[Openstack-operators] Glance authorizing problem.

Magicloud Magiclouds magicloud.magiclouds at gmail.com
Sun Apr 1 09:30:16 UTC 2012


Alright, following some posts on internet, I `export
OS_AUTH_STRATEGY=keystone`. And now I get another error message:
glance index
Failed to show index. Got error:
Connect error/bad request to Auth service at URL
http://10.9.1.127:5000/v2.0/tokens.

And this URL is valid when using curl -d to test.

On Sun, Apr 1, 2012 at 5:06 PM, Magicloud Magiclouds
<magicloud.magiclouds at gmail.com> wrote:
> When trying glance index, this is what I found in api.log
> 2012-04-01 17:04:03 15932    DEBUG
> [glance.api.middleware.version_negotiation] Processing request: GET
> /v1/images Accept:
> 2012-04-01 17:04:03 15932    DEBUG
> [glance.api.middleware.version_negotiation] Matched versioned URI.
> Version: 1.0
> 2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
> entering AuthProtocol.__call__
> 2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
> Looking for authentication claims in _get_claims
> 2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token] No
> claims provided
> 2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
> Rejecting request - authentication required
> 2012-04-01 17:04:03 15932    DEBUG [eventlet.wsgi.server] 127.0.0.1 -
> - [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
> 0.000980
> 2012-04-01 17:04:03 15932    DEBUG
> [glance.api.middleware.version_negotiation] Processing request: GET
> /v1/images Accept:
> 2012-04-01 17:04:03 15932    DEBUG
> [glance.api.middleware.version_negotiation] Matched versioned URI.
> Version: 1.0
> 2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
> entering AuthProtocol.__call__
> 2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
> Looking for authentication claims in _get_claims
> 2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token] No
> claims provided
> 2012-04-01 17:04:03 15932    DEBUG [keystone.middleware.auth_token]
> Rejecting request - authentication required
> 2012-04-01 17:04:03 15932    DEBUG [eventlet.wsgi.server] 127.0.0.1 -
> - [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
> 0.000840
>
> On Sun, Apr 1, 2012 at 4:22 PM, Magicloud Magiclouds
> <magicloud.magiclouds at gmail.com> wrote:
>> So by token, is it this one "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>> for user glance? Or I should get one for adminUser?
>>
>>>    "access": {
>>>        "token": {
>>>            "expires": "2012-04-02T15:43:56",
>>>            "id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>>
>> On Sun, Apr 1, 2012 at 4:08 PM, Pranav Saxena <pranav.saxena at citrix.com> wrote:
>>> Hi ,
>>>
>>> I guess while uploading the image to the glance database , you need to use an authentication token because of keystone service in picture.You can check the keystone database for the authentication token or create one and assign it to the respective tenant. Then you can try out the following command :
>>>
>>> $ glance --verbose add name="My Image" is_public=true < /tmp/ubuntu-lucid.img --host=os-vpx-F2-B6-B4-B4-18-54 --auth_token=999888777666
>>> Added new image with ID: 4
>>> Returned the following metadata for the new image:
>>>                       checksum => d3e6de1d493e06366c8e4a2e745d35dd
>>>               container_format => ovf
>>>                     created_at => 2011-09-15T10:55:46
>>>                        deleted => False
>>>                     deleted_at => None
>>>                    disk_format => raw
>>>                             id => 4
>>>                      is_public => True
>>>                       location => file:///var/lib/glance/images/4
>>>                           name => My Image
>>>                          owner => Administrator
>>>                     properties => {}
>>>                           size => 524288000
>>>                         status => active
>>>                     updated_at => 2011-09-15T10:56:20
>>> Completed in 34.2059 sec.
>>>
>>> This worked for me.
>>>
>>> Cheers,
>>> Pranav .
>>> Openstack Dev| Citrix R&D
>>> -----Original Message-----
>>> From: openstack-operators-bounces at lists.openstack.org [mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of Magicloud Magiclouds
>>> Sent: Sunday, April 01, 2012 1:32 PM
>>> To: openstack-operators at lists.openstack.org
>>> Subject: Re: [Openstack-operators] Glance authorizing problem.
>>>
>>> Sorry, forgot to mention that all OpenStack components are from Debian testing.
>>>
>>> On Sun, Apr 1, 2012 at 4:00 PM, Magicloud Magiclouds <magicloud.magiclouds at gmail.com> wrote:
>>>> Hi,
>>>>  Just following
>>>> http://docs.openstack.org/trunk/openstack-compute/install/content/inde
>>>> x.html to start my journal. And now I am stuck at step "Verifying the
>>>> Image Service Installation".
>>>>
>>>>  First of all, $ keystone-manage create_user --tenant-id
>>>> a5865417a9e144f68c4777925cc56033 --name glance --password glance
>>>> worked.
>>>>
>>>>  Then $ curl -d '{"auth": {"tenantName": "service",
>>>> "passwordCredentials":{"username": "glance", "password": "glance"}}}'
>>>> -H "Content-type: application/json"
>>>> http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
>>>>  % Total    % Received % Xferd  Average Speed   Time    Time     Time
>>>> Current
>>>>                                 Dload  Upload   Total   Spent    Left
>>>> Speed
>>>> 100   514  100   411  100   103   7208   1806 --:--:-- --:--:--
>>>> --:--:--  7339 {
>>>>    "access": {
>>>>        "token": {
>>>>            "expires": "2012-04-02T15:43:56",
>>>>            "id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>>>>            "tenant": {
>>>>                "id": "a5865417a9e144f68c4777925cc56033",
>>>>                "name": "service"
>>>>            },
>>>>            "tenants": [
>>>>                {
>>>>                    "id": "a5865417a9e144f68c4777925cc56033",
>>>>                    "name": "service"
>>>>                }
>>>>            ]
>>>>        },
>>>>        "user": {
>>>>            "id": "77cbea8dae384185a3dc90c80507c5a3",
>>>>            "name": "glance",
>>>>            "roles": [
>>>>                {
>>>>                    "id": "1",
>>>>                    "name": "Admin",
>>>>                    "tenantId": "a5865417a9e144f68c4777925cc56033"
>>>>                }
>>>>            ]
>>>>        }
>>>>    }
>>>> }
>>>>
>>>>  And $ keystone-manage list_tenants
>>>> +----------------------------------+---------------+---------+
>>>> |                ID                |      Name     | Enabled |
>>>> +----------------------------------+---------------+---------+
>>>> | 092135b9f71d4070aaa1202205271936 | openstackDemo | True    |
>>>> | a5865417a9e144f68c4777925cc56033 | service       | True    |
>>>> +----------------------------------+---------------+---------+
>>>>
>>>>  In the ini-s, I set:
>>>> [filter:authtoken]
>>>> ...
>>>> admin_tenant_name = service
>>>> admin_user = glance
>>>> admin_password = glance
>>>>
>>>>  Now $ glance add name="tty-linux-kernel" disk_format=aki
>>>> container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
>>>> Failed to add image. Got error:
>>>> You are not authorized to complete this action.
>>>> Details: 401 Unauthorized
>>>>
>>>> This server could not verify that you are authorized to access the
>>>> document you requested. Either you supplied the wrong credentials
>>>> (e.g., bad password), or your browser does not understand how to
>>>> supply the credentials required.
>>>>
>>>>  Authentication required
>>>> Note: Your image metadata may still be in the registry, but the
>>>> image's status will likely be 'killed'.
>>>>
>>>>  What should I do?
>>>> --
>>>> 竹密岂妨流水过
>>>> 山高哪阻野云飞
>>>>
>>>> And for G+, please use magiclouds#gmail.com.
>>>
>>>
>>>
>>> --
>>> 竹密岂妨流水过
>>> 山高哪阻野云飞
>>>
>>> And for G+, please use magiclouds#gmail.com.
>>> _______________________________________________
>>> Openstack-operators mailing list
>>> Openstack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>>
>> --
>> 竹密岂妨流水过
>> 山高哪阻野云飞
>>
>> And for G+, please use magiclouds#gmail.com.
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.



-- 
竹密岂妨流水过
山高哪阻野云飞

And for G+, please use magiclouds#gmail.com.



More information about the Openstack-operators mailing list