Like most of the other OpenStack services that we've seen up until this point, Ceilometer relies on Keystone for authentication. Therefore, you want to pay attention to the Ceilometer logs as well as the Keystone logs. If you encounter auth problems with Ceilometer, start by taking a look at the ceilometer-api.log file.

It will be helpful to use grep on this log file, to search for ERROR or WARNING indicators. You may also want to use grep for 404 or 401 responses. If you find authentication errors in the API log, you will most likely find corresponding log lines in the Keystone log file.

When troubleshooting authentication errors, make sure that the authentication credentials in the [keystone_authtoken] stanza of the ceilometer.conf file match the actual values loaded into Keystone for the Ceilometer user. You can test your Ceilometer credentials using the Keystone API.