Skip to content

Instantly share code, notes, and snippets.

@roaet

roaet/gist:5201959

Last active December 15, 2015 04:29
Show Gist options
  • Save roaet/5201959 to your computer and use it in GitHub Desktop.
Save roaet/5201959 to your computer and use it in GitHub Desktop.
Download ZIP
Problem with quantum-client and keystone auth. Passwords in file are temporary. None of the services are configured to run https, so why is quantum-client, through the keystoneclient.middleware using https?
Raw
gistfile1.txt
Output from quantum:
2013-03-19 21:46:21 DEBUG [keystoneclient.middleware.auth_token] Authenticating user token
2013-03-19 21:46:21 DEBUG [keystoneclient.middleware.auth_token] Removing headers from request environment: X-Identity-Status,X-Tenant-Id,X-Tenant-Name,X-User-Id,X-User-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant,X-Role
2013-03-19 21:46:21 ERROR [keystoneclient.middleware.auth_token] HTTP connection exception: [Errno 1] _ssl.c:490: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
2013-03-19 21:46:21 DEBUG [keystoneclient.middleware.auth_token] Token validation failure.
Traceback (most recent call last):
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 552, in _validate_user_token
data = self.verify_uuid_token(user_token, retry)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 729, in verify_uuid_token
headers = {'X-Auth-Token': self.get_admin_token()}
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 414, in get_admin_token
self.admin_token_expiry) = self._request_admin_token()
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 515, in _request_admin_token
body=params)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 484, in _json_request
raise ServiceError('Unable to communicate with keystone')
ServiceError: Unable to communicate with keystone
2013-03-19 21:46:21 WARNING [keystoneclient.middleware.auth_token] Authorization failed for token ab278ee33f3a4176870a7691b21bcaf6
2013-03-19 21:46:21 INFO [keystoneclient.middleware.auth_token] Invalid user token - rejecting request
***********************************************************************
Output from Quantum-client:
(quantum)compute@localhost:~/.quantum$ quantum --verbose --debug net-list [10/719]
DEBUG: quantumclient.quantum.v2_0.network.ListNetwork get_data(Namespace(columns=[], fields=[], filter_specs=[], formatter='table', page_size=None, quote_mode='nonnumeric', request_format='json', show_details=False, sort_dir=[], sort_key=[]))
DEBUG: quantumclient.client
REQ: curl -i http://127.0.0.1:35357/v2.0/tokens -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-quantumclient" -d '{"auth": {"tenantName": "openstack", "passwordCredentials": {"username": "admin", "password": "password"}}}'
DEBUG: quantumclient.client RESP:{'date': 'Wed, 20 Mar 2013 02:54:11 GMT', 'vary': 'X-Auth-Token', 'content-length': '2437', 'status': '200', 'content-type': 'application/json'} {"access": {"token": {"issued_at": "2013-03-20T02:54:11.035465", "expires": "2013-03-21T02:54:11Z",
"id": "d86823b2d6dc4bd2bb916356296a3dac", "tenant": {"description": "Default Tenant", "enabled": true, "id": "3321c9097d604beb811ca86a7aa6d752", "name": "openstack"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752",
"region": "RegionOne", "internalURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752", "id": "13b5e5c64cc64309bab38437a7d527a9", "publicURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {
"endpoints": [{"adminURL": "http://127.0.0.1:9696/", "region": "RegionOne", "internalURL": "http://127.0.0.1:9696/", "id": "8c86b428fbe64527ae1407eacdbfd4ef", "publicURL": "http://127.0.0.1:9696/"}], "endpoints_links": [], "type": "network", "name": "quantum"}, {"endpoints": [
{"adminURL": "http://127.0.0.1:9292/v1", "region": "RegionOne", "internalURL": "http://127.0.0.1:9292/v1", "id": "63e9b41c95214a17beff87f6ca4ff97d", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL"
: "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752", "region": "RegionOne", "internalURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752", "id": "ad45102a51884b2e906b4b3f4b1152b9", "publicURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752"}
], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8773/Admin", "region": "RegionOne", "internalURL": "http://127.0.0.1:8773/Cloud", "id": "f55b9357648b4badbd23a479cdfcf37b", "publicURL": "http://127.0.0.1:8773/Cloud"}]
, "endpoints_links": [], "type": "ec2", "name": "ec2"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8888/", "region": "RegionOne", "internalURL": "http://127.0.0.1:8888/v1/AUTH_3321c9097d604beb811ca86a7aa6d752", "id": "54dfa8c8d0a543f4ae329346117eff97", "publicURL": "http://
127.0.0.1:8888/v1/AUTH_3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "object-store", "name": "swift"}], "user": {"username": "admin", "roles_links": [], "id": "e70039578c43444f8e6de86c3ab9d3b2", "roles": [{"name": "_member_"}, {"name": "admin"}], "name":
"admin"}, "metadata": {"is_admin": 0, "roles": ["9fe2ff9ee4384b1894a90878d3e92bab", "14063421f808442b9a47aac81fe66902"]}}}
DEBUG: quantumclient.client
REQ: curl -i http://127.0.0.1:9696/v2.0/networks.json -X GET -H "User-Agent: python-quantumclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: d86823b2d6dc4bd2bb916356296a3dac"
DEBUG: quantumclient.client RESP:{'date': 'Wed, 20 Mar 2013 02:54:11 GMT', 'status': '401', 'content-length': '276', 'content-type': 'text/plain; charset=UTF-8', 'www-authenticate': "Keystone uri='https://127.0.0.1:35357'"} 401 Unauthorized
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
Authentication required
ERROR: quantumclient.shell 401 Unauthorized
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
Authentication required
Traceback (most recent call last):
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/shell.py", line 497, in run_subcommand
return run_command(cmd, cmd_parser, sub_argv)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/shell.py", line 50, in run_command
return cmd.run(known_args)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/common/command.py", line 35, in run
return super(OpenStackCommand, self).run(parsed_args)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/cliff/display.py", line 84, in run
column_names, data = self.take_action(parsed_args)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/common/command.py", line 41, in take_action
return self.get_data(parsed_args)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/quantum/v2_0/__init__.py", line 530, in get_data
data = self.retrieve_list(parsed_args)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/quantum/v2_0/__init__.py", line 499, in retrieve_list
data = self.call_server(quantum_client, search_opts, parsed_args)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/quantum/v2_0/__init__.py", line 471, in call_server
data = obj_lister(**search_opts)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 107, in with_params
ret = self.function(instance, *args, **kwargs)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 292, in list_networks
**_params)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 996, in list
for r in self._pagination(collection, path, **params):
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 1009, in _pagination
res = self.get(path, params=params)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 982, in get
headers=headers, params=params)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 967, in retry_request
headers=headers, params=params)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/v2_0/client.py", line 904, in do_request
resp, replybody = self.httpclient.do_request(action, method, body=body)
File "/home/compute/openstack/quantum/.venv/lib/python2.6/site-packages/quantumclient/client.py", line 160, in do_request
raise ex
Unauthorized: 401 Unauthorized
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
Authentication required
DEBUG: quantumclient.shell clean_up ListNetwork
DEBUG: quantumclient.shell got an error: 401 Unauthorized
This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.
Authentication required
***********************************************************************
Keystone output:
2013-03-19 21:54:10 DEBUG [eventlet.wsgi.server] (13673) accepted ('127.0.0.1', 33881)
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] ******************** REQUEST ENVIRON ********************
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] SCRIPT_NAME = /v2.0
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] webob.adhoc_attrs = {'response': <Response at 0x392cad0 200 OK>}
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] REQUEST_METHOD = POST
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] PATH_INFO = /tokens
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] SERVER_PROTOCOL = HTTP/1.0
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] REMOTE_ADDR = 127.0.0.1
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] CONTENT_LENGTH = 107
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] HTTP_USER_AGENT = python-quantumclient
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] eventlet.posthooks = []
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] RAW_PATH_INFO = /v2.0/tokens
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] REMOTE_PORT = 33881
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] eventlet.input = <eventlet.wsgi.Input object at 0x392c050>
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.url_scheme = http
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] webob._body_file = (<io.BufferedReader object at 0x392cb90>, <eventlet.wsgi.Input object at 0x392c050>)
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] SERVER_PORT = 35357
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.input = <io.BytesIO object at 0x3926e30>
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] openstack.context = {'token_id': None, 'is_admin': False}
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] HTTP_HOST = 127.0.0.1:35357
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.multithread = True
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] openstack.params = {u'auth': {u'tenantName': u'openstack', u'passwordCredentials': {u'username': u'admin', u'password': u'password'}}}
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] HTTP_ACCEPT = application/json
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.version = (1, 0)
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] SERVER_NAME = 127.0.0.1
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] GATEWAY_INTERFACE = CGI/1.1
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.run_once = False
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.errors = <open file '<stderr>', mode 'w' at 0x7f5b727a21e0>
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] wsgi.multiprocess = False
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] webob.is_body_seekable = True
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] CONTENT_TYPE = application/json
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] HTTP_ACCEPT_ENCODING = gzip, deflate
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi]
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] ******************** REQUEST BODY ********************
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] {"auth": {"tenantName": "openstack", "passwordCredentials": {"username": "admin", "password": "password"}}}
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi]
2013-03-19 21:54:10 DEBUG [keystone.common.wsgi] arg_dict: {}
2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] ******************** RESPONSE HEADERS ********************
2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] Content-Type = application/json
2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] Content-Length = 2437
2013-03-19 21:54:11 DEBUG [keystone.common.wsgi]
2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] ******************** RESPONSE BODY ********************
2013-03-19 21:54:11 DEBUG [keystone.common.wsgi] {"access": {"token": {"issued_at": "2013-03-20T02:54:11.035465", "expires": "2013-03-21T02:54:11Z", "id": "d86823b2d6dc4bd2bb916356296a3dac", "tenant": {"description": "Default Tenant", "enabled": true, "id": "3321c9097d604beb811ca86a7aa6d752", "name": "openstack"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752", "region": "RegionOne", "internalURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752", "id": "13b5e5c64cc64309bab38437a7d527a9", "publicURL": "http://127.0.0.1:8774/v2/3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9696/", "region": "RegionOne", "internalURL": "http://127.0.0.1:9696/", "id": "8c86b428fbe64527ae1407eacdbfd4ef", "publicURL": "http://127.0.0.1:9696/"}], "endpoints_links": [], "type": "network", "name": "quantum"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "RegionOne", "internalURL": "http://127.0.0.1:9292/v1", "id": "63e9b41c95214a17beff87f6ca4ff97d", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752", "region": "RegionOne", "internalURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752", "id": "ad45102a51884b2e906b4b3f4b1152b9", "publicURL": "http://127.0.0.1:8776/v1/3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8773/Admin", "region": "RegionOne", "internalURL": "http://127.0.0.1:8773/Cloud", "id": "f55b9357648b4badbd23a479cdfcf37b", "publicURL": "http://127.0.0.1:8773/Cloud"}], "endpoints_links": [], "type": "ec2", "name": "ec2"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8888/", "region": "RegionOne", "internalURL": "http://127.0.0.1:8888/v1/AUTH_3321c9097d604beb811ca86a7aa6d752", "id": "54dfa8c8d0a543f4ae329346117eff97", "publicURL": "http://127.0.0.1:8888/v1/AUTH_3321c9097d604beb811ca86a7aa6d752"}], "endpoints_links": [], "type": "object-store", "name": "swift"}], "user": {"username": "admin", "roles_links": [], "id": "e70039578c43444f8e6de86c3ab9d3b2", "roles": [{"name": "_member_"}, {"name": "admin"}], "name": "admin"}, "metadata": {"is_admin": 0, "roles": ["9fe2ff9ee4384b1894a90878d3e92bab", "14063421f808442b9a47aac81fe66902"]}}}
2013-03-19 21:54:11 INFO [access] 127.0.0.1 - - [20/Mar/2013:02:54:11 +0000] "POST http://127.0.0.1:35357/v2.0/tokens HTTP/1.0" 200 2437
2013-03-19 21:54:11 DEBUG [eventlet.wsgi.server] 127.0.0.1 - - [19/Mar/2013 21:54:11] "POST /v2.0/tokens HTTP/1.1" 200 2567 0.062076
2013-03-19 21:54:11 DEBUG [eventlet.wsgi.server] (13673) accepted ('127.0.0.1', 33883)
localhost - - [19/Mar/2013 21:54:11] code 400, message Bad request syntax ('\x80g\x01\x03\x01\x00N\x00\x00\x00\x10\x00\x009\x00\x008\x00\x005\x00\x00\x16\x00\x00\x13\x00\x00')
localhost - - [19/Mar/2013 21:54:11] "gN985" 400 -
@roaet
Copy link
Author

roaet commented Mar 20, 2013

2013-03-19 21:46:21 ERROR [keystoneclient.middleware.auth_token] HTTP connection exception: [Errno 1] _ssl.c:490: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
localhost - - [19/Mar/2013 21:54:11] code 400, message Bad request syntax ('\x80g\x01\x03\x01\x00N\x00\x00\x00\x10\x00\x009\x00\x008\x00\x005\x00\x00\x16\x00\x00\x13\x00\x00')
localhost - - [19/Mar/2013 21:54:11] "gN985" 400 -

@nagheid
Copy link

nagheid commented Jul 25, 2014

Ever find a fix for this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment