Bug 889224 - keystoneclient receives a permission denied and openstack-dashboard reports inability to communicate with the identity service
keystoneclient receives a permission denied and openstack-dashboard reports i...
Status: CLOSED CURRENTRELEASE
Product: Red Hat OpenStack
Classification: Red Hat
Component: doc-Getting_Started_Guide (Show other bugs)
2.1
Unspecified Unspecified
medium Severity medium
: rc
: 2.1
Assigned To: Stephen Gordon
ecs-bugs
: Documentation, Triaged
: 889348 903862 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-20 09:50 EST by Giulio Fidente
Modified: 2013-03-06 17:22 EST (History)
6 users (show)

See Also:
Fixed In Version: Red_Hat_OpenStack_Preview-Getting_Started_Guide-2-web-en-US-1.0-11.el6eng
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-03-06 17:22:32 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Giulio Fidente 2012-12-20 09:50:36 EST
Description of problem:
login on dashboard fails, the dashboard logs report the following:

[Tue Dec 18 18:27:32 2012] [error] Authorization Failed.
[Tue Dec 18 18:27:32 2012] [error] Traceback (most recent call last):
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/client.py", line 105, in authenticate
[Tue Dec 18 18:27:32 2012] [error]     return_raw=True)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/tokens.py", line 37, in authenticate
[Tue Dec 18 18:27:32 2012] [error]     return self._create('/tokens', params, "access", return_raw=return_raw)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/base.py", line 82, in _create
[Tue Dec 18 18:27:32 2012] [error]     resp, body = self.api.post(url, body=body)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 179, in post
[Tue Dec 18 18:27:32 2012] [error]     return self._cs_request(url, 'POST', **kwargs)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 160, in _cs_request
[Tue Dec 18 18:27:32 2012] [error]     **kwargs)
[Tue Dec 18 18:27:32 2012] [error]   File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 140, in request
[Tue Dec 18 18:27:32 2012] [error]     raise exceptions.from_response(resp, body)
[Tue Dec 18 18:27:32 2012] [error] BadRequest: Unable to communicate with identity service: [Errno 13] Permission denied. (HTTP 400)


Version-Release number of selected component (if applicable):
python-keystoneclient-0.1.3.27-1.el6.noarch
openstack-dashboard-2012.2.1-2.el6ost.noarch


Steps to Reproduce:
1. install openstack-dashboard on a different system from the one where keystone service is deployed
2. configure OPENSTACK_HOST in /etc/openstack-dashboard/local_settings
3. restart httpd
  

Actual results:
login isn't allowed (using correct credentials)
Comment 2 Adam Young 2012-12-21 09:50:27 EST
The SELinux command for HTTP to be able to make Remote calls is not being saved over the reboot. This is a Horizon issue, not Keystone.

The "sudo setsebool httpd_can_network_connect on" command from the getting started guide is not persistent.

Looks like "-P" is needed

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_OpenStack_Preview/2/html/Getting_Started_Guide/chapter-Horizon.html
Comment 3 Giulio Fidente 2012-12-21 12:56:54 EST
FWIW, as per comment #2 I can confirm that setting the boolean fixed the problem
Comment 4 Stephen Gordon 2013-01-24 16:45:14 EST
I was already pottering around in this area as a result of Bug # 889118 so I will take this one as well.
Comment 5 Stephen Gordon 2013-01-24 16:54:50 EST
commit aeaf4df71036b1ddd9caf731f47a75a1bf62f015
Comment 6 Stephen Gordon 2013-01-24 17:00:52 EST
*** Bug 889348 has been marked as a duplicate of this bug. ***
Comment 7 Stephen Gordon 2013-01-24 18:38:57 EST
*** Bug 903862 has been marked as a duplicate of this bug. ***
Comment 8 Stephen Gordon 2013-01-25 16:47:05 EST
Fixed in Red_Hat_OpenStack_Preview-Getting_Started_Guide-2-web-en-US-1.0-11.el6eng

Note You need to log in before you can comment on or make changes to this bug.