This is also a good point. I think you're getting an unscoped token, which won't be useful for authenticating to ceilometer.
Doug On Thu, Jun 6, 2013 at 12:33 PM, Guangyu Suo <guan...@unitedstack.com>wrote: > Hello, claudio > > I don't think you get the real token, because you did't specify the > tenantName or tenantID in curl command, even if you used admin and > admin_pass. Please read this document > http://docs.openstack.org/api/quick-start/content/ for details. > > > 2013/6/6 claudio marques <mrqss_...@hotmail.com> > >> Hi Doug >> >> I send authentications from the admin user. In order for me to explain >> you better the issue i will paste here the phases that i am trying to do: >> >> I use curl and send the admin user/password and ask for a token: >> >> curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": >> "admin_pass"}}}' -H "Content-type: application/json" >> http://localhost:35357/v2.0/tokens >> >> It returns this >> >> {"access": {"token": {"issued_at": "2013-06-06T14:11:26.005501", >> "expires": "2013-06-07T14:11:26Z", "id": >> "MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE="}, >> "serviceCatalog": [], "user": {"username": "admin", "roles_links": [], >> "id": "0b14e1644ffa4336967087458cd85c56", "roles": [], "name": "admin"}, >> "metadata": {"is_admin": 0, "roles": []}}} >> >> Then, i use curl again with the token that i just received with the >> following command >> >> >> curl -k -D -H "X-Auth-Token: >> MIICbgYJKoZIhvcNAQcCoIICXzCCAlsCAQExCTAHBgUrDgMCGjCCAUcGCSqGSIb3DQEHAaCCATgEggE0eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNi0wNlQxNDoxMToyNi4wMDU1MDEiLCAiZXhwaXJlcyI6ICIyMDEzLTA2LTA3VDE0OjExOjI2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICIwYjE0ZTE2NDRmZmE0MzM2OTY3MDg3NDU4Y2Q4NWM1NiIsICJyb2xlcyI6IFtdLCAibmFtZSI6ICJhZG1pbiJ9LCAibWV0YWRhdGEiOiB7ImlzX2FkbWluIjogMCwgInJvbGVzIjogW119fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGALO7HS8ddSpYzEmRK9eLHOkFQPifzbNSHrf9I62keB+BDmBHAD47Lhz+jg-SkRJXKlyWVL0YG3Mhd3R9srSRC15rMGNhC0wSt0ohcppjzIr-OT8x6UabTYdU0We-54+4dEbyIgMH6fIuWKLq3DKvk+Qb-57JGknBemnFSrZHZjNE=" >> -X 'GET' -v http://localhost:8777/v2/meters >> >> The return value is this >> >> ** getaddrinfo(3) failed for X-Auth-Token:80* >> ** Couldn't resolve host 'X-Auth-Token'* >> ** Closing connection 0* >> *curl: (6) Couldn't resolve host 'X-Auth-Token'* >> ** About to connect() to localhost port 8777 (#1)* >> ** Trying 127.0.0.1...* >> ** Connected to localhost (127.0.0.1) port 8777 (#1)* >> *> GET /v2/meters HTTP/1.1* >> *> User-Agent: curl/7.29.0* >> *> Host: localhost:8777* >> *> Accept: */** >> *>* >> ** HTTP 1.0, assume close after body* >> *< HTTP/1.0 401 Unauthorized* >> *< Date: Thu, 06 Jun 2013 14:14:06 GMT* >> *< Server: WSGIServer/0.1 Python/2.7.4* >> *< WWW-Authenticate: Keystone uri='http://127.0.0.1:35357'* >> *< Content-Length: 381* >> *< Content-Type: text/html; charset=UTF-8* >> *<* >> *<html>* >> * <head>* >> * <title>401 Unauthorized</title>* >> * </head>* >> * <body>* >> * <h1>401 Unauthorized</h1>* >> * This server could not verify that you are authorized to access the >> document you requested. Either you supplied the wrong credentials (e.g., >> bad password), or your browser does not understand how to supply the >> credentials required.<br /><br />* >> *Authentication required* >> * >> * >> * >> * >> * </body>* >> ** Closing connection 1* >> >> No data is returned in any case. >> >> I manually installed 3 node openStack and ceilometer , so i am not using >> devStack. >> >> Even when i try to send manually credentials of the admin user: >> >> *ceilometer --os-username admin --os-password password --os-tenant-name >> admin --os-auth-url http://localhost:5000/v2.0 resource-list* >> >> the result is this: >> >> *No handlers could be found for logger "ceilometerclient.common.http"* >> *Invalid OpenStack Identity credentials.* >> >> Is there any possibility that keystone is not validating all the Tokens? >> >> >> Claudio Marques >> >> >> ------------------------------ >> Date: Thu, 6 Jun 2013 09:42:38 -0400 >> From: doug.hellm...@dreamhost.com >> To: clau...@onesource.pt >> CC: openstack@lists.launchpad.net >> Subject: Re: [Openstack] Ceilometer-api Auth Error >> >> >> >> >> >> On Thu, Jun 6, 2013 at 7:22 AM, Claudio Marques <clau...@onesource.pt>wrote: >> >> Hi Stackers >> >> >> Hi have a problem with ceilometer-api. I want access it via curl or http >> and every time i try to do it i simple get the same errors. >> >> This server could not verify that you are authorized to access the >> document you requested. Either you supplied the wrong credentials (e.g., >> bad password), or your browser does not understand how to supply the >> credentials required. >> >> My ceilometer.conf file is like this: >> >> [DEFAULT] >> os_username=admin >> os_password=admin_pass >> os_tenant_name=admin >> os_auth_url=http://10.0.1.167:5000/v2.0/ >> signing_dirname = /tmp/keystone-signing-ceilometer >> metering_api_port=8777 >> auth_strategy=keystone >> nova_control_exchange=nova >> hypervisor_inspector=libvirt >> libvirt_type=qemu >> glance_control_exchange=glance >> quantum_control_exchange=quantum >> debug=true >> verbose=true >> >> log_dir=/var/log/ceilometer >> rpc_backend=ceilometer.openstack.common.rpc.impl_kombu >> rabbit_host=localhost >> rabbit_port=5672 >> rabbit_userid=guest >> rabbit_password=guest >> rabbit_retry_backoff=2 >> rabbit_max_retries=0 >> rabbit_use_ssl=False >> >> database_connection=mongodb://10.0.1.25:27017/ceilometer >> sql_connection_debug=0 >> cinder_control_exchange=cinder >> enable_v1_api=true >> >> [keystone_authtoken] >> >> auth_host = localhost >> auth_port = 5000 >> admin_user = admin >> admin_password = admin_pass >> admin_tenant_name = admin >> auth_uri = http://10.0.1.167:5000/v2.0/ >> >> What auth chould i pass in order to get metrics form ceilometer? >> >> >> The ceilometer API uses keystone authentication, just like the other >> OpenStack services. If you pass credentials for a regular user, you can see >> data about the tenant/project you're authenticating with. If you pass >> credentials for an admin user, you can see all data. >> >> Doug >> >> >> >> Thank's for any reply >> >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> >> >> _______________________________________________ Mailing list: >> https://launchpad.net/~openstack Post to : >> openstack@lists.launchpad.netUnsubscribe : >> https://launchpad.net/~openstack More help : >> https://help.launchpad.net/ListHelp >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp