Unsolved
This post is more than 5 years old
10 Posts
0
2295
Openstack Data Protection Extension for Avamar
Hi Folks,
I'm trying to run Openstack DPE on my lab, with no success for the moment.
When I start the DPE proxy service which is expected to authenticate to Keystone, I get the following error from keystone.log:
2016-07-26 12:48:16.892835 2016-07-26 12:48:16.892 2464 WARNING keystone.common.wsgi [req-4cd1d447-45fd-4f35-a924-af068fabf62a - - - - -] You are not authorized to perform the requested action: identity:list_domains
From the DPE proxy service, the error is similar which states the action is forbidden.
- requests.exceptions.HTTPError: 403 Client Error: Forbidden
Yet, I have configured a new user backup_admin with admin rights on its project named avamar, and I followed the installation guide step by step. Am I missing something?
I also tried with different release of Openstack such as Kilo, Liberty and Mitaka and I’m still facing the same issue.
Any tip/advice/help would be highly appreciated.
Vijay__Avamar_
16 Posts
0
July 27th, 2016 17:00
Hello - There are several possibe ways you could have got that message.
1. Incorrect Openstack credentials for the DPE proxy service
Please verify the credentials using "curl" or horizon login.
2. Openstack "Domains" enabled:
We do not support Domains yet.
3. An openstack configuration issue
Please see https://ask.openstack.org/en/question/69418/not-authorized-to-list-projects-with-keystone-v3/
4. Openstack bug or bad parameter sequence
Please see https://review.openstack.org/#/c/311206/
You may also find login issues in the syslog of the controller node.
certification
10 Posts
0
July 28th, 2016 00:00
Hi Vijay,
1. Nothing wrong with my credentials. It's setup correctly.
Excerpt of my conf file:
[Keystone]
href=http://controller:5000/
username=backup_admin
password=password
#ssl_verify=/path/to/sslcert.pem
[Tenant]
name=avamar
If i try to run curl command instead, i'm getting the list of domains.
First, i request a token based on the file:
export TOKEN=`curl -si -d @token-request.json -H "Content-type: application/json" http://localhost:35357/v3/auth/tokens | awk '/X-Subject-Token/ {print $2}'`
Then use this token with my curl command.
root@Controller-POC:~/API-scripts# curl -si -H"X-Auth-Token:$TOKEN" -H "Content-type: application/json" http://localhost:5000/v3/domains
HTTP/1.1 200 OK
Date: Thu, 28 Jul 2016 07:46:35 GMT
Server: Apache/2.4.7 (Ubuntu)
Vary: X-Auth-Token
X-Distribution: Ubuntu
x-openstack-request-id: req-04c78c60-7146-4ba5-af9c-af4ae081d7e7
Content-Length: 305
Content-Type: application/json
{"domains": [{"links": {"self": "http://localhost:5000/v3/domains/default"}, "enabled": true, "description": "Owns users and tenants (i.e. projects) available on Identity API v2.", "name": "Default", "id": "default"}], "links": {"self": "http://localhost:5000/v3/domains", "previous": null, "next": null}}
2. I did not activate domains. I'm using Liberty which is supposed to work. Yet, i can notice there is a reference to domains, how can i verify this feature is not activated by mistake?
Do you know if there is some restrictions about the openstack deployment methode?
At this moment, i'm using a 3 nodes architecture, based on Ubuntu 14.04 and Liberty released deployed manually.
Anyway, thanks for your help.
JP
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 28th, 2016 10:00
Please ensure the backup_admin user is a member of:
Find Keystone group membership from the CLI using:
keystone user-list --tenant_id=admin
As for curl calls to Keystone, please refer to:
API Examples using Curl — keystone 10.0.0.0b3.dev149 documentation
*initially you may use the default scope vs domain-scope or project-scope for the backup_admin user
certification
10 Posts
0
July 28th, 2016 12:00
I've just finished to deploy once again the dpe-proxy-service within a fresh new installation of Openstack Liberty on Ubuntu 14.04. Everything was working well unti i start the service:
2016-07-28 21:18:05.944863 2016-07-28 21:18:05.941 2885 ERROR keystone.auth.plugins.core DomainNotFound: Could not find domain: Default
2016-07-28 21:18:05.944866 2016-07-28 21:18:05.941 2885 ERROR keystone.auth.plugins.core
2016-07-28 21:18:05.947243 2016-07-28 21:18:05.945 2885 WARNING keystone.common.wsgi [req-bb5045e5-fce4-44dd-9b54-21836cba2749 - - - - -] Authorization failed. The request you have made requires authentication. from ::1
i'm struggling with this plugin, and i need to deliver a POC next week. Don't really know where to start. I've followed the installation guide with no success so far.
sddc_guy
159 Posts
0
September 19th, 2016 02:00
check your neutron and metadat conf !
metadata_agent.ini
project_domain_id = default
user_domain_id = default
neutron.conf:
project_domain_id = default
user_domain_id = default
this is the manual / default domain form OS Setup
alos, looks as if you are defaulting to an IPv6 controller ?
Do you use ip or dns names for the controller names in the scripts ?
is you DNS workin correctly ?