Ask Your Question

MercIceman's profile - activity

2014-06-13 17:49:32 -0600 received badge  Famous Question (source)
2014-06-03 00:29:22 -0600 received badge  Notable Question (source)
2014-06-02 07:41:12 -0600 received badge  Popular Question (source)
2014-06-01 12:27:48 -0600 received badge  Student (source)
2014-06-01 12:02:00 -0600 asked a question Icehouse on 14.04 LTS, Unauthorized (HTTP 401) when running "nova image-list"

Hello,

I am following the install guide for Icehouse on Ubuntu LTS 14.04 (here: http://docs.openstack.org/icehouse/install-guide/install/apt/content/index.html).

I have installed and configured Nova per the guide, but am receiving an Unauthorized (HTTP 401)Error when I attempt to run "nova image-list"

Using command line arguments to rule out environment variable errors (no variables are set for OpenStack):

user@Controller-Test:~$ nova --os-username=nova --os-password=NOVA_PASS --os-tenant-name=service --os-auth-url=http://controller-test:35357/v2.0 image-list
ERROR: Unauthorized (HTTP 401)

And trying with keystone admin credentials:

user@Controller-Test:~$ nova --os-username=admin --os-password=ADMIN_PASS --os-tenant-name=admin --os-auth-url=http://controller-test:35357/v2.0 image-list
ERROR: Unauthorized (HTTP 401)

Commands from Keystone complete correctly with either set of credentials:

user@Controller-Test:~$ keystone --os-username=nova --os-password=NOVA_PASS --os-tenant-name=service --os-auth-url=http://controller-test:35357/v2.0 user-list
+----------------------------------+--------+---------+------------------------+
|                id                |  name  | enabled |         email          |
+----------------------------------+--------+---------+------------------------+
| 04cfac10ca2f47c698161428ddddd0b2 | admin  |   True  | OSAdmin@example.net    |
| 64f2eded7f0d46938b1e6b11b0a1cb4b |  demo  |   True  |  OSdemo@example.net    |
| 1e78938f407a4d3b86b04d18f25b6020 | glance |   True  | OSglance@example.net   |
| 7446766030224696aa21a7ba409ee03a |  nova  |   True  |  OSnova@example.net    |
+----------------------------------+--------+---------+------------------------+

user@Controller-Test:~$keystone --os-username=admin --os-password=ADMIN_PASS --os-tenant-name=admin --os-auth-url=http://controller-test:35357/v2.0 user-list
+----------------------------------+--------+---------+------------------------+
|                id                |  name  | enabled |         email          |
+----------------------------------+--------+---------+------------------------+
| 04cfac10ca2f47c698161428ddddd0b2 | admin  |   True  | OSAdmin@example.net    |
| 64f2eded7f0d46938b1e6b11b0a1cb4b |  demo  |   True  |  OSdemo@example.net    |
| 1e78938f407a4d3b86b04d18f25b6020 | glance |   True  | OSglance@example.net   |
| 7446766030224696aa21a7ba409ee03a |  nova  |   True  |  OSnova@example.net    |
+----------------------------------+--------+---------+------------------------+

As does asking glance for the image-list (I've removed characters from the ID Field for readability):

user@Controller-Test:~$ glance --os-username=nova --os-password=NOVA_PASS --os-tenant-name=service --os-auth-url=http://controller-test:35357/v2.0 image-list
+----------------------------+-------------+-------------+------------------+----------+--------+
| ID                         | Name        | Disk Format | Container Format | Size     | Status |
+----------------------------+-------------+-------------+------------------+----------+--------+
| 14b-437d-9188-cc9a62b937bc | CIRROS-Test | qcow2       | bare             | 13167616 | active |
+----------------------------+-------------+-------------+------------------+----------+--------+
user@Controller-Test:~$ glance --os-username=admin --os-password=ADMIN_PASS --os-tenant-name=admin --os-auth-url=http://controller-test:35357/v2.0 image-list
+----------------------------+-------------+-------------+------------------+----------+--------+
| ID                         | Name        | Disk Format | Container Format | Size     | Status |
+----------------------------+-------------+-------------+------------------+----------+--------+
| 14b-437d-9188-cc9a62b937bc | CIRROS-Test | qcow2       | bare             | 13167616 | active |
+----------------------------+-------------+-------------+------------------+----------+--------+

Searching Ask.Openstack gave me a few results for the error above gave me a few results with the Havana release, and they pointed to conflicts between the authentication information being passed via the command and/or environment variables (hence my clarification that not environment variables were set).

I've checked the files referenced in those posts (/etc/nova/nova.conf and /etc/nova/api-paste.ini) and not found anything out of the ordinary (like additional credentials in api-paste.ini)

nova.conf:

    [DEFAULT]
    dhcpbridge_flagfile=/etc/nova/nova.conf
    dhcpbridge=/usr/bin/nova-dhcpbridge
    logdir=/var/log/nova
    state_path=/var/lib/nova
    lock_path=/var/lock/nova
    force_dhcp_release=True
    iscsi_helper=tgtadm
    libvirt_use_virtio_for_bridges=True
    connection_type=libvirt
    root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
    verbose=True
    ec2_private_dns_show_ip=True
    api_paste_config=/etc/nova/api-paste.ini
    volumes_path=/var/lib/nova/volumes
    enabled_apis=ec2,osapi_compute,metadata

    # Authentication Strategy
    auth_strategy = keystone

    # RabbitMQ Authentication information
    rpc_backend = rabbit
    rabbit_host = controller-test
    rabbit_password = RABBIT_PASS

    # IP and VNC server information
    my_ip = 172.31.1.200
    vncserver_listen = 172.31.1.200
    vncserver_proxyclient_address = 172.31.1.200

    [database]
    connection = mysql://nova:NOVA_DBPASS@controller-test/nova

    [keystone_authoken]
    auth_uri = http://controller-test:5000
    auth_host = controller-test
    auth_port = 35357
    auth_protocol = http
    admin_tenant_name = service
    admin_user = nova
    admin_password = NOVA_PASS

api-paste.ini:

############
# Metadata #
############
[composite:metadata]
use = egg:Paste#urlmap
/: meta

[pipeline:meta]
pipeline = ec2faultwrap logrequest metaapp

[app:metaapp]
paste ...
(more)