nova, keystone and euca-tools

Asked by David Kranz on 2011-10-24

When using diablo with keystone, it seems not possible to use nova-manage to generate credentials for euca-tools. Is there some different way to generate the credentials?

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Solved by:
David Kranz
Solved:
2011-10-27
Last query:
2011-10-27
Last reply:
David Kranz (david-kranz) said : #1

See the current trunk of devstack which creates the creds and has an 'openrc' file that is sourceable and allows euca2ools to work again. There is also a bit of code in nova-manage to export users projects and keys to keystone which uses it. We don't really do anything with them in the nova code per se.

Vish

On Oct 27, 2011, at 9:22 AM, Joseph Heck wrote:

> On Oct 27, 2011, at 9:19 AM, Vishvananda Ishaya wrote:
>> On Oct 25, 2011, at 12:05 PM, Joseph Heck wrote:
>>> Q: What's the keystone-manage command for "credential add" do? There's also no corresponding delete or disable - is this password update for the passwords that are set on "keystone-manage user add"? If not, how are those passwords updated?
>>>
>>> Q: What are "type" and "key" as related to "credential add" command, and what are they intended to do?
>> We use the credential add command to store ec2 credentials. The idea behind credentials could be that a user would have a number of different credentials of different types. Oauth keys, ec2 secret and access, etc. I hacked the ability to add the ec2 credentials in because we needed it to make the ec2 api work in nova. The idea was that more robust support would be added through admin api extensions later.
> Thanks Vish! Any quick pointers to nova code (or where to find them) so I can see how you're using it today? I want to slap this into the docs (which are anemic in this area at the moment, since I didn't grok it)
>
> -joe
>
>

Yun Mao (yunmao) said : #2

Unfortunately in the devstack scripted installation, it only works for euca-describe-instances,
euca-describe-images, at least for me.

When I tried euca-run-instances, the error is:
$ euca-run-instances ami-00000004
Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
None: None

The log on the nova-api daemon looks like this:
2011-10-27 18:29:22,288 DEBUG nova [-] HTTP PERF: 0.01362 seconds to
GET 127.0.0.1:35357 /v2.0/tokens/bd9c6abd-eeb4-4ba9-b49e-7aafe790ef9c)
from (pid=2774) getresponse
/opt/stack/keystone/keystone/common/bufferedhttp.py:99
2011-10-27 18:29:22,301 DEBUG nova [-] HTTP PERF: 0.01282 seconds to
GET 127.0.0.1:35357 /v2.0/tokens/bd9c6abd-eeb4-4ba9-b49e-7aafe790ef9c)
from (pid=2774) getresponse
/opt/stack/keystone/keystone/common/bufferedhttp.py:99
2011-10-27 18:29:22,302 DEBUG nova.api [-] action: RunInstances from
(pid=2774) __call__ /opt/stack/nova/nova/api/ec2/__init__.py:240
2011-10-27 18:29:22,302 DEBUG nova.api [-] arg: ImageId val:
ami-0000000 from (pid=2774) __call__
/opt/stack/nova/nova/api/ec2/__init__.py:242
2011-10-27 18:29:22,303 DEBUG nova.api [-] arg: MaxCount
 val: 1 from (pid=2774) __call__
/opt/stack/nova/nova/api/ec2/__init__.py:242
2011-10-27 18:29:22,303 DEBUG nova.api [-] arg: MinCount
 val: 1 from (pid=2774) __call__
/opt/stack/nova/nova/api/ec2/__init__.py:242
2011-10-27 18:29:22,303 DEBUG nova.api [-] arg: InstanceType
 val: m1.small from (pid=2774) __call__
/opt/stack/nova/nova/api/ec2/__init__.py:242
2011-10-27 18:29:22,303 AUDIT nova.api
[4f056dc4-6515-4bd0-bd09-0c1584b9fc39 demo 2] Unauthorized request for
controller=CloudController and action=RunInstances
2011-10-27 18:29:22,304 INFO nova.api
[4f056dc4-6515-4bd0-bd09-0c1584b9fc39 demo 2] 0.60822s 127.0.0.1 POST
/services/Cloud/ CloudController:RunInstances 401 [Boto/2.0 (linux2)]
application/x-www-form-urlencoded text/plain

Vish Ishaya (vishvananda) said : #3

Nice one. Forgot to add the relevent roles:

https://github.com/cloudbuilders/devstack/pull/116

That fixes it.

Vish
On Oct 28, 2011, at 7:55 AM, Yun Mao wrote:

> Question #176014 on OpenStack Compute (nova) changed:
> https://answers.launchpad.net/nova/+question/176014
>
> Yun Mao posted a new comment:
> Unfortunately in the devstack scripted installation, it only works for euca-describe-instances,
> euca-describe-images, at least for me.
>
> When I tried euca-run-instances, the error is:
> $ euca-run-instances ami-00000004
> Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
> None: None
>
> The log on the nova-api daemon looks like this:
> 2011-10-27 18:29:22,288 DEBUG nova [-] HTTP PERF: 0.01362 seconds to
> GET 127.0.0.1:35357 /v2.0/tokens/bd9c6abd-eeb4-4ba9-b49e-7aafe790ef9c)
> from (pid=2774) getresponse
> /opt/stack/keystone/keystone/common/bufferedhttp.py:99
> 2011-10-27 18:29:22,301 DEBUG nova [-] HTTP PERF: 0.01282 seconds to
> GET 127.0.0.1:35357 /v2.0/tokens/bd9c6abd-eeb4-4ba9-b49e-7aafe790ef9c)
> from (pid=2774) getresponse
> /opt/stack/keystone/keystone/common/bufferedhttp.py:99
> 2011-10-27 18:29:22,302 DEBUG nova.api [-] action: RunInstances from
> (pid=2774) __call__ /opt/stack/nova/nova/api/ec2/__init__.py:240
> 2011-10-27 18:29:22,302 DEBUG nova.api [-] arg: ImageId val:
> ami-0000000 from (pid=2774) __call__
> /opt/stack/nova/nova/api/ec2/__init__.py:242
> 2011-10-27 18:29:22,303 DEBUG nova.api [-] arg: MaxCount
> val: 1 from (pid=2774) __call__
> /opt/stack/nova/nova/api/ec2/__init__.py:242
> 2011-10-27 18:29:22,303 DEBUG nova.api [-] arg: MinCount
> val: 1 from (pid=2774) __call__
> /opt/stack/nova/nova/api/ec2/__init__.py:242
> 2011-10-27 18:29:22,303 DEBUG nova.api [-] arg: InstanceType
> val: m1.small from (pid=2774) __call__
> /opt/stack/nova/nova/api/ec2/__init__.py:242
> 2011-10-27 18:29:22,303 AUDIT nova.api
> [4f056dc4-6515-4bd0-bd09-0c1584b9fc39 demo 2] Unauthorized request for
> controller=CloudController and action=RunInstances
> 2011-10-27 18:29:22,304 INFO nova.api
> [4f056dc4-6515-4bd0-bd09-0c1584b9fc39 demo 2] 0.60822s 127.0.0.1 POST
> /services/Cloud/ CloudController:RunInstances 401 [Boto/2.0 (linux2)]
> application/x-www-form-urlencoded text/plain
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

sanjaya dahal (sdtranquility) said : #4

hi i am using keystone and trying to run instance through cli. but whenever i run the follwing command i got stuck any idea
clouduser@clouduser:~/creds$ euca-add-keypair demo > demo.priv
clouduser@clouduser:~/creds$ chmod 0600 demo.priv
clouduser@clouduser:~/creds$ euca-describe-keypairs
[Errno -2] Name or service not known
clouduser@clouduser:~/creds$ euca-describe-images
[Errno -2] Name or service not known