Login doesnt work

Hello Alex, you clould check if you set your domains in openstack.base_domains in skyline.yml
domains in the configuration would be ignored in the domain list api, so let your domains out of it first.

and then confirm your keystone service name is 'keystone', in case that the same problem as other issue.

if it still doesn't work, you cloud show me results of the following commands:
- docker inspect skyline | grep skyline
- openstack domain list
- openstack service list | grep keystone
and contents of your skyline.yml

Hi Qian,

On 12.07.23 05:07, Shuai Qian wrote:
> Hello Alex, you clould check if you set your domains in openstack.base_domains in skyline.yml
> domains in the configuration would be ignored in the domain list api, so let your domains out of it first.
in the Webinterface the Doamin is shown correctly neither I enter it in
the skyline.yaml or not.
>
> and then confirm your keystone service name is 'keystone', in case that
> the same problem as other issue.
>
> if it still doesn't work, you cloud show me results of the following commands:
> - docker inspect skyline | grep skyline
....

[root@localhost ~(keystone)]#  docker inspect skyline | grep skyline
Emulate Docker CLI using podman. Create /etc/containers/nodocker to
quiet msg.
               "localhost/skyline:latest"
               "localhost/skyline@sha256:5aaf758045f0b64bcd4610f65437354a0e2fe410017ab98b12b0361397256084"
                    "skyline.build_branch": "master",
                    "skyline.build_commit":
"ca3b13fd9ae8e0cefe9ba85870b0244619db433f",
                    "skyline.build_console_commit":
"6e6a6ea46dd24671c63ae4387f18933b87594ddd",
                    "skyline.release_version":
"ca3b13f_2023-07-18T09:51:15+0000"
               "skyline.build_branch": "master",
               "skyline.build_commit":
"ca3b13fd9ae8e0cefe9ba85870b0244619db433f",
               "skyline.build_console_commit":
"6e6a6ea46dd24671c63ae4387f18933b87594ddd",
               "skyline.release_version":
"ca3b13f_2023-07-18T09:51:15+0000"
                    "created_by": "/bin/sh -c #(nop) LABEL
skyline.build_branch=${GIT_BRANCH} skyline.build_commit=${GIT_COMMIT}
skyline.build_console_commit=${GIT_CONSOLE_COMMIT}
skyline.release_version=${RELEASE_VE
RSION}",
                    "created_by": "/bin/sh -c #(nop) COPY
dir:804c67bec4ab5092dac92defa410b61a950e3ad2916d7bbbc5ac073376629db5 in
/skyline-apiserver/ ",
                    "created_by": "/bin/sh -c #(nop) COPY
file:bc86f8264b8bab5005c5234573f820626125bfcd69c0e4bad6ba0fd4dd90889b in
/etc/skyline/skyline.yaml ",
                    "created_by": "/bin/sh -c #(nop) COPY
file:b9f040a2594f0321caa6f7ad0fb031b07d147eb9d7f1ef4f0cb4822e22b49d6e in
/etc/skyline/gunicorn.py ",
                    "created_by": "|5 GIT_BRANCH=master
GIT_COMMIT=ca3b13fd9ae8e0cefe9ba85870b0244619db433f
GIT_CONSOLE_COMMIT=6e6a6ea46dd24671c63ae4387f18933b87594ddd
RELEASE_VERSION=ca3b13f_2023-07-18T09:51:15+0000 SKYLINE_CONSOLE_
PACKAGE_URL=https://tarballs.opendev.org/openstack/skyline-console/skyline-console-master.tar.gz
/bin/sh -c export LANG=C.UTF-8     && apt-get update -y && apt-get
install -y --no-install-recommends apt-utils     && DEBIAN_FRONTEND=n
oninteractive apt-get install -y     gcc make nginx traceroute lsof
iputils-ping vim git wget curl locales-all ssl-cert     python3
python3-pip python3-dev python3-venv     && rm -rf /usr/bin/python
/usr/bin/pip     && ln -s /usr/bin
/python3 /usr/bin/python     && ln -s /usr/bin/pip3 /usr/bin/pip     &&
mkdir -p /etc/skyline/var/log/skyline/var/lib/skyline    && cd
/skyline-apiserver     && git init     && cd /     && pip install
skyline-apiserver/ -chttps://
releases.openstack.org/constraint...

Hello Alex, have you seen any error from the debug tool in browser (F12)?

if not, I'm sorry to say that it's a little hard to debug in the situation, because there would be many reasons for logging failed, so skyline just catch errors but no any logs for now.

And I only can suggest you try to deploy again in the different level，skyline service or other services, host operating system, changing images and something like that.

This would be get improved in the future.

Hi Qian,

Only thing I could see in the Browser is:

GEThttp://localhost:9999/api/openstack/skyline/api/v1/profile

Status
401
Unauthorized
VersionHTTP/1.1
Übertragen225 B (68 B Größe)
Referrer Policystrict-origin-when-cross-origin

GEThttp://localhost:9999/api/openstack/skyline/api/v1/policies

Status
401
Unauthorized
VersionHTTP/1.1
Übertragen225 B (68 B Größe)
Referrer Policystrict-origin-when-cross-origin

just in Case here are the Log Files of the test system:

==> /var/log/skyline/skyline.log <==
2023-07-25 14:05:46.556 | INFO     |
skyline_apiserver.client.openstack.system:get_endpoints:77 - The
floating-ip-port-forwarding resource could not be found.
2023-07-25 14:05:46.556 | INFO     |
skyline_apiserver.client.openstack.system:get_endpoints:77 - The
fwaas_v2 resource could not be found.
2023-07-25 14:05:46.556 | INFO     |
skyline_apiserver.client.openstack.system:get_endpoints:77 - The qos
resource could not be found.
2023-07-25 14:05:46.557 | INFO     |
skyline_apiserver.client.openstack.system:get_endpoints:77 - The vpnaas
resource could not be found.

==> /var/log/skyline/skyline-access.log <==
[2023-07-25 14:05:46 +0200].965 2519 INFO [-]  - "POST /api/v1/login
HTTP/1.0" 200

==> /var/log/skyline/skyline-nginx-access.log <==
127.0.0.1 - - [25/Jul/2023:14:05:46 +0200] "1.924" "1.925" "POST
/api/openstack/skyline/api/v1/login HTTP/1.1" 200 657
"http://localhost:9999/auth/login?referer=/" "Mozilla/5.0 (X1
1; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" "-"

==> /var/log/skyline/skyline-access.log <==
[2023-07-25 14:05:46 +0200].987 2516 INFO [-]  - "GET /api/v1/profile
HTTP/1.0" 401

==> /var/log/skyline/skyline-nginx-access.log <==
127.0.0.1 - - [25/Jul/2023:14:05:46 +0200] "0.006" "0.006" "GET
/api/openstack/skyline/api/v1/profile HTTP/1.1" 401 68
"http://localhost:9999/auth/login?referer=/" "Mozilla/5.0 (X1
1; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" "-"

==> /var/log/skyline/skyline-access.log <==
[2023-07-25 14:05:46 +0200].989 2519 INFO [-]  - "GET /api/v1/policies
HTTP/1.0" 401

==> /var/log/skyline/skyline-nginx-access.log <==
127.0.0.1 - - [25/Jul/2023:14:05:46 +0200] "0.004" "0.005" "GET
/api/openstack/skyline/api/v1/policies HTTP/1.1" 401 68
"http://localhost:9999/auth/login?referer=/" "Mozilla/5.0 (X
11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" "-"

Keystone.log:
2023-07-25 14:05:45.095036 2023-07-25 14:05:45.094 1953 WARNING
keystone.common.password_hashing [None
req-25fda048-ecf9-4eee-8013-ae9ad4d0a1f9 - - - - - -] Truncating
password to algorithm specific maximum length 54 characters.\x1b[00m

guess the keystone Warning doesnt matter as it working on horizon ...

Any idea what else I can check ??

Thanks for your help !

best Regards

  Alex

On 21.07.23 12:47, Shuai Qian wrote:
> Hello Alex, have you seen any error from the debug tool in browser
> (F12)?
>
> if not, I'm sorry to say that it's a little hard to debug in the
> situation, because there would be many reasons for logging failed, so
> skyline just catch errors but no any logs for now.
>
> And I only can suggest you try to deploy again in the different
> level，skyline service or other service...

Indeed there is no helpful log, and I also cloud not get other resolution but debugging step by step.

In addition I recommend you deploy openstack and skyline in same effective tools like kolla-ansible, which would help you handle the conplex configuration.
FYI: https://docs.openstack.org/skyline-apiserver/latest/configuration/settings.html

I am having similar issue. I tried on different OS but same issue. I have attached screenshot of Developer Tool of browser.

This is serious issue with skyline. I am using sqlite DB in my case.

I have noticed my sqlite db file is always empty inside skyline docker container

root@os-ctrl1:/# ls -l /tmp/skyline.db
-rw-r--r-- 1 root root 0 Aug 8 03:41 /tmp/skyline.db

Update:

When I switched from sqlite to mysql DB then it works and I was able to login into UI. But when I use normal user account then getting following error in logs. And in UI getting error. ( Admin account working without error). Do I need to give some special permission to end-users?

{
  "message": "You don't have access to get instances.",
  "status": 401
}

2023-08-08 04:49:04.869 | DEBUG | keystoneauth1.session:request:946 - GET call to identity for http://192.168.18.100:5000/v3/users/e8b10077f9f84e03bf115aa10ae13852/projects used request id req-8988e75a-97c4-4b2a-8a37-23572453d31d
2023-08-08 04:49:04.912 | DEBUG | urllib3.connectionpool:_make_request:456 - http://192.168.18.100:5000 "POST /v3/auth/tokens HTTP/1.1" 401 109
2023-08-08 04:49:04.913 | DEBUG | keystoneauth1.session:request:976 - Request returned failure status: 401
2023-08-08 04:49:04.914 | DEBUG | skyline_apiserver.api.v1.policy:list_policies:103 - Keystone token is invalid. No privilege to access system scope.

@satish & @alex

I had tried to re-produce this issue, but anything normal.

Steps:

1. Install AIO openstack AA version with kolla-ansible
2. Run skyline with master codes

openstack domain create test-domain
openstack user create --domain test-domain --password-prompt test-user
openstack project create --domain test-domain test-project
openstack role add --project test-project --project-domain test-domain --user test-user --user-domain test-domain member

curl -i -X 'POST' \
  'http://127.0.0.1:28000/api/v1/login' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "region": "RegionOne",
  "username": "test-user",
  "domain": "test-domain",
  "password": "test-password"
}'

HTTP/1.1 200 OK
date: Wed, 09 Aug 2023 06:36:48 GMT
server: uvicorn
content-length: 1249
content-type: application/json
set-cookie: session=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXlzdG9uZV90b2tlbiI6ImdBQUFBQUJrMHpRQktMXzFRZ3hlODFvU240YkxZaEppdjZtek1FX3JCLVo5SGdxM3BlSjZnMkpUNXJQdmtBRE9vUFpDeVZuWHRVQk5TX3pfX1pGMUZ0M0ZzbEFrRWxaOC1YUXF5UkE0aXRfMllVSVBMVThidDZzWEtaczdJeFFRRm1VZE40bG9xOGFUaTlVMWZEMnMtVWFUR0RRa2d6SkJnRkwwd0d0LWJWMkxacU12MUpfMExnQ2wzS1R3S0s3REs2T04wWVdJaDJncCIsInJlZ2lvbiI6IlJlZ2lvbk9uZSIsImV4cCI6MTY5MTU2NjYwOSwidXVpZCI6IjdiNTQxMDYzZjI0ODRmYmNiODk3NDBlMmIzODY4MmIxIn0.D9MSlwGR0I_lkFM_Rkcve4x1Ti7l_QEFpIHOJ5jdFw4; Path=/; SameSite=lax
set-cookie: time_expired=1691566609; Path=/; SameSite=lax

{"keystone_token":"gAAAAABk0zQBKL_1Qgxe81oSn4bLYhJiv6mzME_rB-Z9Hgq3peJ6g2JT5rPvkADOoPZCyVnXtUBNS_z__ZF1Ft3FslAkElZ8-XQqyRA4it_2YUIPLU8bt6sXKZs7IxQQFmUdN4loq8aTi9U1fD2s-UaTGDQkgzJBgFL0wGt-bV2LZqMv1J_0LgCl3KTwKK7DK6ON0YWIh2gp","region":"RegionOne","exp":1691566609,"uuid":"7b541063f2484fbcb89740e2b38682b1","project":{"id":"68556d5865804fc78e771d8317895ee5","name":"test-project","domain":{"id":"b67d909dfd014d83af8721f7d8663ae0","name":"test-domain"}},"user":{"id":"88ca81af5bf44d568a94e83d130216d0","name":"test-user","domain":{"id":"b67d909dfd014d83af8721f7d8663ae0","name":"test-domain"}},"roles":[{"id":"7ff36158ee8243a8bb9ce4e532b6c1fb","name":"reader"},{"id":"434777fa942f4921a1475c9d8ea0c7c2","name":"member"}],"keystone_token_exp":"2023-08-10T06:36:49.000000Z","base_domains":["heat_user_domain"],"endpoints":{"placement":"/api/openstack/regionone/placement","heat":"/api/openstack/regionone/heat","glance":"/api/openstack/regionone/glance","neutron":"/api/openstack/regionone/neutron","keystone":"/api/openstack/regionone/keystone","nova":"/api/openstack/regionone/nova"},"projects":{"68556d5865804fc78e771d8317895ee5":{"name":"test-project","enabled":true,"domain_id":"b67d909dfd014d83af8721f7d8663ae0","description":""}},"version":"2.1.0"}

curl -i 'http://127.0.0.1:28000/api/v1/profile' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Cookie: session=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXlzdG9uZV90b2tlbiI6ImdBQUFBQUJrMHpONGlKajVUd0JRUVl3ZjdKZ1llaTNXOFc0SzB3cXBSRmotWTlGV3k2ZzJ5dzFDLWdZQVdkUmYtbDc5UkduSklVeTdJTVJvam9vRGVGUzFpVEZCRC1RdTRjTUNNUHMtNkNiR2tteXVhQ2o4VHV4azQ4S0tfWnZMMXpMcTVXZFRZTGpJYlJGY1RhMl9KRExlNlZoX3ZpNk1FczNzakN1WDM4QVBXdXBOYmZZVzVGbkJGcjZtbWRiMjlpcWZNc1dHYjhxRyIsInJlZ2lvbiI6IlJlZ2lvbk9uZSIsImV4cCI6MTY5MTU2...

I'll test docker image then, & update you ASAP

I also tried docker.io/99cloud/skyline:2023.1 & docker.io/99cloud/skyline:latest, everything is OK in web console.

I think the differences is skyline.yaml, give my diff as blow.

# diff etc/skyline.yaml etc/skyline.yaml.sample
27c27
< keystone_url: http://192.168.122.100:5000/v3/
---
> keystone_url: http://127.0.0.1:5000/v3/
53c53
< system_project: admin
---
> system_project: service
58,59c58,59
< system_user_name: admin
< system_user_password: 'aoXSJoJOLlG6sdfzAKcZwrbvKDPPGMCTZnUFE0Ak'
---
> system_user_name: skyline
> system_user_password: ''

Operation log as below:
-------------------------

root@wwx-kolla-2023:~# rm -rf /tmp/skyline && mkdir /tmp/skyline && mkdir /var/log/skyline

root@wwx-kolla-2023:~# docker run -d --name skyline_bootstrap -e KOLLA_BOOTSTRAP="" -v /var/log/skyline:/var/log/skyline -v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml -v /tmp/skyline:/tmp --net=host 99cloud/skyline:2023.1
Unable to find image '99cloud/skyline:2023.1' locally
2023.1: Pulling from 99cloud/skyline
Digest: sha256:5c81150d82f275fc7afd104758927703a7e7e61104af11c119ff633f613fe16c
Status: Downloaded newer image for 99cloud/skyline:2023.1
f65f3c13980905ec4e2fc16972dbf4fc932fa3fdf7981240c23de2943b2561fd

root@wwx-kolla-2023:~# docker logs skyline_bootstrap
+ echo '/usr/local/bin/gunicorn -c /etc/skyline/gunicorn.py skyline_apiserver.main:app'
+ mapfile -t CMD
++ xargs -n 1
++ tail /run_command
+ [[ -n 0 ]]
+ cd /skyline-apiserver/
+ make db_sync
alembic -c skyline_apiserver/db/alembic/alembic.ini upgrade head
2023-08-09 08:07:00.159 | INFO | alembic.runtime.migration:__init__:205 - Context impl SQLiteImpl.
2023-08-09 08:07:00.159 | INFO | alembic.runtime.migration:__init__:208 - Will assume non-transactional DDL.
2023-08-09 08:07:00.462 | INFO | alembic.runtime.migration:run_migrations:619 - Running upgrade -> 000, init
+ exit 0

root@wwx-kolla-2023:~# docker rm -f skyline_bootstrap
skyline_bootstrap

root@wwx-kolla-2023:~# docker run -d --name skyline --restart=always -v /var/log/skyline:/var/log/skyline -v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml -v /tmp/skyline:/tmp --net=host 99cloud/skyline:2023.1
3ed7ff03962108589ef1a79be0f95026c48d211b754b0ae03e76110298442a15

I changed the skyline.yaml, as described, exept the keytone_url, as the
UI shows,  Regione and Project, what it doesnt do if it doesnt have
access to keystone .... (had this problem at first ...)

But one littel thing ..
As Im accessing the Skyline UI on http:// over an SSH tunnel, might it
be that the skyline doesnt allow that so that we get the error in the
Browser [HTTP/1.1 401 Unauthorized 6ms
May it be that this does only work with https ??

On 09.08.23 10:18, Wu Wenxiang wrote:
> I also tried docker.io/99cloud/skyline:2023.1 &
> docker.io/99cloud/skyline:latest, everything is OK in web console.
>
> I think the differences is skyline.yaml, give my diff as blow.
>
> # diff etc/skyline.yaml etc/skyline.yaml.sample
> 27c27
> < keystone_url:http://192.168.122.100:5000/v3/
> ---
>> keystone_url:http://127.0.0.1:5000/v3/
> 53c53
> < system_project: admin
> ---
>> system_project: service
> 58,59c58,59
> < system_user_name: admin
> < system_user_password: 'aoXSJoJOLlG6sdfzAKcZwrbvKDPPGMCTZnUFE0Ak'
> ---
>> system_user_name: skyline
>> system_user_password: ''
>
> Operation log as below:
> -------------------------
>
> root@wwx-kolla-2023:~# rm -rf /tmp/skyline && mkdir /tmp/skyline &&
> mkdir /var/log/skyline
>
> root@wwx-kolla-2023:~# docker run -d --name skyline_bootstrap -e KOLLA_BOOTSTRAP="" -v /var/log/skyline:/var/log/skyline -v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml -v /tmp/skyline:/tmp --net=host 99cloud/skyline:2023.1
> Unable to find image '99cloud/skyline:2023.1' locally
> 2023.1: Pulling from 99cloud/skyline
> Digest: sha256:5c81150d82f275fc7afd104758927703a7e7e61104af11c119ff633f613fe16c
> Status: Downloaded newer image for 99cloud/skyline:2023.1
> f65f3c13980905ec4e2fc16972dbf4fc932fa3fdf7981240c23de2943b2561fd
>
> root@wwx-kolla-2023:~# docker logs skyline_bootstrap
> + echo '/usr/local/bin/gunicorn -c /etc/skyline/gunicorn.py skyline_apiserver.main:app'
> + mapfile -t CMD
> ++ xargs -n 1
> ++ tail /run_command
> + [[ -n 0 ]]
> + cd /skyline-apiserver/
> + make db_sync
> alembic -c skyline_apiserver/db/alembic/alembic.ini upgrade head
> 2023-08-09 08:07:00.159 | INFO | alembic.runtime.migration:__init__:205 - Context impl SQLiteImpl.
> 2023-08-09 08:07:00.159 | INFO | alembic.runtime.migration:__init__:208 - Will assume non-transactional DDL.
> 2023-08-09 08:07:00.462 | INFO | alembic.runtime.migration:run_migrations:619 - Running upgrade -> 000, init
> + exit 0
>
> root@wwx-kolla-2023:~# docker rm -f skyline_bootstrap
> skyline_bootstrap
>
> root@wwx-kolla-2023:~# docker run -d --name skyline --restart=always -v /var/log/skyline:/var/log/skyline -v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml -v /tmp/skyline:/tmp --net=host 99cloud/skyline:2023.1
> 3ed7ff03962108589ef1a79be0f95026c48d211b754b0ae03e76110298442a15
>

--
Alexander Luedtke
Systemadministrator

Technische Universität München
TUM School of Computation, Information and Technology
Chair of IT Security

Garching Boltzmannstr. 3
Room 01.08.036
85748 Garching b. Muenchen

Tel. +49 89 289 18039

www.sec.in.tum.de

@Alex

Web Browser -- HTTP with 9999 port --> Skyline ---> HTTP endpoint?

http://172.20.148.2:9999/

HTTP is OK for me, according to the operation log I posted before.

What do you mean by "accessing the Skyline UI on http:// over an SSH tunnel"?

SSH Tunnel:
SSH -L   with that you can access ports on an Remote System (in my case
an lokal VM ...) without having remote access to the port you want ...
very usefull in test cases ...

But anyway if http should work that isnt the issue :-(

On 09.08.23 11:36, Wu Wenxiang wrote:
> @Alex
>
> Web Browser -- HTTP with 9999 port --> Skyline ---> HTTP endpoint?
>
> http://172.20.148.2:9999/
>
> HTTP is OK for me, according to the operation log I posted before.
>
> What do you mean by "accessing the Skyline UI on http:// over an SSH
> tunnel"?
>

--
Alexander Luedtke
Systemadministrator

Technische Universität München
TUM School of Computation, Information and Technology
Chair of IT Security

Garching Boltzmannstr. 3
Room 01.08.036
85748 Garching b. Muenchen

Tel. +49 89 289 18039

www.sec.in.tum.de

@Wu

This is my skyline.yaml file

#################

default:
  access_token_expire: 3600
  access_token_renew: 1800
  cors_allow_origins: []
  #database_url: sqlite:////tmp/skyline.db
  database_url: mysql://skyline:skyline123@localhost:3306/skyline
  debug: true
  log_dir: /var/log/skyline
  log_file: skyline.log
  prometheus_basic_auth_password: ''
  prometheus_basic_auth_user: ''
  prometheus_enable_basic_auth: false
  prometheus_endpoint: http://localhost:9091
  secret_key: aCtmgbcUqYUy_HNVg5BDXCaeJgJQzHJXwqbXr0Nmb2o
  session_name: session
  ssl_enabled: false
openstack:
  base_domains:
  - heat_user_domain
  default_region: RegionOne
  enforce_new_defaults: true
  extension_mapping:
    floating-ip-port-forwarding: neutron_port_forwarding
    fwaas_v2: neutron_firewall
    qos: neutron_qos
    vpnaas: neutron_vpn
  interface_type: public
  keystone_url: http://192.168.18.100:5000/v3
  nginx_prefix: /api/openstack
  reclaim_instance_interval: 604800
  service_mapping:
    baremetal: ironic
    compute: nova
    container: zun
    container-infra: magnum
    database: trove
    identity: keystone
    image: glance
    key-manager: barbican
    load-balancer: octavia
    network: neutron
    object-store: swift
    orchestration: heat
    placement: placement
    sharev2: manilav2
    volumev3: cinder
  sso_enabled: false
  sso_protocols:
  - openid
  sso_region: RegionOne
  system_admin_roles:
  - admin
  - system_admin
  system_project: service
  system_project_domain: Default
  system_reader_roles:
  - system_reader
  system_user_domain: Default
  system_user_name: skyline
  system_user_password: 'skyline123'
setting:
  base_settings:
  - flavor_families
  - gpu_models
  - usb_models
  flavor_families:
  - architecture: x86_architecture
    categories:
    - name: general_purpose
      properties: []
    - name: compute_optimized
      properties: []
    - name: memory_optimized
      properties: []
    - name: high_clock_speed
      properties: []
  - architecture: heterogeneous_computing
    categories:
    - name: compute_optimized_type_with_gpu
      properties: []
    - name: visualization_compute_optimized_type_with_gpu
      properties: []
  gpu_models:
  - nvidia_t4
  usb_models:
  - usb_c

############

My problem is if I login as admin then everything works!! But for normal account (end-user) I am able to login in UI but when I click any instance or anything it throwing access error and in logs its showing me following:

2023-08-08 04:49:04.869 | DEBUG | keystoneauth1.session:request:946 - GET call to identity for http://192.168.18.100:5000/v3/users/e8b10077f9f84e03bf115aa10ae13852/projects used request id req-8988e75a-97c4-4b2a-8a37-23572453d31d
2023-08-08 04:49:04.912 | DEBUG | urllib3.connectionpool:_make_request:456 - http://192.168.18.100:5000 "POST /v3/auth/tokens HTTP/1.1" 401 109
2023-08-08 04:49:04.913 | DEBUG | keystoneauth1.session:request:976 - Request returned failure status: 401
2023-08-08 04:49:04.914 | DEBUG | skyline_apiserver.api.v1.policy:list_policies:103 - Keystone token is invalid. No privilege to access system scope.

That is clear that skyline doesn't passing proper token or authorization when ...

@Satish

1. Which version of skyline you used? if docker image, u can `docker inspect skyline | grep skyline` to check.
2. Could you upload the Chrome Dev (F12) logs & skyline/keystone logs, which cover the issue re-produced? It' better if you can point the issue timestamp in your uploaded logs.

Based on these logs: '2023-08-08 04:49:04.914 | DEBUG | skyline_apiserver.api.v1.policy:list_policies:103 - Keystone token is invalid. No privilege to access system scope.'

Codes: https://opendev.org/openstack/skyline-apiserver/src/branch/master/skyline_apiserver/api/v1/policy.py#L103

The logics:
1. Try to access as system scope
2. if user is not authorized to access the system scope, then just ignore the exception and use the user_context as is.

so these logs is normal.

I think we could find clues based on your F12/Skyline/Keystone logs.

Attach my F12 logs as example.

@Alex，@Satish

I couldn't reproduce this issue with Master or 2023.1 version, either running skyline by container image or by sources.

OpenStack use kolla-ansible 2023.1

So next step, we could collect logs to find clues.

Please tell me if have any problems during collecting F12/Skyline/Keystone logs, thanks~

^ nm i had resolved this somehow on another level and now can no longer reproduce

think maybe dependency issues

```
2023-08-11 23:25:06.059 | DEBUG | keystoneauth1.identity.v3.base:get_auth_ref:184 - Making authentication request to https://172.29.228.250:5000/v3/auth/tokens
2023-08-11 23:25:06.059 | DEBUG | urllib3.connectionpool:_new_conn:1003 - Starting new HTTPS connection (1): 172.29.228.250:5000
2023-08-11 23:25:06.300 | DEBUG | urllib3.connectionpool:_make_request:456 - https://172.29.228.250:5000 "POST /v3/auth/tokens HTTP/1.1" 201 5133
2023-08-11 23:25:06.301 | DEBUG | keystoneauth1.identity.v3.base:get_auth_ref:189 - {"token": {"methods": ["password"], "user": {"domain": {"id": "default", "name": "Default"}, "id": "e20331b4152d4c2d840ea260c9f6dbcb", "name": "test", "password_expires_at": null}, "audit_ids": ["34qqQqjjTlaEJJislupPXw"], "expires_at": "2023-08-12T18:25:06.000000Z", "issued_at": "2023-08-12T06:25:06.000000Z", "project": {"domain": {"id": "default", "name": "Default"}, "id": "0d38c00839434ab59efc9482e51249de", "name": "admin"}, "is_domain": false, "roles": [{"id": "8115fe85fcd1482ea130aeef26efdb94", "name": "_member_"}], "catalog": [{"endpoints": [{"id": "b35b4bdab5a64bbbaa62cb06e1a364cd", "interface": "public", "region_id": "RegionOne", "url": "https://192.168.0.250:8780", "region": "RegionOne"}, {"id": "b8754130c4f547d79c9463faee7c543a", "interface": "internal", "region_id": "RegionOne", "url": "https://172.29.228.250:8780", "region": "RegionOne"}, {"id": "df1f8f5c53fe4f75a7e9a47c95e6fb44", "interface": "admin", "region_id": "RegionOne", "url": "https://172.29.228.250:8780", "region": "RegionOne"}], "id": "0eb0249df0584c22bfad7dd326004adc", "type": "placement", "name": "placement"}, {"endpoints": [{"id": "394ff8dfe4f54ab49ebde366ccc4711c", "interface": "admin", "region_id": "RegionOne", "url": "https://172.29.228.250:8041", "region": "RegionOne"}, {"id": "a90b832613bc4abca59220fda74c8552", "interface": "public", "region_id": "RegionOne", "url": "https://192.168.0.250:8041", "region": "RegionOne"}, {"id": "bebeab38511a4054bc0c1083f9254a18", "interface": "internal", "region_id": "RegionOne", "url": "https://172.29.228.250:8041", "region": "RegionOne"}], "id": "443de8e40cc14dcd93103393594598d3", "type": "metric", "name": "gnocchi"}, {"endpoints": [{"id": "0d04ee6c396144f5880b8384121940f7", "interface": "admin", "region_id": "RegionOne", "url": "https://172.29.228.250:5000", "region": "RegionOne"}, {"id": "35227b8bc6164e30abd096278ff369ab", "interface": "internal", "region_id": "RegionOne", "url": "https://172.29.228.250:5000", "region": "RegionOne"}, {"id": "975a65584b1b4144bcec4205b13f7196", "interface": "public", "region_id": "RegionOne", "url": "https://192.168.0.250:5000", "region": "RegionOne"}], "id": "95efcac396c94431bc1b3ffefdf4194f", "type": "identity", "name": "keystone"}, {"endpoints": [{"id": "1449426be5a145e3ba178b258ac4096f", "interface": "internal", "region_id": "RegionOne", "url": "https://172.29.228.250:8776/v3/0d38c00839434ab59efc9482e51249de", "region": "RegionOne"}, {"id": "dbe7cf64830940bebb96250ec00613a4", "interface": "admin", "region_id": "RegionOne", "url": "https://172.29.228.250:8776/v3/0d38c00839434ab59efc9482e51249de", "region": "RegionOne"}, {"id": "fc339ad771d14be5bcb2a603d3458a05", "inter...

I have built from source on both 20.04 and 22.04 Antelope branch, and believe I have found the issue.

pip SQLAlchemy==1.4.41 needs to be pinned to this version (I didn't try everything between 1.4.49) but 1.4.49 and greater do not work and cause the login issue.

When I set this to 1.4.41 immediately works.

@james how to fix this issue in dockerized installaiton, if this is the case?

following exception found in the logs

2023-08-18 04:15:47.064 | WARNING | skyline_apiserver.api.v1.contrib:list_domains:91 - Could not find a suitable endpoint for client version: 3.13

was hitting this bug; https://bugs.launchpad.net/skyline-apiserver/+bug/1954975

moving to train release works for me!

yes, the lowest version we support for openstack is train.

Hello.
I got this problem too.

On web browser

GET http://skylineIP:9999/api/openstack/skyline/api/v1/profile 401 (Unauthorized)
GET http://skylineIP:9999/api/openstack/skyline/api/v1/policies 401 (Unauthorized)

"detail":"not enough values to unpack (expected 5, got 4)"}(skyline)

My environment:

Ubuntu 22.04

Openstack yoga and zed deployed by kolla-ansible.

Skyline APIserver and Console were installed from source code.

Skyline with docker works like charm.

hi Khoi,

if you deploy openstack in kolla-ansible, I recommend you also deploy skyline in that,

set enable_skyline in globals.yml and execute kolla-ansible deploy -i <your-inventory> -t skyline deploy

@Shuai

I did following but nothing happened, Do i need to do anything in inventory?

$ kolla-ansible -i multinode deploy -t skyline

I am using Zed release of kolla-ansible.

Am 08.09.23 um 22:50 schrieb Satish Patel:
> @Shuai
>
> I did following but nothing happened, Do i need to do anything in
> inventory?
>
> $ kolla-ansible -i multinode deploy -t skyline
>
Hi, had the same problem as I tryed kolla-ansible shortly, tip - there
is an skyline option in the global.yml which is by default set to no.

--
Alexander Luedtke
Systemadministrator

Technische Universität München
TUM School of Computation, Information and Technology
Chair of IT Security

Garching Boltzmannstr. 3
Room 01.08.036
85748 Garching b. Muenchen

Tel. +49 89 289 18039

www.sec.in.tum.de

@Satish

yes, kolla-ansible for zed release is ok, which is able to deploy skyline.

and have you set configuration item `enable_skyline=yes` in globals.yml which is no by default as Ales said?

Just to close the loop here. My issue was _member_ vs member role issue with skyline. Patch is already committed - https://bugs.launchpad.net/skyline-apiserver/+bug/2034976

Hi All,

@Khoi (khoinh5)

Installing the package:sqlalchemy-1.4.0 helped me with exactly the same errors.
the highest version that works for me is 1.4.41. There is some problem with version 1.4.42 and up.

regards

@tomasz thanks for your validation. it's really helpful

This needs to be patched.
For better contribution, the version should be clearly stated.

env
OS : ubuntu 22.04
openstack : yoga

(This problem will occur if you install without using docker.)
When installed in the above environment,
the sqlalchemy package will be installed in versions 1.3 between1.5 due to the influence of the databases package. (defualt install version 1.4.51) need to <=1.4.41

However, sqlalchemy version 2.0 has been released, so additional improvements to version 1.x will be difficult.

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/skyline-apiserver/+/907286

Reviewed: https://review.opendev.org/c/openstack/skyline-apiserver/+/907286
Committed: https://opendev.org/openstack/skyline-apiserver/commit/d2ed6e4b0c09d2ee001272548ebbf381e48f7126
Submitter: "Zuul (22348)"
Branch: master

commit d2ed6e4b0c09d2ee001272548ebbf381e48f7126
Author: zhuboxiang <zhu.boxiang@99cloud.net>
Date: Wed Jan 31 14:14:58 2024 +0800

    fix: Upgrade the version of databases

    For this commit https://review.opendev.org/c/openstack/requirements/+/900435
    The version of SQLAlchemy has been as 1.4.50

    From the install_requires of databases, we need to upgrade it.
    For 0.8.0 version of databases, sqlalchemy>=1.4.42,<1.5

    Closes-Bug: #1974452
    Closes-Bug: #2025755
    Change-Id: I4c046d2e8a8188046f96809219eb6ddf1f950aa6

Hello,

env
OS: ubuntu 22.04
openstack : 2023.1 (antelope)

I set up an instance according to the information above. I git cloned the devstack to 2023.1

After logging in to the skyline interface, when I log in with the username and password, it gets stuck on the same login page, and when I examine the network with F12 inspect, I see the following errors.

Request URL:
http://10.8.135.195:9999/api/openstack/regionone/keystone/v3/system/users/c6cc81f1554244a2b648a163b2ff6f67/roles
Request Method:
GET
Status Code:
401 UNAUTHORIZED
Remote Address:
10.8.135.195:9999
Referrer Policy:
strict-origin-when-cross-origin

As you said above, I installed it with sqlaclhemy==1.4.41, but the error is still not resolved.

Could you help me, please?

This issue was fixed in the openstack/skyline-apiserver 4.0.0.0rc1 release candidate.