[openstack-dev] ImageNotAuthorized: Not authorized for image afd3602c-41b2-4c1c-ae44-3a5940ecab65. Possible bug?

Aaron Rosen arosen at nicira.com
Mon Dec 17 20:56:24 UTC 2012 

Hi,

I've started running into the following exception from nova-api when
booting a vm (http://codepad.org/Xi0shGPE) .

The weird thing though is if I make the following changes everything works
but i'm not quite sure why.

This change below is done in nova/images/glance.py

def _create_glance_client(context, host, port, use_ssl, version=1):
    """Instantiate a new glanceclient.Client object"""
    if use_ssl:
        scheme = 'https'
    else:
        scheme = 'http'
    params = {}
    params['insecure'] = FLAGS.glance_api_insecure
    if FLAGS.auth_strategy == 'keystone':
        params['token'] = context.auth_token
+        LOG.error("### %s" % context)
+        LOG.error("### %s" % context.auth_token)
+        LOG.error("### %s" % context.to_dict())
+        *params['token'] = context.to_dict().get('auth_token')*
    endpoint = '%s://%s:%s' % (scheme, host, port)
    return glanceclient.Client(str(version), endpoint, **params)

The interesting thing though is the output of the  LOG:

nova-compute.log:2012-12-17 12:18:55 ERROR nova.image.glance
[req-e7f24fe4-73be-487a-b763-b4386254fdf4 admin admin] ###
<nova.openstack.common.rpc.amqp.RpcContext object at 0x4ced790>
*nova-compute.log:2012-12-17 12:18:55 ERROR nova.image.glance
[req-e7f24fe4-73be-487a-b763-b4386254fdf4 admin admin] ### None*
nova-compute.log:2012-12-17 12:18:55 ERROR nova.image.glance
[req-e7f24fe4-73be-487a-b763-b4386254fdf4 admin admin] ### {'project_name':
u'admin', 'user_id': u'e6166988037145d1988a0a58cd669144', 'roles':
[u'KeystoneAdmin', u'admin', u'KeystoneServiceAdmin'], 'timestamp':
u'2012-12-17T20:18:50.843476', 'auth_token':
u'45c41de32cd840c085c596647c35faed', 'remote_address': u'10.127.1.202',
'quota_class': None, 'is_admin': True, 'service_catalog':
[{u'endpoints_links': [], u'endpoints': [{u'adminURL': u'
http://10.127.1.202:9292', u'region': u'RegionOne', u'publicURL': u'
http://10.127.1.202:9292', u'id': u'c1376a630da947d3b0364ae9ee2f5ed4',
u'internalURL': u'http://10.127.1.202:9292'}], u'type': u'image', u'name':
u'glance'}, {u'endpoints_links': [], u'endpoints': [{u'adminURL': u'
http://10.127.1.202:8774/v2/c1a13eba4b4a4f23834ddcdccbb6cd83', u'region':
u'RegionOne', u'publicURL': u'
http://10.127.1.202:8774/v2/c1a13eba4b4a4f23834ddcdccbb6cd83', u'id':
u'337e7a2b4215416a8732fbbb7f4ca80b', u'internalURL': u'
http://10.127.1.202:8774/v2/c1a13eba4b4a4f23834ddcdccbb6cd83'}], u'type':
u'compute', u'name': u'nova'}, {u'endpoints_links': [], u'endpoints':
[{u'adminURL': u'http://10.127.1.202:8773/services/Admin', u'region':
u'RegionOne', u'publicURL': u'http://10.127.1.202:8773/services/Cloud',
u'id': u'be92a1efecf44bb8b06a9beae8b283a3', u'internalURL': u'
http://10.127.1.202:8773/services/Cloud'}], u'type': u'ec2', u'name':
u'ec2'}, {u'endpoints_links': [], u'endpoints': [{u'adminURL': u'
http://10.127.1.202:35357/v2.0', u'region': u'RegionOne', u'publicURL': u'
http://10.127.1.202:5000/v2.0', u'id': u'9358e45b2e6a4d44b7b123bfc87e06e0',
u'internalURL': u'http://10.127.1.202:5000/v2.0'}], u'type': u'identity',
u'name': u'keystone'}, {u'endpoints_links': [], u'endpoints':
[{u'adminURL': u'http://10.127.1.202:9696/', u'region': u'RegionOne',
u'publicURL': u'http://10.127.1.202:9696/', u'id':
u'e2527e472b3146a684e4ca9360626f43', u'internalURL': u'
http://10.127.1.202:9696/'}], u'type': u'network', u'name': u'quantum'}],
'request_id': u'req-e7f24fe4-73be-487a-b763-b4386254fdf4',
'instance_lock_checked': False, 'project_id':
u'c1a13eba4b4a4f23834ddcdccbb6cd83', 'user_name': u'admin', 'read_deleted':
u'no'}



For some reason the auth_token is None when it comes but not when converted
to a dict().

Right now my nova version is from a package (2012.2-0ubuntu5~cloud0) but
the same thing happens when running from source with the head of
folsom/stable.

Keystone:

commit c387f84db41c325abb09ec547870e7f44e12cd90
Author: Mark McLoughlin <markmc at redhat.com>
Date:   Thu Nov 29 21:29:23 2012 +0000

    Bump next version to 2012.2.3

    2012.2.2 has been released without Keystone so prepare for 2012.2.3.

    Change-Id: I8c884b7d6ff38e70326b031cfae9c583c5eeb7e0


python-keystoneclient:

commit 788bcd4f6e5326b739f32c2f552e1bb8c17826a0
Merge: a298cae 45ab2e8
Author: Jenkins <jenkins at review.openstack.org>
Date:   Thu Dec 13 23:37:29 2012 +0000

    Merge "Fix keystoneclient user-list output order"

Glance:

commit 35260a7f0b9336d65aac9ffb0aa4b099a35a54aa
Author: Mark McLoughlin <markmc at redhat.com>
Date:   Thu Nov 29 21:28:17 2012 +0000

    Bump next version to 2012.2.3

    2012.2.2 has been released without Glance, so prepare for 2012.2.3.

    Change-Id: I3a6221b579f612418ffce5fd9ba89720699f2e06

Python-glanceclient

commit c057fe47d6889912b7675aa54102509cd464171a
Author: Brian Waldon <bcwaldon at gmail.com>
Date:   Tue Dec 11 15:33:35 2012 -0800

    Document v0.7.0 release

    Change-Id: I3ee1c2c558d77341e0f50415cf13a85281c4aa5d

Has anyone run into this or knows if this is a known issue?

Thanks,

Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121217/ee32a9ce/attachment.html>

More information about the OpenStack-dev mailing list