If you’re using v2 authentication Domains are not enabled. Did you try to use v3 authentication?! I’m using keystone v3 (i follow mitaka install too)
Let me know. Davide > On 02 Feb 2017, at 20:15, NareshA kumar <n...@criterionnetworks.com> wrote: > > Davide, > I have other services like cinder and tacker configured (tacker is not > working as it needs heat). Memcached server is working still authentication > error is there. > I followed > http://docs.openstack.org/mitaka/install-guide-ubuntu/heat-install.html > <http://docs.openstack.org/mitaka/install-guide-ubuntu/heat-install.html> In > keystone v2 we cant create domains as mentioned in this document. Is there > any suitable document for keystone v2 that I can follow? Please let me know > how can I check if keystone store the token properly? > > Regards, > NareshA. > > On Thu, Feb 2, 2017 at 9:29 PM, Davide Panarese <dpanar...@enter.eu > <mailto:dpanar...@enter.eu>> wrote: > Hi, > do you have other services or only heat configured?! > Did you check if keystone store token properly? I had the same problem when > my memcache token backend didn’t work. > > If not, it seems all correct. Did you follow openstack install official guide? > > Davide > >> On 02 Feb 2017, at 10:19, NareshA kumar <n...@criterionnetworks.com >> <mailto:n...@criterionnetworks.com>> wrote: >> >> Dear Davide, >> Below are the steps I have followed to configure heat in kilo. Please let me >> know if I am missing something here. >> >> mysql -u root -p >> >> CREATE DATABASE heat; >> >> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ >> IDENTIFIED BY 'heat'; >> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ >> IDENTIFIED BY 'heat'; >> >> export OS_TENANT_NAME='openstack' >> export OS_USERNAME='admin' >> export OS_PASSWORD='Chang3M3' >> export OS_AUTH_URL='https://identity.cncloud.com:5000/v2.0 >> <https://identity.cncloud.com:5000/v2.0>' >> export OS_AUTH_STRATEGY='keystone' >> export OS_REGION_NAME='RegionOne' >> >> >> keystone user-create --name heat --pass heat >> keystone user-role-add --user heat --role admin --tenant services >> keystone service-create --name heat --description "Orchestration" --type >> orchestration >> keystone service-create --name heat-cfn --description "Orchestration" --type >> cloudformation >> keystone endpoint-create --service heat --publicurl "MailScanner ha rilevato >> un possibile tentativo di frode proveniente da "54.174.88.227:8004" >> MailScanner warning: numerical links are often malicious: >> http://54.174.88.227:8004/v1/%(tenant_id)s >> <http://54.174.88.227:8004/v1/%(tenant_id)s>" --adminurl "MailScanner ha >> rilevato un possibile tentativo di frode proveniente da "54.174.88.227:8004" >> MailScanner warning: numerical links are often >> malicious:http://54.174.88.227:8004/v1/%(tenant_id)s >> <http://54.174.88.227:8004/v1/%(tenant_id)s>" --internalurl "MailScanner ha >> rilevato un possibile tentativo di frode proveniente da "54.174.88.227:8004" >> MailScanner warning: numerical links are often malicious: >> http://54.174.88.227:8004/v1/%(tenant_id)s >> <http://54.174.88.227:8004/v1/%(tenant_id)s>" >> keystone endpoint-create --service heat-cfn --publicurl "MailScanner ha >> rilevato un possibile tentativo di frode proveniente da "54.174.88.227:8000" >> MailScanner warning: numerical links are often malicious: >> http://54.174.88.227:8000/v1/%(tenant_id)s >> <http://54.174.88.227:8000/v1/%(tenant_id)s>" --adminurl "MailScanner ha >> rilevato un possibile tentativo di frode proveniente da "54.174.88.227:8000" >> MailScanner warning: numerical links are often malicious: >> http://54.174.88.227:8000/v1/%(tenant_id)s >> <http://54.174.88.227:8000/v1/%(tenant_id)s>" --internalurl "MailScanner ha >> rilevato un possibile tentativo di frode proveniente da "54.174.88.227:8000" >> MailScanner warning: numerical links are often malicious: >> http://54.174.88.227:8000/v1/%(tenant_id)s >> <http://54.174.88.227:8000/v1/%(tenant_id)s>" >> keystone role-create --name heat_stack_owner >> keystone user-role-add --user admin --tenant openstack --role >> heat_stack_owner >> keystone role-create --name heat_stack_user >> >> heat-keystone-setup-domain \ >> –stack-user-domain-name heat_user_domain \ >> –stack-domain-admin heat_domain_admin \ >> –stack-domain-admin-password $HeatPass | tee heat-keystone-setup-domain.out >> >> heact.conf: >> [DEFAULT] >> debug = true >> verbose = true >> rpc_backend = zmq >> heat_metadata_server_url = MailScanner ha rilevato un possibile tentativo di >> frode proveniente da "54.174.88.227:8000" MailScanner warning: numerical >> links are often malicious: http://54.174.88.227:8000 >> <http://54.174.88.227:8000/> >> heat_waitcondition_server_url = MailScanner ha rilevato un possibile >> tentativo di frode proveniente da "54.174.88.227:8000" MailScanner warning: >> numerical links are often malicious: >> http://54.174.88.227:8000/v1/waitcondition >> <http://54.174.88.227:8000/v1/waitcondition> >> stack_domain_admin = heat_domain_admin >> stack_domain_admin_password = Chang3M3 >> stack_user_domain_name = heat_user_domain >> stack_user_domain_id=f798141e117a417996a736ba8f57f368 >> rpc_zmq_host = 54.174.88.227 >> [database] >> connection = mysql://heat:heat@54.174.88.227/heat >> <http://heat:heat@54.174.88.227/heat> >> [keystone_authtoken] >> auth_uri = https://identity.cncloud.com:5000/v2.0 >> <https://identity.cncloud.com:5000/v2.0> >> identity_url = https://identity.cncloud.com:35357 >> <https://identity.cncloud.com:35357/> >> #memcached_servers = controller:11211 >> project_name = services >> auth_type = password >> admin_tenant_name = services >> admin_user = heat >> admin_password = heat >> [ec2authtoken] >> auth_uri = https://identity.cncloud.com:5000/v2.0 >> <https://identity.cncloud.com:5000/v2.0> >> >> heat-manage db_sync >> >> service heat-api restart >> service heat-api-cfn restart >> service heat-engine restart >> >> export OS_TENANT_NAME='services' >> export OS_USERNAME='heat' >> export OS_PASSWORD='heat' >> export OS_AUTH_URL='https://identity.cncloud.com:5000/v2.0 >> <https://identity.cncloud.com:5000/v2.0>' >> export OS_AUTH_STRATEGY='keystone' >> export OS_REGION_NAME='RegionOne' >> >> heat stack-list >> >> ERROR : Authentication Required. >> >> >> >> Regards, >> NareshA. >> >> On Wed, Feb 1, 2017 at 4:07 PM, NareshA kumar <n...@criterionnetworks.com >> <mailto:n...@criterionnetworks.com>> wrote: >> Davide, >> Yes I am using the heat credentials as you have mentioned. But still I am >> getting Authentication required error. >> >> Regards, >> NareshA. >> >> On Wed, Feb 1, 2017 at 4:01 PM, NareshA kumar <n...@criterionnetworks.com >> <mailto:n...@criterionnetworks.com>> wrote: >> Davide, >> Yes I am using the heat credentials as you have mentioned. But still I am >> getting Authentication required error. >> >> I am attaching heat-api.log here for your reference. I am guessing that I >> would have missed something while creating heat domains. >> >> Regards, >> NareshA. >> >> On Wed, Feb 1, 2017 at 3:14 PM, Davide Panarese <dpanar...@enter.eu >> <mailto:dpanar...@enter.eu>> wrote: >> If you use heat creadential for token request it works? >> >> export OS_AUTH_URL=https://identity.cncloud.com:5000/v2.0 >> <https://identity.cncloud.com:5000/v2.0> >> export OS_REGION_NAME=RegionOne >> export OS_USERNAME=heat >> export OS_TENANT_NAME=services >> export OS_PASSWORD=heat >> >> keystone token-get >> >> Davide >>> On 01 Feb 2017, at 10:10, NareshA kumar <n...@criterionnetworks.com >>> <mailto:n...@criterionnetworks.com>> wrote: >>> >>> I have associated heat user to services tenant and gave it a admin role. >>> >>> keystone user-role-list --user heat --tenant services >>> +----------------------------------+-------+----------------------------------+----------------------------------+ >>> | id | name | user_id >>> | tenant_id | >>> +----------------------------------+-------+----------------------------------+----------------------------------+ >>> | 2b995253c23e4c1db8cd374346a4ecd4 | admin | >>> 645eb7e9f04f4a2b8df65272a23c1394 | 024890084b7642e9b8535b52a86584ea | >>> +----------------------------------+-------+----------------------------------+----------------------------------+ >>> >>> heat --debug stack-list >>> >>> DEBUG (session) REQ: curl -g -i -X GET >>> https://identity.cncloud.com:5000/v2.0 >>> <https://identity.cncloud.com:5000/v2.0> -H "Accept: application/json" -H >>> "User-Agent: python-keystoneclient" >>> DEBUG (session) RESP: [200] x-openstack-request-id: >>> req-2515497e-671b-475e-b48c-0cb6f2ccfe2f content-length: 347 via: 1.1 >>> identity.cncloud.com:5000 <http://identity.cncloud.com:5000/> >>> access-control-expose-headers: Accept, Content-Type, X-Auth-Token, >>> X-Subject-Token vary: X-Auth-Token server: Apache/2.4.7 (Ubuntu) >>> connection: close access-control-allow-methods: GET POST OPTIONS PUT DELETE >>> PATCH date: Wed, 01 Feb 2017 09:07:01 GMT access-control-allow-origin: * >>> access-control-allow-headers: Accept, Content-Type, X-Auth-Token, >>> X-Subject-Token content-type: application/json x-distribution: Ubuntu >>> RESP BODY: {"version": {"status": "stable", "updated": >>> "2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", >>> "type": "application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", >>> "links": [{"href": "https://identity.cncloud.com:5000/v2.0/ >>> <https://identity.cncloud.com:5000/v2.0/>", "rel": "self"}, {"href": >>> "http://docs.openstack.org/ <http://docs.openstack.org/>", "type": >>> "text/html", "rel": "describedby"}]}} >>> >>> DEBUG (v2) Making authentication request to >>> https://identity.cncloud.com:5000/v2.0/tokens >>> <https://identity.cncloud.com:5000/v2.0/tokens> >>> DEBUG (session) REQ: curl -g -i -X GET MailScanner ha rilevato un possibile >>> tentativo di frode proveniente da "54.174.88.227:8004" MailScanner warning: >>> numerical links are often malicious: >>> http://54.174.88.227:8004/v1/0c28d40bdcf0472d8dfb214a5c0286c4/stacks >>> <http://54.174.88.227:8004/v1/0c28d40bdcf0472d8dfb214a5c0286c4/stacks>? -H >>> "Accept: application/json" -H "User-Agent: python-heatclient" -H >>> "X-Region-Name: RegionOne" -H "X-Auth-Token: >>> {SHA1}9cc75daaff59cdb14a75bfb74ca6d77ebb8d8ac6" -H "Content-Type: >>> application/json" -H "X-Auth-Url: https://identity.cncloud.com:5000/v2.0 >>> <https://identity.cncloud.com:5000/v2.0>" >>> DEBUG (session) RESP: >>> DEBUG (v2) Making authentication request to >>> https://identity.cncloud.com:5000/v2.0/tokens >>> <https://identity.cncloud.com:5000/v2.0/tokens> >>> DEBUG (session) RESP: >>> Traceback (most recent call last): >>> File "/usr/bin/heat", line 10, in <module> >>> sys.exit(main()) >>> File "/usr/lib/python2.7/dist-packages/heatclient/shell.py", line 706, in >>> main >>> HeatShell().main(args) >>> File "/usr/lib/python2.7/dist-packages/heatclient/shell.py", line 656, in >>> main >>> args.func(client, args) >>> File "/usr/lib/python2.7/dist-packages/heatclient/v1/shell.py", line 581, >>> in do_stack_list >>> utils.print_list(stacks, fields, sortby_index=3) >>> File >>> "/usr/lib/python2.7/dist-packages/heatclient/openstack/common/cliutils.py", >>> line 169, in print_list >>> for o in objs: >>> File "/usr/lib/python2.7/dist-packages/heatclient/v1/stacks.py", line >>> 100, in paginate >>> stacks = self._list(url, 'stacks') >>> File >>> "/usr/lib/python2.7/dist-packages/heatclient/openstack/common/apiclient/base.py", >>> line 117, in _list >>> body = self.client.get(url).json() >>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line >>> 292, in get >>> return self.client_request("GET", url, **kwargs) >>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line >>> 285, in client_request >>> resp, body = self.json_request(method, url, **kwargs) >>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line >>> 266, in json_request >>> resp = self._http_request(url, method, **kwargs) >>> File "/usr/lib/python2.7/dist-packages/heatclient/common/http.py", line >>> 361, in _http_request >>> raise exc.from_response(resp) >>> heatclient.exc.HTTPUnauthorized: ERROR: Authentication required >>> >>> >>> Regards, >>> NareshA. >>> >>> On Wed, Feb 1, 2017 at 2:16 PM, Davide Panarese <dpanar...@enter.eu >>> <mailto:dpanar...@enter.eu>> wrote: >>> Could you debug heat api call with heat —debug stack-list? >>> Did you associate heat user to service tenant and give it admin role? >>> >>> Davide >>>> On 31 Jan 2017, at 19:54, NareshA kumar <n...@criterionnetworks.com >>>> <mailto:n...@criterionnetworks.com>> wrote: >>>> >>>> Hi, >>>> I am installing heat in kilo with keystone v2 APIs. As per document I have >>>> configured the endpoints and heat.conf. "heat stack-list" gives me >>>> Authentication required error. In heat-api.log I am seeing "Authorization >>>> failed for token" message. >>>> Can anyone help me solve this issue? >>>> >>>> Regards, >>>> NareshA. >>>> >>>> -- >>>> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non >>>> infetto. >>>> Clicca qui per segnalarlo come spam. >>>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=32A47402B1.A84A6> >>>> Clicca qui per metterlo in blacklist >>>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=32A47402B1.A84A6> >>>> _______________________________________________ >>>> Mailing list: >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >>>> Post to : openstack@lists.openstack.org >>>> <mailto:openstack@lists.openstack.org> >>>> Unsubscribe : >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>>> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >>> >>> >>> >>> -- >>> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non >>> infetto. >>> Clicca qui per segnalarlo come spam. >>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=557444011D.A905A> >>> Clicca qui per metterlo in blacklist >>> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=557444011D.A905A> >>> _______________________________________________ >>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >>> Post to : openstack@lists.openstack.org >>> <mailto:openstack@lists.openstack.org> >>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >>> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >> >> >> >> >> >> -- >> Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non >> infetto. >> Clicca qui per segnalarlo come spam. >> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=B4EDD402E7.ADD0F> >> Clicca qui per metterlo in blacklist >> <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=B4EDD402E7.ADD0F> >> _______________________________________________ >> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> >> Post to : openstack@lists.openstack.org >> <mailto:openstack@lists.openstack.org> >> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack> > > > > -- > Questo messaggio e' stato analizzato con Libra ESVA ed e' risultato non > infetto. > Clicca qui per segnalarlo come spam. > <http://mx01.enter.it/cgi-bin/learn-msg.cgi?id=9F70240221.A5908> > Clicca qui per metterlo in blacklist > <http://mx01.enter.it/cgi-bin/learn-msg.cgi?blacklist=1&id=9F70240221.A5908>
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack