openstack-manuals

Newton, Ubuntu 16.04 Xenial Keystone authentication issue

Bug #1644641 reported by murtazasolangi
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openstack-manuals
Invalid
Undecided
Unassigned
Ubuntu
Invalid
Undecided
Unassigned

Bug Description

Working with Newton and Ubuntu 16.04 xenial release, this is fresh installation, follwoing official openstack.org official installation guide.
Could not create a domain, projects, users, and roles, keystone is prompted a password, I input all passwords[mysql root, kesytone] but it triggers error

root@Mil-controller:/home/super# openstack project create --domain default \
> --description "Service Project" service
Password:
Missing parameter(s):
Set a username with --os-username, OS_USERNAME, or auth.username
Set an authentication URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url

and Error: The request you have made requires authentication. (HTTP 401) (Request-ID: req-04607a60-b6ce-4835-83f5-aee44f480abd)

Also followed instructions as mentioned in https://bugs.launchpad.net/openstack-manuals/+bug/1575688
but no luck.

/var/log/apache2/keystone.log complaining

Authorization failed. The request you have made requires authentication. from ::1
keystone.auth.controllers Could not find domain: default

murtazasolangi (amurtaza14)
summary: - Newton, Ubuntu Xenial Keystone authentication issue
+ Newton, Ubuntu 16.04 Xenial Keystone authentication issue
Revision history for this message
Chason Chan (chen-xing) wrote :

Make sure you have configured the administrative account in this section:http://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html#finalize-the-installation

Changed in openstack-manuals:
status: New → Incomplete
Revision history for this message
murtazasolangi (amurtaza14) wrote :

yes, I'm sure I have created administrative account. I have reinstalled and double check all stuff from scratch, but no luck

Revision history for this message
foo (timski-deactivatedaccount) wrote :

You are sure to have set the enviroment variables as discripted in the install tutorial?

What does it say when you run "echo $OS_USERNAME" or "echo $OS_AUTH_URL"?

Revision history for this message
murtazasolangi (amurtaza14) wrote :

Yes, I have set following env as tutorial is mentioning.

export OS_USERNAME=admin
export OS_PASSWORD=**********
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://localhost:35357/v3
export OS_IDENTITY_API_VERSION=3

Commands
echo $OS_USERNAME
echo $OS_AUTH_URL

have empty output.

Revision history for this message
foo (timski-deactivatedaccount) wrote :

Keep in mind, that the enviroment variables set that way are not persistent.
When you close your session, they are gone.

so when "$OS_USERNAME" it's empty, it's not set anymore. You got to set all variable again and then retry.

Revision history for this message
murtazasolangi (amurtaza14) wrote :

Okay, after resetting evn the output is:
root@Mil-controller:/home/super# echo $OS_USERNAME
admin
root@Mil-controller:/home/super# echo $OS_AUTH_URL
http://localhost:35357/v3

Revision history for this message
foo (timski-deactivatedaccount) wrote :

when you have set all variables you can try proceeding with the openstack installation

Revision history for this message
murtazasolangi (amurtaza14) wrote :

I am not able to move on, due to this error

root@Mil-controller:/home/super# openstack project create --domain default \
> --description "Service Project" service
 The request you have made requires authentication. (HTTP 401) (Request-ID: req-84afaa85-76c9-4112-abf0-065e00469327)

log complaining.
Authorization failed. The request you have made requires authentication. from 10.0.0.11

Revision history for this message
foo (timski-deactivatedaccount) wrote :

I guess localhost resolves to 127.0.0.1?

instead of using localhost, you might set a domain like 'controller' in your /etc/hosts with the ip of your controller node and replace localhost with controller in OS_AUTH_URL. As I remember, that's also what the tutorial recommends.

and to clarify, you have set:
OS_USERNAME
OS_PASSWORD
OS_PROJECT_NAME
OS_USER_DOMAIN_NAME
OS_PROJECT_DOMAIN_NAME
OS_AUTH_URL
OS_IDENTITY_API_VERSION
again?
agains

Revision history for this message
murtazasolangi (amurtaza14) wrote :

@Tim, really Thank you man for your prompt and valuable support.
yes, that was my mistake to use, localhost instead of "controller" in variables.

THANK YOU

Changed in openstack-manuals:
status: Incomplete → Confirmed
KATO Tomoyuki (kato-tomoyuki)
Changed in openstack-manuals:
status: Confirmed → Invalid
Revision history for this message
murtazasolangi (amurtaza14) wrote :

Sorry to interrupt you guys again on same issue, this may be my stupidity but I'm facing issue on my second controller with [Ubuntu 16.04 with Newton] since 3 days
- I have multiple time fresh installed and checked to avoid same mistake and used carefully nyc-controller name, instead of localhost/10.0.0.11.. strictly followed installation guide.

Bootstrap stuff is:
keystone-manage bootstrap --bootstrap-password Gaditek987 \
  --bootstrap-admin-url http://nyc-controller:35357/v3/ \
  --bootstrap-internal-url http://nyc-controller:35357/v3/ \
  --bootstrap-public-url http://nyc-controller:5000/v3/ \
  --bootstrap-region-id RegionOne

and Variable's output is as under

root@nyc-controller:/home/super# echo $OS_USERNAME
admin
root@nyc-controller:/home/super# echo $OS_PASSWORD
*************
root@nyc-controller:/home/super# echo $OS_PROJECT_NAME
admin
root@nyc-controller:/home/super# echo $OS_USER_DOMAIN_NAME
default
root@nyc-controller:/home/super# echo $echo $OS_PROJECT_DOMAIN_NAME
default
root@nyc-controller:/home/super# echo $OS_AUTH_URL
http://nyc-controller:35357/v3
root@nyc-controller:/home/super# echo $OS_IDENTITY_API_VERSION
3

Log complains are same as above.

your help will be highly appreciated, that what am I doing wrong?

Revision history for this message
murtazasolangi (amurtaza14) wrote :

Sorry to interrupt you guys again on same issue, this may be my stupidity but I'm facing issue on my second controller with [Ubuntu 16.04 with Newton] since 3 days
- I have multiple time fresh installed and checked to avoid same mistake and used carefully nyc-controller name, instead of localhost/10.0.0.11.. strictly followed installation guide.

Bootstrap stuff is:
keystone-manage bootstrap --bootstrap-password ******** \
  --bootstrap-admin-url http://nyc-controller:35357/v3/ \
  --bootstrap-internal-url http://nyc-controller:35357/v3/ \
  --bootstrap-public-url http://nyc-controller:5000/v3/ \
  --bootstrap-region-id RegionOne

and Variable's output is as under

root@nyc-controller:/home/super# echo $OS_USERNAME
admin
root@nyc-controller:/home/super# echo $OS_PASSWORD
*************
root@nyc-controller:/home/super# echo $OS_PROJECT_NAME
admin
root@nyc-controller:/home/super# echo $OS_USER_DOMAIN_NAME
default
root@nyc-controller:/home/super# echo $echo $OS_PROJECT_DOMAIN_NAME
default
root@nyc-controller:/home/super# echo $OS_AUTH_URL
http://nyc-controller:35357/v3
root@nyc-controller:/home/super# echo $OS_IDENTITY_API_VERSION
3

Log complains are same as above.

your help will be highly appreciated, that what am I doing wrong?

Changed in ubuntu:
status: New → Invalid
Revision history for this message
foo (timski-deactivatedaccount) wrote :

I didn't look into multi-controller setup.

Anyway I would check whether nys-controller resolves to the correct IP.

Revision history for this message
murtazasolangi (amurtaza14) wrote : Re: [Bug 1644641] Re: Newton, Ubuntu 16.04 Xenial Keystone authentication issue

@Tim,
Yes, I have changed my dns name is now "nycontroller" and it's able to
resolve.

my setup is not multinode, this is separate geographical site for
deployment. so consider it as a separate controller, but unfortunately
experiencing same issue.

On Fri, Dec 2, 2016 at 5:40 PM, Tim Josefski <email address hidden> wrote:

> I didn't look into multi-controller setup.
>
> Anyway I would check whether nys-controller resolves to the correct IP.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1644641
>
> Title:
> Newton, Ubuntu 16.04 Xenial Keystone authentication issue
>
> Status in openstack-manuals:
> Invalid
> Status in Ubuntu:
> Invalid
>
> Bug description:
> Working with Newton and Ubuntu 16.04 xenial release, this is fresh
> installation, follwoing official openstack.org official installation
> guide.
> Could not create a domain, projects, users, and roles, keystone is
> prompted a password, I input all passwords[mysql root, kesytone] but it
> triggers error
>
> root@Mil-controller:/home/super# openstack project create --domain
> default \
> > --description "Service Project" service
> Password:
> Missing parameter(s):
> Set a username with --os-username, OS_USERNAME, or auth.username
> Set an authentication URL, with --os-auth-url, OS_AUTH_URL or
> auth.auth_url
>
> and Error: The request you have made requires authentication. (HTTP
> 401) (Request-ID: req-04607a60-b6ce-4835-83f5-aee44f480abd)
>
>
> Also followed instructions as mentioned in https://bugs.launchpad.net/
> openstack-manuals/+bug/1575688
> but no luck.
>
> /var/log/apache2/keystone.log complaining
>
> Authorization failed. The request you have made requires authentication.
> from ::1
> keystone.auth.controllers Could not find domain: default
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/openstack-manuals/+bug/1644641/+subscriptions
>

--
*Ali Murtaza Solangi*

Revision history for this message
murtazasolangi (amurtaza14) wrote :

It's totally strange & frustrating for me , I have 2 DCs with same Distro Ubuntu 16.04.1 having Newton, DC1 is working fine, while DC2 with having keystone authentication problem. I have checked line by line and package by packages multiple times, error is same "The request you have made requires authentication. (HTTP 401) (Request-ID: req-1ca7309d-f1c2-4f26-9a0f-56449928020d)"

DNS lookup works fine.
Variable having set with host name "nycontroller"

Can any 1 help me?

Revision history for this message
foo (timski-deactivatedaccount) wrote :

above you named it nyc-controller . maybe a simple naming inconstancy?

Revision history for this message
murtazasolangi (amurtaza14) wrote :

I have changed the hostname from nyc-controller to nycontroller, there is
also perception with Newton and Ubuntu packages have an issue with
hostnames with "-", but no luck
On Dec 3, 2016 5:40 PM, "Tim Josefski" <email address hidden> wrote:

> above you named it nyc-controller . maybe a simple naming inconstancy?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1644641
>
> Title:
> Newton, Ubuntu 16.04 Xenial Keystone authentication issue
>
> Status in openstack-manuals:
> Invalid
> Status in Ubuntu:
> Invalid
>
> Bug description:
> Working with Newton and Ubuntu 16.04 xenial release, this is fresh
> installation, follwoing official openstack.org official installation
> guide.
> Could not create a domain, projects, users, and roles, keystone is
> prompted a password, I input all passwords[mysql root, kesytone] but it
> triggers error
>
> root@Mil-controller:/home/super# openstack project create --domain
> default \
> > --description "Service Project" service
> Password:
> Missing parameter(s):
> Set a username with --os-username, OS_USERNAME, or auth.username
> Set an authentication URL, with --os-auth-url, OS_AUTH_URL or
> auth.auth_url
>
> and Error: The request you have made requires authentication. (HTTP
> 401) (Request-ID: req-04607a60-b6ce-4835-83f5-aee44f480abd)
>
>
> Also followed instructions as mentioned in https://bugs.launchpad.net/
> openstack-manuals/+bug/1575688
> but no luck.
>
> /var/log/apache2/keystone.log complaining
>
> Authorization failed. The request you have made requires authentication.
> from ::1
> keystone.auth.controllers Could not find domain: default
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/openstack-manuals/+bug/1644641/+subscriptions
>

Revision history for this message
foo (timski-deactivatedaccount) wrote :

If you changed it recently and did no complete reinstall since, you might have nyc-controller left somewhere in configs or databases .?.

Revision history for this message
nerdulent (nerdulent) wrote :

Hi All...Inspite of having the following configurations

root@controller:~# export OS_AUTH_URL=http://controller:35357/v3
root@controller:~# openstack project create --domain default --description "Service Project" service
The request you have made requires authentication. (HTTP 401) (Request-ID: req-78a53a89-c442-489d-9a8f-175908c7520f)

I am still facing the authentication error.
Please Help :(

Revision history for this message
subratsahoo (subrat58) wrote :

Hi All,
I also have the same issue tried multiple times both on virtual box and KVM environments.
While configuring the final identity services on controller node running
"openstack project create --domain default --description "Service Project" service"
command with all default credential as per the "https://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html"
found authentication error "The request you have made requires authentication. (HTTP 401) (Request-ID: req-bf07f23b-7238-4b1a-9d51-e823b33ad9dd)"
The last log from keystone-wsgi-public.log shown as below:
'2017-04-27 00:24:49.539 1530 WARNING keystone.common.wsgi [req-bf07f23b-7238-4b1a-9d51-e823b33ad9dd - - - - -] Authorization failed. The request you have made requires authentication. from 10.0.0.11

I tried similar instruction on Centos7(newton) guide and have same failure at same points. Seems something wrong in common both for ubuntu and Centos7.

I have successfully able to install liberty and mitaka both on Centos7 before on multiple node environments.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.