity service.

Unset the temporary OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables:

$ unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

As the admin tenant and user, request an authentication token:

$ keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \
  --os-auth-url http://controller:35357/v2.0 token-get

Replace ADMIN_PASS with the password you chose for the admin user in the Identity service. You might need to use single quotes (') around your password if it includes special characters.

Lengthy output that includes a token value verifies operation for the admin tenant and user.

As the admin tenant and user, list tenants to verify that the admin tenant and user can execute admin-only CLI commands and that the Identity service contains the tenants that you created in the section called “Create tenants, users, and roles”:

$ keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \
  --os-auth-url http://controller:35357/v2.0 tenant-list
+----------------------------------+----------+---------+
|                id                |   name   | enabled |
+----------------------------------+----------+---------+
| 6f4c1e4cbfef4d5a8a1345882fbca110 |  admin   |   True  |
| 4aa51bb942be4dd0ac0555d7591f80a6 |   demo   |   True  |
| 6b69202e1bf846a4ae50d65bc4789122 | service  |   True  |
+----------------------------------+----------+---------+

All three tenants are supposed to be visible

However, what I get to see when I try this:

openstack_user@controller:~$ date
Fri Feb  6 10:42:53 CET 2015

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url  http://controller:35357/v2.0 token-get
+-----------+----------------------------------+
|  Property |              Value               |
+-----------+----------------------------------+
|  expires  |       2015-02-06T10:42:59Z       |
|     id    | 5e0dbd9f72a54e388151f2aeaa8ef76e |
| tenant_id | 0c49889b611f40319af62877fd602327 |
|  user_id  | 21e4e9d4a2b841afb736ff99f5f92b33 |
+-----------+----------------------------------+

openstack_user@controller:~$ keystone --os-tenant-name admin --os-username admin --os-password 'SupSecPass!' --os-auth-url http://controller:35357/v2.0 tenant-list
+----------------------------------+-------+---------+
|                id                |  name | enabled |
+----------------------------------+-------+---------+
| 0c49889b611f40319af62877fd602327 | admin |   True  |
+----------------------------------+-------+---------+

openstack_user@controller:~$ date
Fri Feb  6 10:43:07 CET 2015

Just one tenant.

Logging set to DEBUG:

2015-02-06 10:42:59.557 5955 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:270
2015-02-06 10:42:59.559 5955 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py:191
2015-02-06 10:42:59.647 5955 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [06/Feb/2015 10:42:59] "POST /v2.0/tokens HTTP/1.1" 200 971 0.090574
2015-02-06 10:43:04.671 5955 DEBUG keystone.middleware.core [-] Auth token not in the request header. Will not build auth context. process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:270
2015-02-06 10:43:04.674 5955 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py:191
2015-02-06 10:43:04.759 5955 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [06/Feb/2015 10:43:04] "POST /v2.0/tokens HTTP/1.1" 200 971 0.087774
2015-02-06 10:43:04.762 5957 DEBUG keystone.common.kvs.core [-] KVS lock acquired for: os-revoke-events acquire /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:380
2015-02-06 10:43:04.762 5957 DEBUG keystone.common.kvs.core [-] KVS lock released for: os-revoke-events release /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:399
2015-02-06 10:43:04.763 5957 DEBUG keystone.middleware.core [-] RBAC: auth_context: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'21e4e9d4a2b841afb736ff99f5f92b33', 'roles': [u'admin'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=680QU7PDT8mrBG0kr698gw, audit_chain_id=680QU7PDT8mrBG0kr698gw) at 0x7f239d773740>, 'project_id': u'0c49889b611f40319af62877fd602327', 'trust_id': None} process_request /usr/lib/python2.7/dist-packages/keystone/middleware/core.py:280
2015-02-06 10:43:04.764 5957 DEBUG keystone.common.wsgi [-] arg_dict: {} __call__ /usr/lib/python2.7/dist-packages/keystone/common/wsgi.py:191
2015-02-06 10:43:04.768 5957 DEBUG keystone.common.kvs.core [-] KVS lock acquired for: os-revoke-events acquire /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:380
2015-02-06 10:43:04.769 5957 DEBUG keystone.common.kvs.core [-] KVS lock released for: os-revoke-events release /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:399
2015-02-06 10:43:04.783 5957 INFO eventlet.wsgi.server [-] 10.0.0.11 - - [06/Feb/2015 10:43:04] "GET /v2.0/tenants HTTP/1.1" 200 296 0.027244