If you use heat creadential for token request it works? export OS_AUTH_URL=https://identity.cncloud.com:5000/v2.0 <https://identity.cncloud.com:5000/v2.0> export OS_REGION_NAME=RegionOne export OS_USERNAME=heat export OS_TENANT_NAME=services export OS_PASSWORD=heat
keystone token-get Davide > On 01 Feb 2017, at 10:10, NareshA kumar <n...@criterionnetworks.com> wrote: > > I have associated heat user to services tenant and gave it a admin role. > > keystone user-role-list --user heat --tenant services > +----------------------------------+-------+----------------------------------+----------------------------------+ > | id | name | user_id > | tenant_id | > +----------------------------------+-------+----------------------------------+----------------------------------+ > | 2b995253c23e4c1db8cd374346a4ecd4 | admin | 645eb7e9f04f4a2b8df65272a23c1394 > | 024890084b7642e9b8535b52a86584ea | > +----------------------------------+-------+----------------------------------+----------------------------------+ > > heat --debug stack-list > > DEBUG (session) REQ: curl -g -i -X GET https://identity.cncloud.com:5000/v2.0 > <https://identity.cncloud.com:5000/v2.0> -H "Accept: application/json" -H > "User-Agent: python-keystoneclient" > DEBUG (session) RESP: [200] x-openstack-request-id: > req-2515497e-671b-475e-b48c-0cb6f2ccfe2f content-length: 347 via: 1.1 > identity.cncloud.com:5000 <http://identity.cncloud.com:5000/> > access-control-expose-headers: Accept, Content-Type, X-Auth-Token, > X-Subject-Token vary: X-Auth-Token server: Apache/2.4.7 (Ubuntu) connection: > close access-control-allow-methods: GET POST OPTIONS PUT DELETE PATCH date: > Wed, 01 Feb 2017 09:07:01 GMT access-control-allow-origin: * > access-control-allow-headers: Accept, Content-Type, X-Auth-Token, > X-Subject-Token content-type: application/json x-distribution: Ubuntu > RESP BODY: {"version": {"status": "stable", "updated": > "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": > "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": > [{"href": "https://identity.cncloud.com:5000/v2.0/ > <https://identity.cncloud.com:5000/v2.0/>", "rel": "self"}, {"href": > "http://docs.openstack.org/ <http://docs.openstack.org/>", "type": > "text/html", "rel": "describedby"}]}} > > DEBUG (v2) Making authentication request to > https://identity.cncloud.com:5000/v2.0/tokens > <https://identity.cncloud.com:5000/v2.0/tokens> > DEBUG (session) REQ: curl -g -i -X GET MailScanner warning: numerical links > are often malicious: > http://54.174.88.227:8004/v1/0c28d40bdcf0472d8dfb214a5c0286c4/stacks > <http://54.174.88.227:8004/v1/0c28d40bdcf0472d8dfb214a5c0286c4/stacks>? -H > "Accept: application/json" -H "User-Agent: python-heatclient" -H > "X-Region-Name: RegionOne" -H "X-Auth-Token: > {SHA1}9cc75daaff59cdb14a75bfb74ca6d77ebb8d8ac6" -H "Content-Type: > application/json" -H "X-Auth-Url: https://identity.cncloud.com:5000/v2.0 > <https://identity.cncloud.com:5000/v2.0>" > DEBUG (session) RESP: > DEBUG (v2) Making authentication request to > https://identity.cncloud.com:5000/v2.0/tokens > <https://identity.cncloud.com:5000/v2.0/tokens> > DEBUG (session) RESP: > Traceback (most recent call last): > File "/usr/bin/heat", line 10, in <module> > sys.exit(main()) > File "/usr/lib/python2.7/dist-packages/heatclient/shell.py", line 706, in > main > HeatShell().main(args) > File "/usr/lib/python2.7/dist-packages/heatclient/shell.py", line 656, in > main > args.func(client, args) > File "/usr/lib/python2.7/dist-packages/heatclient/v1/shell.py", line 581, > in do_stack_list > utils.print_list(stacks, fields, sortby_index=3) > File > "/usr/lib/python2.7/dist-packages/heatclient/openstack/common/cliutils.py", > line 169, in print_list > for o in objs: > File "/usr/lib/python2.7/dist-packages/heatclient/v1/stacks.py", line 100, > in paginate > stacks = self._list(url, 'stacks') > File > "/usr/lib/python2.7/dist-packages/heatclient/openstack/common/apiclient/base.py", > line 117, in _list > body = self.client.get(url).json() > File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line > 292, in get > return self.client_request("GET", url, **kwargs) > File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line > 285, in client_request > resp, body = self.json_request(method, url, **kwargs) > File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line > 266, in json_request > resp = self._http_request(url, method, **kwargs) > File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line > 361, in _http_request > raise exc.from_response(resp) > heatclient.exc.HTTPUnauthorized: ERROR: Authentication required > > > Regards, > NareshA. > > On Wed, Feb 1, 2017 at 2:16 PM, Davide Panarese <dpanar...@enter.eu > <mailto:dpanar...@enter.eu>> wrote: > Could you debug heat api call with heat —debug stack-list? > Did you associate heat user to service tenant and give it admin role? > > Davide >> On 31 Jan 2017, at 19:54, NareshA kumar <n...@criterionnetworks.com >> <mailto:n...@criterionnetworks.com>> wrote: >> >> Hi, >> I am installing heat in kilo with keystone v2 APIs. As per document I have >> configured the endpoints and heat.conf. "heat stack-list" gives me >> Authentication required error. In heat-api.log I am seeing "Authorization >> failed for token" message. >> Can anyone help me solve this issue? >> >> Regards, >> NareshA. >> >> -- >> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non >> infetto. >> Clicca qui per segnalarlo come spam. >> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=32A47402B1.A84A6> >> Clicca qui per metterlo in blacklist >> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=32A47402B1.A84A6> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >> Post to : openstack@lists.openstack.org >> <mailto:openstack@lists.openstack.org> >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> > > > > -- > Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non > infetto. > Clicca qui per segnalarlo come spam. > <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=557444011D.A905A> > Clicca qui per metterlo in blacklist > <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=557444011D.A905A> > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack