settingsLogin | Registersettings

[Openstack] [Trove] `trove list` results in ERROR: Unauthorized (HTTP 401)

0 votes

Dear all,

I run the stable branch of OpenStack Icehouse on Scientific Linux 6,
installed with Packstack, with Trove release 2014.2.b2 and
python-troveclient 1.0.5 (newest release/tag for both of them).

My problem: if as OpenStack user admin, that means, with sourced
keystonerc_admin, I run trove list or trove datastore-list I get

ERROR: Unauthorized (HTTP 401).

The same happens with user trove (see below).

The log files trove.log and keystone.log show (full excerpts below):

trove.log:

  • Unexpected response from keystone service: {u'error': {u'message': u"object of type 'NoneType' has no len()", u'code': 400, u'title': u'Bad Request'}}
  • ServiceError: invalid json response
  • Authorization failed for token

keystone.log:

  • TypeError: object of type 'NoneType' has no len()

I think it is a problem with the users and tenants I configured for
Trove. Someone having the same problem with Glance could fix it by
putting the right login information into glance.conf, see
https://answers.launchpad.net/glance/+question/229769 .

For configuration of Trove I followed the OpenStack documentation [1],
Troves documentation for manual install [2] and the DevStack code [3].

[1]
http://docs.openstack.org/icehouse/install-guide/install/yum/content/trove-install.html
[2] http://docs.openstack.org/developer/trove/dev/manual_install.html
[3] https://github.com/openstack-dev/devstack/blob/stable/icehouse/lib/trove

The three sources use different combinations of users and tenants. Does
someone of you know which users and tenants have to be used? At the
moment, I have the following configuration:

Users and tenants:
* tenant trove
* user trove is member and admin in tenant trove and services,
which is the service tenant in my installation of OpenStack
* user admin is member and admin in tenant trove, and for testing
even member and admin in services, but this didn't help

Trove's api-paste.ini:

[filter:authtoken]
adminuser=trove
admin
password=***
admintenantname=services

trove-taskmanager.conf, trove-conductor.conf and trove-guestagent.conf:

[DEFAULT]
novaproxyadminuser=admin
nova
proxyadminpass=***
novaproxyadmintenantname=trove

[1] uses tenant services here.

Any help and guidelines are appreciated.

Best regards,
Benjamin

trove.log

2014-08-21 14:55:27.122 6221 INFO eventlet.wsgi [-] (6221) accepted ('...', 45415)
2014-08-21 14:55:27.123 6221 DEBUG keystoneclient.middleware.authtoken [-] Authenticating user token call /usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py:666
2014-08-21 14:55:27.124 6221 DEBUG keystoneclient.middleware.authtoken [-] Removing headers from request environment: X-Identity-Status,X-Domain-Id,X-Domain-Name,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-User-Id,X-User-Name,X-User-Domain-Id,X-User-Domain-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant-Id,X-Tenant-Name,X-Tenant,X-Role _removeauthheaders /usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py:725
2014-08-21 14:55:27.132 6221 WARNING keystoneclient.middleware.authtoken [-] Unexpected response from keystone service: {u'error': {u'message': u"object of type 'NoneType' has no len()", u'code': 400, u'title': u'Bad Request'}}
2014-08-21 14:55:27.132 6221 DEBUG keystoneclient.middleware.auth
token [-] Token validation failure. validateusertoken /usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py:943
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken Traceback (most recent call last):
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.auth
token File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py", line 930, in _validateusertoken
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.auth
token verified = self.verifysignedtoken(usertoken, tokenids)
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py", line 1347, in verifysignedtoken
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken if self.issignedtokenrevoked(tokenids):
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.auth
token File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py", line 1299, in issignedtokenrevoked
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken if self.istokenidinrevokedlist(tokenid):
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py", line 1306, in istokenidinrevokedlist
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken revocationlist = self.tokenrevocationlist
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py", line 1413, in tokenrevocationlist
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken self.tokenrevocationlist = self.fetchrevocationlist()
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.auth
token File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py", line 1446, in fetchrevocationlist
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.auth
token headers = {'X-Auth-Token': self.getadmintoken()}
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py", line 777, in getadmintoken
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken self.admintokenexpiry) = self.requestadmintoken()
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py", line 890, in requestadmintoken
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.auth
token raise ServiceError('invalid json response')
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.authtoken ServiceError: invalid json response
2014-08-21 14:55:27.132 6221 TRACE keystoneclient.middleware.auth
token
2014-08-21 14:55:27.134 6221 DEBUG keystoneclient.middleware.authtoken [-] Marking token as unauthorized in cache _cachestoreinvalid /usr/lib/python2.6/site-packages/keystoneclient/middleware/authtoken.py:1239
2014-08-21 14:55:27.134 6221 WARNING keystoneclient.middleware.authtoken [-] Authorization failed for token
2014-08-21 14:55:27.135 6221 INFO keystoneclient.middleware.auth
token [-] Invalid user token - rejecting request
2014-08-21 14:55:27.135 6221 INFO eventlet.wsgi [-] ... - - [21/Aug/2014 14:55:27] "GET /v1.0/b426bf07c5cd48d1b2525699bca29cdb/instances HTTP/1.1" 401 199 0.011922

keystone.log

2014-08-21 14:55:27.100 3165 INFO eventlet.wsgi.server [-] ... - - [21/Aug/2014 14:55:27] "POST /v2.0/tokens HTTP/1.1" 200 10323 0.213025
2014-08-21 14:55:27.129 3165 ERROR keystone.common.wsgi [-] object of type 'NoneType' has no len()
2014-08-21 14:55:27.129 3165 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-08-21 14:55:27.129 3165 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 207, in call
2014-08-21 14:55:27.129 3165 TRACE keystone.common.wsgi result = method(context, **params)
2014-08-21 14:55:27.129 3165 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 98, in authenticate
2014-08-21 14:55:27.129 3165 TRACE keystone.common.wsgi context, auth)
2014-08-21 14:55:27.129 3165 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/controllers.py", line 256, in authenticatelocal
2014-08-21 14:55:27.129 3165 TRACE keystone.common.wsgi if len(username) > CONF.maxparamsize:
2014-08-21 14:55:27.129 3165 TRACE keystone.common.wsgi TypeError: object of type 'NoneType' has no len()
2014-08-21 14:55:27.129 3165 TRACE keystone.common.wsgi
2014-08-21 14:55:27.131 3165 INFO eventlet.wsgi.server [-] ***.***.***.*** - - [21/Aug/2014 14:55:27] "POST /v2.0/tokens HTTP/1.1" 400 239 0.004268


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
asked Aug 21, 2014 in openstack by Benjamin_Lipp (120 points)  ‚óŹ 1
...