Description of problem: login on dashboard fails, the dashboard logs report the following: [Tue Dec 18 18:27:32 2012] [error] Authorization Failed. [Tue Dec 18 18:27:32 2012] [error] Traceback (most recent call last): [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/client.py", line 105, in authenticate [Tue Dec 18 18:27:32 2012] [error] return_raw=True) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/tokens.py", line 37, in authenticate [Tue Dec 18 18:27:32 2012] [error] return self._create('/tokens', params, "access", return_raw=return_raw) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/base.py", line 82, in _create [Tue Dec 18 18:27:32 2012] [error] resp, body = self.api.post(url, body=body) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 179, in post [Tue Dec 18 18:27:32 2012] [error] return self._cs_request(url, 'POST', **kwargs) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 160, in _cs_request [Tue Dec 18 18:27:32 2012] [error] **kwargs) [Tue Dec 18 18:27:32 2012] [error] File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 140, in request [Tue Dec 18 18:27:32 2012] [error] raise exceptions.from_response(resp, body) [Tue Dec 18 18:27:32 2012] [error] BadRequest: Unable to communicate with identity service: [Errno 13] Permission denied. (HTTP 400) Version-Release number of selected component (if applicable): python-keystoneclient-0.1.3.27-1.el6.noarch openstack-dashboard-2012.2.1-2.el6ost.noarch Steps to Reproduce: 1. install openstack-dashboard on a different system from the one where keystone service is deployed 2. configure OPENSTACK_HOST in /etc/openstack-dashboard/local_settings 3. restart httpd Actual results: login isn't allowed (using correct credentials)
The SELinux command for HTTP to be able to make Remote calls is not being saved over the reboot. This is a Horizon issue, not Keystone. The "sudo setsebool httpd_can_network_connect on" command from the getting started guide is not persistent. Looks like "-P" is needed https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/2/html/Getting_Started_Guide/chapter-Horizon.html
FWIW, as per comment #2 I can confirm that setting the boolean fixed the problem
I was already pottering around in this area as a result of Bug # 889118 so I will take this one as well.
commit aeaf4df71036b1ddd9caf731f47a75a1bf62f015
*** Bug 889348 has been marked as a duplicate of this bug. ***
*** Bug 903862 has been marked as a duplicate of this bug. ***
Fixed in Red_Hat_OpenStack_Preview-Getting_Started_Guide-2-web-en-US-1.0-11.el6eng