Janaka Wicks: Openstack Grizzly API 401, 400 Issue (Packstack, RDO)

I had some api authentication issues with old Grizzly (EOL as of now, https://wiki.openstack.org/wiki/Releases) installation, fortunately found some insights from http://www.blackmesh.com/blog/openstack-refusing-authentication-psh

Some useful commands

 # openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -enddate -noout  
 notAfter=Aug 21 03:38:40 2014 GMT

Following were my steps

   
 # Backup /etc/keystone/ssl/certs  
 mv /etc/keystone/ssl/certs /etc/keystone/ssl/certs-backup  
   
 # Create folder, copy openssl.cnf  
 mkdir /etc/keystone/ssl/certs  
 cp /etc/keystone/ssl/certs-backup/openssl.cnf /etc/keystone/ssl/certs/.  
   
 #change default_days to 3650  
 vim /etc/keystone/ssl/certs/openssl.cnf  
   
 # run pki_setup  
 keystone-manage pki_setup  
   
 # set permissions  
 chown -R keystone:keystone /etc/keystone/ssl/certs/  
   
 # I found my key signing locations were bit different  
 # for nova-api it was /tmp/keystone-signing-nova  
 # backup and copy  
 cp /tmp/keystone-signing-nova/cacert.pem /tmp/keystone-signing-nova/cacert.pem-old  
 cp /tmp/keystone-signing-nova/signing_cert.pem /tmp/keystone-signing-nova/signing_cert.pem-old  
 # NOTE: ca.pem to cacert.pem  
 cp /etc/keystone/ssl/certs/ca.pem /tmp/keystone-signing-nova/cacert.pem  
 cp /etc/keystone/ssl/certs/signing_cert.pem /tmp/keystone-signing-nova/signing_cert.pem  
 # give permissoin  
 chown -R nova:nova /tmp/keystone-signing-nova  
   
 # for cinder it was /var/lib/cinder/  
 cp /var/lib/cinder/cacert.pem /var/lib/cinder/cacert.pem-old  
 cp /var/lib/cinder/signing_cert.pem /var/lib/cinder/signing_cert.pem-old  
 cp /etc/keystone/ssl/certs/ca.pem /var/lib/cinder/cacert.pem  
 cp /etc/keystone/ssl/certs/signing_cert.pem /var/lib/cinder/signing_cert.pem  
 chown cinder:cinder /var/lib/cinder/cacert.pem  
 chown cinder:cinder /var/lib/cinder/signing_cert.pem  
   
   
 #Restart the services  
 service openstack-keystone restart  
 service openstack-nova-api restart  
 service openstack-cinder-api restart  
 service openstack-glance-registry restart  
 service openstack-glance-api restart

Janaka Wicks

Tuesday, October 21, 2014

Openstack Grizzly API 401, 400 Issue (Packstack, RDO)

No comments: