Hi! > how can i enable the service_token_roles?
Add the service role on the service project to the service users (nova, cinder, etc.). > if i cset the service_token_role_required=true for nova, cinder, glance and > neutron nova is unable to start instances. > > i see the curl request form nova to cinder with an X-Service-Token but the > result is always 401. > > > Am Freitag, den 01.12.2017, 10:55 +0100 schrieb Kim-Norman Sahm: > > after removing these options from the [keystone_authtoken] section in > > cinder.conf snapshots are working: > > > > service_token_roles_required=True > > service_token_roles=service > > > > > > > > Am Freitag, den 01.12.2017, 10:23 +0100 schrieb Kim-Norman Sahm: > > > > > > this is my cinder section of the nova.conf > > > > > > [cinder] > > > os_region_name=myregion > > > cross_az_attach=False > > > catalog_info=volumev3:cinderv3:internalURL > > > > > > > > > i don't find anything about cinder authentication in the nova config > > > options. https://docs.openstack.org/ocata/config-reference/compute/ > > > co > > > nf > > > ig-options.html > > > > > > > > > > > > Am Donnerstag, den 30.11.2017, 11:30 -0600 schrieb Matt Riedemann: > > > > > > > > > > > > On 11/30/2017 9:30 AM, Kim-Norman Sahm wrote: > > > > > > > > > > > > > > > > > > > > after upgrade openstack newton -> ocata i cannot create > > > > > snapshots of my instances. > > > > > > > > > > if i try to create a snapshot of a instance horizon get this > > > > > error: > > > > > "Error: Unable to create snapshot." > > > > > create a snapshot of a cinder volume via openstackcli is > > > > > working. > > > > > > > > > > nova.log > > > > > ---------------------------- > > > > > 2017-11-30 15:19:57.875 93 DEBUG cinderclient.v3.client [req- > > > > > 5820c19b- > > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > > 469dc3d300df4d41aaea00db572043ae - default default] REQ: curl -g > > > > > -i -X GET > > > > > https://cinder:8776/v3/469dc3d300df4d41aaea00db572043ae/vol > > > > > um > > > > > es > > > > > /c67 > > > > > b5cf3-0beb-4efa-9177-d2b6498185fb -H "X-Service-Token: > > > > > {SHA1}29a46cd87988e2bb905dbd3e796401aa23dff1a5" -H "User- > Agent: > > > > > python- > > > > > cinderclient" -H "Accept: application/json" -H "X-Auth-Token: > > > > > {SHA1}524061f0ab91e64ed6241e437792346f90df856e" > > > > > _http_log_request > > > > > /usr/lib/python2.7/dist-packages/keystoneauth1/session.py:347 > > > > > 2017-11-30 15:19:57.890 92 INFO nova.osapi_compute.wsgi.server > > > > > [req- > > > > > d83d5b73-fd24-406c-ad6b-feed6a40bfae > > > > > c756af2957c4447eafc4cef39cdb79e5 > > > > > 469dc3d300df4d41aaea00db572043ae - default default] 10.78.21.2 > > > > > "GET /v2.1/flavors/203/os-extra_specs HTTP/1.1" status: 200 len: > > > > > 448 > > > > > time: > > > > > 0.0326798 > > > > > 2017-11-30 15:19:58.148 93 DEBUG cinderclient.v3.client [req- > > > > > 5820c19b- > > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > > 469dc3d300df4d41aaea00db572043ae - default default] RESP: [401] > > > > > Date: > > > > > Thu, 30 Nov 2017 15:19:57 GMT Server: Apache/2.4.18 (Ubuntu) x- > > > > > openstack-request-id: req-22378faa-880b-4a80-a83e-41936741839e > > > > > WWW- > > > > > Authenticate: Keystone uri='https://keystone:5000/' Content- > > > > > Length: > > > > > 114 > > > > > Content-Type: application/json > > > > > RESP BODY: {"error": {"message": "The request you have made > > > > > requires authentication.", "code": 401, "title": > > > > > "Unauthorized"}} > > > > > _http_log_response /usr/lib/python2.7/dist- > > > > > packages/keystoneauth1/session.py:395 > > > > > 2017-11-30 15:19:58.149 93 DEBUG cinderclient.v3.client [req- > > > > > 5820c19b- > > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > > 469dc3d300df4d41aaea00db572043ae - default default] GET call to > > > > > cinderv3 for https://cinder:8776/v3/469dc3d300df4d41aaea00db572 > > > > > 04 > > > > > 3a > > > > > e/vo > > > > > lumes/c67b5cf3-0beb-4efa-9177-d2b6498185fb used request id req- > > > > > 22378faa-880b-4a80-a83e-41936741839e request > > > > > /usr/lib/python2.7/dist- > > > > > packages/keystoneauth1/session.py:640 > > > > > 2017-11-30 15:19:58.157 93 DEBUG cinderclient.v3.client [req- > > > > > 5820c19b- > > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > > 469dc3d300df4d41aaea00db572043ae - default default] RESP: [401] > > > > > Date: > > > > > Thu, 30 Nov 2017 15:19:58 GMT Server: Apache/2.4.18 (Ubuntu) x- > > > > > openstack-request-id: req-02ebac9f-794a-46f4-85b2-0e429a1785cf > > > > > WWW- > > > > > Authenticate: Keystone uri='https://keystone:5000/' Content- > > > > > Length: > > > > > 114 > > > > > Content-Type: application/json > > > > > RESP BODY: {"error": {"message": "The request you have made > > > > > requires authentication.", "code": 401, "title": > > > > > "Unauthorized"}} > > > > > _http_log_response /usr/lib/python2.7/dist- > > > > > packages/keystoneauth1/session.py:395 > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > [req- > > > > > 5820c19b-fb11-43a2-8513-0782540b3d32 > > > > > c756af2957c4447eafc4cef39cdb79e5 > > > > > 469dc3d300df4d41aaea00db572043ae - default default] Unexpected > > > > > exception in API method > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > Traceback (most recent call last): > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File > > > > > "/usr/lib/python2.7/dist- > > > > > packages/nova/api/openstack/extensions.py", > > > > > line 338, in wrapped > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > return f(*args, **kwargs) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File > > > > > "/usr/lib/python2.7/dist- > > > > > packages/nova/api/openstack/common.py", > > > > > line > > > > > 359, in inner > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > return f(*args, **kwargs) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File > > > > > "/usr/lib/python2.7/dist- > > > > > packages/nova/api/validation/__init__.py", > > > > > line 108, in wrapper > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > return func(*args, **kwargs) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File > > > > > "/usr/lib/python2.7/dist- > > > > > packages/nova/api/validation/__init__.py", > > > > > line 108, in wrapper > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > return func(*args, **kwargs) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File > > > > > "/usr/lib/python2.7/dist- > > > > > packages/nova/api/openstack/compute/servers.py", line 1095, in > > > > > _action_create_image > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > metadata) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File "/usr/lib/python2.7/dist-packages/nova/compute/api.py", > > > > > line 151, in inner > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > return f(self, context, instance, *args, **kw) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File "/usr/lib/python2.7/dist-packages/nova/compute/api.py", > > > > > line 2909, in snapshot_volume_backed > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > volume = self.volume_api.get(context, > > > > > bdm.volume_id) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File "/usr/lib/python2.7/dist-packages/nova/volume/cinder.py", > > > > > line 168, in wrapper > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > res = method(self, ctx, *args, **kwargs) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File "/usr/lib/python2.7/dist-packages/nova/volume/cinder.py", > > > > > line 190, in wrapper > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > res = method(self, ctx, volume_id, *args, **kwargs) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File "/usr/lib/python2.7/dist-packages/nova/volume/cinder.py", > > > > > line 234, in get > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > item = cinderclient(context).volumes.get(volume_id) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File > > > > > "/usr/lib/python2.7/dist-packages/cinderclient/v2/volumes.py", > > > > > line > > > > > 277, in get > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > return self._get("/volumes/%s" > > > > > % > > > > > volume_id, "volume") > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File "/usr/lib/python2.7/dist-packages/cinderclient/base.py", > > > > > line 313, in _get > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > resp, body = > > > > > self.api.client.get(url) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", > > > > > line 164, in get > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > return self._cs_request(url, 'GET', > > > > > **kwargs) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", > > > > > line 155, in _cs_request > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > return self.request(url, method, > > > > > **kwargs) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", > > > > > line 144, in request > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > raise exceptions.from_response(resp, > > > > > body) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > Unauthorized: The request you have made requires authentication. > > > > > (HTTP > > > > > 401) > > > > > 2017-11-30 15:19:58.158 93 ERROR nova.api.openstack.extensions > > > > > 2017-11-30 15:19:58.164 93 INFO nova.api.openstack.wsgi [req- > > > > > 5820c19b- > > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > > 469dc3d300df4d41aaea00db572043ae - default default] HTTP > > > > > exception > > > > > thrown: Unexpected API Error. Please report this at http://bugs > > > > > .l au nchp ad.net/nova/ and attach the Nova API log if possible. > > > > > <class 'cinderclient.exceptions.Unauthorized'> > > > > > 2017-11-30 15:19:58.166 93 DEBUG nova.api.openstack.wsgi [req- > > > > > 5820c19b- > > > > > fb11-43a2-8513-0782540b3d32 c756af2957c4447eafc4cef39cdb79e5 > > > > > 469dc3d300df4d41aaea00db572043ae - default default] Returning > > > > > 500 > > > > > to > > > > > user: Unexpected API Error. Please report this at http://bugs.l > > > > > au nc hpad .net/nova/ and attach the Nova API log if possible. > > > > > <class 'cinderclient.exceptions.Unauthorized'> __call__ > > > > > /usr/lib/python2.7/dist- > > > > > packages/nova/api/openstack/wsgi.py:1039 > > > > > ---------------------------- > > > > > > > > > > > > > > > nova.conf [keystone_authtoken] section: > > > > > ---------------------------- > > > > > [keystone_authtoken] > > > > > auth_type=password > > > > > memcached_servers=10.78.21.1,10.78.21.2 > > > > > region_name=de-qsu1-1 > > > > > project_name=services > > > > > auth_version=3 > > > > > service_token_roles = service > > > > > username = nova > > > > > password = mynovasecret > > > > > auth_uri=https://keystone:5000 > > > > > auth_url=https://keystone:35357 > > > > > ---------------------------- > > > > > > > > > > It looks like nova push invalid auth-token and/or service-token > > > > > to cinder. > > > > > does anybody know this problem? > > > > > > > > > > br Kim > > > > > > > > > > > > > > > > __________________________________________________________ > _____ > > > > > __ > > > > > __ > > > > > _______ > > > > > OpenStack Development Mailing List (not for usage questions) > > > > > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject: > > > > > un > > > > > su > > > > > bscribe > > > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-d > > > > > ev > > > > > > > > > Appears that you have dropped, or misconfigured, the auth info in > > > > the [cinder] section of nova.conf because nova is failing to > > > > authenticate to talk to cinder. If you're able to create volume > > > > snapshots via cinder directly, it's probably because your keystone > > > > auth in cinder.conf is fine. > > > > > > > > __________________________________________________________ > _________ > > > __ > > > _____ //György __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev