Last active
December 15, 2015 04:29
-
-
Save roaet/5201959 to your computer and use it in GitHub Desktop.
Problem with quantum-client and keystone auth. Passwords in file are temporary. None of the services are configured to run https, so why is quantum-client, through the keystoneclient.middleware using https?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Output from quantum: | |
| 2013-03-19 21:46:21 DEBUG [keystoneclient.middleware.auth_token] Authenticating user token | |
| 2013-03-19 21:46:21 DEBUG [keystoneclient.middleware.auth_token] Removing headers from request environment: X-Identity-Status,X-Tenant-Id,X-Tenant-Name,X-User-Id,X-User-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant,X-Role | |
| 2013-03-19 21:46:21 ERROR [keystoneclient.middleware.auth_token] HTTP connection exception: [Errno 1] _ssl.c:490: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol | |
| 2013-03-19 21:46:21 DEBUG [keystoneclient.middleware.auth_token] Token validation failure. | |
| Traceback (most recent call last): | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 552, in _validate_user_token | |
| data = self.verify_uuid_token(user_token, retry) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 729, in verify_uuid_token | |
| headers = {'X-Auth-Token': self.get_admin_token()} | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 414, in get_admin_token | |
| self.admin_token_expiry) = self._request_admin_token() | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 515, in _request_admin_token | |
| body=params) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 484, in _json_request | |
| raise ServiceError('Unable to communicate with keystone') | |
| ServiceError: Unable to communicate with keystone | |
| 2013-03-19 21:46:21 WARNING [keystoneclient.middleware.auth_token] Authorization failed for token ab278ee33f3a4176870a7691b21bcaf6 | |
| 2013-03-19 21:46:21 INFO [keystoneclient.middleware.auth_token] Invalid user token - rejecting request | |
| *********************************************************************** | |
| Output from Quantum-client: | |
| (quantum)compute@localhost:~/.quantum$ quantum --verbose --debug net-list [10/719] | |
| DEBUG: quantumclient.quantum.v2_0.network.ListNetwork get_data(Namespace(columns=[], fields=[], filter_specs=[], formatter='table', page_size=None, quote_mode='nonnumeric', request_format='json', show_details=False, sort_dir=[], sort_key=[])) | |
| DEBUG: quantumclient.client | |
| REQ: curl -i http://127.0.0.1:35357/v2.0/tokens -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-quantumclient" -d '{"auth": {"tenantName": "openstack", "passwordCredentials": {"username": "admin", "password": "password"}}}' | |
| DEBUG: quantumclient.client RESP:{'date': 'Wed, 20 Mar 2013 02:54:11 GMT', 'vary': 'X-Auth-Token', 'content-length': '2437', 'status': '200', 'content-type': 'application/json'} {"access": {"token": {"issued_at": "2013-03-20T02:54:11.035465", "expires": "2013-03-21T02:54:11Z", | |
| "id": "d86823b2d6dc4bd2bb916356296a3dac", "tenant": {"description": "Default Tenant", "enabled": true, "id": "3321c9097d604beb811ca86a7aa6d752", "name": "openstack"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752", | |
| "region": "RegionOne", "internalURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752", "id": "13b5e5c64cc64309bab38437a7d527a9", "publicURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "compute", "name": "nova"}, { | |
| "endpoints": [{"adminURL": "http://127.0.0.1:9696/", "region": "RegionOne", "internalURL": "http://127.0.0.1:9696/", "id": "8c86b428fbe64527ae1407eacdbfd4ef", "publicURL": "http://127.0.0.1:9696/"}], "endpoints_links": [], "type": "network", "name": "quantum"}, {"endpoints": [ | |
| {"adminURL": "http://127.0.0.1:9292/v1", "region": "RegionOne", "internalURL": "http://127.0.0.1:9292/v1", "id": "63e9b41c95214a17beff87f6ca4ff97d", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL" | |
| : "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752", "region": "RegionOne", "internalURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752", "id": "ad45102a51884b2e906b4b3f4b1152b9", "publicURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752"} | |
| ], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8773/Admin", "region": "RegionOne", "internalURL": "http://127.0.0.1:8773/Cloud", "id": "f55b9357648b4badbd23a479cdfcf37b", "publicURL": "http://127.0.0.1:8773/Cloud"}] | |
| , "endpoints_links": [], "type": "ec2", "name": "ec2"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8888/", "region": "RegionOne", "internalURL": "http://127.0.0.1:8888/v1/AUTH_3321c9097d604beb811ca86a7aa6d752", "id": "54dfa8c8d0a543f4ae329346117eff97", "publicURL": "http:// | |
| 127.0.0.1:8888/v1/AUTH_3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "object-store", "name": "swift"}], "user": {"username": "admin", "roles_links": [], "id": "e70039578c43444f8e6de86c3ab9d3b2", "roles": [{"name": "_member_"}, {"name": "admin"}], "name": | |
| "admin"}, "metadata": {"is_admin": 0, "roles": ["9fe2ff9ee4384b1894a90878d3e92bab", "14063421f808442b9a47aac81fe66902"]}}} | |
| DEBUG: quantumclient.client | |
| REQ: curl -i http://127.0.0.1:9696/v2.0/networks.json -X GET -H "User-Agent: python-quantumclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: d86823b2d6dc4bd2bb916356296a3dac" | |
| DEBUG: quantumclient.client RESP:{'date': 'Wed, 20 Mar 2013 02:54:11 GMT', 'status': '401', 'content-length': '276', 'content-type': 'text/plain; charset=UTF-8', 'www-authenticate': "Keystone uri='https://127.0.0.1:35357'"} 401 Unauthorized | |
| This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required. | |
| Authentication required | |
| ERROR: quantumclient.shell 401 Unauthorized | |
| This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required. | |
| Authentication required | |
| Traceback (most recent call last): | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/shell.py", line 497, in run_subcommand | |
| return run_command(cmd, cmd_parser, sub_argv) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/shell.py", line 50, in run_command | |
| return cmd.run(known_args) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/common/command.py", line 35, in run | |
| return super(OpenStackCommand, self).run(parsed_args) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/cliff/display.py", line 84, in run | |
| column_names, data = self.take_action(parsed_args) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/common/command.py", line 41, in take_action | |
| return self.get_data(parsed_args) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/quantum/v2_0/__init__.py", line 530, in get_data | |
| data = self.retrieve_list(parsed_args) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/quantum/v2_0/__init__.py", line 499, in retrieve_list | |
| data = self.call_server(quantum_client, search_opts, parsed_args) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/quantum/v2_0/__init__.py", line 471, in call_server | |
| data = obj_lister(**search_opts) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 107, in with_params | |
| ret = self.function(instance, *args, **kwargs) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 292, in list_networks | |
| **_params) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 996, in list | |
| for r in self._pagination(collection, path, **params): | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 1009, in _pagination | |
| res = self.get(path, params=params) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 982, in get | |
| headers=headers, params=params) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 967, in retry_request | |
| headers=headers, params=params) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 904, in do_request | |
| resp, replybody = self.httpclient.do_request(action, method, body=body) | |
| File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/client.py", line 160, in do_request | |
| raise ex | |
| Unauthorized: 401 Unauthorized | |
| This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required. | |
| Authentication required | |
| DEBUG: quantumclient.shell clean_up ListNetwork | |
| DEBUG: quantumclient.shell got an error: 401 Unauthorized | |
| This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required. | |
| Authentication required | |
| *********************************************************************** | |
| Keystone output: | |
| 2013-03-19 21:54:10 DEBUG [eventlet.wsgi.server] (13673) accepted ('127.0.0.1', 33881) | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] ******************** REQUEST ENVIRON ******************** | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] SCRIPT_NAME = /v2.0 | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] webob.adhoc_attrs = {'response': <Response at 0x392cad0 200 OK>} | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] REQUEST_METHOD = POST | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] PATH_INFO = /tokens | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] SERVER_PROTOCOL = HTTP/1.0 | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] REMOTE_ADDR = 127.0.0.1 | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] CONTENT_LENGTH = 107 | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] HTTP_USER_AGENT = python-quantumclient | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] eventlet.posthooks = [] | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] RAW_PATH_INFO = /v2.0/tokens | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] REMOTE_PORT = 33881 | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] eventlet.input = <eventlet.wsgi.Input object at 0x392c050> | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.url_scheme = http | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] webob._body_file = (<io.BufferedReader object at 0x392cb90>, <eventlet.wsgi.Input object at 0x392c050>) | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] SERVER_PORT = 35357 | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.input = <io.BytesIO object at 0x3926e30> | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] openstack.context = {'token_id': None, 'is_admin': False} | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] HTTP_HOST = 127.0.0.1:35357 | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.multithread = True | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] openstack.params = {u'auth': {u'tenantName': u'openstack', u'passwordCredentials': {u'username': u'admin', u'password': u'password'}}} | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] HTTP_ACCEPT = application/json | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.version = (1, 0) | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] SERVER_NAME = 127.0.0.1 | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] GATEWAY_INTERFACE = CGI/1.1 | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.run_once = False | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.errors = <open file '<stderr>', mode 'w' at 0x7f5b727a21e0> | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.multiprocess = False | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] webob.is_body_seekable = True | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] CONTENT_TYPE = application/json | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] HTTP_ACCEPT_ENCODING = gzip, deflate | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] ******************** REQUEST BODY ******************** | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] {"auth": {"tenantName": "openstack", "passwordCredentials": {"username": "admin", "password": "password"}}} | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] | |
| 2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] arg_dict: {} | |
| 2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] ******************** RESPONSE HEADERS ******************** | |
| 2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] Vary = X-Auth-Token | |
| 2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] Content-Type = application/json | |
| 2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] Content-Length = 2437 | |
| 2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] | |
| 2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] ******************** RESPONSE BODY ******************** | |
| 2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] {"access": {"token": {"issued_at": "2013-03-20T02:54:11.035465", "expires": "2013-03-21T02:54:11Z", "id": "d86823b2d6dc4bd2bb916356296a3dac", "tenant": {"description": "Default Tenant", "enabled": true, "id": "3321c9097d604beb811ca86a7aa6d752", "name": "openstack"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752", "region": "RegionOne", "internalURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752", "id": "13b5e5c64cc64309bab38437a7d527a9", "publicURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9696/", "region": "RegionOne", "internalURL": "http://127.0.0.1:9696/", "id": "8c86b428fbe64527ae1407eacdbfd4ef", "publicURL": "http://127.0.0.1:9696/"}], "endpoints_links": [], "type": "network", "name": "quantum"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "RegionOne", "internalURL": "http://127.0.0.1:9292/v1", "id": "63e9b41c95214a17beff87f6ca4ff97d", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752", "region": "RegionOne", "internalURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752", "id": "ad45102a51884b2e906b4b3f4b1152b9", "publicURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8773/Admin", "region": "RegionOne", "internalURL": "http://127.0.0.1:8773/Cloud", "id": "f55b9357648b4badbd23a479cdfcf37b", "publicURL": "http://127.0.0.1:8773/Cloud"}], "endpoints_links": [], "type": "ec2", "name": "ec2"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8888/", "region": "RegionOne", "internalURL": "http://127.0.0.1:8888/v1/AUTH_3321c9097d604beb811ca86a7aa6d752", "id": "54dfa8c8d0a543f4ae329346117eff97", "publicURL": "http://127.0.0.1:8888/v1/AUTH_3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "object-store", "name": "swift"}], "user": {"username": "admin", "roles_links": [], "id": "e70039578c43444f8e6de86c3ab9d3b2", "roles": [{"name": "_member_"}, {"name": "admin"}], "name": "admin"}, "metadata": {"is_admin": 0, "roles": ["9fe2ff9ee4384b1894a90878d3e92bab", "14063421f808442b9a47aac81fe66902"]}}} | |
| 2013-03-19 21:54:11 INFO [access] 127.0.0.1 - - [20/Mar/2013:02:54:11 +0000] "POST http://127.0.0.1:35357/v2.0/tokens HTTP/1.0" 200 2437 | |
| 2013-03-19 21:54:11 DEBUG [eventlet.wsgi.server] 127.0.0.1 - - [19/Mar/2013 21:54:11] "POST /v2.0/tokens HTTP/1.1" 200 2567 0.062076 | |
| 2013-03-19 21:54:11 DEBUG [eventlet.wsgi.server] (13673) accepted ('127.0.0.1', 33883) | |
| localhost - - [19/Mar/2013 21:54:11] code 400, message Bad request syntax ('\x80g\x01\x03\x01\x00N\x00\x00\x00\x10\x00\x009\x00\x008\x00\x005\x00\x00\x16\x00\x00\x13\x00\x00') | |
| localhost - - [19/Mar/2013 21:54:11] "gN985" 400 - |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2013-03-19 21:46:21 ERROR [keystoneclient.middleware.auth_token] HTTP connection exception: [Errno 1] _ssl.c:490: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
localhost - - [19/Mar/2013 21:54:11] code 400, message Bad request syntax ('\x80g\x01\x03\x01\x00N\x00\x00\x00\x10\x00\x009\x00\x008\x00\x005\x00\x00\x16\x00\x00\x13\x00\x00')
localhost - - [19/Mar/2013 21:54:11] "gN985" 400 -