Hi, Enabling the debug flag didn't give any additional information.
2 node Cluster means that I have one controller that also runs the compute and an additional compute node, thus 2 node OpenStack Cluster. The problem here is not with the password as I am able to log in through the dashboard. Any action performed gives a Forbidden error and authorization failed for keystone. Any other things that I could look at? On Wed, Apr 27, 2016 at 4:55 PM, Dolph Mathews <dolph.math...@gmail.com> wrote: > Depending on which release of keystone you're running, try enabling either > insecure_debug (more recent releases) or debug (older releases) to true in > keystone.conf to get more detailed error messages from keystone. > > > https://github.com/openstack/keystone/blob/3c4fe622ac5da00b04ccc8bc4e207a2e9ab0f863/etc/keystone.conf.sample#L87-L91 > > That said, your configuration looks entirely correct to me, so I'm curious > what the outcome is here. The only other red flag I see is that you > mentioned a "2 node OpenStack cluster", and I'm not sure what that means in > this context, exactly. How are the 2 nodes utilized? > > On Wed, Apr 27, 2016 at 5:43 AM, Dhvanan Shah <dhva...@gmail.com> wrote: > >> keystone --debug user-list gives this: >> >> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65: >> DeprecationWarning: The keystone CLI is deprecated in favor of >> python-openstackclient. For a Python library, continue using >> python-keystoneclient. >> 'python-keystoneclient.', DeprecationWarning) >> DEBUG:keystoneclient.auth.identity.v2:Making authentication request to >> http://10.16.37.221:5000/v2.0/tokens >> INFO:requests.packages.urllib3.connectionpool:Starting new HTTP >> connection (1): proxy.serc.iisc.ernet.in >> DEBUG:requests.packages.urllib3.connectionpool:"POST >> http://10.16.37.221:5000/v2.0/tokens HTTP/1.1" 403 3370 >> DEBUG:keystoneclient.session:Request returned failure status: 403 >> Authorization Failed: Forbidden (HTTP 403) >> >> nova --debug user list gives this: >> >> DEBUG (session:195) REQ: curl -g -i -X GET http://10.16.37.221:5000/v2.0 >> -H "Accept: application/json" -H "User-Agent: python-keystoneclient" >> INFO (connectionpool:203) Starting new HTTP connection (1): >> proxy.serc.iisc.ernet.in >> DEBUG (connectionpool:383) "GET http://10.16.37.221:5000/v2.0 HTTP/1.1" >> 403 3275 >> DEBUG (session:224) RESP: >> DEBUG (session:396) Request returned failure status: 403 >> WARNING (base:133) Discovering versions from the identity service failed >> when creating the password plugin. Attempting to determine version from URL. >> DEBUG (v2:76) Making authentication request to >> http://10.16.37.221:5000/v2.0/tokens >> DEBUG (connectionpool:383) "POST http://10.16.37.221:5000/v2.0/tokens >> HTTP/1.1" 403 3370 >> DEBUG (session:396) Request returned failure status: 403 >> DEBUG (shell:914) Forbidden (HTTP 403) >> Forbidden: Forbidden (HTTP 403) >> ERROR (Forbidden): Forbidden (HTTP 403) >> >> >> >> On Wed, Apr 27, 2016 at 3:12 PM, Dhvanan Shah <dhva...@gmail.com> wrote: >> >>> On running openstack-status this is what I get (all the services are >>> running, so not included that here) >>> >>> == Keystone users == >>> /usr/lib/python2.7/site-packages/keystoneclient/shell.py:65: >>> DeprecationWarning: The keystone CLI is deprecated in favor of >>> python-openstackclient. For a Python library, continue using >>> python-keystoneclient. >>> 'python-keystoneclient.', DeprecationWarning) >>> Authorization Failed: Forbidden (HTTP 403) >>> == Glance images == >>> Forbidden (HTTP 403) >>> == Nova managed services == >>> No handlers could be found for logger >>> "keystoneclient.auth.identity.generic.base" >>> ERROR (Forbidden): Forbidden (HTTP 403) >>> == Nova networks == >>> No handlers could be found for logger >>> "keystoneclient.auth.identity.generic.base" >>> ERROR (Forbidden): Forbidden (HTTP 403) >>> == Nova instance flavors == >>> No handlers could be found for logger >>> "keystoneclient.auth.identity.generic.base" >>> ERROR (Forbidden): Forbidden (HTTP 403) >>> == Nova instances == >>> No handlers could be found for logger >>> "keystoneclient.auth.identity.generic.base" >>> ERROR (Forbidden): Forbidden (HTTP 403) >>> >>> >>> On Wed, Apr 27, 2016 at 3:09 PM, Dhvanan Shah <dhva...@gmail.com> wrote: >>> >>>> Hi Jens, >>>> >>>> The password is correct when I echo $OS_PASSWORD. >>>> I downloaded the admin-openrc.sh file from the dashboard and sourced. I >>>> ran a nova list after that: >>>> No handlers could be found for logger >>>> "keystoneclient.auth.identity.generic.base" >>>> ERROR (Forbidden): Forbidden (HTTP 403) >>>> >>>> It still gives the error of forbidden access. >>>> I think the password is not the issue. Forbidden access might be >>>> something else. Do you want me to share anything else? >>>> >>>> On Wed, Apr 27, 2016 at 2:56 PM, Jens Rosenboom <j.rosenb...@x-ion.de> >>>> wrote: >>>> >>>>> 2016-04-27 10:30 GMT+02:00 Dhvanan Shah <dhva...@gmail.com>: >>>>> > UPDATE: >>>>> > I am able to log into Horizon and perform all actions without any >>>>> issue but >>>>> > on my terminal, I am not able to do the same. The password that I >>>>> thought >>>>> > was wrong is not the issue as I logged in with the same password. >>>>> > My keystone_adminrc file looks like this: >>>>> > >>>>> > unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT >>>>> > export OS_USERNAME=admin >>>>> > export OS_PASSWORD=**************** >>>>> > export OS_AUTH_URL=http://10.16.37.221:35357/v2.0 >>>>> > export PS1='[\u@\h \W(keystone_admin)]\$ ' >>>>> > >>>>> > export OS_TENANT_NAME=admin >>>>> > export OS_REGION_NAME=RegionOne >>>>> > >>>>> > >>>>> > Please suggest what I could do! >>>>> >>>>> Does your password contain special characters that might get mangled >>>>> by the shell? You could compare the output of "echo $OS_PASSWORD" to >>>>> verify. >>>>> >>>>> Otherwise, if the dashboard is working for you, you can go to >>>>> Project/Compute/Access&Security/API Access and use the "Download >>>>> OpenStack RC File" link there. >>>>> >>>>> >>>>> __________________________________________________________________________ >>>>> OpenStack Development Mailing List (not for usage questions) >>>>> Unsubscribe: >>>>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>> >>>> >>>> >>>> >>>> -- >>>> Dhvanan Shah >>>> >>> >>> >>> >>> -- >>> Dhvanan Shah >>> >> >> >> >> -- >> Dhvanan Shah >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Dhvanan Shah
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev