Newton, Ubuntu 16.04 Xenial Keystone authentication issue

Bug #1644641 reported by murtazasolangi on 2016-11-24
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openstack-manuals
Undecided
Unassigned
Ubuntu
Undecided
Unassigned

Bug Description

Working with Newton and Ubuntu 16.04 xenial release, this is fresh installation, follwoing official openstack.org official installation guide.
Could not create a domain, projects, users, and roles, keystone is prompted a password, I input all passwords[mysql root, kesytone] but it triggers error

root@Mil-controller:/home/super# openstack project create --domain default \
> --description "Service Project" service
Password:
Missing parameter(s):
Set a username with --os-username, OS_USERNAME, or auth.username
Set an authentication URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url

and Error: The request you have made requires authentication. (HTTP 401) (Request-ID: req-04607a60-b6ce-4835-83f5-aee44f480abd)

Also followed instructions as mentioned in https://bugs.launchpad.net/openstack-manuals/+bug/1575688
but no luck.

/var/log/apache2/keystone.log complaining

Authorization failed. The request you have made requires authentication. from ::1
keystone.auth.controllers Could not find domain: default

summary: - Newton, Ubuntu Xenial Keystone authentication issue
+ Newton, Ubuntu 16.04 Xenial Keystone authentication issue
Chason Chan (chen-xing) wrote :

Make sure you have configured the administrative account in this section:http://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html#finalize-the-installation

Changed in openstack-manuals:
status: New → Incomplete
murtazasolangi (amurtaza14) wrote :

yes, I'm sure I have created administrative account. I have reinstalled and double check all stuff from scratch, but no luck

Tim Josefski (timski) wrote :

You are sure to have set the enviroment variables as discripted in the install tutorial?

What does it say when you run "echo $OS_USERNAME" or "echo $OS_AUTH_URL"?

murtazasolangi (amurtaza14) wrote :

Yes, I have set following env as tutorial is mentioning.

export OS_USERNAME=admin
export OS_PASSWORD=**********
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://localhost:35357/v3
export OS_IDENTITY_API_VERSION=3

Commands
echo $OS_USERNAME
echo $OS_AUTH_URL

have empty output.

Tim Josefski (timski) wrote :

Keep in mind, that the enviroment variables set that way are not persistent.
When you close your session, they are gone.

so when "$OS_USERNAME" it's empty, it's not set anymore. You got to set all variable again and then retry.

murtazasolangi (amurtaza14) wrote :

Okay, after resetting evn the output is:
root@Mil-controller:/home/super# echo $OS_USERNAME
admin
root@Mil-controller:/home/super# echo $OS_AUTH_URL
http://localhost:35357/v3

Tim Josefski (timski) wrote :

when you have set all variables you can try proceeding with the openstack installation

murtazasolangi (amurtaza14) wrote :

I am not able to move on, due to this error

root@Mil-controller:/home/super# openstack project create --domain default \
> --description "Service Project" service
The request you have made requires authentication. (HTTP 401) (Request-ID: req-84afaa85-76c9-4112-abf0-065e00469327)

log complaining.
Authorization failed. The request you have made requires authentication. from 10.0.0.11

Tim Josefski (timski) wrote :

I guess localhost resolves to 127.0.0.1?

instead of using localhost, you might set a domain like 'controller' in your /etc/hosts with the ip of your controller node and replace localhost with controller in OS_AUTH_URL. As I remember, that's also what the tutorial recommends.

and to clarify, you have set:
OS_USERNAME
OS_PASSWORD
OS_PROJECT_NAME
OS_USER_DOMAIN_NAME
OS_PROJECT_DOMAIN_NAME
OS_AUTH_URL
OS_IDENTITY_API_VERSION
again?
agains

murtazasolangi (amurtaza14) wrote :

@Tim, really Thank you man for your prompt and valuable support.
yes, that was my mistake to use, localhost instead of "controller" in variables.

THANK YOU

Changed in openstack-manuals:
status: Incomplete → Confirmed
Changed in openstack-manuals:
status: Confirmed → Invalid
murtazasolangi (amurtaza14) wrote :

Sorry to interrupt you guys again on same issue, this may be my stupidity but I'm facing issue on my second controller with [Ubuntu 16.04 with Newton] since 3 days
- I have multiple time fresh installed and checked to avoid same mistake and used carefully nyc-controller name, instead of localhost/10.0.0.11.. strictly followed installation guide.

Bootstrap stuff is:
keystone-manage bootstrap --bootstrap-password Gaditek987 \
  --bootstrap-admin-url http://nyc-controller:35357/v3/ \
  --bootstrap-internal-url http://nyc-controller:35357/v3/ \
  --bootstrap-public-url http://nyc-controller:5000/v3/ \
  --bootstrap-region-id RegionOne

and Variable's output is as under

root@nyc-controller:/home/super# echo $OS_USERNAME
admin
root@nyc-controller:/home/super# echo $OS_PASSWORD
*************
root@nyc-controller:/home/super# echo $OS_PROJECT_NAME
admin
root@nyc-controller:/home/super# echo $OS_USER_DOMAIN_NAME
default
root@nyc-controller:/home/super# echo $echo $OS_PROJECT_DOMAIN_NAME
default
root@nyc-controller:/home/super# echo $OS_AUTH_URL
http://nyc-controller:35357/v3
root@nyc-controller:/home/super# echo $OS_IDENTITY_API_VERSION
3

Log complains are same as above.

your help will be highly appreciated, that what am I doing wrong?

murtazasolangi (amurtaza14) wrote :

Sorry to interrupt you guys again on same issue, this may be my stupidity but I'm facing issue on my second controller with [Ubuntu 16.04 with Newton] since 3 days
- I have multiple time fresh installed and checked to avoid same mistake and used carefully nyc-controller name, instead of localhost/10.0.0.11.. strictly followed installation guide.

Bootstrap stuff is:
keystone-manage bootstrap --bootstrap-password ******** \
  --bootstrap-admin-url http://nyc-controller:35357/v3/ \
  --bootstrap-internal-url http://nyc-controller:35357/v3/ \
  --bootstrap-public-url http://nyc-controller:5000/v3/ \
  --bootstrap-region-id RegionOne

and Variable's output is as under

root@nyc-controller:/home/super# echo $OS_USERNAME
admin
root@nyc-controller:/home/super# echo $OS_PASSWORD
*************
root@nyc-controller:/home/super# echo $OS_PROJECT_NAME
admin
root@nyc-controller:/home/super# echo $OS_USER_DOMAIN_NAME
default
root@nyc-controller:/home/super# echo $echo $OS_PROJECT_DOMAIN_NAME
default
root@nyc-controller:/home/super# echo $OS_AUTH_URL
http://nyc-controller:35357/v3
root@nyc-controller:/home/super# echo $OS_IDENTITY_API_VERSION
3

Log complains are same as above.

your help will be highly appreciated, that what am I doing wrong?

Changed in ubuntu:
status: New → Invalid
Tim Josefski (timski) wrote :

I didn't look into multi-controller setup.

Anyway I would check whether nys-controller resolves to the correct IP.

@Tim,
Yes, I have changed my dns name is now "nycontroller" and it's able to
resolve.

my setup is not multinode, this is separate geographical site for
deployment. so consider it as a separate controller, but unfortunately
experiencing same issue.

On Fri, Dec 2, 2016 at 5:40 PM, Tim Josefski <email address hidden> wrote:

> I didn't look into multi-controller setup.
>
> Anyway I would check whether nys-controller resolves to the correct IP.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1644641
>
> Title:
> Newton, Ubuntu 16.04 Xenial Keystone authentication issue
>
> Status in openstack-manuals:
> Invalid
> Status in Ubuntu:
> Invalid
>
> Bug description:
> Working with Newton and Ubuntu 16.04 xenial release, this is fresh
> installation, follwoing official openstack.org official installation
> guide.
> Could not create a domain, projects, users, and roles, keystone is
> prompted a password, I input all passwords[mysql root, kesytone] but it
> triggers error
>
> root@Mil-controller:/home/super# openstack project create --domain
> default \
> > --description "Service Project" service
> Password:
> Missing parameter(s):
> Set a username with --os-username, OS_USERNAME, or auth.username
> Set an authentication URL, with --os-auth-url, OS_AUTH_URL or
> auth.auth_url
>
> and Error: The request you have made requires authentication. (HTTP
> 401) (Request-ID: req-04607a60-b6ce-4835-83f5-aee44f480abd)
>
>
> Also followed instructions as mentioned in https://bugs.launchpad.net/
> openstack-manuals/+bug/1575688
> but no luck.
>
> /var/log/apache2/keystone.log complaining
>
> Authorization failed. The request you have made requires authentication.
> from ::1
> keystone.auth.controllers Could not find domain: default
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/openstack-manuals/+bug/1644641/+subscriptions
>

--
*Ali Murtaza Solangi*

murtazasolangi (amurtaza14) wrote :

It's totally strange & frustrating for me , I have 2 DCs with same Distro Ubuntu 16.04.1 having Newton, DC1 is working fine, while DC2 with having keystone authentication problem. I have checked line by line and package by packages multiple times, error is same "The request you have made requires authentication. (HTTP 401) (Request-ID: req-1ca7309d-f1c2-4f26-9a0f-56449928020d)"

DNS lookup works fine.
Variable having set with host name "nycontroller"

Can any 1 help me?

Tim Josefski (timski) wrote :

above you named it nyc-controller . maybe a simple naming inconstancy?

murtazasolangi (amurtaza14) wrote :

I have changed the hostname from nyc-controller to nycontroller, there is
also perception with Newton and Ubuntu packages have an issue with
hostnames with "-", but no luck
On Dec 3, 2016 5:40 PM, "Tim Josefski" <email address hidden> wrote:

> above you named it nyc-controller . maybe a simple naming inconstancy?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1644641
>
> Title:
> Newton, Ubuntu 16.04 Xenial Keystone authentication issue
>
> Status in openstack-manuals:
> Invalid
> Status in Ubuntu:
> Invalid
>
> Bug description:
> Working with Newton and Ubuntu 16.04 xenial release, this is fresh
> installation, follwoing official openstack.org official installation
> guide.
> Could not create a domain, projects, users, and roles, keystone is
> prompted a password, I input all passwords[mysql root, kesytone] but it
> triggers error
>
> root@Mil-controller:/home/super# openstack project create --domain
> default \
> > --description "Service Project" service
> Password:
> Missing parameter(s):
> Set a username with --os-username, OS_USERNAME, or auth.username
> Set an authentication URL, with --os-auth-url, OS_AUTH_URL or
> auth.auth_url
>
> and Error: The request you have made requires authentication. (HTTP
> 401) (Request-ID: req-04607a60-b6ce-4835-83f5-aee44f480abd)
>
>
> Also followed instructions as mentioned in https://bugs.launchpad.net/
> openstack-manuals/+bug/1575688
> but no luck.
>
> /var/log/apache2/keystone.log complaining
>
> Authorization failed. The request you have made requires authentication.
> from ::1
> keystone.auth.controllers Could not find domain: default
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/openstack-manuals/+bug/1644641/+subscriptions
>

Tim Josefski (timski) wrote :

If you changed it recently and did no complete reinstall since, you might have nyc-controller left somewhere in configs or databases .?.

nerdulent (nerdulent) wrote :

Hi All...Inspite of having the following configurations

root@controller:~# export OS_AUTH_URL=http://controller:35357/v3
root@controller:~# openstack project create --domain default --description "Service Project" service
The request you have made requires authentication. (HTTP 401) (Request-ID: req-78a53a89-c442-489d-9a8f-175908c7520f)

I am still facing the authentication error.
Please Help :(

subratsahoo (subrat58) wrote :

Hi All,
I also have the same issue tried multiple times both on virtual box and KVM environments.
While configuring the final identity services on controller node running
"openstack project create --domain default --description "Service Project" service"
command with all default credential as per the "https://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html"
found authentication error "The request you have made requires authentication. (HTTP 401) (Request-ID: req-bf07f23b-7238-4b1a-9d51-e823b33ad9dd)"
The last log from keystone-wsgi-public.log shown as below:
'2017-04-27 00:24:49.539 1530 WARNING keystone.common.wsgi [req-bf07f23b-7238-4b1a-9d51-e823b33ad9dd - - - - -] Authorization failed. The request you have made requires authentication. from 10.0.0.11

I tried similar instruction on Centos7(newton) guide and have same failure at same points. Seems something wrong in common both for ubuntu and Centos7.

I have successfully able to install liberty and mitaka both on Centos7 before on multiple node environments.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers