Question posted in 
I am installing openstack(Minimal deployment for Ussuri), I have installed Horizon, but I face invalid credential. below you may find the configuration:
you may find the Horizon configuration, openstack domain and user in below:
[root@controller ~]# grep ^[^#] /etc/openstack-dashboard/local_settings
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
WEBROOT = '/dashboard'
LOCAL_PATH = '/tmp'
SECRET_KEY='971e40214e7da556a451'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
TIME_ZONE = "UTC"
LOGGING = {
'version': 1,
# When set to True this will disable all logging except
# for loggers specified in this configuration dictionary. Note that
# if nothing is specified here and disable_existing_loggers is True,
# django.db.backends will still log unless it is disabled explicitly.
'disable_existing_loggers': False,
# If apache2 mod_wsgi is used to deploy OpenStack dashboard
# timestamp is output by mod_wsgi. If WSGI framework you use does not
# output timestamp for logging, add %(asctime)s in the following
# format definitions.
'formatters': {
'console': {
'format': '%(levelname)s %(name)s %(message)s'
},
'operation': {
# The format of "%(message)s" is defined by
# OPERATION_LOG_OPTIONS['format']
'format': '%(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': 'DEBUG' if DEBUG else 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'console',
},
'operation': {
'level': 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'operation',
},
},
'loggers': {
'horizon': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'horizon.operation_log': {
'handlers': ['operation'],
'level': 'INFO',
'propagate': False,
},
'openstack_dashboard': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'novaclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'cinderclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneauth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'glanceclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'neutronclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'swiftclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'oslo_policy': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_auth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'django': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
# Logging from django.db.backends is VERY verbose, send to null
# by default.
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'requests': {
'handlers': ['null'],
'propagate': False,
},
'urllib3': {
'handlers': ['null'],
'propagate': False,
},
'chardet.charsetprober': {
'handlers': ['null'],
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
'scss': {
'handlers': ['null'],
'propagate': False,
},
},
}
SECURITY_GROUP_RULES = {
'all_tcp': {
'name': _('All TCP'),
'ip_protocol': 'tcp',
'from_port': '1',
'to_port': '65535',
},
'all_udp': {
'name': _('All UDP'),
'ip_protocol': 'udp',
'from_port': '1',
'to_port': '65535',
},
'all_icmp': {
'name': _('All ICMP'),
'ip_protocol': 'icmp',
'from_port': '-1',
'to_port': '-1',
},
'ssh': {
'name': 'SSH',
'ip_protocol': 'tcp',
'from_port': '22',
'to_port': '22',
},
'smtp': {
'name': 'SMTP',
'ip_protocol': 'tcp',
'from_port': '25',
'to_port': '25',
},
'dns': {
'name': 'DNS',
'ip_protocol': 'tcp',
'from_port': '53',
'to_port': '53',
},
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
},
'pop3': {
'name': 'POP3',
'ip_protocol': 'tcp',
'from_port': '110',
'to_port': '110',
},
'imap': {
'name': 'IMAP',
'ip_protocol': 'tcp',
'from_port': '143',
'to_port': '143',
},
'ldap': {
'name': 'LDAP',
'ip_protocol': 'tcp',
'from_port': '389',
'to_port': '389',
},
'https': {
'name': 'HTTPS',
'ip_protocol': 'tcp',
'from_port': '443',
'to_port': '443',
},
'smtps': {
'name': 'SMTPS',
'ip_protocol': 'tcp',
'from_port': '465',
'to_port': '465',
},
'imaps': {
'name': 'IMAPS',
'ip_protocol': 'tcp',
'from_port': '993',
'to_port': '993',
},
'pop3s': {
'name': 'POP3S',
'ip_protocol': 'tcp',
'from_port': '995',
'to_port': '995',
},
'ms_sql': {
'name': 'MS SQL',
'ip_protocol': 'tcp',
'from_port': '1433',
'to_port': '1433',
},
'mysql': {
'name': 'MYSQL',
'ip_protocol': 'tcp',
'from_port': '3306',
'to_port': '3306',
},
'rdp': {
'name': 'RDP',
'ip_protocol': 'tcp',
'from_port': '3389',
'to_port': '3389',
},
}
[root@controller ~]# openstack domain list
+---------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+---------+---------+---------+--------------------+
| default | Default | True | The default domain |
+---------+---------+---------+--------------------+
[root@controller ~]# openstack user list
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 14a3b199599b49a1a46c3fac98ae766a | admin |
| 576d0127cd2247a8af78ea2444687d3c | glance |
| dc2319d312ee4e2da8a604ae58859695 | placement |
| 53ea4668161346d4934c63ac7b33c360 | nova |
| 02066788c9c1487aa2b324ec37200f3d | neutron |
+----------------------------------+-----------+
I use , Default in domin, admin in user and password: 123456 in horizon dashboard:
[root@controller ~]# cat ./admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
Also you may find the Apache error:
[root@controller ~]# tail /var/log/httpd/error_log
[Sun Jun 07 17:02:29.550943 2020] [http2:warn] [pid 3078:tid 139723183282432] AH02951: mod_ssl does not seem to be enabled
[Sun Jun 07 17:02:29.572160 2020] [mpm_event:notice] [pid 3078:tid 139723183282432] AH00489: Apache/2.4.37 (centos) mod_wsgi/4.6.4 Python/3.6 configured -- resuming normal operations
[Sun Jun 07 17:02:29.572225 2020] [core:notice] [pid 3078:tid 139723183282432] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Jun 07 17:02:40.937530 2020] [wsgi:error] [pid 3084:tid 139722767623936] WARNING:root:Use of this 'djano.wsgi' file has been deprecated since the Rocky release in favor of 'wsgi.py' in the 'openstack_dashboard' module. This file is a legacy naming from before Django 1.4 and an importable 'wsgi.py' is now the default. This file will be removed in the T release cycle.
[Sun Jun 07 21:02:48.256669 2020] [wsgi:error] [pid 3084:tid 139722767623936] /usr/lib64/python3.6/site-packages/scss/namespace.py:172: DeprecationWarning: inspect.getargspec() is deprecated since Python 3.0, use inspect.signature() or inspect.getfullargspec()
[Sun Jun 07 21:02:48.256716 2020] [wsgi:error] [pid 3084:tid 139722767623936] argspec = inspect.getargspec(function)
[Sun Jun 07 17:03:06.452632 2020] [authz_core:error] [pid 3092:tid 139722449999616] [client 10.0.0.11:49322] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public
[Sun Jun 07 21:03:06.472128 2020] [wsgi:error] [pid 3084:tid 139722767623936] [remote 192.168.137.1:53803] INFO openstack_auth.forms Login failed for user "admin" using domain "Default", remote address 192.168.137.1.
[Sun Jun 07 17:03:10.522805 2020] [authz_core:error] [pid 3092:tid 139722340894464] [client 10.0.0.11:49332] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public
[Sun Jun 07 21:03:10.524561 2020] [wsgi:error] [pid 3084:tid 139722809587456] [remote 192.168.137.1:53804] INFO openstack_auth.forms Login failed for user "admin" using domain "Default", remote address 192.168.137.1.
Can anybody support me please 🙂
3
Answers
It’s happening due to unproper setup for "all in controller" in keystone apache2 site.
You’ve got to change the keystone.conf in apache in the next way:
First put:
"WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}" line, outside and immediatly before "VirtualHost" definition. Remove it from into the declaration.
Second add:
"Require all granted" line into "Location" for /identity Alias.
I hope this may help.
Horizon config: OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST
However, your RC file contains export OS_AUTH_URL=http://controller:5000/v3
I guess replacing http://%s/identity with http://%s:5000 should fix it.
I have same problem. When I try log in with my username, password and domain name I always get Invalid credentials.
But I fixed that.
open local_settings.py
Default line comes like that. You should change this line.
My solve is,
then you should restart Apache.
You can log in.
Good luck !
after log in screenshot