clarification about apel-ssm-openstack replacement

[marcoverl]

Hello, i am not sure what i should replace: i have a cron job with: [root@egi-cloud ~]# cat /var/lib/osssm/cron -# extract and buffer usage records 0 /2 * * \ apel /usr/bin/osssm.extract

-# send buffered usage records to APEL/SSM 15 /12 * * \ apel /usr/bin/osssm.push

-# send buffered usage records to GOC 30 /24 * * \ apel /usr/bin/ssmsend

where: /usr/bin/osssm.extract , .push and /etc/osssmrc come from: [root@egi-cloud ~]# rpm -qf /usr/bin/osssm.extract apel-ssm-openstack-1.19-1.noarch and [root@egi-cloud ~]# rpm -qf /usr/bin/ssmsend apel-ssm-2.1.1-0.el6.noarch

In /etc/osssmrc i have some config. values similar to the one i have now in /etc/caso/caso.conf.

So, can i simply remove apel-ssm-openstack-1.19-1.noarch and replace /usr/bin/osssm.extract in the cron job with caso-extract? what about /usr/bin/osssm.push? is something done inside caso-extract?

[enolfc]

Hi,

you can remove apel-ssm-openstack and replace the two cron jobs with a single one that invokes caso-extract, there is no "push" needed.

The ssmsend in cron will still be needed, that's what sends records to the accounting portal.

Cheers, Enol.

[marcoverl]

now i get this ssl error, any hint?

[apel@egi-cloud ~]$ /home/apel/.virtualenvs/caso/bin/caso-extract 2015-01-27 19:01:31.037 1521 CRITICAL caso [-] SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) 2015-01-27 19:01:31.037 1521 TRACE caso Traceback (most recent call last): 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/bin/caso-extract", line 10, in 2015-01-27 19:01:31.037 1521 TRACE caso sys.exit(main()) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/cmd/extract.py", line 32, in main 2015-01-27 19:01:31.037 1521 TRACE caso manager.run() 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/manager.py", line 71, in run 2015-01-27 19:01:31.037 1521 TRACE caso records = self.extractor_manager.get_records(lastrun=self.lastrun) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/manager.py", line 86, in get_records 2015-01-27 19:01:31.037 1521 TRACE caso self._extract(extract_from) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/manager.py", line 72, in _extract 2015-01-27 19:01:31.037 1521 TRACE caso extract_from) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/nova.py", line 57, in extract_for_tenant 2015-01-27 19:01:31.037 1521 TRACE caso conn = self._get_conn(tenant) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/nova.py", line 45, in _get_conn 2015-01-27 19:01:31.037 1521 TRACE caso conn.authenticate() 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 169, in wrapper 2015-01-27 19:01:31.037 1521 TRACE caso return f(self, _args, _kwargs) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/v1_1/client.py", line 239, in authenticate 2015-01-27 19:01:31.037 1521 TRACE caso self.client.authenticate() 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 586, in authenticate 2015-01-27 19:01:31.037 1521 TRACE caso auth_url = self._v2_auth(auth_url) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 677, in _v2_auth 2015-01-27 19:01:31.037 1521 TRACE caso return self._authenticate(url, body) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 690, in _authenticate 2015-01-27 19:01:31.037 1521 TRACE caso _kwargs) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 439, in _time_request 2015-01-27 19:01:31.037 1521 TRACE caso resp, body = self.request(url, method, _kwargs) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 410, in request 2015-01-27 19:01:31.037 1521 TRACE caso _kwargs) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/requests/api.py", line 49, in request 2015-01-27 19:01:31.037 1521 TRACE caso response = session.request(method=method, url=url, _kwargs) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/requests/sessions.py", line 461, in request 2015-01-27 19:01:31.037 1521 TRACE caso resp = self.send(prep, _send_kwargs) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/requests/sessions.py", line 573, in send 2015-01-27 19:01:31.037 1521 TRACE caso r = adapter.send(request, *_kwargs) 2015-01-27 19:01:31.037 1521 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/requests/adapters.py", line 431, in send 2015-01-27 19:01:31.037 1521 TRACE caso raise SSLError(e, request=request) 2015-01-27 19:01:31.037 1521 TRACE caso SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) 2015-01-27 19:01:31.037 1521 TRACE caso

[feyzaeryol]

Hi,

I am taking the same certificate verify failed error on my installation. Do we need to set true the insecure parameter in caso.conf?

Cheers,

--feyza

[alvarolopez]

No, you shouldn't use the insecure flag in a production environment.

This is not a cASO problem, but a problem with the installation that cASO is using. The SSL error is caused by the requests module when it is use by any of the OpenStack clients. This is due to the fact that it cannot verify the server's certificate because it is not contained in the CA bundle. This will happen for all the OpenStack clients, not only for cASO.

• When python-requests is installed using the distribution packages it is normally patched so that the CA bundle used is the system's default.
  • On Debian systems it is /etc/ssl/certs/ca-certificates.crt from the ca-certificates package.
  • On RH systems it is /etc/pki/tls/certs/ca-bundle.crt also from the ca-certificates package.
• If it is not installed using the distribution packages (e.g. it is installed via pip) python-requests uses its own vendorized CA bundle, located in the distribution directory (i.e. requests/cacert.pem).

In either case, it is needed to add tha CA that signed the host's certificates to the trusted CA bundle that requests is using. In the case of the system-wide bundles, you should refer to the documentation of those packages. In the case of using the requests' vendorized CA bundle, I guess it is enough to append the correct certificates to the end of the cacert.pem file.

@marcoverl, you are in the later case (you have your own installation in /home/apel/.virtualenvs/caso/lib/python2.7/site-packages/requests/) so you have to add the CA certificate corresponding to your host's certificate to the cacert.pem file bundled with your requests installation.

@feyzaeryol I do not know the details of your installation, but I hope that the information above helps you.

[feyzaeryol]

Hi Alvaro,

This solves my problem. Now it is works without any error.

Cheers,

--feyza

[marcoverl]

ok, fixed the issue with the cert bundle, now i get some issue related to keystone users:

[apel@egi-cloud ~]$ /home/apel/.virtualenvs/caso/bin/caso-extract 2015-01-28 11:48:30.480 28928 CRITICAL caso [-] AttributeError: username 2015-01-28 11:48:30.480 28928 TRACE caso Traceback (most recent call last): 2015-01-28 11:48:30.480 28928 TRACE caso File "/home/apel/.virtualenvs/caso/bin/caso-extract", line 10, in 2015-01-28 11:48:30.480 28928 TRACE caso sys.exit(main()) 2015-01-28 11:48:30.480 28928 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/cmd/extract.py", line 32, in main 2015-01-28 11:48:30.480 28928 TRACE caso manager.run() 2015-01-28 11:48:30.480 28928 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/manager.py", line 71, in run 2015-01-28 11:48:30.480 28928 TRACE caso records = self.extractor_manager.get_records(lastrun=self.lastrun) 2015-01-28 11:48:30.480 28928 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/manager.py", line 86, in get_records 2015-01-28 11:48:30.480 28928 TRACE caso self._extract(extract_from) 2015-01-28 11:48:30.480 28928 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/manager.py", line 72, in _extract 2015-01-28 11:48:30.480 28928 TRACE caso extract_from) 2015-01-28 11:48:30.480 28928 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/nova.py", line 59, in extract_for_tenant 2015-01-28 11:48:30.480 28928 TRACE caso users = self._get_keystone_users(ks_conn) 2015-01-28 11:48:30.480 28928 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/base.py", line 99, in _get_keystone_users 2015-01-28 11:48:30.480 28928 TRACE caso return {u.id: u.username for u in users} 2015-01-28 11:48:30.480 28928 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/base.py", line 99, in 2015-01-28 11:48:30.480 28928 TRACE caso return {u.id: u.username for u in users} 2015-01-28 11:48:30.480 28928 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/keystoneclient/openstack/common/apiclient/base.py", line 480, in getattr 2015-01-28 11:48:30.480 28928 TRACE caso raise AttributeError(k) 2015-01-28 11:48:30.480 28928 TRACE caso AttributeError: username 2015-01-28 11:48:30.480 28928 TRACE caso

[alvarolopez]

This was already solved in #11, please update caso to 0.1.2.

[marcoverl]

ok, i've updated to 0.1.2, but now i have auth. issues, even if everything seems ok in the caso.conf, and OS commands works for the OS accounting user as expected from the command line.

(caso)[apel@egi-cloud ~]$ caso-extract -d -v 2015-01-31 17:54:04.748 15670 CRITICAL caso [-] Unauthorized: The request you have made requires authentication. (HTTP 401) 2015-01-31 17:54:04.748 15670 TRACE caso Traceback (most recent call last): 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/bin/caso-extract", line 10, in 2015-01-31 17:54:04.748 15670 TRACE caso sys.exit(main()) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/cmd/extract.py", line 32, in main 2015-01-31 17:54:04.748 15670 TRACE caso manager.run() 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/manager.py", line 71, in run 2015-01-31 17:54:04.748 15670 TRACE caso records = self.extractor_manager.get_records(lastrun=self.lastrun) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/manager.py", line 86, in get_records 2015-01-31 17:54:04.748 15670 TRACE caso self._extract(extract_from) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/manager.py", line 72, in _extract 2015-01-31 17:54:04.748 15670 TRACE caso extract_from) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/nova.py", line 57, in extract_for_tenant 2015-01-31 17:54:04.748 15670 TRACE caso conn = self._get_conn(tenant) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/nova.py", line 45, in _get_conn 2015-01-31 17:54:04.748 15670 TRACE caso conn.authenticate() 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 169, in wrapper 2015-01-31 17:54:04.748 15670 TRACE caso return f(self, _args, _kwargs) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/v1_1/client.py", line 239, in authenticate 2015-01-31 17:54:04.748 15670 TRACE caso self.client.authenticate() 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 586, in authenticate 2015-01-31 17:54:04.748 15670 TRACE caso auth_url = self._v2_auth(auth_url) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 677, in _v2_auth 2015-01-31 17:54:04.748 15670 TRACE caso return self._authenticate(url, body) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 690, in _authenticate 2015-01-31 17:54:04.748 15670 TRACE caso _kwargs) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 439, in _time_request 2015-01-31 17:54:04.748 15670 TRACE caso resp, body = self.request(url, method, *_kwargs) 2015-01-31 17:54:04.748 15670 TRACE caso File "/home/apel/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 433, in request 2015-01-31 17:54:04.748 15670 TRACE caso raise exceptions.from_response(resp, body, url, method) 2015-01-31 17:54:04.748 15670 TRACE caso Unauthorized: The request you have made requires authentication. (HTTP 401) 2015-01-31 17:54:04.748 15670 TRACE caso

[alvarolopez]

Almost nothing has changed from 0.1.1 to 0.1.2, so this should not be because of the update (the only relevant change was the fix for #11 (git diff 0.1.1 0.1.2). Are you sure that you are using the correct file?

In https://github.com/IFCA/caso/issues/15#issuecomment-71815128 you were already contacting nova (it failed loading the users from Keystone), now you are not able to contact it again, and that code has not changed.

[marcoverl]

Hi, i got some progress if i run caso-extract as root instead as apel (i am talking about linux user here). But still end with an auth error:

(caso)[root@egi-cloud]# caso-extract --version 0.1.2 (caso)[root@egi-cloud]# caso-extract -d -v 2015-02-02 16:26:55.317 23343 DEBUG keystoneclient.auth.identity.v2 [-] Making authentication request to https://egi-cloud.pd.infn.it:35357/v2.0/tokens get_auth_ref /root/.virtualenvs/caso/lib/python2.7/site-packages/keystoneclient/auth/identity/v2.py:76 2015-02-02 16:26:55.498 23343 DEBUG iso8601.iso8601 [-] Parsed 2015-02-03T15:26:55Z into {'tz_sign': None, 'second_fraction': None, 'hour': u'15', 'daydash': u'03', 'tz_hour': None, 'month': None, 'timezone': u'Z', 'second': u'55', 'tz_minute': None, 'year': u'2015', 'separator': u'T', 'monthdash': u'02', 'day': None, 'minute': u'26'} with default timezone <iso8601.iso8601.Utc object at 0x7f9bea76fd50> parse_date /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:184 2015-02-02 16:26:55.499 23343 DEBUG iso8601.iso8601 [-] Got u'2015' for 'year' with default None to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.499 23343 DEBUG iso8601.iso8601 [-] Got u'02' for 'monthdash' with default 1 to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.499 23343 DEBUG iso8601.iso8601 [-] Got 2 for 'month' with default 2 to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.499 23343 DEBUG iso8601.iso8601 [-] Got u'03' for 'daydash' with default 1 to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.499 23343 DEBUG iso8601.iso8601 [-] Got 3 for 'day' with default 3 to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.499 23343 DEBUG iso8601.iso8601 [-] Got u'15' for 'hour' with default None to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.499 23343 DEBUG iso8601.iso8601 [-] Got u'26' for 'minute' with default None to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.500 23343 DEBUG iso8601.iso8601 [-] Got u'55' for 'second' with default None to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.500 23343 DEBUG keystoneclient.auth.identity.v2 [-] Making authentication request to https://egi-cloud.pd.infn.it:35357/v2.0/tokens get_auth_ref /root/.virtualenvs/caso/lib/python2.7/site-packages/keystoneclient/auth/identity/v2.py:76 2015-02-02 16:26:55.654 23343 DEBUG iso8601.iso8601 [-] Parsed 2015-02-03T15:26:55Z into {'tz_sign': None, 'second_fraction': None, 'hour': u'15', 'daydash': u'03', 'tz_hour': None, 'month': None, 'timezone': u'Z', 'second': u'55', 'tz_minute': None, 'year': u'2015', 'separator': u'T', 'monthdash': u'02', 'day': None, 'minute': u'26'} with default timezone <iso8601.iso8601.Utc object at 0x7f9bea76fd50> parse_date /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:184 2015-02-02 16:26:55.655 23343 DEBUG iso8601.iso8601 [-] Got u'2015' for 'year' with default None to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.655 23343 DEBUG iso8601.iso8601 [-] Got u'02' for 'monthdash' with default 1 to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.655 23343 DEBUG iso8601.iso8601 [-] Got 2 for 'month' with default 2 to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.655 23343 DEBUG iso8601.iso8601 [-] Got u'03' for 'daydash' with default 1 to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.655 23343 DEBUG iso8601.iso8601 [-] Got 3 for 'day' with default 3 to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.655 23343 DEBUG iso8601.iso8601 [-] Got u'15' for 'hour' with default None to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.656 23343 DEBUG iso8601.iso8601 [-] Got u'26' for 'minute' with default None to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.656 23343 DEBUG iso8601.iso8601 [-] Got u'55' for 'second' with default None to_int /root/.virtualenvs/caso/lib/python2.7/site-packages/iso8601/iso8601.py:140 2015-02-02 16:26:55.656 23343 DEBUG keystoneclient.session [-] REQ: curl -g -i -X GET https://egi-cloud.pd.infn.it:35357/v2.0/tenants/9d81ceb3caa547a7a593d98b667386cf/users -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}5da7361dc8ca7705fed72fa04ac925f96b21aea5" _http_log_request /root/.virtualenvs/caso/lib/python2.7/site-packages/keystoneclient/session.py:171 2015-02-02 16:26:55.753 23343 DEBUG keystoneclient.session [-] RESP: [200] content-length: 847 content-encoding: gzip vary: X-Auth-Token,Accept-Encoding server: Apache/2.2.15 (Scientific Linux) connection: close date: Mon, 02 Feb 2015 15:26:55 GMT content-type: application/json RESP BODY: {"users": [{"enabled": true, "name": "/O=dutchgrid/O=users/O=egi/CN=Salvatore Pinto", "id": "010dd541467d4e21be31c2d63022c521"}, {"enabled": true, "name": "/C=IT/O=INFN/OU=Personal Certificate/L=Padova/CN=Marco Verlato", "id": "079b0a6b09234e9c870662b1659cf89a"}, {"enabled": true, "name": "/C=IT/O=INFN/OU=Personal Certificate/L=ENGINEERING RDLAB/CN=Pietro Fragnito", "id": "0e91a2fcd48044489170c6022cfd440a"}, {"enabled": true, "name": "/DC=es/DC=irisgrid/O=ciemat/CN=antonio-rubio", "id": "142f08da0d914631a2969db27a3256c5"}, {"enabled": true, "name": "/DC=es/DC=irisgrid/O=ifca/CN=Enol-Fernandez-delCastillo", "id": "25a5faedc4fa4ca8ae62a13fffe21a43"}, {"name": "admin", "id": "3df7f52f0a9f4900805d9ce52e579581", "enabled": true, "email": "test@test.com", "tenantId": "5e3e0f3a8d01411391ac61d7d30c0222"}, {"enabled": true, "name": "/DC=org/DC=terena/DC=tcs/C=CZ/O=CESNET/CN=Zdenek Sustr 4040", "id": "4e72065f05944298ac60e49741c10597"}, {"enabled": true, "name": "/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=kashif mohammad", "id": "5270dd8cfacd47f492c898607a31658d"}, {"enabled": true, "name": "/C=IT/O=INFN/OU=Personal Certificate/L=Catania/CN=Diego Scardaci", "id": "5e7a33a1d4a74b00b39f3d367dc99f69"}, {"enabled": true, "name": "/C=UK/O=eScience/OU=Manchester/L=HEP/CN=andrew mcnab", "id": "aa175cf9b93443f9a48e675e7ec628f9"}, {"enabled": true, "name": "/C=DE/O=GridGermany/OU=Forschungszentrum Juelich GmbH/CN=Bjoern Hagemeier", "id": "b594ef13af854d738d0bb883e52fff93"}, {"enabled": true, "name": "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=lvillazo/CN=757145/CN=Luis Villazon Esteban", "id": "bf0aea2b6459417893c21b501a6c14e2"}, {"name": "accounting", "enabled": true, "email": null, "id": "d4952e17b9bd445297efc0972f790b40"}]} _http_log_response /root/.virtualenvs/caso/lib/python2.7/site-packages/keystoneclient/session.py:199 2015-02-02 16:29:04.442 23343 CRITICAL caso [-] Unauthorized: Unauthorized (HTTP 401) 2015-02-02 16:29:04.442 23343 TRACE caso Traceback (most recent call last): 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/bin/caso-extract", line 10, in 2015-02-02 16:29:04.442 23343 TRACE caso sys.exit(main()) 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/lib/python2.7/site-packages/caso/cmd/extract.py", line 32, in main 2015-02-02 16:29:04.442 23343 TRACE caso manager.run() 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/lib/python2.7/site-packages/caso/manager.py", line 71, in run 2015-02-02 16:29:04.442 23343 TRACE caso records = self.extractor_manager.get_records(lastrun=self.lastrun) 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/manager.py", line 86, in get_records 2015-02-02 16:29:04.442 23343 TRACE caso self._extract(extract_from) 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/manager.py", line 72, in _extract 2015-02-02 16:29:04.442 23343 TRACE caso extract_from) 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/lib/python2.7/site-packages/caso/extract/nova.py", line 67, in extract_for_tenant 2015-02-02 16:29:04.442 23343 TRACE caso images = conn.images.list() 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/v1_1/images.py", line 69, in list 2015-02-02 16:29:04.442 23343 TRACE caso return self._list('/images%s%s' % (detail, query), 'images') 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/base.py", line 67, in _list 2015-02-02 16:29:04.442 23343 TRACE caso _resp, body = self.api.client.get(url) 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 487, in get 2015-02-02 16:29:04.442 23343 TRACE caso return self._cs_request(url, 'GET', **kwargs) 2015-02-02 16:29:04.442 23343 TRACE caso File "/root/.virtualenvs/caso/lib/python2.7/site-packages/novaclient/client.py", line 479, in _cs_request 2015-02-02 16:29:04.442 23343 TRACE caso raise e 2015-02-02 16:29:04.442 23343 TRACE caso Unauthorized: Unauthorized (HTTP 401) 2015-02-02 16:29:04.442 23343 TRACE caso

[marcoverl]

ok it was due to the Nova API bug you pointed out in the documentation, when using with --extract_from 2015-02-04 option it worked fine (as root, as apel user still having auth errors)

[marcoverl]

but unfortunately the error still arise if --extract_from option is not used, even if the file /var/spool/caso/lastrun now does exist

[marcoverl]

ok, actually the behaviour above is not reproducible, i can have:

(caso)[root@egi-cloud ~]# caso-extract -v 2015-02-05 23:34:47.657 10262 INFO caso.extract.manager [-] Extracted 0 records for tenant 'EGI_FCTF' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:34:48.662 10262 INFO caso.extract.manager [-] Extracted 0 records for tenant 'WeNMR' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:34:51.124 10262 INFO caso.extract.manager [-] Extracted 4 records for tenant 'EGI_atlas' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:34:52.646 10262 INFO caso.extract.manager [-] Extracted 0 records for tenant 'EGI_ops' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:34:53.606 10262 INFO caso.extract.manager [-] Extracted 0 records for tenant 'EGI_dteam' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:34:56.131 10262 CRITICAL caso [-] ConnectionError: ('Connection aborted.', BadStatusLine("''",))

and a two minutes later everyhting ok:

(caso)[root@egi-cloud ~]# caso-extract -v 2015-02-05 23:36:11.152 10742 INFO caso.extract.manager [-] Extracted 0 records for tenant 'EGI_FCTF' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:36:12.508 10742 INFO caso.extract.manager [-] Extracted 0 records for tenant 'WeNMR' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:36:15.160 10742 INFO caso.extract.manager [-] Extracted 4 records for tenant 'EGI_atlas' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:36:17.844 10742 INFO caso.extract.manager [-] Extracted 0 records for tenant 'EGI_ops' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:36:18.773 10742 INFO caso.extract.manager [-] Extracted 0 records for tenant 'EGI_dteam' from 2015-02-05 22:28:09.735728+00:00 to now 2015-02-05 23:36:19.864 10742 INFO caso.extract.manager [-] Extracted 0 records for tenant 'EGI_lhcb' from 2015-02-05 22:28:09.735728+00:00 to now

so, i think i can close the issue.