[Rdo-list] nova list returned "unauthorized" error

Kashyap Chamarthy kchamart at redhat.com
Wed Aug 6 11:50:53 UTC 2014


On Tue, Aug 05, 2014 at 02:24:53PM -0400, Zhao, Xin wrote:
> Hello,
> I am installing icehouse from RDO, on a 3-nodes testbed. One controller, one
> network and one compute node.
> I am using RDO release on RHEL6.5 system.

You might want to specify the exact versions of openstack-nova,
openstack-keystone packages too, might be useful for otherw who might
want to reproduce the issue you're seeing.

> After sourcing the keystone_admin file, the "nova list" command fails, the
> nova/api.log file shows the following messages:

> 
> # nova list
> ERROR: Unauthorized (HTTP 401)
> 
> # tail /var/log/nova/api.log

You can also try

  $ nova --debug list

to see the `curl` request/response. (And you might want to try them
manually.)

> 2014-08-05 11:41:21.941 5888 WARNING keystoneclient.middleware.auth_token
> [-] Configuring admin URI using auth fragments. This is deprecated, use
> 'identity_uri' instead.
> 2014-08-05 11:41:22.192 5888 WARNING keystoneclient.middleware.auth_token
> [-] Configuring admin URI using auth fragments. This is deprecated, use
> 'identity_uri' instead.
> 2014-08-05 14:18:39.408 5932 WARNING keystoneclient.middleware.auth_token
> [-] Unexpected response from keystone service: {u'error': {u'message': u'The
> request you have made requires authentication.', u'code': 401, u'title':
> u'Unauthorized'}}
> 2014-08-05 14:18:39.409 5932 WARNING keystoneclient.middleware.auth_token
> [-] Authorization failed for token

Does adding 

    Debug = True
    Verbose = True

in /etc/nova.conf (and restart Nova services) and rerunning `nova`
commands give any more useful ERRORs, instead of WARNINGs?

> 
> With the same admin username/password, the keystone/glance commands work
> fine.
> 
> I have the following section in nova.conf file, which looks fine to me:
> 
> [DEFAULT]
> ...
> auth_strategy=keystone
> ...
> [keystone_authtoken]
> auth_host=10.255.2.134
> auth_port=35357
> auth_protocol=http
> auth_uri=http://10.255.2.134:5000
> admin_user=compute
> admin_password=computepassword
> admin_tenant_name=services

Looks sane to me. FWIW, in my attempt of IceHouse on a 2-node (one
Controller, one Compute) Fedora-20 (I realize you're using RHEL 6.5
there), I used these Nova configs (scroll below)[1].


  [1]
  https://kashyapc.fedorapeople.org/virt/openstack/rdo/IceHouse-Nova-Neutron-ML2-GRE-OVS.txt


-- 
/kashyap




More information about the dev mailing list