Openstack credential failed


#1

I wanted to add the openstack cloud and vmware infrastructure to the manageIQ. The vmware vcenter passed the credential and managed by manageIQ. While the openstack failed.
Here were the steps:

  1. Downloaded the latest manageIQ vmware appliance and imported to the vmware ESXI sucesssfully.
    2 Installed the Mirantis Openstack 6.0 (Juno version), and the user admin could login the horizon.
  2. Added the openstack info to the manageIQ, the valid input were the IP address o the keystone, port. But the default credential with user admin and talent admin failed.
    The error message in web UI was “Unexpected response returned from system, see log for details”

I checked the /var/www/miq/vmdb/log/evm.log

[----] I, [2015-03-20T15:33:26.402189 #20260:fc380c] INFO – : MIQ(MiqQueue.put) Message id: [3880], id: [], Zone: [default], Role: [], Server: [], Ident: [generic], Target id: [], Instance id: [], Task id: [], Command: [MiqEvent.raise_evm_event], Timeout: [600], Priority: [100], State: [ready], Deliver On: [], Data: [], Args: [[“EmsOpenstack”, 4], “ems_auth_error”, {}]
[----] W, [2015-03-20T15:33:26.402276 #20260:fc380c] WARN – : MIQ(EmsOpenstack.authentication_check) type: [nil] for [4] [openstack] Validation failed due to error: [Unexpected response returned from system, see log for details]
[----] I, [2015-03-20T15:33:26.424463 #20260:fc380c] INFO – : MIQ(MiqWorker.log_status) MiqEmsRefreshWorkerOpenstack: [Refresh Worker for Cloud/Infrastructure Provider: openstack] Worker ID [27], PID [20260], GUID [6bfe27f2-cf16-11e4-bfb2-0050569b1120], Last Heartbeat [2015-03-20 15:33:19 UTC], Process Info: Memory Usage [118702080], Memory Size [380596224], Memory % [1.93], CPU Time [1253.0], CPU % [0.05], Priority [27]
[----] E, [2015-03-20T15:33:26.425012 #20260:fc380c] ERROR – : MIQ(EmsRefreshWorkerOpenstack) EMS [172.16.81.200] as [admin] ID [27] PID [20260] GUID [6bfe27f2-cf16-11e4-bfb2-0050569b1120] EMS id [4] failed authentication check. Worker exiting.

My question are:

  1. How to improve the log level to get the debug info.
  2. How to debug the credentail issue?
  3. Any wrong steps I made?

Miles Kuo
jinbing.guo@cloudsource.cn
www.cloudsource.cn


[Solved] Problem with new EMS Cloud
#2

The Mirantis Openstack is the standard community Openstack distribution. The keystone port is 5000.

See the attachments.



#3

@mileskuo, could you try inputting the correct IP address both in the IP address field and the hostname field? The hostname vs ip distinction is in the process of being fixed but right now, openstack is using mainly the hostname.


#4

You can always set level_fog to debug if you want a greater level of detail in the fog.log in the advanced configuration of ManageIQ.


#5

I fixed this issue by creating a route between the openstack admin network with the manageIQ network. When the manageIQ connects the openstack, it need to access the openstack admin network instead of the public network.

Thanks eminguez, I found the peoblem from the debug info.
Thanks himdel for your help too.


#6

mileskuo, can you elaborate more on how you created a route between the 2 network?


#7

I ran into ManageIQ to Openstack comm issues as well. See [Solved] Excon::Errors::Timeout

Bottom line is that Fog requires visibility of the publicURL, adminURL and possibly the InternalURL keystone publishes.

If you write sample Fog code to test connectivity between the ManageIQ VM and Openstack you can use EXCON_DEBUG=true environement variable to get verbose output.


#8

cc @blomquisg . We have another issue somewhere in the fact that we use the admin endpoint instead of the public endpoint. In that other issue the admin endpoint had an internal IP of 192.168… and it could not be accessed. The public endpoint was externally accessible.


#9

I’ve done a little digging into the fog code around this, and I’ve definitely seen it using the publicURL and the adminURL endpoints. I’ve never seen it reference the internalURL endpoints.

I’m not sure if the attempts to access the adminURL are bugs or are necessary for certain operations. I’m not familiar enough with OpenStack APIs to know what things are required to use the adminURL.


#10

That’s good info! Thanks @egvalentejr!


#11

When you exercise connectivity using Fog and the Excon debug flag you can
see that it first establishes a connection with the publicURL to obtain the
authorization token. After that it talks to Openstack’s adminURL using
that token.