search

cloudify-cosmo / cloudify-openstack-plugin

Cloudify OpenStack Plugin
20 stars 66 forks source link

Request requires authentication #329

Open nfisdev opened 4 years ago

nfisdev commented 4 years ago

Hello,

I am trying to get cloudify to talk to openstack. I have tried a number of ways but I always get an error saying the "request requires authentication".

I have provided credentials every time I have tried.

Here is my most recent attempt at a blueprint. All of the secrets in the inputs have been defined. I get the same error when I go through the GUI for creating deployments and also when I hard coded the values into the blueprint.

tosca_definitions_version: cloudify_dsl_1_3

imports:
  - http://www.getcloudify.org/spec/cloudify/5.0.0/types.yaml
  - plugin:cloudify-openstack-plugin

inputs:
  auth_url:
    type: string
    default: { get_secret: keystone_url }
  username:
    type: string
    default: { get_secret: keystone_username }
  password:
    type: string
    default: { get_secret: keystone_password }
  project_name:
    type: string
    default: { get_secret: keystone_tenant_name }
  region_name:
    type: string
    default: { get_secret: keystone_region }
  external_network_id:
    type: string
    default: nfis
    description: A network that provisions floating IPs.
  user_domain_name:
    type: string
    default: { get_secret: user_domain_name }
  project_domain_name:
    type: string
    default: { get_secret: project_domain_name }

node_templates:
  example-network:
    type: cloudify.nodes.openstack.Network
    properties:
      client_config:
        auth_url: { get_input: auth_url }
        username: { get_input: username }
        password: { get_input: password }
        insecure: true
        project_name: { get_input: project_name }
        region_name: { get_input:  region_name }
        project_domain_name: { get_input:  project_domain_name }
        user_domain_name: { get_input:  user_domain_name }
      resource_config:
        name: example-network

Here is the stack trace:

2019-12-12 18:59:13.797  CFY <deployment1> [example-network_x5c4gv.create] Task failed 'openstack_plugin.resources.network.network.create' -> The request you have made requires authentication. (HTTP 401) (Request-ID: req-54f88489-9f9d-4e9e-87f1-ff4661678497)
Traceback (most recent call last):
  File "/opt/mgmtworker/env/lib/python2.7/site-packages/cloudify/dispatch.py", line 813, in main
    payload = handler.handle()
  File "/opt/mgmtworker/env/lib/python2.7/site-packages/cloudify/dispatch.py", line 461, in handle
    result = self._run_operation_func(ctx, kwargs)
  File "/opt/mgmtworker/env/lib/python2.7/site-packages/cloudify/dispatch.py", line 519, in _run_operation_func
    return self.func(*self.args, **kwargs)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/openstack_plugin/decorators.py", line 147, in wrapper
    func(**kwargs_config)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/openstack_plugin/decorators.py", line 104, in wrapper_inner
    func(**kwargs)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/openstack_plugin/resources/network/network.py", line 55, in create
    created_resource = openstack_resource.create()
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/openstack_sdk/resources/networks.py", line 69, in create
    network = self.connection.network.create_network(**self.config)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/openstack/service_description.py", line 87, in __get__
    proxy = self._make_proxy(instance)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/openstack/service_description.py", line 235, in _make_proxy
    **version_kwargs
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/openstack/config/cloud_region.py", line 710, in get_session_client
    service_type, constructor)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/openstack/config/cloud_region.py", line 656, in _get_hardcoded_endpoint
    endpoint = adapter.get_endpoint()
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 282, in get_endpoint
    return self.session.get_endpoint(auth or self.auth, **kwargs)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/keystoneauth1/session.py", line 1225, in get_endpoint
    return auth.get_endpoint(self, **kwargs)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 380, in get_endpoint
    allow_version_hack=allow_version_hack, **kwargs)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 271, in get_endpoint_data
    service_catalog = self.get_access(session).service_catalog
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 134, in get_access
    self.auth_ref = self.get_auth_ref(session)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py", line 208, in get_auth_ref
    return self._plugin.get_auth_ref(session, **kwargs)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py", line 184, in get_auth_ref
    authenticated=False, log=False, **rkwargs)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/keystoneauth1/session.py", line 1131, in post
    return self.request(url, 'POST', **kwargs)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-openstack-plugin-3.2.9/lib/python2.7/site-packages/keystoneauth1/session.py", line 968, in request
    raise exceptions.from_response(resp, method, url)
Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-54f88489-9f9d-4e9e-87f1-ff4661678497)

I have been working on this for a while and would greatly appreciate any help, i'm sure its something simple that I am missing.

I would be happy to provide any more information you require.

nfisdev commented 4 years ago

I have continued working on this.

I found that I only got this error when using the QCOW image from this page https://cloudify.co/getting-started/

When I switched to a fresh CentOS7 image and installed the RPM package, I dont get this error any more, even with the same blueprints/inputs.

I think that there is something wrong with the build on the QCOW image, and it doesn't use the authentication credentials when talking to Openstack.

EarthmanT commented 4 years ago

@nfisdev I have tried this on my vagrant machine and did not experience the error that you mentioned. IF you remove 

        project_domain_name: { get_input:  project_domain_name }
        user_domain_name: { get_input:  user_domain_name }

does the error persist?

nfisdev commented 4 years ago

@EarthmanT

Thanks for getting back to me. The project_domain_name and user_domain_name according to these docs. https://docs.cloudify.co/5.0.0/working_with/official_plugins/infrastructure/openstackv3/

I have now used the docker manager image and the RPM package and I have not got this error on either.

EarthmanT commented 4 years ago

@nfisdev are you using Keystone V3 Auth URL? The way the docs are written it might be confusing that Openstack Plugin v3 is mentioned. I will update the docs....regardless may not have been the issue.

nfisdev commented 4 years ago

Sorry I took so long to get back to you on this. I am using Keystone V3.

I stopped having this problem when I switched from the provided QCOW image to the RPM image. I think it was something wrong with the QCOW image.

eduardocalfaia commented 4 years ago

Hello guys, I am having the same problem with the clearwater blueprint, I proved with the hello-world blueprint and the credentials work. I am using the plugin version 2.14.18.

2020-06-21 17:03:43.544 CFY [sprout_security_group_wifytr.create] Task failed 'neutron_plugin.security_group.create' -> The request you have made requires authentication. (HTTP 401) (Request-ID: req-d9045f1a-ce88-4988-b99b-4ccedcea7690)

harris419-systologix commented 4 years ago

Sorry I took so long to get back to you on this. I am using Keystone V3.

I stopped having this problem when I switched from the provided QCOW image to the RPM image. I think it was something wrong with the QCOW image.

@nfisdev could you please provide the procedure of converting Centos to RPM image. And uploading the image to openstack glance service?