API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 5th, 2017
704
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.82 KB | None | 0 0
raw download clone embed print report
  1. I upgraded from Liberty to Mitaka, but now I cannot login into Dashboard anymore.
  2.  
  3. I tried to use configs from a Mitaka devstack but without success.
  4.  
  5. Keystone works fine as it can be seen below:
  6.  
  7. root@liberty-ctrl:/etc/openstack-dashboard# env | grep OS
  8. OS_PROJECT_DOMAIN_ID=default
  9. OS_IMAGE_API_VERSION=2
  10. OS_USER_DOMAIN_ID=default
  11. OS_PROJECT_NAME=admin
  12. OS_IDENTITY_API_VERSION=3
  13. OS_PASSWORD=test123
  14. OS_AUTH_URL=http://controller:35357/v3
  15. OS_USERNAME=admin
  16. OS_TENANT_NAME=admin
  17. LESSCLOSE=/usr/bin/lesspipe %s %s
  18. root@liberty-ctrl:/etc/openstack-dashboard#
  19. root@liberty-ctrl:/etc/openstack-dashboard#
  20. root@liberty-ctrl:/etc/openstack-dashboard# openstack endpoint list
  21. +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------+
  22. | ID | Region | Service Name | Service Type | Enabled | Interface | URL |
  23. +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------+
  24. | 1070cf42dfde4470a82485ad9c383e93 | RegionOne | glance | image | True | public | http://controller:9292 |
  25. | 1893e2bec52f43bb8686aed342d5fa19 | RegionOne | cinder | volume | True | internal | http://controller:8776/v1/%(tenant_id)s |
  26. | 2f06e277e2b1427abb83f2e17ce33c9e | RegionOne | neutron | network | True | internal | http://controller:9696 |
  27. | 305bf0de93fb40b5abf24b70f9b9e072 | RegionOne | swift | object-store | True | internal | http://172.25.4.15:9080/swift/v1 |
  28. | 3c5c392426b947b3b178df2535da117e | RegionOne | glance | image | True | admin | http://controller:9292 |
  29. | 5053c877a800438aa8b3df0f6439668d | RegionOne | swift | object-store | True | admin | http://172.25.4.15:9080/swift/v1 |
  30. | 547f47f2efc849778c095024092fac66 | RegionOne | neutron | network | True | admin | http://controller:9696 |
  31. | 61e438820b8f4a1fb640acf0a40399df | RegionOne | cinder | volume | True | admin | http://controller:8776/v1/%(tenant_id)s |
  32. | 67e454c1c0434748b1fbc405f945e203 | RegionOne | glance | image | True | internal | http://controller:9292 |
  33. | 83c67460cc7b40479a2a1c9d22601e69 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
  34. | 96151225767347beafeae1abd1664dc7 | RegionOne | keystone | identity | True | internal | http://controller:5000/v2.0 |
  35. | 9c9d20a2f9c542a8b7596b6866e002f4 | RegionOne | cinderv2 | volumev2 | True | public | http://controller:8776/v2/%(tenant_id)s |
  36. | a400573d1bc345f8a651e767f492cfd2 | RegionOne | keystone | identity | True | public | http://controller:5000/v2.0 |
  37. | acff875e771941f5827faebf27ac7c26 | RegionOne | cinder | volume | True | public | http://controller:8776/v1/%(tenant_id)s |
  38. | b106e139e3264353a6740ed38f72101e | RegionOne | neutron | network | True | public | http://controller:9696 |
  39. | b14889aa23c9439b8a44a49da27bcedc | RegionOne | cinderv2 | volumev2 | True | internal | http://controller:8776/v2/%(tenant_id)s |
  40. | bc2d981b4c9b4d4183503c347086a768 | RegionOne | nova | compute | True | internal | http://controller:8774/v2/%(tenant_id)s |
  41. | c90ea7ebce6441c49c3a139d188e85e9 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
  42. | da0666e181004e2e9159c2a387c7359c | RegionOne | cinderv2 | volumev2 | True | admin | http://controller:8776/v2/%(tenant_id)s |
  43. | de798459d0dc4a9296593238c9bd1ea8 | RegionOne | swift | object-store | True | public | http://172.25.4.15:9080/swift/v1 |
  44. | e1ea0000bf2b4550b6134b769d384026 | RegionOne | keystone | identity | True | admin | http://controller:35357/v2.0 |
  45. | f77498c856b744aa9875199e845241e0 | RegionOne | nova | compute | True | admin | http://controller:8774/v2/%(tenant_id)s |
  46. | fce091c909d9442295b7913ee2152dd2 | RegionOne | keystone | identity | True | admin | http://controller:35357/v3 |
  47. | fe859117269a46d8963ea1f705846ee0 | RegionOne | nova | compute | True | public | http://controller:8774/v2/%(tenant_id)s |
  48. +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------------+
  49.  
  50.  
  51. Below you can see the Dashboard config:
  52. root@liberty-ctrl:/etc/openstack-dashboard# egrep -v "^$|^#" /etc/openstack-dashboard/local_settings.py
  53. import os
  54. from django.utils.translation import ugettext_lazy as _
  55. from horizon.utils import secret_key
  56. from openstack_dashboard import exceptions
  57. from openstack_dashboard.settings import HORIZON_CONFIG
  58. DEBUG = False
  59. TEMPLATE_DEBUG = DEBUG
  60. WEBROOT = "/"
  61. LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
  62. SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key')
  63. CACHES = {
  64. 'default': {
  65. 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
  66. #'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
  67. 'LOCATION': '127.0.0.1:11211',
  68. },
  69. }
  70. EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
  71. OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
  72. OPENSTACK_API_VERSIONS={"identity":3}
  73. OPENSTACK_HOST="controller"
  74. OPENSTACK_KEYSTONE_URL = "http://%s:35357/v3" % OPENSTACK_HOST
  75. OPENSTACK_KEYSTONE_BACKEND = {
  76. 'name': 'native',
  77. 'can_edit_user': True,
  78. 'can_edit_group': True,
  79. 'can_edit_project': True,
  80. 'can_edit_domain': True,
  81. 'can_edit_role': True,
  82. }
  83. OPENSTACK_HYPERVISOR_FEATURES = {
  84. 'can_set_mount_point': False,
  85. 'can_set_password': False,
  86. 'requires_keypair': False,
  87. }
  88. OPENSTACK_CINDER_FEATURES = {
  89. 'enable_backup': False,
  90. }
  91. OPENSTACK_NEUTRON_NETWORK = {
  92. 'enable_router': True,
  93. 'enable_quotas': True,
  94. 'enable_ipv6': True,
  95. 'enable_distributed_router': False,
  96. 'enable_ha_router': False,
  97. 'enable_lb': True,
  98. 'enable_firewall': True,
  99. 'enable_vpn': True,
  100. 'enable_fip_topology_check': True,
  101. # Neutron can be configured with a default Subnet Pool to be used for IPv4
  102. # subnet-allocation. Specify the label you wish to display in the Address
  103. # pool selector on the create subnet step if you want to use this feature.
  104. 'default_ipv4_subnet_pool_label': None,
  105. # Neutron can be configured with a default Subnet Pool to be used for IPv6
  106. # subnet-allocation. Specify the label you wish to display in the Address
  107. # pool selector on the create subnet step if you want to use this feature.
  108. # You must set this to enable IPv6 Prefix Delegation in a PD-capable
  109. # environment.
  110. 'default_ipv6_subnet_pool_label': None,
  111. # The profile_support option is used to detect if an external router can be
  112. # configured via the dashboard. When using specific plugins the
  113. # profile_support can be turned on if needed.
  114. 'profile_support': None,
  115. #'profile_support': 'cisco',
  116. # Set which provider network types are supported. Only the network types
  117. # in this list will be available to choose from when creating a network.
  118. # Network types include local, flat, vlan, gre, and vxlan.
  119. 'supported_provider_types': ['*'],
  120. # Set which VNIC types are supported for port binding. Only the VNIC
  121. # types in this list will be available to choose from when creating a
  122. # port.
  123. # VNIC types include 'normal', 'macvtap' and 'direct'.
  124. # Set to empty list or None to disable VNIC type selection.
  125. 'supported_vnic_types': ['*'],
  126. }
  127. OPENSTACK_HEAT_STACK = {
  128. 'enable_user_pass': True,
  129. }
  130. IMAGE_CUSTOM_PROPERTY_TITLES = {
  131. "architecture": _("Architecture"),
  132. "kernel_id": _("Kernel ID"),
  133. "ramdisk_id": _("Ramdisk ID"),
  134. "image_state": _("Euca2ools state"),
  135. "project_id": _("Project ID"),
  136. "image_type": _("Image Type"),
  137. }
  138. IMAGE_RESERVED_CUSTOM_PROPERTIES = []
  139. API_RESULT_LIMIT = 1000
  140. API_RESULT_PAGE_SIZE = 20
  141. SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
  142. DROPDOWN_MAX_ITEMS = 30
  143. TIME_ZONE = "UTC"
  144. LOGGING = {
  145. 'version': 1,
  146. # When set to True this will disable all logging except
  147. # for loggers specified in this configuration dictionary. Note that
  148. # if nothing is specified here and disable_existing_loggers is True,
  149. # django.db.backends will still log unless it is disabled explicitly.
  150. 'disable_existing_loggers': False,
  151. 'handlers': {
  152. 'null': {
  153. 'level': 'DEBUG',
  154. 'class': 'logging.NullHandler',
  155. },
  156. 'console': {
  157. # Set the level to "DEBUG" for verbose output logging.
  158. 'level': 'INFO',
  159. 'class': 'logging.StreamHandler',
  160. },
  161. },
  162. 'loggers': {
  163. # Logging from django.db.backends is VERY verbose, send to null
  164. # by default.
  165. 'django.db.backends': {
  166. 'handlers': ['null'],
  167. 'propagate': False,
  168. },
  169. 'requests': {
  170. 'handlers': ['null'],
  171. 'propagate': False,
  172. },
  173. 'horizon': {
  174. 'handlers': ['console'],
  175. 'level': 'DEBUG',
  176. 'propagate': False,
  177. },
  178. 'openstack_dashboard': {
  179. 'handlers': ['console'],
  180. 'level': 'DEBUG',
  181. 'propagate': False,
  182. },
  183. 'novaclient': {
  184. 'handlers': ['console'],
  185. 'level': 'DEBUG',
  186. 'propagate': False,
  187. },
  188. 'cinderclient': {
  189. 'handlers': ['console'],
  190. 'level': 'DEBUG',
  191. 'propagate': False,
  192. },
  193. 'keystoneclient': {
  194. 'handlers': ['console'],
  195. 'level': 'DEBUG',
  196. 'propagate': False,
  197. },
  198. 'glanceclient': {
  199. 'handlers': ['console'],
  200. 'level': 'DEBUG',
  201. 'propagate': False,
  202. },
  203. 'neutronclient': {
  204. 'handlers': ['console'],
  205. 'level': 'DEBUG',
  206. 'propagate': False,
  207. },
  208. 'heatclient': {
  209. 'handlers': ['console'],
  210. 'level': 'DEBUG',
  211. 'propagate': False,
  212. },
  213. 'ceilometerclient': {
  214. 'handlers': ['console'],
  215. 'level': 'DEBUG',
  216. 'propagate': False,
  217. },
  218. 'swiftclient': {
  219. 'handlers': ['console'],
  220. 'level': 'DEBUG',
  221. 'propagate': False,
  222. },
  223. 'openstack_auth': {
  224. 'handlers': ['console'],
  225. 'level': 'DEBUG',
  226. 'propagate': False,
  227. },
  228. 'nose.plugins.manager': {
  229. 'handlers': ['console'],
  230. 'level': 'DEBUG',
  231. 'propagate': False,
  232. },
  233. 'django': {
  234. 'handlers': ['console'],
  235. 'level': 'DEBUG',
  236. 'propagate': False,
  237. },
  238. 'iso8601': {
  239. 'handlers': ['null'],
  240. 'propagate': False,
  241. },
  242. 'scss': {
  243. 'handlers': ['null'],
  244. 'propagate': False,
  245. },
  246. },
  247. }
  248. SECURITY_GROUP_RULES = {
  249. 'all_tcp': {
  250. 'name': _('All TCP'),
  251. 'ip_protocol': 'tcp',
  252. 'from_port': '1',
  253. 'to_port': '65535',
  254. },
  255. 'all_udp': {
  256. 'name': _('All UDP'),
  257. 'ip_protocol': 'udp',
  258. 'from_port': '1',
  259. 'to_port': '65535',
  260. },
  261. 'all_icmp': {
  262. 'name': _('All ICMP'),
  263. 'ip_protocol': 'icmp',
  264. 'from_port': '-1',
  265. 'to_port': '-1',
  266. },
  267. 'ssh': {
  268. 'name': 'SSH',
  269. 'ip_protocol': 'tcp',
  270. 'from_port': '22',
  271. 'to_port': '22',
  272. },
  273. 'smtp': {
  274. 'name': 'SMTP',
  275. 'ip_protocol': 'tcp',
  276. 'from_port': '25',
  277. 'to_port': '25',
  278. },
  279. 'dns': {
  280. 'name': 'DNS',
  281. 'ip_protocol': 'tcp',
  282. 'from_port': '53',
  283. 'to_port': '53',
  284. },
  285. 'http': {
  286. 'name': 'HTTP',
  287. 'ip_protocol': 'tcp',
  288. 'from_port': '80',
  289. 'to_port': '80',
  290. },
  291. 'pop3': {
  292. 'name': 'POP3',
  293. 'ip_protocol': 'tcp',
  294. 'from_port': '110',
  295. 'to_port': '110',
  296. },
  297. 'imap': {
  298. 'name': 'IMAP',
  299. 'ip_protocol': 'tcp',
  300. 'from_port': '143',
  301. 'to_port': '143',
  302. },
  303. 'ldap': {
  304. 'name': 'LDAP',
  305. 'ip_protocol': 'tcp',
  306. 'from_port': '389',
  307. 'to_port': '389',
  308. },
  309. 'https': {
  310. 'name': 'HTTPS',
  311. 'ip_protocol': 'tcp',
  312. 'from_port': '443',
  313. 'to_port': '443',
  314. },
  315. 'smtps': {
  316. 'name': 'SMTPS',
  317. 'ip_protocol': 'tcp',
  318. 'from_port': '465',
  319. 'to_port': '465',
  320. },
  321. 'imaps': {
  322. 'name': 'IMAPS',
  323. 'ip_protocol': 'tcp',
  324. 'from_port': '993',
  325. 'to_port': '993',
  326. },
  327. 'pop3s': {
  328. 'name': 'POP3S',
  329. 'ip_protocol': 'tcp',
  330. 'from_port': '995',
  331. 'to_port': '995',
  332. },
  333. 'ms_sql': {
  334. 'name': 'MS SQL',
  335. 'ip_protocol': 'tcp',
  336. 'from_port': '1433',
  337. 'to_port': '1433',
  338. },
  339. 'mysql': {
  340. 'name': 'MYSQL',
  341. 'ip_protocol': 'tcp',
  342. 'from_port': '3306',
  343. 'to_port': '3306',
  344. },
  345. 'rdp': {
  346. 'name': 'RDP',
  347. 'ip_protocol': 'tcp',
  348. 'from_port': '3389',
  349. 'to_port': '3389',
  350. },
  351. }
  352. REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
  353. 'LAUNCH_INSTANCE_DEFAULTS']
  354. try:
  355. from ubuntu_theme import *
  356. except ImportError:
  357. pass
  358. WEBROOT='/horizon/'
  359. ALLOWED_HOSTS = ['*', ]
  360. COMPRESS_OFFLINE = True
  361.  
  362.  
  363.  
  364. And the Keystone config (not using fernet tokens):
  365. root@liberty-ctrl:/etc/openstack-dashboard# egrep -v "^$|^#" /etc/keystone/keystone.conf
  366. [DEFAULT]
  367. admin_token = ADMIN
  368. debug = true
  369. verbose = true
  370. log_dir = /var/log/keystone
  371. [assignment]
  372. [auth]
  373. [cache]
  374. [catalog]
  375. [cors]
  376. [cors.subdomain]
  377. [credential]
  378. [database]
  379. connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
  380. [domain_config]
  381. [endpoint_filter]
  382. [endpoint_policy]
  383. [eventlet_server]
  384. [eventlet_server_ssl]
  385. [federation]
  386. [fernet_tokens]
  387. [identity]
  388. [identity_mapping]
  389. [kvs]
  390. [ldap]
  391. [matchmaker_redis]
  392. [matchmaker_ring]
  393. [memcache]
  394. servers = localhost:11211
  395. [oauth1]
  396. [os_inherit]
  397. [oslo_messaging_amqp]
  398. [oslo_messaging_qpid]
  399. [oslo_messaging_rabbit]
  400. [oslo_middleware]
  401. [oslo_policy]
  402. [paste_deploy]
  403. [policy]
  404. [resource]
  405. [revoke]
  406. driver = sql
  407. [role]
  408. [saml]
  409. [signing]
  410. [ssl]
  411. [token]
  412. provider = uuid
  413. driver = memcache
  414. [tokenless_auth]
  415. [trust]
  416. [extra_headers]
  417. Distribution = Ubuntu
  418.  
  419.  
  420. If I try to login with wrong credentials, Dashboard throws the "Invalid credentials" message.
  421.  
  422. If I try to login with correct credentials, Dashboard throws the "Unable to retrieve authorized projects." message and logs the following in "/var/log/apache2/keystone.log".
  423.  
  424. 2017-01-05 08:54:42.926805 2017-01-05 08:54:42.926 736 DEBUG keystone.middleware.auth [req-60c81ee5-e80c-47eb-a3f7-642162075ee4 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. _build_auth_context /usr/lib/python2.7/dist-packages/keystone/middleware/auth.py:71
  425. 2017-01-05 08:54:42.927918 2017-01-05 08:54:42.927 736 INFO keystone.common.wsgi [req-60c81ee5-e80c-47eb-a3f7-642162075ee4 - - - - -] POST http://controller:35357/v3/auth/tokens
  426. 2017-01-05 08:54:42.985101 2017-01-05 08:54:42.984 736 DEBUG keystone.common.kvs.core [req-60c81ee5-e80c-47eb-a3f7-642162075ee4 - - - - -] KVS lock acquired for: usertokens-732f237a2d314aa1a30c314c6519240e acquire /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:407
  427. 2017-01-05 08:54:42.987381 2017-01-05 08:54:42.987 736 DEBUG keystone.common.kvs.core [req-60c81ee5-e80c-47eb-a3f7-642162075ee4 - - - - -] KVS lock released for: usertokens-732f237a2d314aa1a30c314c6519240e release /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:426
  428. 2017-01-05 08:54:42.999111 2017-01-05 08:54:42.998 732 DEBUG keystone.common.authorization [req-f49d0142-8910-40fe-a1f2-ea2caf6a34f7 - - - - -] RBAC: Proceeding without project or domain scope token_to_auth_context /usr/lib/python2.7/dist-packages/keystone/common/authorization.py:80
  429. 2017-01-05 08:54:42.999745 2017-01-05 08:54:42.999 732 DEBUG keystone.middleware.auth [req-f49d0142-8910-40fe-a1f2-ea2caf6a34f7 732f237a2d314aa1a30c314c6519240e - - default -] RBAC: auth_context: {'is_delegated_auth': False, 'user_id': u'732f237a2d314aa1a30c314c6519240e', 'user_domain_id': u'default', 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=A8AHv9GUS96hI7TMjMvv1Q, audit_chain_id=A8AHv9GUS96hI7TMjMvv1Q) at 0x7f6c0a8cc3c8>, 'access_token_id': None, 'trust_id': None} process_request /usr/lib/python2.7/dist-packages/keystone/middleware/auth.py:221
  430. 2017-01-05 08:54:43.001182 2017-01-05 08:54:43.000 732 INFO keystone.common.wsgi [req-f49d0142-8910-40fe-a1f2-ea2caf6a34f7 732f237a2d314aa1a30c314c6519240e - - default -] POST http://controller:35357/v3/auth/tokens
  431. 2017-01-05 08:54:43.117938 2017-01-05 08:54:43.117 732 DEBUG keystone.common.kvs.core [req-f49d0142-8910-40fe-a1f2-ea2caf6a34f7 732f237a2d314aa1a30c314c6519240e - - default -] KVS lock acquired for: usertokens-732f237a2d314aa1a30c314c6519240e acquire /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:407
  432. 2017-01-05 08:54:43.120800 2017-01-05 08:54:43.120 732 DEBUG keystone.common.kvs.core [req-f49d0142-8910-40fe-a1f2-ea2caf6a34f7 732f237a2d314aa1a30c314c6519240e - - default -] KVS lock released for: usertokens-732f237a2d314aa1a30c314c6519240e release /usr/lib/python2.7/dist-packages/keystone/common/kvs/core.py:426
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!