Cinder

Wrong authentication port 35357 instead of 5000

Bug #1763020 reported by Sasa Baksa
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Cinder
Confirmed
Undecided
junboli

Bug Description

In Installation manual for Openstack Queens on Ubuntu platform, Keytone is configured initially like this and authentication port is set to 5000. After finishing with Keystone installation on controller node and trying to install Glance error occurred during authentication process. I have used netstat to find is there port 35357 which is used as an authentication endpoint but there is no such port, only standard port at 5000 exists. Another user ( https://bugs.launchpad.net/cinder/+bug/1754844 ) refers to Cinder only but bug is present in all modules. It appears that port is wrongly set from Glance onward and in all config files where authentication is set.

netstat -ant | grep 35357
root@controller:~# netstat -ant | grep 5000
tcp 1 0 172.17.82.1:38322 172.17.82.1:5000 CLOSE_WAIT
tcp6 0 0 :::5000 :::* LISTEN
tcp6 0 0 172.17.82.1:5000 172.17.82.1:38322 FIN_WAIT2

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

Finalize the installation
1. Restart the Apache service:
2. # service apache2 restart
2. Configure the administrative account
3. $ export OS_USERNAME=admin
4. $ export OS_PASSWORD=ADMIN_PASS
5. $ export OS_PROJECT_NAME=admin
6. $ export OS_USER_DOMAIN_NAME=Default
7. $ export OS_PROJECT_DOMAIN_NAME=Default
8. $ export OS_AUTH_URL=http://controller:5000/v3
9. $ export OS_IDENTITY_API_VERSION=3
Replace ADMIN_PASS with the password used in the keystone-manage bootstrap command in keystone-install-configure-ubuntu.

In Glance service port is set to correct value again:

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

But in Glance service port is changed to 35357:

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS

[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS

etc.

The same apply to Neutron service:

[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

And for Cinder to:

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = CINDER_PASS

Sean McGinnis (sean-mcginnis)
Changed in cinder:
status: New → Confirmed
Revision history for this message
Realtime (peter-icb) wrote :

The same bug has been fixed in Nove recently (https://bugs.launchpad.net/nova/+bug/1765144). But it is still there in Cinder.

junboli (junboli)
Changed in cinder:
assignee: nobody → junboli (junboli)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.