Authentication error in openstack with new domain

Question

My openstack was working fine with the default domain. Today I created another domain domainTwo using

openstack create doamin domainTwo

created a new project domainTwoProject

openstack project create --domain domainTwo --description "Admin Project" domainTwoProject

and a new user domainTwoAdmin

openstack user create --domain domainTwo --password-prompt domainTwoAdmin

Created the admin role:

openstack role create admin

Added the admin role to the domainTwoProject project and user:

openstack role add --project domainTwoProject --user domainTwoAdmin admin

Now when I am trying to login with horizon dashboard in domain domainTwo with username domainTwoAdmin and Password XXXXXXXXXX it works perfectly. When I am trying it with source admins-openrc.sh

The content of admin-openrc.sh is:

export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=XXXXX
export OS_AUTH_URL=http://XXX.XXX.XXX.XXXX:35357/v3
export OS_IDENTITY_API_VERSION=3

after that I run openstack token issue and I got desired output. However when I am trying this command with source admin-domaintwo.sh I am not getting desired output.

The content of admin-domaintwo.sh is:

export OS_PROJECT_DOMAIN_ID=XXXXXXXXXXXXXXXXXXXXXXXXX
export OS_USER_DOMAIN_ID=XXXXXXXXXXXXXXXXXXXXXXXX
export OS_PROJECT_NAME=domainTwoProject
export OS_TENANT_NAME=domainTwoProject
export OS_USERNAME=domainTwoAdmin
export OS_PASSWORD=XXXXX
export OS_AUTH_URL=http://XXX.XXX.XXX.XXXX:35357/v3
export OS_IDENTITY_API_VERSION=3

i got error

The request you have made requires authentication. (HTTP 401) (Request-ID: req-IDXXXXXXXXXXXXXXXXXXX)

what error message you get , may be you need a fresh shell with previous env variables cleared — Ijaz Ahmad, Jun 29 '16 at 20:35
The request you have made requires authentication. (HTTP 401) (Request-ID: req-xXXXXXXXXXXXXXX — Tiger, Jun 30 '16 at 05:05

score 1 · Answer 1 · answered Feb 01 '17 at 08:44

I don't know if you find the solution or not but I want to provide an approach that will help to solve this types of problem. I also face this problem and found solution.

From your comment,It seems that you are having problem of authentication. Authentication is handled by keystone component of openstack. So to find what is exactly problematic we need to check each related components log messages.

First check the access log of httpd, I am giving command for continuous view of logs,you can open this in another tab.

tail -f /var/log/httpd/access_log

now check the error message of httpd

tail -f /var/log/httpd/error_log

check keystone log

tail -f /var/log/keystone/keystone.log

Try to figure out what goes wrong. Also check the configuration file of horizon local settings.

/etc/openstack-dashboard/local_settings

specially OPENSTACK_KEYSTONE_URL this field, and OPENSTACK_API_VERSIONS,OPENSTACK_KEYSTONE_DEFAULT_DOMAIN,OPENSTACK_KEYSTONE_DEFAULT_ROLE. Double check you IDENTITY VERSION and Keystone endpoint url version,check if versions are identical in both dashboard configuration and service endpoints.

This is research process which will help you find out what is wrong about authentication.

If you start over the installation procedure,in each step verify the operation for each components like first install keystone and check if it okay and go on. This will help to identify and troubleshoot further problem.

score 1 · Answer 2 · edited Aug 08 '17 at 16:10

1

I think:

openstack role add --domain domainTwo --user domainTwoAdmin admin

openstack role add --project domainTwoProject --user domainTwoAdmin admin

edited Aug 08 '17 at 16:10

Jeff Schaller

66,199
35
114
250

answered Aug 08 '17 at 15:38

김지호

11
1

Authentication error in openstack with new domain

2 Answers2