Encontré un problema tratando de instalar OpenStack en Fedora 19 con esta guía
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# nova --debug flavor-list REQ: curl -i http://127.0.0.1:5000/v2.0/tokens -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "verybadpass"}}}' INFO (connectionpool:236) Starting new HTTP connection (1): 127.0.0.1 DEBUG (connectionpool:330) "POST /v2.0/tokens HTTP/1.1" 401 116 RESP: [401] CaseInsensitiveDict({'date': 'Fri, 11 Oct 2013 23:24:41 GMT', 'vary': 'X-Auth-Token', 'content-length': '116', 'content-type': 'application/json'}) RESP BODY: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}} DEBUG (shell:768) Invalid OpenStack Nova credentials. Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/novaclient/shell.py", line 765, in main OpenStackComputeShell().main(map(strutils.safe_decode, sys.argv[1:])) File "/usr/lib/python2.7/site-packages/novaclient/shell.py", line 697, in main raise exc.CommandError("Invalid OpenStack Nova credentials.") CommandError: Invalid OpenStack Nova credentials. ERROR: Invalid OpenStack Nova credentials. |
Mirando el archivo .keystorerc, parecía estar bien.
1 2 3 4 5 6 7 8 9 |
[root@localhost ~]# cat .keystonerc export ADMIN_TOKEN=49ac57278d318dc7bb61 export OS_SERVICE_TOKEN=49ac57278d318dc7bb61 export OS_USERNAME=admin export OS_PASSWORD=verybadpass export OS_TENANT_NAME=admin export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/ export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0/ export SERVICE_TOKEN=$ADMIN_TOKEN |
La solución fue hacer que el usuario, rol e inquilino estén asociados.
1. Obtener el ID para el usuario admin:
1 2 3 4 5 6 7 8 9 10 11 |
[root@localhost ~]# keystone user-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+--------+---------+-------+ | id | name | enabled | email | +----------------------------------+--------+---------+-------+ | <strong>4738e8d8819a47a5b0cd7b72db3f3fa6</strong> | admin | True | | | 157da897546e4ac8a98eaf6240683457 | ec2 | True | | | 3819652ea963416a99aa6bc6dd1cd83c | glance | True | | | 12c7844b7dc24aa3a7e704b49e026f33 | nova | True | | | 8313970d7d524ef59983a062711916e8 | swift | True | | +----------------------------------+--------+---------+-------+ |
2. Obtener el ID inquilino para admin, si no existe, lo creamos:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@localhost ~]# keystone tenant-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | afd9af7cd2604311be27646b4111f8d4 | demo | True | | 9c85743eee994e28af10ea7b9d215af0 | service | True | +----------------------------------+---------+---------+ [root@localhost ~]# keystone tenant-create --name admin WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | <strong>4aec780fe3374e46b4cea0de602c19c5</strong> | | name | admin | +-------------+----------------------------------+ |
3. Obetener el ID del rol:
1 2 3 4 5 6 7 8 |
[root@localhost ~]# keystone role-list WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------------------------------+----------+ | id | name | +----------------------------------+----------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | <strong>9b4b3ec7153b4b48bf381db829108646</strong> | admin | +----------------------------------+----------+ |
Por ultimo, los asociamos:
1 |
[root@localhost ~]# keystone user-role-add --user 4738e8d8819a47a5b0cd7b72db3f3fa6 --role 9b4b3ec7153b4b48bf381db829108646[root@localhost ~]# keystone user-role-add --user 4738e8d8819a47a5b0cd7b72db3f3fa6 --role 9b4b3ec7153b4b48bf381db829108646 --tenant-id 4aec780fe3374e46b4cea0de602c19c5 |
Después de esto, el error de las credenciales desapareció. De todos modos, encontré otro error que decía que Nova no era capaz de firmar el token de autenticación.
Finalmente instale OpenStack utilizando RDO. Este método es mucho mas sencillo.