[Openstack-operators] Glance authorizing problem.

Magicloud Magiclouds magicloud.magiclouds at gmail.com
Sun Apr 1 09:06:14 UTC 2012


When trying glance index, this is what I found in api.log
2012-04-01 17:04:03 15932    DEBUG
[glance.api.middleware.version_negotiation] Processing request: GET
/v1/images Accept:
2012-04-01 17:04:03 15932    DEBUG
[glance.api.middleware.version_negotiation] Matched versioned URI.
Version: 1.0
2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
entering AuthProtocol.__call__
2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
Looking for authentication claims in _get_claims
2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token] No
claims provided
2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
Rejecting request - authentication required
2012-04-01 17:04:03 15932    DEBUG [eventlet.wsgi.server] 127.0.0.1 -
- [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
0.000980
2012-04-01 17:04:03 15932    DEBUG
[glance.api.middleware.version_negotiation] Processing request: GET
/v1/images Accept:
2012-04-01 17:04:03 15932    DEBUG
[glance.api.middleware.version_negotiation] Matched versioned URI.
Version: 1.0
2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
entering AuthProtocol.__call__
2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
Looking for authentication claims in _get_claims
2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token] No
claims provided
2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
Rejecting request - authentication required
2012-04-01 17:04:03 15932    DEBUG [eventlet.wsgi.server] 127.0.0.1 -
- [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
0.000840

On Sun, Apr 1, 2012 at 4:22 PM, Magicloud Magiclouds
<magicloud.magiclouds at gmail.com> wrote:
> So by token, is it this one "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
> for user glance? Or I should get one for adminUser?
>
>>    "access": {
>>        "token": {
>>            "expires": "2012-04-02T15:43:56",
>>            "id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>
> On Sun, Apr 1, 2012 at 4:08 PM, Pranav Saxena <pranav.saxena at citrix.com> wrote:
>> Hi ,
>>
>> I guess while uploading the image to the glance database , you need to use an authentication token because of keystone service in picture.You can check the keystone database for the authentication token or create one and assign it to the respective tenant. Then you can try out the following command :
>>
>> $ glance --verbose add name="My Image" is_public=true < /tmp/ubuntu-lucid.img --host=os-vpx-F2-B6-B4-B4-18-54 --auth_token=999888777666
>> Added new image with ID: 4
>> Returned the following metadata for the new image:
>>                       checksum => d3e6de1d493e06366c8e4a2e745d35dd
>>               container_format => ovf
>>                     created_at => 2011-09-15T10:55:46
>>                        deleted => False
>>                     deleted_at => None
>>                    disk_format => raw
>>                             id => 4
>>                      is_public => True
>>                       location => file:///var/lib/glance/images/4
>>                           name => My Image
>>                          owner => Administrator
>>                     properties => {}
>>                           size => 524288000
>>                         status => active
>>                     updated_at => 2011-09-15T10:56:20
>> Completed in 34.2059 sec.
>>
>> This worked for me.
>>
>> Cheers,
>> Pranav .
>> Openstack Dev| Citrix R&D
>> -----Original Message-----
>> From: openstack-operators-bounces at lists.openstack.org [mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of Magicloud Magiclouds
>> Sent: Sunday, April 01, 2012 1:32 PM
>> To: openstack-operators at lists.openstack.org
>> Subject: Re: [Openstack-operators] Glance authorizing problem.
>>
>> Sorry, forgot to mention that all OpenStack components are from Debian testing.
>>
>> On Sun, Apr 1, 2012 at 4:00 PM, Magicloud Magiclouds <magicloud.magiclouds at gmail.com> wrote:
>>> Hi,
>>>  Just following
>>> http://docs.openstack.org/trunk/openstack-compute/install/content/inde
>>> x.html to start my journal. And now I am stuck at step "Verifying the
>>> Image Service Installation".
>>>
>>>  First of all, $ keystone-manage create_user --tenant-id
>>> a5865417a9e144f68c4777925cc56033 --name glance --password glance
>>> worked.
>>>
>>>  Then $ curl -d '{"auth": {"tenantName": "service",
>>> "passwordCredentials":{"username": "glance", "password": "glance"}}}'
>>> -H "Content-type: application/json"
>>> http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
>>>  % Total    % Received % Xferd  Average Speed   Time    Time     Time
>>> Current
>>>                                 Dload  Upload   Total   Spent    Left
>>> Speed
>>> 100   514  100   411  100   103   7208   1806 --:--:-- --:--:--
>>> --:--:--  7339 {
>>>    "access": {
>>>        "token": {
>>>            "expires": "2012-04-02T15:43:56",
>>>            "id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>>>            "tenant": {
>>>                "id": "a5865417a9e144f68c4777925cc56033",
>>>                "name": "service"
>>>            },
>>>            "tenants": [
>>>                {
>>>                    "id": "a5865417a9e144f68c4777925cc56033",
>>>                    "name": "service"
>>>                }
>>>            ]
>>>        },
>>>        "user": {
>>>            "id": "77cbea8dae384185a3dc90c80507c5a3",
>>>            "name": "glance",
>>>            "roles": [
>>>                {
>>>                    "id": "1",
>>>                    "name": "Admin",
>>>                    "tenantId": "a5865417a9e144f68c4777925cc56033"
>>>                }
>>>            ]
>>>        }
>>>    }
>>> }
>>>
>>>  And $ keystone-manage list_tenants
>>> +----------------------------------+---------------+---------+
>>> |                ID                |      Name     | Enabled |
>>> +----------------------------------+---------------+---------+
>>> | 092135b9f71d4070aaa1202205271936 | openstackDemo | True    |
>>> | a5865417a9e144f68c4777925cc56033 | service       | True    |
>>> +----------------------------------+---------------+---------+
>>>
>>>  In the ini-s, I set:
>>> [filter:authtoken]
>>> ...
>>> admin_tenant_name = service
>>> admin_user = glance
>>> admin_password = glance
>>>
>>>  Now $ glance add name="tty-linux-kernel" disk_format=aki
>>> container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
>>> Failed to add image. Got error:
>>> You are not authorized to complete this action.
>>> Details: 401 Unauthorized
>>>
>>> This server could not verify that you are authorized to access the
>>> document you requested. Either you supplied the wrong credentials
>>> (e.g., bad password), or your browser does not understand how to
>>> supply the credentials required.
>>>
>>>  Authentication required
>>> Note: Your image metadata may still be in the registry, but the
>>> image's status will likely be 'killed'.
>>>
>>>  What should I do?
>>> --
>>> 竹密岂妨流水过
>>> 山高哪阻野云飞
>>>
>>> And for G+, please use magiclouds#gmail.com.
>>
>>
>>
>> --
>> 竹密岂妨流水过
>> 山高哪阻野云飞
>>
>> And for G+, please use magiclouds#gmail.com.
>> _______________________________________________
>> Openstack-operators mailing list
>> Openstack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.



-- 
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.



More information about the Openstack-operators mailing list