gnocchi está agindo inesperadamente

1

As métricas são coletadas por Telemetria do Ceilômetro e etc. e, finalmente, enviadas ao nhoque, mas o Nhoque não permite que os usuários usem comandos como gnocchi metric list ou gnocchi resource list enquanto usam o método auth igual a keystone ou noauth. / p>

Então, tentei solucionar o problema usando um comando mais simples apenas para obter status - gnocchi status .

Diferentes "AUTH_MODE" s

Ao usar diferentes métodos de autenticação no gnocchi.conf, o resultado de gnocchi status seria como mostrado abaixo:

auth_mode = basic

(gnocchi) status

+--------------------------------------------------+-------+
| Field                                            | Value |
+--------------------------------------------------+-------+
| storage/number of metric having measures to      | 13    |
| process                                          |       |
| storage/total number of measures to process      | 444   |
+--------------------------------------------------+-------+

auth_mode = noauth

(gnocchi) status

Forbidden (HTTP 403)

auth_mode = keystone

(gnocchi) status

The request you have made requires authentication. (HTTP 401)

[keyston-authtoken] no gnocchi.conf

[keystone_authtoken]

auth_type = password
auth_url = http://mng-kh-lab-ctrl-vip-01.ocloud.ir:5000/v3
auth_uri = http://mng-kh-lab-ctrl-vip-01.ocloud.ir:35357
memcached_servers = mng-kh-lab-ctrl-01.ocloud.ir:11211,mng-kh-lab-ctrl-02.ocloud.ir:11211
project_domain_name = default
user_domain_name = default
project_name = service
username = gnocchi
password = 123456
interface = internalURL
region_name = Region_KH_LA

TCPDUMP em diferentes auth_modes

básico:

2017-06-17 14:21:34.196634 IP (tos 0x0, ttl 64, id 27634, offset 0, flags [DF], proto TCP (6), length 300)
    127.0.0.1.31132 > 127.0.0.1.8041: Flags [P.], cksum 0xff20 (incorrect -> 0x9dcd), seq 1:261, ack 1, win 256, length 260
E..,k.@[email protected]      ...3.P.... ..GET /v1/status?details=False HTTP/1.1
Host: localhost:8041
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: application/json, */*
User-Agent: gnocchi keystoneauth1/2.20.0 python-requests/2.10.0 CPython/2.7.5
Authorization: basic YWRtaW46

2017-06-17 14:21:34.211613 IP (tos 0x0, ttl 64, id 20934, offset 0, flags [DF], proto TCP (6), length 334)
    127.0.0.1.8041 > 127.0.0.1.31132: Flags [P.], cksum 0xff42 (incorrect -> 0x4673), seq 1:295, ack 261, win 258, length 294
E..NQ.@[email protected]
.P....B..HTTP/1.1 200 OK
Date: Sat, 17 Jun 2017 09:51:34 GMT
Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5
Content-Length: 58
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8

noauth:

2017-06-17 14:23:54.901584 IP (tos 0x0, ttl 64, id 27048, offset 0, flags [DF], proto TCP (6), length 300)
    127.0.0.1.31150 > 127.0.0.1.8041: Flags [P.], cksum 0xff20 (incorrect -> 0xa6a5), seq 1:261, ack 1, win 256, length 260
E..,i.@.@..!........y..i......_.P.... ..GET /v1/status?details=False HTTP/1.1
Host: localhost:8041
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: application/json, */*
User-Agent: gnocchi keystoneauth1/2.20.0 python-requests/2.10.0 CPython/2.7.5
Authorization: basic YWRtaW46

2017-06-17 14:23:54.906964 IP (tos 0x0, ttl 64, id 55179, offset 0, flags [DF], proto TCP (6), length 337)
    127.0.0.1.8041 > 127.0.0.1.31150: Flags [P.], cksum 0xff45 (incorrect -> 0x8ca6), seq 1:298, ack 261, win 258, length 297
E..Q..@[email protected]..._.....P....E..HTTP/1.1 403 Forbidden
Date: Sat, 17 Jun 2017 09:53:54 GMT
Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5
Content-Length: 54
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8

keystone:

2017-06-17 14:25:20.801850 IP (tos 0x0, ttl 64, id 7904, offset 0, flags [DF], proto TCP (6), length 300)
    127.0.0.1.31196 > 127.0.0.1.8041: Flags [P.], cksum 0xff20 (incorrect -> 0x2217), seq 1:261, ack 1, win 256, length 260
E..,..@[email protected].... ..GET /v1/status?details=False HTTP/1.1
Host: localhost:8041
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: application/json, */*
User-Agent: gnocchi keystoneauth1/2.20.0 python-requests/2.10.0 CPython/2.7.5
Authorization: basic YWRtaW46

2017-06-17 14:25:20.804490 IP (tos 0x0, ttl 64, id 14196, offset 0, flags [DF], proto TCP (6), length 444)
    127.0.0.1.8041 > 127.0.0.1.31196: Flags [P.], cksum 0xffb0 (incorrect -> 0x4c7a), seq 1:405, ack 261, win 258, length 404
E...7t@[email protected]/1.1 401 Unauthorized
Date: Sat, 17 Jun 2017 09:55:20 GMT
Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5
WWW-Authenticate: Keystone uri='https://127.0.0.1:35357'
Content-Length: 114
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json

É realmente estranho que, em todos os métodos diferentes, a solicitação enviada esteja usando o YWRtaW46 básico para sua Autorização.

    
por Parsa Samet 17.06.2017 / 14:44

1 resposta

1

It's really odd that in all different methods, the request sent is using basic YWRtaW46 for its Authorization.

Não é estranho: o padrão para o cliente é usar a autenticação básica. Se você não fornecer ao cliente o mecanismo de autenticação correto. Tente fazer isso:

export OS_AUTH_TYPE=password

Para que o Keystone seja usado como autenticação.

    
por 01.09.2017 / 10:36