skip to Main Content

I am installing openstack(Minimal deployment for Ussuri), I have installed Horizon, but I face invalid credential. below you may find the configuration:

you may find the Horizon configuration, openstack domain and user in below:

 [root@controller ~]# grep ^[^#] /etc/openstack-dashboard/local_settings
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
WEBROOT = '/dashboard'
LOCAL_PATH = '/tmp'
SECRET_KEY='971e40214e7da556a451'
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
TIME_ZONE = "UTC"
LOGGING = {
    'version': 1,
    # When set to True this will disable all logging except
    # for loggers specified in this configuration dictionary. Note that
    # if nothing is specified here and disable_existing_loggers is True,
    # django.db.backends will still log unless it is disabled explicitly.
    'disable_existing_loggers': False,
    # If apache2 mod_wsgi is used to deploy OpenStack dashboard
    # timestamp is output by mod_wsgi. If WSGI framework you use does not
    # output timestamp for logging, add %(asctime)s in the following
    # format definitions.
    'formatters': {
        'console': {
            'format': '%(levelname)s %(name)s %(message)s'
        },
        'operation': {
            # The format of "%(message)s" is defined by
            # OPERATION_LOG_OPTIONS['format']
            'format': '%(message)s'
        },
    },
    'handlers': {
        'null': {
            'level': 'DEBUG',
            'class': 'logging.NullHandler',
        },
        'console': {
            # Set the level to "DEBUG" for verbose output logging.
            'level': 'DEBUG' if DEBUG else 'INFO',
            'class': 'logging.StreamHandler',
            'formatter': 'console',
        },
        'operation': {
            'level': 'INFO',
            'class': 'logging.StreamHandler',
            'formatter': 'operation',
        },
    },
    'loggers': {
        'horizon': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'horizon.operation_log': {
            'handlers': ['operation'],
            'level': 'INFO',
            'propagate': False,
        },
        'openstack_dashboard': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'novaclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'cinderclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'keystoneauth': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'keystoneclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'glanceclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'neutronclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'swiftclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'oslo_policy': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'openstack_auth': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'django': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        # Logging from django.db.backends is VERY verbose, send to null
        # by default.
        'django.db.backends': {
            'handlers': ['null'],
            'propagate': False,
        },
        'requests': {
            'handlers': ['null'],
            'propagate': False,
        },
        'urllib3': {
            'handlers': ['null'],
            'propagate': False,
        },
        'chardet.charsetprober': {
            'handlers': ['null'],
            'propagate': False,
        },
        'iso8601': {
            'handlers': ['null'],
            'propagate': False,
        },
        'scss': {
            'handlers': ['null'],
            'propagate': False,
        },
    },
}
SECURITY_GROUP_RULES = {
    'all_tcp': {
        'name': _('All TCP'),
        'ip_protocol': 'tcp',
        'from_port': '1',
        'to_port': '65535',
    },
    'all_udp': {
        'name': _('All UDP'),
        'ip_protocol': 'udp',
        'from_port': '1',
        'to_port': '65535',
    },
    'all_icmp': {
        'name': _('All ICMP'),
        'ip_protocol': 'icmp',
        'from_port': '-1',
        'to_port': '-1',
    },
    'ssh': {
        'name': 'SSH',
        'ip_protocol': 'tcp',
        'from_port': '22',
        'to_port': '22',
    },
    'smtp': {
        'name': 'SMTP',
        'ip_protocol': 'tcp',
        'from_port': '25',
        'to_port': '25',
    },
    'dns': {
        'name': 'DNS',
        'ip_protocol': 'tcp',
        'from_port': '53',
        'to_port': '53',
    },
    'http': {
        'name': 'HTTP',
        'ip_protocol': 'tcp',
        'from_port': '80',
        'to_port': '80',
    },
    'pop3': {
        'name': 'POP3',
        'ip_protocol': 'tcp',
        'from_port': '110',
        'to_port': '110',
    },
    'imap': {
        'name': 'IMAP',
        'ip_protocol': 'tcp',
        'from_port': '143',
        'to_port': '143',
    },
    'ldap': {
        'name': 'LDAP',
        'ip_protocol': 'tcp',
        'from_port': '389',
        'to_port': '389',
    },
    'https': {
        'name': 'HTTPS',
        'ip_protocol': 'tcp',
        'from_port': '443',
        'to_port': '443',
    },
    'smtps': {
        'name': 'SMTPS',
        'ip_protocol': 'tcp',
        'from_port': '465',
        'to_port': '465',
    },
    'imaps': {
        'name': 'IMAPS',
        'ip_protocol': 'tcp',
        'from_port': '993',
        'to_port': '993',
    },
    'pop3s': {
        'name': 'POP3S',
        'ip_protocol': 'tcp',
        'from_port': '995',
        'to_port': '995',
    },
    'ms_sql': {
        'name': 'MS SQL',
        'ip_protocol': 'tcp',
        'from_port': '1433',
        'to_port': '1433',
    },
    'mysql': {
        'name': 'MYSQL',
        'ip_protocol': 'tcp',
        'from_port': '3306',
        'to_port': '3306',
    },
    'rdp': {
        'name': 'RDP',
        'ip_protocol': 'tcp',
        'from_port': '3389',
        'to_port': '3389',
    },
}

[root@controller ~]# openstack domain list
+---------+---------+---------+--------------------+
| ID      | Name    | Enabled | Description        |
+---------+---------+---------+--------------------+
| default | Default | True    | The default domain |
+---------+---------+---------+--------------------+
[root@controller ~]# openstack user list
+----------------------------------+-----------+
| ID                               | Name      |
+----------------------------------+-----------+
| 14a3b199599b49a1a46c3fac98ae766a | admin     |
| 576d0127cd2247a8af78ea2444687d3c | glance    |
| dc2319d312ee4e2da8a604ae58859695 | placement |
| 53ea4668161346d4934c63ac7b33c360 | nova      |
| 02066788c9c1487aa2b324ec37200f3d | neutron   |
+----------------------------------+-----------+

I use , Default in domin, admin in user and password: 123456 in horizon dashboard:

[root@controller ~]# cat ./admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

Also you may find the Apache error:

[root@controller ~]# tail /var/log/httpd/error_log

[Sun Jun 07 17:02:29.550943 2020] [http2:warn] [pid 3078:tid 139723183282432] AH02951: mod_ssl does not seem to be enabled
[Sun Jun 07 17:02:29.572160 2020] [mpm_event:notice] [pid 3078:tid 139723183282432] AH00489: Apache/2.4.37 (centos) mod_wsgi/4.6.4 Python/3.6 configured -- resuming normal operations
[Sun Jun 07 17:02:29.572225 2020] [core:notice] [pid 3078:tid 139723183282432] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Jun 07 17:02:40.937530 2020] [wsgi:error] [pid 3084:tid 139722767623936] WARNING:root:Use of this 'djano.wsgi' file has been deprecated since the Rocky release in favor of 'wsgi.py' in the 'openstack_dashboard' module. This file is a legacy naming from before Django 1.4 and an importable 'wsgi.py' is now the default. This file will be removed in the T release cycle.
[Sun Jun 07 21:02:48.256669 2020] [wsgi:error] [pid 3084:tid 139722767623936] /usr/lib64/python3.6/site-packages/scss/namespace.py:172: DeprecationWarning: inspect.getargspec() is deprecated since Python 3.0, use inspect.signature() or inspect.getfullargspec()
[Sun Jun 07 21:02:48.256716 2020] [wsgi:error] [pid 3084:tid 139722767623936]   argspec = inspect.getargspec(function)
[Sun Jun 07 17:03:06.452632 2020] [authz_core:error] [pid 3092:tid 139722449999616] [client 10.0.0.11:49322] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public
[Sun Jun 07 21:03:06.472128 2020] [wsgi:error] [pid 3084:tid 139722767623936] [remote 192.168.137.1:53803] INFO openstack_auth.forms Login failed for user "admin" using domain "Default", remote address 192.168.137.1.
[Sun Jun 07 17:03:10.522805 2020] [authz_core:error] [pid 3092:tid 139722340894464] [client 10.0.0.11:49332] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public
[Sun Jun 07 21:03:10.524561 2020] [wsgi:error] [pid 3084:tid 139722809587456] [remote 192.168.137.1:53804] INFO openstack_auth.forms Login failed for user "admin" using domain "Default", remote address 192.168.137.1.

Can anybody support me please 🙂

3

Answers


  1. It’s happening due to unproper setup for "all in controller" in keystone apache2 site.

    You’ve got to change the keystone.conf in apache in the next way:

    First put:

    "WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}" line, outside and immediatly before "VirtualHost" definition. Remove it from into the declaration.

    Second add:

    "Require all granted" line into "Location" for /identity Alias.

    I hope this may help.

    Login or Signup to reply.
  2. Horizon config: OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST

    However, your RC file contains export OS_AUTH_URL=http://controller:5000/v3

    I guess replacing http://%s/identity with http://%s:5000 should fix it.

    Login or Signup to reply.
  3. I have same problem. When I try log in with my username, password and domain name I always get Invalid credentials.

    But I fixed that.

    open local_settings.py

    nano /etc/openstack-dashboard/local_settings.py
    

    Default line comes like that. You should change this line.

    OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3.0" % OPENSTACK_HOST
    

    My solve is,

    OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
    

    then you should restart Apache.

    systemctl reload apache2.service
    

    You can log in.

    Good luck !
    after log in screenshot

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search