0

We have installed a Keyrock instance (Horizon + Keystone) through the automated tools in a local enviroment (Ubuntu 14.0.4 LTS). We have followed this guide

Keystone host: ubuntuHost Keystone port: 5000

Horizon host: ubuntuHost Horizon port: 8000

We have installed a Pep Proxy Wilma in another local enviroment (Centos 6.6):

Pep Proxy Wilma host: centosHost Pep Proxy Wilma port: 80800

We want to configure the Pep Proxy Wilma to attack an instance of IDAS that is installed in the same enviroment that the Pep Proxy Wilma:

IDAS host: centosHost IDAS port: 8080

In order to do this we have put the following configuration file of Pep Proxy Wilma:

config.account_host = 'ubuntuHost:8000';

config.keystone_host = 'ubuntuHost'; config.keystone_port = 5000;

config.app_host = 'centosHost'; config.app_port = '8080';

config.username = 'idm'; config.password = 'idm';

// in seconds config.chache_time = 300;

When we try to run the pep proxy wilma server, the following error shows up:

express deprecated app.configure: Check app.get('env') in an if statement server.js:35:5 Starting PEP proxy in port 80800. Keystone authentication ... Error in keystone communication {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

We do not know what is happening here; if this has something to do with the horizon or keystone, or both of them

Could you help us with this?

Thanks in advance, Rafa.

Rafael Armesilla
  • 51
  • 4

1 Answers1

1

There can be several reasons why this is failing but I think that most probably is a simple issue where the PEP Proxy user doesn't exists in Keystone or is not properly authorized.

In the configuration file (config.js) of the PEP Proxy you should have two lines like the following:

config.username = 'pepProxy';
config.password = 'pepProxy';

There has to be a user created in the Keystone back-end for the PEP Proxy, the same way OpenStack services like nova or glance have theirs.

If you have used the automated tools, you can create this user and authorize it easily:

$ fab localhost keystone.console
>>> pep = keystone.users.create(name='pepProxy', password='pepProxy', domain='default')
>>> service_role = keystone.roles.find(name='service') # create it if not found
>>> keystone.roles.grant(role=role, user=pep, domain='default')

You can also do this operations using curl directly if you feel more comfortable with it. You can find the REST API documented here Keystone Identity API v3

As I said, there can be other causes why this is happening, please let me know if this answer doesn't fix your issue.

garcianavalon
  • 745
  • 6
  • 12
  • We tried with user: idm and pass: idm as you can see above, but it was not available, so we add the pepProxy user as you told us and all works fine now. Thanks – Rafael Armesilla Jul 07 '15 at 11:48