Bad configuration issue + OpenStack Mitaka on Cinder service Causing "cinder service-list ERROR: Service Unavailable (HTTP 503)" Authorization failed. The request you have made requires authentication. from 192.168.100.138
Error on the command prompt as returned
ERROR: Service Unavailable (HTTP 503)"
Error on the controller server /var/log/keystone/keystone.log
2016-07-10 17:44:35.346 3533 INFO keystone.common.wsgi [req-220e3bf4-2382-4f2c-8c46-55539f9ae098 - - - - -] POST http://controller1.example.com:35357/v3/auth/tokens
2016-07-10 17:44:35.998 3533 WARNING keystone.common.wsgi [req-220e3bf4-2382-4f2c-8c46-55539f9ae098 - - - - -] Authorization failed. The request you have made requires authentication. from 192.168.100.138
The fix was as below
[root@controller1 ~]# cinder service-list
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | controller1.example.com | nova | enabled | up | 2016-07-10T22:05:35.000000 | - |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]# cinder list
+----+--------+------+------+-------------+----------+-------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+----+--------+------+------+-------------+----------+-------------+
+----+--------+------+------+-------------+----------+-------------+
[root@controller1 ~]#
Error on the command prompt as returned
ERROR: Service Unavailable (HTTP 503)"
Error on the controller server /var/log/keystone/keystone.log
2016-07-10 17:44:35.346 3533 INFO keystone.common.wsgi [req-220e3bf4-2382-4f2c-8c46-55539f9ae098 - - - - -] POST http://controller1.example.com:35357/v3/auth/tokens
2016-07-10 17:44:35.998 3533 WARNING keystone.common.wsgi [req-220e3bf4-2382-4f2c-8c46-55539f9ae098 - - - - -] Authorization failed. The request you have made requires authentication. from 192.168.100.138
The fix was as below
This was a wrong configuration in which the /etc/cinder/cinder.conf on the Controller server controller1.example.com and /etc/nova/nova.conf had been correct as per the Mitaka installation document on CentOS (www.openstack.org). Also on the cinder server bstore1.example.com the file /etc/cinder/cinder.conf had been correctly set.
The Database user cinder and the OpenStack service user cinder also had been with the passwords and the same had been being used in the configuration files /etc/cinder/cinder.conf.
Finally this issue was found out be accounted by the fact that after the cinder user was created on the controller server, the same was not given an admin role to the project service.
This was fixed by providing the admin role to the cinder user on the project service on the controller server and this had made things run fine.
# . admin-openrc -> to source the admin credentials.
# openstack role add --project service --user cinder admin
After this things started working as
[root@controller1 ~]# cinder service-list
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | controller1.example.com | nova | enabled | up | 2016-07-10T22:05:35.000000 | - |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]#
[root@controller1 ~]# cinder list
+----+--------+------+------+-------------+----------+-------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+----+--------+------+------+-------------+----------+-------------+
+----+--------+------+------+-------------+----------+-------------+
[root@controller1 ~]#
Also the /var/log/keystone/keystone.log has started showing the correct authorization of the cinder
2016-07-10 17:47:28.388 3536 INFO keystone.token.providers.fernet.utils [req-2ceda5e9-1ca9-41d9-b0c9-40bf8e60208d - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2016-07-10 17:47:28.422 3537 INFO keystone.token.providers.fernet.utils [req-a2e5f7c5-6c34-4202-8b4d-2344541b5ea2 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2016-07-10 17:47:28.668 3537 INFO keystone.common.wsgi [req-a2e5f7c5-6c34-4202-8b4d-2344541b5ea2 31a638cfa16a42019ef1d7255a157a47 95b5e18a71274873b72d7faba0cb4365 - ca7e0958d3c84cc8800c8227fe84823a ca7e0958d3c84cc8800c8227fe84823a] GET http://controller1.example.com:35357/v3/auth/tokens
2016-07-10 17:47:28.670 3537 INFO keystone.token.providers.fernet.utils [req-a2e5f7c5-6c34-4202-8b4d-2344541b5ea2 31a638cfa16a42019ef1d7255a157a47 95b5e18a71274873b72d7faba0cb4365 - ca7e0958d3c84cc8800c8227fe84823a ca7e0958d3c84cc8800c8227fe84823a] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2016-07-10 17:47:28.908 3537 INFO keystone.token.providers.fernet.utils [req-a2e5f7c5-6c34-4202-8b4d-2344541b5ea2 31a638cfa16a42019ef1d7255a157a47 95b5e18a71274873b72d7faba0cb4365 - ca7e0958d3c84cc8800c8227fe84823a ca7e0958d3c84cc8800c8227fe84823a] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
Note: Similar issue can be caused when using passwords for the cinder user being different in the cinder database and in cinder user in the service creation to those being used in the cinder configuration file /etc/cinder/cinder.conf on the controller also the cinder servers.
No comments:
Post a Comment