Unauthorized request: Identity server rejects authorization necessary to fetch token data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
masakari |
Invalid
|
Undecided
|
Dinesh Bhor |
Bug Description
Token authorization is failing for masakari. Masakari sends request for token
authorization to keystone but keystone rejects the request and sends 503 to
masakari with below error:
CRITICAL keystonemiddlew
Identity server rejected authorization necessary to fetch token data: ServiceError:
Identity server rejected authorization necessary to fetch token data
Steps to reproduce:
===================
1. Install devstack stable/queens with all services of stable/queens including
masakari
1.1. Add below parameter in your local.conf with value as False:
The use of this parameter is explained in below doc:
https:/
2. After the successful devstack installation, try to execute masakari commands
using masakariclient.
You will get below error:
HttpException: Unknown error
Debug logs of command shows below error:
REQ: curl -g -i -X GET http://
Starting new HTTP connection (1): 192.168.108.132
http://
RESP: [503] Content-Length: 218 Content-Type: application/json X-Openstack-
RESP BODY: {"message": "The server is currently unavailable. Please try again at a later time.<br /><br />\nThe Keystone service is temporarily unavailable.\n\n", "code": "503 Service Unavailable", "title": "Service Unavailable"}
GET call to ha for http://
Manager ha ran task ha.GET.segments in 0.166582107544s
HttpException: Unknown error
Traceback (most recent call last):
File "/usr/local/
result = cmd.run(
File "/usr/local/
return super(Command, self).run(
File "/usr/local/
self.
File "/usr/local/
parsed_args,
File "/usr/local/
self.
File "/usr/local/
first_row = next(data_iter)
File "/usr/local/
(utils.
File "/usr/local/
exceptions.
File "/usr/local/
http_
HttpException: HttpException: Unknown error
Service logs:
masakari-api:
May 22 00:36:59 ubuntu masakari-api[817]: 2018-05-22 00:36:59.422 DEBUG masakari.
May 22 00:36:59 ubuntu masakari-api[817]: 2018-05-22 00:36:59.679 WARNING keystonemiddlew
May 22 00:36:59 ubuntu masakari-api[817]: 2018-05-22 00:36:59.766 WARNING keystonemiddlew
May 22 00:36:59 ubuntu masakari-api[817]: 2018-05-22 00:36:59.767 CRITICAL keystonemiddlew
May 22 00:36:59 ubuntu masakari-api[817]: 2018-05-22 00:36:59.768 INFO masakari.
Keystone service:
May 22 00:29:53 ubuntu <email address hidden>[67860]: DEBUG keystone.auth.core [None req-c124ac51-
May 22 00:29:53 ubuntu <email address hidden>[67860]: DEBUG keystone.
May 22 00:29:53 ubuntu <email address hidden>[67860]: [pid: 67863|app: 0|req: 981/1948] 192.168.108.132 () {62 vars in 1118 bytes} [Tue May 22 00:29:53 2018] POST /identity/
May 22 00:29:53 ubuntu <email address hidden>[67860]: INFO keystone.
May 22 00:29:53 ubuntu <email address hidden>[67860]: WARNING keystone.
May 22 00:29:53 ubuntu <email address hidden>[67860]: [pid: 67864|app: 0|req: 968/1949] 192.168.108.132 () {62 vars in 1164 bytes} [Tue May 22 00:29:53 2018] POST /identity/
May 22 00:29:53 ubuntu <email address hidden>[67860]: INFO keystone.
NOTE:
Other commands like 'nova list', 'cinder list' are working fine.
Observation:
============
If you set "ENABLE_
its default value is True masakari commands executes successfully without error.
Environment details:
devstack:
stable/queens
commit fec37dada38c4ac
Author: Daniel Mellado <email address hidden>
Date: Thu Apr 12 11:41:59 2018 -0400
Apply contraints to tempest plugins
This commit applies the constraints for the tempest plugin installation
so they won't go over the upper reqs.
Closes-Bug: 1763436
Change-Id: I5cf91157bbdae7
(cherry picked from commit dc5d88bc0b2233e
masakari:
stable/queens
commit 7ba3de5544759a6
Author: OpenStack Release Bot <email address hidden>
Date: Sat Mar 3 13:52:02 2018 +0000
Update UPPER_CONSTRAIN
The new stable upper-constraints file is only available
after the openstack/
This will happen around the RC1 timeframe.
Recheck and merge this change once the requirements
repository has been branched.
The CI system will work with this patch before the requirements
repository is branched because zuul configues the job to run
with a local copy of the file and defaults to the master branch.
However, accepting the patch will break the test configuration
on developers' local systems, so please wait until after the
requirements repository is branched to merge the patch.
Change-Id: I133002dd6c6dcc
Changed in masakari: | |
assignee: | nobody → Dinesh Bhor (dinesh-bhor) |
very old and unknown how to reproduce