Bug 889224 - keystoneclient receives a permission denied and openstack-dashboard reports inability to communicate with the identity service
Summary: keystoneclient receives a permission denied and openstack-dashboard reports i...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: doc-Getting_Started_Guide
Version: 2.1
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: 2.1
Assignee: Stephen Gordon
QA Contact: ecs-bugs
URL:
Whiteboard:
: 889348 903862 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-12-20 14:50 UTC by Giulio Fidente
Modified: 2013-03-06 22:22 UTC (History)
6 users (show)

Fixed In Version: Red_Hat_OpenStack_Preview-Getting_Started_Guide-2-web-en-US-1.0-11.el6eng
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-06 22:22:32 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Giulio Fidente 2012-12-20 14:50:36 UTC 
Description of problem:
login on dashboard fails, the dashboard logs report the following:

[Tue Dec 18 18:27:32 2012] [error] Authorization Failed.
[Tue Dec 18 18:27:32 2012] [error] Traceback (most recent call last):
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/client.py", line 105, in authenticate
[Tue Dec 18 18:27:32 2012] [error]     return_raw=True)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/tokens.py", line 37, in authenticate
[Tue Dec 18 18:27:32 2012] [error]     return self._create('/tokens', params, "access", return_raw=return_raw)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/base.py", line 82, in _create
[Tue Dec 18 18:27:32 2012] [error]     resp, body = self.api.post(url, body=body)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 179, in post
[Tue Dec 18 18:27:32 2012] [error]     return self._cs_request(url, 'POST', **kwargs)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 160, in _cs_request
[Tue Dec 18 18:27:32 2012] [error]     **kwargs)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 140, in request
[Tue Dec 18 18:27:32 2012] [error]     raise exceptions.from_response(resp, body)
[Tue Dec 18 18:27:32 2012] [error] BadRequest: Unable to communicate with identity service: [Errno 13] Permission denied. (HTTP 400)


Version-Release number of selected component (if applicable):
python-keystoneclient-0.1.3.27-1.el6.noarch
openstack-dashboard-2012.2.1-2.el6ost.noarch


Steps to Reproduce:
1. install openstack-dashboard on a different system from the one where keystone service is deployed
2. configure OPENSTACK_HOST in /etc/openstack-dashboard/local_settings
3. restart httpd
  

Actual results:
login isn't allowed (using correct credentials)
Comment 2 Adam Young 2012-12-21 14:50:27 UTC 
The SELinux command for HTTP to be able to make Remote calls is not being saved over the reboot. This is a Horizon issue, not Keystone.

The "sudo setsebool httpd_can_network_connect on" command from the getting started guide is not persistent.

Looks like "-P" is needed

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/2/html/Getting_Started_Guide/chapter-Horizon.html
Comment 3 Giulio Fidente 2012-12-21 17:56:54 UTC 
FWIW, as per comment #2 I can confirm that setting the boolean fixed the problem
Comment 4 Stephen Gordon 2013-01-24 21:45:14 UTC 
I was already pottering around in this area as a result of Bug # 889118 so I will take this one as well.
Comment 5 Stephen Gordon 2013-01-24 21:54:50 UTC 
commit aeaf4df71036b1ddd9caf731f47a75a1bf62f015
Comment 6 Stephen Gordon 2013-01-24 22:00:52 UTC 
*** Bug 889348 has been marked as a duplicate of this bug. ***
Comment 7 Stephen Gordon 2013-01-24 23:38:57 UTC 
*** Bug 903862 has been marked as a duplicate of this bug. ***
Comment 8 Stephen Gordon 2013-01-25 21:47:05 UTC 
Fixed in Red_Hat_OpenStack_Preview-Getting_Started_Guide-2-web-en-US-1.0-11.el6eng
Note You need to log in before you can comment on or make changes to this bug.