Davide, I have other services like cinder and tacker configured (tacker is not working as it needs heat). Memcached server is working still authentication error is there. I followed http://docs.openstack.org/mitaka/install-guide-ubuntu/heat-install.html In keystone v2 we cant create domains as mentioned in this document. Is there any suitable document for keystone v2 that I can follow? Please let me know how can I check if keystone store the token properly?
Regards, NareshA. On Thu, Feb 2, 2017 at 9:29 PM, Davide Panarese <dpanar...@enter.eu> wrote: > Hi, > do you have other services or only heat configured?! > Did you check if keystone store token properly? I had the same problem > when my memcache token backend didn’t work. > > If not, it seems all correct. Did you follow openstack install official > guide? > > Davide > > On 02 Feb 2017, at 10:19, NareshA kumar <n...@criterionnetworks.com> wrote: > > Dear Davide, > Below are the steps I have followed to configure heat in kilo. Please let > me know if I am missing something here. > > mysql -u root -p > > CREATE DATABASE heat; > > GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ > IDENTIFIED BY 'heat'; > GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ > IDENTIFIED BY 'heat'; > > export OS_TENANT_NAME='openstack' > export OS_USERNAME='admin' > export OS_PASSWORD='Chang3M3' > export OS_AUTH_URL='https://identity.cncloud.com:5000/v2.0' > export OS_AUTH_STRATEGY='keystone' > export OS_REGION_NAME='RegionOne' > > > keystone user-create --name heat --pass heat > keystone user-role-add --user heat --role admin --tenant services > keystone service-create --name heat --description "Orchestration" --type > orchestration > keystone service-create --name heat-cfn --description "Orchestration" > --type cloudformation > keystone endpoint-create --service heat --publicurl "*MailScanner > warning: numerical links are often malicious:* > http://54.174.88.227:8004/v1/%(tenant_id)s" --adminurl "*MailScanner > warning: numerical links are often malicious:* > http://54.174.88.227:8004/v1/%(tenant_id)s" --internalurl "*MailScanner > warning: numerical links are often malicious:* > http://54.174.88.227:8004/v1/%(tenant_id)s" > keystone endpoint-create --service heat-cfn --publicurl "*MailScanner > warning: numerical links are often malicious:* > http://54.174.88.227:8000/v1/%(tenant_id)s" --adminurl "*MailScanner > warning: numerical links are often malicious:* > http://54.174.88.227:8000/v1/%(tenant_id)s" --internalurl "*MailScanner > warning: numerical links are often malicious:* > http://54.174.88.227:8000/v1/%(tenant_id)s" > keystone role-create --name heat_stack_owner > keystone user-role-add --user admin --tenant openstack --role > heat_stack_owner > keystone role-create --name heat_stack_user > > heat-keystone-setup-domain \ > –stack-user-domain-name heat_user_domain \ > –stack-domain-admin heat_domain_admin \ > –stack-domain-admin-password $HeatPass | tee heat-keystone-setup-domain.out > > heact.conf: > [DEFAULT] > debug = true > verbose = true > rpc_backend = zmq > heat_metadata_server_url = *MailScanner warning: numerical links are > often malicious:* http://54.174.88.227:8000 <http://54.174.88.227:8000/> > heat_waitcondition_server_url = *MailScanner warning: numerical links are > often malicious:* http://54.174.88.227:8000/v1/waitcondition > <http://54.174.88.227:8000/v1/waitcondition> > stack_domain_admin = heat_domain_admin > stack_domain_admin_password = Chang3M3 > stack_user_domain_name = heat_user_domain > stack_user_domain_id=f798141e117a417996a736ba8f57f368 > rpc_zmq_host = 54.174.88.227 > [database] > connection = mysql://heat:heat@54.174.88.227/heat > [keystone_authtoken] > auth_uri = https://identity.cncloud.com:5000/v2.0 > identity_url = https://identity.cncloud.com:35357 > #memcached_servers = controller:11211 > project_name = services > auth_type = password > admin_tenant_name = services > admin_user = heat > admin_password = heat > [ec2authtoken] > auth_uri = https://identity.cncloud.com:5000/v2.0 > > heat-manage db_sync > > service heat-api restart > service heat-api-cfn restart > service heat-engine restart > > export OS_TENANT_NAME='services' > export OS_USERNAME='heat' > export OS_PASSWORD='heat' > export OS_AUTH_URL='https://identity.cncloud.com:5000/v2.0' > export OS_AUTH_STRATEGY='keystone' > export OS_REGION_NAME='RegionOne' > > heat stack-list > > ERROR : Authentication Required. > > > > Regards, > NareshA. > > On Wed, Feb 1, 2017 at 4:07 PM, NareshA kumar <n...@criterionnetworks.com> > wrote: > >> Davide, >> Yes I am using the heat credentials as you have mentioned. But still I am >> getting Authentication required error. >> >> Regards, >> NareshA. >> >> On Wed, Feb 1, 2017 at 4:01 PM, NareshA kumar <n...@criterionnetworks.com> >> wrote: >> >>> Davide, >>> Yes I am using the heat credentials as you have mentioned. But still I >>> am getting Authentication required error. >>> >>> I am attaching heat-api.log here for your reference. I am guessing that >>> I would have missed something while creating heat domains. >>> >>> Regards, >>> NareshA. >>> >>> On Wed, Feb 1, 2017 at 3:14 PM, Davide Panarese <dpanar...@enter.eu> >>> wrote: >>> >>>> If you use heat creadential for token request it works? >>>> >>>> export OS_AUTH_URL=https://identity.cncloud.com:5000/v2.0 >>>> export OS_REGION_NAME=RegionOne >>>> export OS_USERNAME=heat >>>> export OS_TENANT_NAME=services >>>> export OS_PASSWORD=heat >>>> >>>> keystone token-get >>>> >>>> Davide >>>> >>>> On 01 Feb 2017, at 10:10, NareshA kumar <n...@criterionnetworks.com> >>>> wrote: >>>> >>>> I have associated heat user to services tenant and gave it a admin role. >>>> >>>> keystone user-role-list --user heat --tenant services >>>> +----------------------------------+-------+---------------- >>>> ------------------+----------------------------------+ >>>> | id | name | user_id >>>> | tenant_id | >>>> +----------------------------------+-------+---------------- >>>> ------------------+----------------------------------+ >>>> | 2b995253c23e4c1db8cd374346a4ecd4 | admin | >>>> 645eb7e9f04f4a2b8df65272a23c1394 | 024890084b7642e9b8535b52a86584ea | >>>> +----------------------------------+-------+---------------- >>>> ------------------+----------------------------------+ >>>> >>>> heat --debug stack-list >>>> >>>> DEBUG (session) REQ: curl -g -i -X GET https://identity.cncloud.com:5 >>>> 000/v2.0 -H "Accept: application/json" -H "User-Agent: >>>> python-keystoneclient" >>>> DEBUG (session) RESP: [200] x-openstack-request-id: >>>> req-2515497e-671b-475e-b48c-0cb6f2ccfe2f content-length: 347 via: 1.1 >>>> identity.cncloud.com:5000 access-control-expose-headers: Accept, >>>> Content-Type, X-Auth-Token, X-Subject-Token vary: X-Auth-Token server: >>>> Apache/2.4.7 (Ubuntu) connection: close access-control-allow-methods: GET >>>> POST OPTIONS PUT DELETE PATCH date: Wed, 01 Feb 2017 09:07:01 GMT >>>> access-control-allow-origin: * access-control-allow-headers: Accept, >>>> Content-Type, X-Auth-Token, X-Subject-Token content-type: application/json >>>> x-distribution: Ubuntu >>>> RESP BODY: {"version": {"status": "stable", "updated": >>>> "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", >>>> "type": "application/vnd.openstack.identity-v2.0+json"}], "id": >>>> "v2.0", "links": [{"href": "https://identity.cncloud.com:5000/v2.0/", >>>> "rel": "self"}, {"href": "http://docs.openstack.org/", "type": >>>> "text/html", "rel": "describedby"}]}} >>>> >>>> DEBUG (v2) Making authentication request to >>>> https://identity.cncloud.com:5000/v2.0/tokens >>>> DEBUG (session) REQ: curl -g -i -X GET *MailScanner ha rilevato un >>>> possibile tentativo di frode proveniente da "54.174.88.227:8004" * >>>> *MailScanner >>>> warning: numerical links are often malicious:* >>>> http://54.174.88.227:8004/v1/0c28d40bdcf0472d8dfb214a5c0286c4/stacks >>>> <http://54.174.88.227:8004/v1/0c28d40bdcf0472d8dfb214a5c0286c4/stacks>? >>>> -H "Accept: application/json" -H "User-Agent: python-heatclient" -H >>>> "X-Region-Name: RegionOne" -H "X-Auth-Token: >>>> {SHA1}9cc75daaff59cdb14a75bfb74ca6d77ebb8d8ac6" >>>> -H "Content-Type: application/json" -H "X-Auth-Url: >>>> https://identity.cncloud.com:5000/v2.0" >>>> DEBUG (session) RESP: >>>> DEBUG (v2) Making authentication request to >>>> https://identity.cncloud.com:5000/v2.0/tokens >>>> DEBUG (session) RESP: >>>> Traceback (most recent call last): >>>> File "/usr/bin/heat", line 10, in <module> >>>> sys.exit(main()) >>>> File "/usr/lib/python2.7/dist-packages/heatclient/shell.py", line >>>> 706, in main >>>> HeatShell().main(args) >>>> File "/usr/lib/python2.7/dist-packages/heatclient/shell.py", line >>>> 656, in main >>>> args.func(client, args) >>>> File "/usr/lib/python2.7/dist-packages/heatclient/v1/shell.py", line >>>> 581, in do_stack_list >>>> utils.print_list(stacks, fields, sortby_index=3) >>>> File >>>> "/usr/lib/python2.7/dist-packages/heatclient/openstack/common/cliutils.py", >>>> line 169, in print_list >>>> for o in objs: >>>> File "/usr/lib/python2.7/dist-packages/heatclient/v1/stacks.py", >>>> line 100, in paginate >>>> stacks = self._list(url, 'stacks') >>>> File >>>> "/usr/lib/python2.7/dist-packages/heatclient/openstack/common/apiclient/base.py", >>>> line 117, in _list >>>> body = self.client.get(url).json() >>>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >>>> line 292, in get >>>> return self.client_request("GET", url, **kwargs) >>>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >>>> line 285, in client_request >>>> resp, body = self.json_request(method, url, **kwargs) >>>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >>>> line 266, in json_request >>>> resp = self._http_request(url, method, **kwargs) >>>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", >>>> line 361, in _http_request >>>> raise exc.from_response(resp) >>>> heatclient.exc.HTTPUnauthorized: ERROR: Authentication required >>>> >>>> >>>> Regards, >>>> NareshA. >>>> >>>> On Wed, Feb 1, 2017 at 2:16 PM, Davide Panarese <dpanar...@enter.eu> >>>> wrote: >>>> >>>>> Could you debug heat api call with heat —debug stack-list? >>>>> Did you associate heat user to service tenant and give it admin role? >>>>> >>>>> Davide >>>>> >>>>> On 31 Jan 2017, at 19:54, NareshA kumar <n...@criterionnetworks.com> >>>>> wrote: >>>>> >>>>> Hi, >>>>> I am installing heat in kilo with keystone v2 APIs. As per document I >>>>> have configured the endpoints and heat.conf. "heat stack-list" gives me >>>>> Authentication required error. In heat-api.log I am seeing "Authorization >>>>> failed for token" message. >>>>> Can anyone help me solve this issue? >>>>> >>>>> Regards, >>>>> NareshA. >>>>> >>>>> -- >>>>> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato >>>>> non infetto. >>>>> Clicca qui per segnalarlo come spam. >>>>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=32A47402B1.A84A6> >>>>> Clicca qui per metterlo in blacklist >>>>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=32A47402B1.A84A6> >>>>> _______________________________________________ >>>>> Mailing list: http://lists.openstack.org/cgi >>>>> -bin/mailman/listinfo/openstack >>>>> Post to : openstack@lists.openstack.org >>>>> Unsubscribe : http://lists.openstack.org/cgi >>>>> -bin/mailman/listinfo/openstack >>>>> >>>>> >>>>> >>>> >>>> -- >>>> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non >>>> infetto. >>>> Clicca qui per segnalarlo come spam. >>>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=557444011D.A905A> >>>> Clicca qui per metterlo in blacklist >>>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=557444011D.A905A> >>>> _______________________________________________ >>>> Mailing list: http://lists.openstack.org/cgi >>>> -bin/mailman/listinfo/openstack >>>> Post to : openstack@lists.openstack.org >>>> Unsubscribe : http://lists.openstack.org/cgi >>>> -bin/mailman/listinfo/openstack >>>> >>>> >>>> >>> >> > > -- > Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non > infetto. > Clicca qui per segnalarlo come spam. > <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=B4EDD402E7.ADD0F> > Clicca qui per metterlo in blacklist > <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=B4EDD402E7.ADD0F> > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/ > openstack > > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack