Bug 889224

Summary: keystoneclient receives a permission denied and openstack-dashboard reports inability to communicate with the identity service
Product: Red Hat OpenStack Reporter: Giulio Fidente <gfidente>
Component: doc-Getting_Started_GuideAssignee: Stephen Gordon <sgordon>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: medium Docs Contact:
Priority: medium    
Version: 2.1CC: apevec, ayoung, breeler, dgao, rkukura, sgordon
Target Milestone: rcKeywords: Documentation, Triaged
Target Release: 2.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Red_Hat_OpenStack_Preview-Getting_Started_Guide-2-web-en-US-1.0-11.el6eng Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-06 17:22:32 EST Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Giulio Fidente 2012-12-20 09:50:36 EST
Description of problem:
login on dashboard fails, the dashboard logs report the following:

[Tue Dec 18 18:27:32 2012] [error] Authorization Failed.
[Tue Dec 18 18:27:32 2012] [error] Traceback (most recent call last):
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/client.py", line 105, in authenticate
[Tue Dec 18 18:27:32 2012] [error]     return_raw=True)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/tokens.py", line 37, in authenticate
[Tue Dec 18 18:27:32 2012] [error]     return self._create('/tokens', params, "access", return_raw=return_raw)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/base.py", line 82, in _create
[Tue Dec 18 18:27:32 2012] [error]     resp, body = self.api.post(url, body=body)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 179, in post
[Tue Dec 18 18:27:32 2012] [error]     return self._cs_request(url, 'POST', **kwargs)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 160, in _cs_request
[Tue Dec 18 18:27:32 2012] [error]     **kwargs)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 140, in request
[Tue Dec 18 18:27:32 2012] [error]     raise exceptions.from_response(resp, body)
[Tue Dec 18 18:27:32 2012] [error] BadRequest: Unable to communicate with identity service: [Errno 13] Permission denied. (HTTP 400)


Version-Release number of selected component (if applicable):
python-keystoneclient-0.1.3.27-1.el6.noarch
openstack-dashboard-2012.2.1-2.el6ost.noarch


Steps to Reproduce:
1. install openstack-dashboard on a different system from the one where keystone service is deployed
2. configure OPENSTACK_HOST in /etc/openstack-dashboard/local_settings
3. restart httpd
  

Actual results:
login isn't allowed (using correct credentials)
Comment 2 Adam Young 2012-12-21 09:50:27 EST
The SELinux command for HTTP to be able to make Remote calls is not being saved over the reboot. This is a Horizon issue, not Keystone.

The "sudo setsebool httpd_can_network_connect on" command from the getting started guide is not persistent.

Looks like "-P" is needed

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/2/html/Getting_Started_Guide/chapter-Horizon.html
Comment 3 Giulio Fidente 2012-12-21 12:56:54 EST
FWIW, as per comment #2 I can confirm that setting the boolean fixed the problem
Comment 4 Stephen Gordon 2013-01-24 16:45:14 EST
I was already pottering around in this area as a result of Bug # 889118 so I will take this one as well.
Comment 5 Stephen Gordon 2013-01-24 16:54:50 EST
commit aeaf4df71036b1ddd9caf731f47a75a1bf62f015
Comment 6 Stephen Gordon 2013-01-24 17:00:52 EST
*** Bug 889348 has been marked as a duplicate of this bug. ***
Comment 7 Stephen Gordon 2013-01-24 18:38:57 EST
*** Bug 903862 has been marked as a duplicate of this bug. ***
Comment 8 Stephen Gordon 2013-01-25 16:47:05 EST
Fixed in Red_Hat_OpenStack_Preview-Getting_Started_Guide-2-web-en-US-1.0-11.el6eng