OpenStack Identity (keystone)

Unable to authorize user

Asked by li,chen

I have fresh installed Grizzly.

And I can use the admin_token to run command successfully :

keystone --token ADMIN --endpoint http://192.168.11.11:35357/v2.0 user-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+---------+---------+-------+
| id | name | enabled | email |
+----------------------------------+---------+---------+-------+
| 0d8d703279bc45e19cf1a3e8c5ac5445 | cinder | True | |
| 6ebceb6f6c7f47ff8d1c94f3b516f0fb | glance | True | |
| 99fb5ce424c247529337b13e7bab78a8 | nova | True | |
| a8e799de08274eef8ace567240e3b65c | quantum | True | |
| 8cbad06dd1764bae93612132ca62671d | test | True | |
+----------------------------------+---------+---------+-------+

keystone --token ADMIN --endpoint http://192.168.11.11:35357/v2.0 role-list
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 00872ea74fd04700bdebecc62884a36d | admin |
+----------------------------------+----------+

But when I change to use a user to do the same command, it returns the errors "Unable to authorize user";
keystone --os-username test --os-password 123456 --os-tenant-name iStack-M3 --os-auth-url http://192.168.11.11:5000/v2.0 user-list
Unable to authorize user

No ERROR in keystone log:

2013-05-10 15:12:54 DEBUG [eventlet.wsgi.server] (10754) accepted ('192.168.11.11', 45523)

2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] ******************** REQUEST ENVIRON ********************
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] SCRIPT_NAME = /v2.0
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] webob.adhoc_attrs = {'response': <Response at 0x36caa50 200 OK>}
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] REQUEST_METHOD = POST
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] PATH_INFO = /tokens
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] SERVER_PROTOCOL = HTTP/1.0
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] REMOTE_ADDR = 192.168.11.11
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] CONTENT_LENGTH = 104
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] HTTP_USER_AGENT = python-keystoneclient
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] eventlet.posthooks = []
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] RAW_PATH_INFO = /v2.0/tokens
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] REMOTE_PORT = 45523
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] eventlet.input = <eventlet.wsgi.Input object at 0x3097c90>
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] wsgi.url_scheme = http
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] webob._body_file = (<_io.BufferedReader>, <eventlet.wsgi.Input object at 0x3097c90>)
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] SERVER_PORT = 5000
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] wsgi.input = <_io.BytesIO object at 0x3609ef0>
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] openstack.context = {'token_id': None, 'is_admin': False}
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] HTTP_HOST = 192.168.11.11:5000
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] wsgi.multithread = True
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] openstack.params = {u'auth': {u'tenantName': u'iStack-M3', u'passwordCredentials': {u'username': u'test', u'password': u'123456'}}}
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] HTTP_ACCEPT = */*
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] wsgi.version = (1, 0)
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] SERVER_NAME = 192.168.11.11
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] GATEWAY_INTERFACE = CGI/1.1
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] wsgi.run_once = False
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] wsgi.errors = <open file '<stderr>', mode 'w' at 0x7f894d6bc270>
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] wsgi.multiprocess = False
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] webob.is_body_seekable = True
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] CONTENT_TYPE = application/json
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] HTTP_ACCEPT_ENCODING = gzip, deflate, compress
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi]
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] ******************** REQUEST BODY ********************
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] {"auth": {"tenantName": "iStack-M3", "passwordCredentials": {"username": "test", "password": "123456"}}}
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi]
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] arg_dict: {}
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT user.id AS user_id, user.name AS user_name, user.domain_id AS user_domain_id, user.password AS user_password, user.enabled AS user_enabled, user.extra AS user_extra
FROM user
WHERE user.name = %s AND user.domain_id = %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('test', 'default')
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT project.id AS project_id, project.name AS project_name, project.domain_id AS project_domain_id, project.description AS project_description, project.enabled AS project_enabled, project.extra AS project_extra
FROM project
WHERE project.name = %s AND project.domain_id = %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('iStack-M3', 'default')
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT user.id AS user_id, user.name AS user_name, user.domain_id AS user_domain_id, user.password AS user_password, user.enabled AS user_enabled, user.extra AS user_extra
FROM user
WHERE user.id = %s
 LIMIT %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('8cbad06dd1764bae93612132ca62671d', 1)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT user.id AS user_id, user.name AS user_name, user.domain_id AS user_domain_id, user.password AS user_password, user.enabled AS user_enabled, user.extra AS user_extra
FROM user
WHERE user.id = %s
 LIMIT %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('8cbad06dd1764bae93612132ca62671d', 1)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT user_project_metadata.user_id AS user_project_metadata_user_id, user_project_metadata.project_id AS user_project_metadata_project_id, user_project_metadata.data AS user_project_metadata_data
FROM user_project_metadata
WHERE user_project_metadata.user_id = %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('8cbad06dd1764bae93612132ca62671d',)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT project.id AS project_id, project.name AS project_name, project.domain_id AS project_domain_id, project.description AS project_description, project.enabled AS project_enabled, project.extra AS project_extra
FROM project
WHERE project.id = %s
 LIMIT %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('45a521413d9b43ff888abb7de9878171', 1)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT user_project_metadata.user_id AS user_project_metadata_user_id, user_project_metadata.project_id AS user_project_metadata_project_id, user_project_metadata.data AS user_project_metadata_data
FROM user_project_metadata
WHERE user_project_metadata.project_id = %s AND user_project_metadata.user_id = %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('45a521413d9b43ff888abb7de9878171', '8cbad06dd1764bae93612132ca62671d')
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT user.id AS user_id, user.name AS user_name, user.domain_id AS user_domain_id, user.password AS user_password, user.enabled AS user_enabled, user.extra AS user_extra
FROM user
WHERE user.id = %s
 LIMIT %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('8cbad06dd1764bae93612132ca62671d', 1)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT user_group_membership.user_id AS user_group_membership_user_id, user_group_membership.group_id AS user_group_membership_group_id
FROM user_group_membership
WHERE user_group_membership.user_id = %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('8cbad06dd1764bae93612132ca62671d',)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT domain.id AS domain_id, domain.name AS domain_name, domain.enabled AS domain_enabled, domain.extra AS domain_extra
FROM domain
WHERE domain.id = %s
 LIMIT %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('default', 1)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT domain.id AS domain_id, domain.name AS domain_name, domain.enabled AS domain_enabled, domain.extra AS domain_extra
FROM domain
WHERE domain.id = %s
 LIMIT %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('default', 1)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT endpoint.id AS endpoint_id, endpoint.legacy_endpoint_id AS endpoint_legacy_endpoint_id, endpoint.interface AS endpoint_interface, endpoint.region AS endpoint_region, endpoint.service_id AS endpoint_service_id, endpoint.url AS endpoint_url, endpoint.extra AS endpoint_extra
FROM endpoint
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ()
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] SELECT role.id AS role_id, role.name AS role_name, role.extra AS role_extra
FROM role
WHERE role.id = %s
 LIMIT %s
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('00872ea74fd04700bdebecc62884a36d', 1)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] BEGIN (implicit)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] INSERT INTO token (id, expires, extra, valid, user_id, trust_id) VALUES (%s, %s, %s, %s, %s, %s)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] ('db727a58a4a47e94a94a9e3e48c7254b', datetime.datetime(2013, 5, 11, 7, 12, 54, 154898), '{"key": "MIIDEAYJKoZIhvcNAQcCoIIDATCCAv0CAQExCTAHBgUrDgMCGjCCAekGCSqGSIb3DQEHAaCCAdoEggHWeyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0xMFQwNzoxMjo1NC4xNjE0MTIiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTExVDA3OjEyOjU0WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVsbCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiNDVhNTIxNDEzZDliNDNmZjg4OGFiYjdkZTk4NzgxNzEiLCAibmFtZSI6ICJpU3RhY2stTTMifX0sICJzZXJ2aWNlQ2F0YWxvZyI6IFtdLCAidXNlciI6IHsidXNlcm5hbWUiOiAidGVzdCIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQiOiAiOGNiYWQwNmRkMTc2NGJhZTkzNjEyMTMyY2E2MjY3MWQiLCAicm9sZXMiOiBbeyJuYW1lIjogImFkbWluIn1dLCAibmFtZSI6ICJ0ZXN0In0sICJtZXRhZGF0YSI6IHsiaXNfYWRtaW4iOiAwLCAicm9sZXMiOiBbIjAwODcyZWE3NGZkMDQ3MDBiZGViZWNjNjI4ODRhMzZkIl19fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAi7yJ1kATHb0fKz6fSribjFyBL3CwTtFau-w0T-Yu0PgFJZ6Opw3-s5sDNiIijKNcvAPKV0B68Bttp76TK--1cXpNjj428BH1OW7nhCuHApj4kRCjTHR23RV5Ek8TXkC-n2PDllS0EzZAQPm4-WMxs-9APDX4jiYxai5SRJN4AWk=", "user": {"email": null, "tenantId": null, "enabled": true, "name": "test", "id": "8cbad06dd1764bae93612132ca62671d"}, "tenant": {"enabled": true, "description": null, "name": "iStack-M3", "id": "45a521413d9b43ff888abb7de9878171"}, "metadata": {"roles": ["00872ea74fd04700bdebecc62884a36d"]}}', 1, '8cbad06dd1764bae93612132ca62671d', None)
2013-05-10 15:12:54 INFO [sqlalchemy.engine.base.Engine] COMMIT
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] ******************** RESPONSE HEADERS ********************
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] Vary = X-Auth-Token
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] Content-Type = application/json
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] Content-Length = 1511
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi]
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] ******************** RESPONSE BODY ********************
2013-05-10 15:12:54 DEBUG [keystone.common.wsgi] {"access": {"token": {"issued_at": "2013-05-10T07:12:54.161412", "expires": "2013-05-11T07:12:54Z", "id": "MIIDEAYJKoZIhvcNAQcCoIIDATCCAv0CAQExCTAHBgUrDgMCGjCCAekGCSqGSIb3DQEHAaCCAdoEggHWeyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0xMFQwNzoxMjo1NC4xNjE0MTIiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTExVDA3OjEyOjU0WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVsbCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiNDVhNTIxNDEzZDliNDNmZjg4OGFiYjdkZTk4NzgxNzEiLCAibmFtZSI6ICJpU3RhY2stTTMifX0sICJzZXJ2aWNlQ2F0YWxvZyI6IFtdLCAidXNlciI6IHsidXNlcm5hbWUiOiAidGVzdCIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQiOiAiOGNiYWQwNmRkMTc2NGJhZTkzNjEyMTMyY2E2MjY3MWQiLCAicm9sZXMiOiBbeyJuYW1lIjogImFkbWluIn1dLCAibmFtZSI6ICJ0ZXN0In0sICJtZXRhZGF0YSI6IHsiaXNfYWRtaW4iOiAwLCAicm9sZXMiOiBbIjAwODcyZWE3NGZkMDQ3MDBiZGViZWNjNjI4ODRhMzZkIl19fX0xgf8wgfwCAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVW5zZXQxDjAMBgNVBAcTBVVuc2V0MQ4wDAYDVQQKEwVVbnNldDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAi7yJ1kATHb0fKz6fSribjFyBL3CwTtFau-w0T-Yu0PgFJZ6Opw3-s5sDNiIijKNcvAPKV0B68Bttp76TK--1cXpNjj428BH1OW7nhCuHApj4kRCjTHR23RV5Ek8TXkC-n2PDllS0EzZAQPm4-WMxs-9APDX4jiYxai5SRJN4AWk=", "tenant": {"description": null, "enabled": true, "id": "45a521413d9b43ff888abb7de9878171", "name": "iStack-M3"}}, "serviceCatalog": [], "user": {"username": "test", "roles_links": [], "id": "8cbad06dd1764bae93612132ca62671d", "roles": [{"name": "admin"}], "name": "test"}, "metadata": {"is_admin": 0, "roles": ["00872ea74fd04700bdebecc62884a36d"]}}}
2013-05-10 15:12:54 INFO [access] 192.168.11.11 - - [10/May/2013:07:12:54 +0000] "POST http://192.168.11.11:5000/v2.0/tokens HTTP/1.0" 200 1511
2013-05-10 15:12:54 DEBUG [eventlet.wsgi.server] 192.168.11.11 - - [10/May/2013 15:12:54] "POST /v2.0/tokens HTTP/1.1" 200 1641 0.071543

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Identity (keystone) Edit question
Assignee:
No assignee Edit question
Solved by:
li,chen
Solved:
Last query:
Last reply:
Revision history for this message
li,chen (chen-li) said : 		#1

Sorry, I forgot to create an endpoint for keystone.