Fuel for OpenStack

Fuel 11 MOS - horizon not able to browse projects or admin

Bug #1675284 reported by Luca Cervigni
32
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Confirmed
High
Michael Polenchuk
Fuel for OpenStack 11.x-updates

Bug Description

Environment deployed with fuel 11 + MOS OCATA.

After logging in with the admin user in Horizon, when I try to browse projects or admin I get kicked out of horizon with "Unauthorized. Please try logging in again."

In the horizon logs:

2017-03-23 07:05:54,864 8900 INFO openstack_auth.views Logging out user "admin".
2017-03-23 07:06:00,636 8900 WARNING openstack_auth.forms Login failed for user "admin", remote address 10.4.78.210.
2017-03-23 07:06:05,967 8901 WARNING openstack_auth.backend The Keystone URL in service catalog points to a v2.0 Keystone endpoint, but v3 is specified as the API version to use by Horizon. Using v3 endpoint for authentication.
2017-03-23 07:06:05,969 8901 INFO openstack_auth.forms Login successful for user "admin", remote address 10.4.78.210.
2017-03-23 07:06:06,133 8900 WARNING openstack_auth.utils The Keystone URL (either in Horizon settings or in service catalog) points to a v2.0 Keystone endpoint, but v3 is specified as the API version to use by Horizon. Using v3 endpoint for authentication.
2017-03-23 07:06:06,203 8900 WARNING openstack_auth.utils The Keystone URL (either in Horizon settings or in service catalog) points to a v2.0 Keystone endpoint, but v3 is specified as the API version to use by Horizon. Using v3 endpoint for authentication.
2017-03-23 07:06:06,222 8900 WARNING openstack_auth.utils The Keystone URL (either in Horizon settings or in service catalog) points to a v2.0 Keystone endpoint, but v3 is specified as the API version to use by Horizon. Using v3 endpoint for authentication.
2017-03-23 07:06:06,341 8900 WARNING openstack_auth.utils The Keystone URL (either in Horizon settings or in service catalog) points to a v2.0 Keystone endpoint, but v3 is specified as the API version to use by Horizon. Using v3 endpoint for authentication.
2017-03-23 07:06:06,558 8900 WARNING novaclient.v2.client Property `management_url` is deprecated for SessionClient. It should be set via `endpoint_override` variable while class initialization.
2017-03-23 07:06:06,720 8900 ERROR openstack_dashboard.dashboards.admin.aggregates.panel Call to list supported extensions failed. This is likely due to a problem communicating with the Nova endpoint. Host Aggregates panel will not be displayed.
2017-03-23 07:06:10,382 8900 WARNING openstack_auth.utils The Keystone URL (either in Horizon settings or in service catalog) points to a v2.0 Keystone endpoint, but v3 is specified as the API version to use by Horizon. Using v3 endpoint for authentication.
2017-03-23 07:06:10,395 8900 WARNING openstack_auth.utils The Keystone URL (either in Horizon settings or in service catalog) points to a v2.0 Keystone endpoint, but v3 is specified as the API version to use by Horizon. Using v3 endpoint for authentication.
2017-03-23 07:06:10,578 8900 ERROR horizon.exceptions Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-37e817d1-f509-4a8d-965a-d1b24ca2455a)
Traceback (most recent call last):
  File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/admin/instances/views.py", line 116, in get_data
    all_tenants=True)
  File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/api/nova.py", line 702, in server_list
    for s in c.servers.list(True, search_opts)]
  File "/usr/lib/python2.7/dist-packages/novaclient/v2/servers.py", line 861, in list
    "servers")
  File "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 254, in _list
    resp, body = self.api.client.get(url)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 217, in get
    return self.request(url, 'GET', **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 74, in request
    **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 374, in request
    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 142, in request
    return self.session.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner
    return wrapped(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/session.py", line 491, in request
    auth_headers = self.get_auth_headers(auth)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/session.py", line 818, in get_auth_headers
    return auth.get_headers(self, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/plugin.py", line 90, in get_headers
    token = self.get_token(session)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/identity/base.py", line 90, in get_token
    return self.get_access(session).auth_token
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/identity/base.py", line 136, in get_access
    self.auth_ref = self.get_auth_ref(session)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/identity/generic/base.py", line 198, in get_auth_ref
    return self._plugin.get_auth_ref(session, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/identity/v2.py", line 65, in get_auth_ref
    authenticated=False, log=False)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/session.py", line 766, in post
    return self.request(url, 'POST', **kwargs)
  File "/usr/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner
    return wrapped(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystoneauth1/session.py", line 655, in request
    raise exceptions.from_response(resp, method, url)
Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-37e817d1-f509-4a8d-965a-d1b24ca2455a)

In the KEYSTONE LOGS:

2017-03-23 07:06:05.712 8898 WARNING oslo_config.cfg [req-64d141d9-810d-4f0f-a481-6e67650aedf0 - - - - -] Option "rpc_backend" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
2017-03-23 07:06:05.715 8898 WARNING oslo_config.cfg [req-64d141d9-810d-4f0f-a481-6e67650aedf0 - - - - -] Option "public_port" from group "DEFAULT" is deprecated. Use option "public_port" from group "eventlet_server".
2017-03-23 07:06:05.716 8898 WARNING oslo_config.cfg [req-64d141d9-810d-4f0f-a481-6e67650aedf0 - - - - -] Option "public_port" from group "eventlet_server" is deprecated for removal. Its value may be silently ignored in the future.
2017-03-23 07:06:05.717 8898 WARNING oslo_config.cfg [req-64d141d9-810d-4f0f-a481-6e67650aedf0 - - - - -] Option "admin_port" from group "DEFAULT" is deprecated. Use option "admin_port" from group "eventlet_server".
2017-03-23 07:06:05.718 8898 WARNING oslo_config.cfg [req-64d141d9-810d-4f0f-a481-6e67650aedf0 - - - - -] Option "admin_port" from group "eventlet_server" is deprecated for removal. Its value may be silently ignored in the future.
2017-03-23 07:06:05.719 8898 WARNING oslo_config.cfg [req-64d141d9-810d-4f0f-a481-6e67650aedf0 - - - - -] Option "public_bind_host" from group "DEFAULT" is deprecated. Use option "public_bind_host" from group "eventlet_server".
2017-03-23 07:06:05.721 8898 WARNING oslo_config.cfg [req-64d141d9-810d-4f0f-a481-6e67650aedf0 - - - - -] Option "public_bind_host" from group "eventlet_server" is deprecated for removal. Its value may be silently ignored in the future.
2017-03-23 07:06:05.722 8898 WARNING oslo_config.cfg [req-64d141d9-810d-4f0f-a481-6e67650aedf0 - - - - -] Option "admin_bind_host" from group "DEFAULT" is deprecated. Use option "admin_bind_host" from group "eventlet_server".
2017-03-23 07:06:05.723 8898 WARNING oslo_config.cfg [req-64d141d9-810d-4f0f-a481-6e67650aedf0 - - - - -] Option "admin_bind_host" from group "eventlet_server" is deprecated for removal. Its value may be silently ignored in the future.
2017-03-23 07:06:05.801 8899 INFO keystone.common.wsgi [req-743a4b63-be17-416f-aaf4-b8dcd3368626 - - - - -] GET http://10.4.78.210:5000/v3/
2017-03-23 07:06:05.821 8898 INFO keystone.common.wsgi [req-13ba82f4-7261-4e72-bbf5-0ee1142bb31f - - - - -] GET http://10.4.78.210:5000/v3/users/3c3a86198d0049f395aedb0b96a1f241/projects
2017-03-23 07:06:05.909 8899 INFO keystone.common.wsgi [req-64199580-49fe-4005-9b50-e306b2f743db - - - - -] GET http://node-22.cloud.pawsey.org.au/v3/
2017-03-23 07:06:05.933 8898 INFO keystone.common.wsgi [req-0ea9bf28-2311-4d97-987b-d3e49476bbcc - - - - -] POST http://10.4.78.210:5000/v3/auth/tokens
2017-03-23 07:06:06.400 8899 WARNING py.warnings [req-64199580-49fe-4005-9b50-e306b2f743db - - - - -] /usr/lib/python2.7/dist-packages/keystonemiddleware/auth_token/__init__.py:440: UserWarning: Implementations of auth_token must set kwargs_to_fetch_token this will be the required and assumed in Pike.
  warnings.warn(m)

2017-03-23 07:06:06.420 8899 INFO keystone.common.wsgi [req-901d34e1-4192-4eaa-a014-1972d73a42ee - - - - -] GET http://public-virtual.cloud.pawsey.org.au:5000/v3/users/3c3a86198d0049f395aedb0b96a1f241/projects
2017-03-23 07:06:06.502 8898 INFO keystone.common.wsgi [req-9b7f5761-d5fc-42aa-845e-31c4a3c7586e - - - - -] GET http://node-22.cloud.pawsey.org.au/v3/
2017-03-23 07:06:06.572 8899 INFO keystone.common.wsgi [req-d4b3af92-74dd-47e4-a2e5-95fe8cac4930 - - - - -] GET http://public-virtual.cloud.pawsey.org.au:5000/v2.0/
2017-03-23 07:06:06.594 8898 INFO keystone.common.wsgi [req-d5efeff5-9eb9-46f3-9cdc-f5a056240588 - - - - -] POST http://public-virtual.cloud.pawsey.org.au:5000/v2.0/tokens
2017-03-23 07:06:06.596 8898 WARNING oslo_log.versionutils [req-d5efeff5-9eb9-46f3-9cdc-f5a056240588 - - - - -] Deprecated: authenticate of the v2 Authentication APIs is deprecated as of Mitaka in favor of a similar function in the v3 Authentication APIs.
2017-03-23 07:06:06.715 8898 WARNING keystone.common.wsgi [req-d5efeff5-9eb9-46f3-9cdc-f5a056240588 - - - - -] Authorization failed. The request you have made requires authentication. from 10.4.78.210
2017-03-23 07:06:10.482 8899 INFO keystone.common.wsgi [req-37e817d1-f509-4a8d-965a-d1b24ca2455a - - - - -] POST http://public-virtual.cloud.pawsey.org.au:5000/v2.0/tokens
2017-03-23 07:06:10.484 8899 WARNING oslo_log.versionutils [req-37e817d1-f509-4a8d-965a-d1b24ca2455a - - - - -] Deprecated: authenticate of the v2 Authentication APIs is deprecated as of Mitaka in favor of a similar function in the v3 Authentication APIs.
2017-03-23 07:06:10.573 8899 WARNING keystone.common.wsgi [req-37e817d1-f509-4a8d-965a-d1b24ca2455a - - - - -] Authorization failed. The request you have made requires authentication. from 10.4.78.210

ENDPOINTS:

root@node-22:~# openstack endpoint list
+----------------------------------+-----------+----------------+-----------------+---------+-----------+--------------------------------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+----------------+-----------------+---------+-----------+--------------------------------------------------------------------+
| 02c974f9aac848e18129f333d88cf153 | RegionOne | neutron | network | True | admin | http://10.4.78.210:9696 |
| 09831bb7502847e989844ba7a573369b | RegionOne | glance | image | True | admin | http://10.4.78.210:9292 |
| 10503efd21db4ff29c832758ff52e5f4 | RegionOne | heat-cfn | cloudformation | True | internal | http://10.4.78.210:8000/v1 |
| 13a9fa60273d439a8061277ebf4b85f2 | RegionOne | keystone | identity | True | internal | http://10.4.78.210:5000/v2.0 |
| 15edece88c0247beb0861283525e6d64 | RegionOne | compute_legacy | compute_legacy | True | public | https://public-virtual.cloud.pawsey.org.au:8774/v2/%(tenant_id)s |
| 1833e72a02de4a49a77b6f4149f20b77 | RegionOne | placement | placement | True | public | https://public-virtual.cloud.pawsey.org.au:8778/placement |
| 26476d4d104b46b690ea875022e7fcc0 | RegionOne | cinderv2 | volumev2 | True | admin | http://10.4.78.210:8776/v2/%(tenant_id)s |
| 28c7438001d842e88b14c8e3508f640c | RegionOne | cinderv2 | volumev2 | True | internal | http://10.4.78.210:8776/v2/%(tenant_id)s |
| 3275e64da37a4bed8cd50ee26f06694d | RegionOne | cinder | volume | True | admin | http://10.4.78.210:8776/v1/%(tenant_id)s |
| 35641362592445c7aad1e061566606a2 | RegionOne | cinder | volume | True | public | https://public-virtual.cloud.pawsey.org.au:8776/v1/%(tenant_id)s |
| 3654c0c45ccc432caa0841519f9c07d8 | RegionOne | sahara | data-processing | True | internal | http://10.4.78.210:8386/v1.1/%(tenant_id)s |
| 396bb2b8ad324de9a1dfaaa82f138588 | RegionOne | heat | orchestration | True | internal | http://10.4.78.210:8004/v1/%(tenant_id)s |
| 3a5756cc47bb4e96ba278cf8f146491c | RegionOne | neutron | network | True | internal | http://10.4.78.210:9696 |
| 42859ed581454f7a919b8cf245db2d3f | RegionOne | glance | image | True | public | https://public-virtual.cloud.pawsey.org.au:9292 |
| 5426162a113841e89f7f00773e16bde6 | RegionOne | sahara | data-processing | True | public | https://public-virtual.cloud.pawsey.org.au:8386/v1.1/%(tenant_id)s |
| 55866e7c039449408ea6ffff154834d9 | RegionOne | cinderv3 | volumev3 | True | admin | http://10.4.78.210:8776/v3/%(tenant_id)s |
| 58c13e36c7064cc2a7d91b7395c16f00 | RegionOne | glare | artifact | True | admin | http://10.4.78.210:9494 |
| 6076a8d768d74423b6fb3502721cfc1b | RegionOne | glance | image | True | internal | http://10.4.78.210:9292 |
| 6245fa88d5fb43a3a91568849fa67839 | RegionOne | nova | compute | True | public | https://public-virtual.cloud.pawsey.org.au:8774/v2.1 |
| 6b0be2a236464072b9cf9a2606666f78 | RegionOne | heat-cfn | cloudformation | True | admin | http://10.4.78.210:8000/v1 |
| 6bd70362a96b411da1cd225f87c780b6 | RegionOne | heat | orchestration | True | public | https://public-virtual.cloud.pawsey.org.au:8004/v1/%(tenant_id)s |
| 6d155b765e7a4392acdd10bf6c995b68 | RegionOne | compute_legacy | compute_legacy | True | admin | http://10.4.78.210:8774/v2/%(tenant_id)s |
| 7647b049eb9e4167acba8daf06d11a6a | RegionOne | neutron | network | True | public | https://public-virtual.cloud.pawsey.org.au:9696 |
| 77ec97986d3146ea89be2404b5b93672 | RegionOne | cinderv3 | volumev3 | True | internal | http://10.4.78.210:8776/v3/%(tenant_id)s |
| 83540966359849ec86cdc016a8005331 | RegionOne | swift | object-store | True | public | https://public-virtual.cloud.pawsey.org.au:8080/swift/v1 |
| 87e20ea143ee4bf5976768200b57de8f | RegionOne | swift | object-store | True | internal | http://10.4.78.210:8080/swift/v1 |
| 8913715dae5c4fa38e92860d61904c83 | RegionOne | glare | artifact | True | public | https://public-virtual.cloud.pawsey.org.au:9494 |
| 8cfb0a6db15449c88a08a52ffadd936c | RegionOne | heat-cfn | cloudformation | True | public | https://public-virtual.cloud.pawsey.org.au:8000/v1 |
| 9089a712fff3436db01a8d4745368332 | RegionOne | swift_s3 | s3 | True | admin | http://10.4.78.210:8080 |
| 93e2b018cfe349dc8bfc39061a21f950 | RegionOne | placement | placement | True | internal | http://10.4.78.210:8778/placement |
| 985abfabc4a74ad5bc4c63c72413c26a | RegionOne | sahara | data-processing | True | admin | http://10.4.78.210:8386/v1.1/%(tenant_id)s |
| 9f5502a5b7d54b96979200cd5f011b00 | RegionOne | swift_s3 | s3 | True | public | https://public-virtual.cloud.pawsey.org.au:8080 |
| a3b504690f814f21b3a16f430c2adb72 | RegionOne | swift | object-store | True | admin | http://10.4.78.210:8080/swift/v1 |
| ac47ffa993c14a4cbe42506f216a2b5a | RegionOne | cinder | volume | True | internal | http://10.4.78.210:8776/v1/%(tenant_id)s |
| b6b1e87dacc840c8bca524619855912c | RegionOne | swift_s3 | s3 | True | internal | http://10.4.78.210:8080 |
| bb418ccd28004beea39cdb6df8e025d7 | RegionOne | glare | artifact | True | internal | http://10.4.78.210:9494 |
| bbbb7b9e4b3b4c7caa84e4d2969593db | RegionOne | heat | orchestration | True | admin | http://10.4.78.210:8004/v1/%(tenant_id)s |
| bf8c8f54c9514ca997f4a7cf69665553 | RegionOne | keystone | identity | True | admin | http://10.4.78.210:35357/v2.0 |
| c0631b09fa384a83b548b98db68e21e9 | RegionOne | placement | placement | True | admin | http://10.4.78.210:8778/placement |
| ca79db5eb855421ab333576983e5e1c7 | RegionOne | nova | compute | True | admin | http://10.4.78.210:8774/v2.1 |
| d44b187bab2f4a5fb0fa906995c57d60 | RegionOne | keystone | identity | True | public | https://public-virtual.cloud.pawsey.org.au:5000/v2.0 |
| db09934d7e1b4cb093e9ac3617d39586 | RegionOne | cinderv2 | volumev2 | True | public | https://public-virtual.cloud.pawsey.org.au:8776/v2/%(tenant_id)s |
| df3cbb48d6384356956e759272e7b597 | RegionOne | compute_legacy | compute_legacy | True | internal | http://10.4.78.210:8774/v2/%(tenant_id)s |
| e7247d589d2b4da781993e4fc9f49eac | RegionOne | cinderv3 | volumev3 | True | public | https://public-virtual.cloud.pawsey.org.au:8776/v3/%(tenant_id)s |
| ef2dc3454e8640cfb74c57d451c99001 | RegionOne | nova | compute | True | internal | http://10.4.78.210:8774/v2.1 |
+----------------------------------+-----------+----------------+-----------------+---------+-----------+--------------------------------------------------------------------+

Is there a workaround for this? I do not understand where the problem is coming from.
Everything CLI related seems to be working ok.

are more logs required?

Tags: area-library
Oleksiy Molchanov (omolchanov)
Changed in fuel:
milestone: none → 11.x-updates
assignee: nobody → Fuel Sustaining (fuel-sustaining-team)
importance: Undecided → High
status: New → Confirmed
tags: added: area-library
Revision history for this message
Luca Cervigni (cervigni) wrote :

Oleksiy,

Do you know of any workaround to solve momentarily this issue?

Many thanks

Michael Polenchuk (mpolenchuk)
Changed in fuel:
assignee: Fuel Sustaining (fuel-sustaining-team) → Michael Polenchuk (mpolenchuk)
Revision history for this message
Derek Leuridan (leuridan) wrote :

Facing same issue. Updating keystone endpoints to be versionless as per https://bugs.launchpad.net/fuel/+bug/1677677 does not work as a stand-alone fix.

Revision history for this message
Vojislav Kosanovic (jontra) wrote :

Same issue. Tested with latest Fuel 11,12.
Following fix https://bugs.launchpad.net/fuel/+bug/1677677 enables Neutron, Glance, Cinder, Heat to work. But Nova still fails. Maybe keystone v3 endpoints required?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.