curl 访问openstack keystone v3 时出现The request you have made requires authentication 401

1.主要原因先查看openstack-keystone服务是否开启active

2.# openstack-status
== Nova services ==
openstack-nova-api:                     active
openstack-nova-cert:                    active
openstack-nova-compute:                 active
openstack-nova-network:                 inactive  (disabled on boot)
openstack-nova-scheduler:               active
openstack-nova-conductor:               active
== Glance services ==
openstack-glance-api:                   active
openstack-glance-registry:              active
== Keystone service ==
openstack-keystone:                     failed

https://bugzilla.redhat.com/show_bug.cgi?id=1213149

4.解决方案

# ln -s /usr/lib/systemd/system/httpd.service /etc/systemd/system/openstack-keystone.service
# systemctl daemon-reload

What this does is make "openstack-keystone" an "alias" for httpd.  So now, all of the commands work, and they operate on httpd instead:

# openstack-status
...
openstack-keystone:  active
...

# openstack-service status openstack-keystone
MainPID=5555 Id=httpd.service ActiveState=active

# systemctl status openstack-keystone

然后重启服务或者主机

再次查看openstack-keystone的状态

[root@mitaka0 ~]# openstack-status

== Nova services ==

openstack-nova-api:                     active

openstack-nova-compute:                 active

openstack-nova-network:                 inactive  (disabled on boot)

openstack-nova-scheduler:               active

openstack-nova-cert:                    active

openstack-nova-conductor:               active

openstack-nova-console:                 inactive  (disabled on boot)

openstack-nova-consoleauth:             active

openstack-nova-xvpvncproxy:             inactive  (disabled on boot)

== Glance services ==

openstack-glance-api:                   active

openstack-glance-registry:              active

== Keystone service ==

openstack-keystone:                     active

== Horizon service ==

openstack-dashboard:                    active

== neutron services ==

...................

现在能正常通过curl获取认证token了

[root@mitaka0 ~]# curl -si \

>   -H "Content-Type: application/json" \

>   -d '

> { "auth": {

>     "identity": {

>       "methods": ["password"],

>       "password": {

>         "user": {

>           "name": "admin",

>           "domain": { "id": "4d6a721496b9443ca56919a26d26345e" },

>           "password": "XXXXX"

>         }

>       }

>     }

>   }

> }' \

>   http://192.168.175.146:5000/v3/auth/tokens ; echo

HTTP/1.1 201 Created

Date: Fri, 02 Dec 2016 08:28:43 GMT

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 mod_wsgi/3.4 Python/2.7.5

X-Subject-Token: gAAAAABYQTC7ywUuvUBJWc-n2wlP26jSEDGfegR2j-NoGZ9bh9kVaV1yIdDag0F4clrEm4lajw2dtq7mkHBOftOS8ekxJO4e2S9hlGHVzEs2YipnGu3lPrxjENbUQk5UL0vr9EhV2KLVDIZpTsc95xbpP8Wy_nnhmg

Vary: X-Auth-Token

x-openstack-request-id: req-07ed3e27-433a-4f12-9434-755245cfd183

Content-Length: 308

Content-Type: application/json

{"token": {"issued_at": "2016-12-02T08:28:43.000000Z", "audit_ids": ["jYrXfb6tTQuZu_toHAS5gQ"], "methods": ["password"], "expires_at": "2016-12-02T09:28:43.970797Z", "user": {"domain": {"id": "4d6a721496b9443ca56919a26d26345e", "name": "default"}, "id": "4d10e0545c05472584d3a4aea73a76a4",
"name": "admin"}}}

[root@mitaka0 ~]#