Bug 889224
| Summary: | keystoneclient receives a permission denied and openstack-dashboard reports inability to communicate with the identity service | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Giulio Fidente <gfidente> |
| Component: | doc-Getting_Started_Guide | Assignee: | Stephen Gordon <sgordon> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | ecs-bugs |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2.1 | CC: | apevec, ayoung, breeler, dgao, rkukura, sgordon |
| Target Milestone: | rc | Keywords: | Documentation, Triaged |
| Target Release: | 2.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Red_Hat_OpenStack_Preview-Getting_Started_Guide-2-web-en-US-1.0-11.el6eng | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-03-06 22:22:32 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The SELinux command for HTTP to be able to make Remote calls is not being saved over the reboot. This is a Horizon issue, not Keystone. The "sudo setsebool httpd_can_network_connect on" command from the getting started guide is not persistent. Looks like "-P" is needed https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/2/html/Getting_Started_Guide/chapter-Horizon.html FWIW, as per comment #2 I can confirm that setting the boolean fixed the problem I was already pottering around in this area as a result of Bug # 889118 so I will take this one as well. commit aeaf4df71036b1ddd9caf731f47a75a1bf62f015 *** Bug 889348 has been marked as a duplicate of this bug. *** *** Bug 903862 has been marked as a duplicate of this bug. *** Fixed in Red_Hat_OpenStack_Preview-Getting_Started_Guide-2-web-en-US-1.0-11.el6eng |
Description of problem: login on dashboard fails, the dashboard logs report the following: [Tue Dec 18 18:27:32 2012] [error] Authorization Failed. [Tue Dec 18 18:27:32 2012] [error] Traceback (most recent call last): [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/client.py", line 105, in authenticate [Tue Dec 18 18:27:32 2012] [error] return_raw=True) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/tokens.py", line 37, in authenticate [Tue Dec 18 18:27:32 2012] [error] return self._create('/tokens', params, "access", return_raw=return_raw) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/base.py", line 82, in _create [Tue Dec 18 18:27:32 2012] [error] resp, body = self.api.post(url, body=body) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 179, in post [Tue Dec 18 18:27:32 2012] [error] return self._cs_request(url, 'POST', **kwargs) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 160, in _cs_request [Tue Dec 18 18:27:32 2012] [error] **kwargs) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 140, in request [Tue Dec 18 18:27:32 2012] [error] raise exceptions.from_response(resp, body) [Tue Dec 18 18:27:32 2012] [error] BadRequest: Unable to communicate with identity service: [Errno 13] Permission denied. (HTTP 400) Version-Release number of selected component (if applicable): python-keystoneclient-0.1.3.27-1.el6.noarch openstack-dashboard-2012.2.1-2.el6ost.noarch Steps to Reproduce: 1. install openstack-dashboard on a different system from the one where keystone service is deployed 2. configure OPENSTACK_HOST in /etc/openstack-dashboard/local_settings 3. restart httpd Actual results: login isn't allowed (using correct credentials)