配置Wilma Pep代理4.3-Keyrock 4.3本地实例-IDAS [英] Configuration Wilma Pep proxy 4.3 - Keyrock 4.3 local instance - IDAS
问题描述
我们已经通过自动化工具在本地环境(Ubuntu 14.0.4 LTS)中安装了Keyrock实例(Horizon + Keystone).我们遵循了此指南
梯形失真校正主机:ubuntuHost梯形失真校正端口:5000
Horizon主机:ubuntuHost Horizon端口:8000
我们在另一个本地环境(Centos 6.6)中安装了Pep Proxy Wilma:
Pep代理Wilma主机:centosHost Pep代理Wilma端口:80800
我们要配置Pep Proxy Wilma攻击IDAS实例,该实例安装在与Pep Proxy Wilma相同的环境中:
IDAS主机:centosHost IDAS端口:8080
为此,我们放置了Pep Proxy Wilma的以下配置文件:
config.account_host ='ubuntuHost:8000';
config.keystone_host ='ubuntuHost'; config.keystone_port = 5000;
config.app_host ='centosHost'; config.app_port ='8080';
config.username ='idm'; config.password ='idm';
//以秒为单位config.chache_time = 300;
当我们尝试运行pep代理wilma服务器时,出现以下错误:
表达已弃用的app.configure:在if中检查app.get('env') 语句server.js:35:5在端口80800中启动PEP代理.Keystone 身份验证...梯形校正通信中的错误{错误": {"message":您提出的要求需要验证.", 代码":401,标题":未经授权"}}
我们不知道这里发生了什么;如果这与地平线或梯形失真,或两者都有关系
您能帮我们吗?
预先感谢, 拉法.
失败的原因可能有多种,但我认为很可能是一个简单的问题,即在Keystone中不存在PEP代理用户或不存在PEP代理用户正确授权.
在PEP代理的配置文件(config.js)中,您应该有两行,如下所示:
config.username = 'pepProxy';
config.password = 'pepProxy';
必须在Keystone后端为PEP代理创建一个用户,就像nova或glance这样的OpenStack服务一样.
如果您使用了自动化工具,则可以创建该用户并轻松对其进行授权:
$ fab localhost keystone.console
>>> pep = keystone.users.create(name='pepProxy', password='pepProxy', domain='default')
>>> service_role = keystone.roles.find(name='service') # create it if not found
>>> keystone.roles.grant(role=role, user=pep, domain='default')
如果您更喜欢卷曲,也可以直接使用卷曲进行此操作.您可以在 Keystone Identity API v3
正如我所说,还有其他原因导致这种情况发生,如果此答案不能解决您的问题,请告诉我.
We have installed a Keyrock instance (Horizon + Keystone) through the automated tools in a local enviroment (Ubuntu 14.0.4 LTS). We have followed this guide
Keystone host: ubuntuHost Keystone port: 5000
Horizon host: ubuntuHost Horizon port: 8000
We have installed a Pep Proxy Wilma in another local enviroment (Centos 6.6):
Pep Proxy Wilma host: centosHost Pep Proxy Wilma port: 80800
We want to configure the Pep Proxy Wilma to attack an instance of IDAS that is installed in the same enviroment that the Pep Proxy Wilma:
IDAS host: centosHost IDAS port: 8080
In order to do this we have put the following configuration file of Pep Proxy Wilma:
config.account_host = 'ubuntuHost:8000';
config.keystone_host = 'ubuntuHost'; config.keystone_port = 5000;
config.app_host = 'centosHost'; config.app_port = '8080';
config.username = 'idm'; config.password = 'idm';
// in seconds config.chache_time = 300;
When we try to run the pep proxy wilma server, the following error shows up:
express deprecated app.configure: Check app.get('env') in an if statement server.js:35:5 Starting PEP proxy in port 80800. Keystone authentication ... Error in keystone communication {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
We do not know what is happening here; if this has something to do with the horizon or keystone, or both of them
Could you help us with this?
Thanks in advance, Rafa.
There can be several reasons why this is failing but I think that most probably is a simple issue where the PEP Proxy user doesn't exists in Keystone or is not properly authorized.
In the configuration file (config.js) of the PEP Proxy you should have two lines like the following:
config.username = 'pepProxy';
config.password = 'pepProxy';
There has to be a user created in the Keystone back-end for the PEP Proxy, the same way OpenStack services like nova or glance have theirs.
If you have used the automated tools, you can create this user and authorize it easily:
$ fab localhost keystone.console
>>> pep = keystone.users.create(name='pepProxy', password='pepProxy', domain='default')
>>> service_role = keystone.roles.find(name='service') # create it if not found
>>> keystone.roles.grant(role=role, user=pep, domain='default')
You can also do this operations using curl directly if you feel more comfortable with it. You can find the REST API documented here Keystone Identity API v3
As I said, there can be other causes why this is happening, please let me know if this answer doesn't fix your issue.
这篇关于配置Wilma Pep代理4.3-Keyrock 4.3本地实例-IDAS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
