<div dir="ltr">Do you have any other OpenStack services authenticating against Keystone successfully?</div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><div><font><div style="font-family:arial;font-size:small">
<b><i><br>Adam Lawson</i></b></div><div><font><font color="#666666" size="1"><div style="font-family:arial;font-size:small">AQORN, Inc.</div><div style="font-family:arial;font-size:small">427 North Tatnall Street</div><div style="font-family:arial;font-size:small">
Ste. 58461</div><div style="font-family:arial;font-size:small">Wilmington, Delaware 19801-2230</div><div style="font-family:arial;font-size:small">Toll-free: (888) 406-7620</div></font></font></div></font></div><div style="font-family:arial;font-size:small">
<img src="http://www.aqorn.com/images/logo.png" width="96" height="39"><br></div></div></div>
<br><br><div class="gmail_quote">On Mon, Mar 24, 2014 at 11:43 AM, Erich Weiler <span dir="ltr"><<a href="mailto:weiler@soe.ucsc.edu" target="_blank">weiler@soe.ucsc.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Y'all,<br>
<br>
I'm trying to configure Glance on RedHat RDO Icehouse, but I'm getting an auth error when I try to upload an image to it. On the client I'm trying to upload from, I see:<br>
<br>
# glance -d image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img<br>
curl -i -X POST -H 'x-image-meta-container_<u></u>format: bare' -H 'Transfer-Encoding: chunked' -H 'User-Agent: python-glanceclient' -H 'x-image-meta-size: 13147648' -H 'x-image-meta-is_public: True' -H 'X-Auth-Token: <...removed token...>' -H 'Content-Type: application/octet-stream' -H 'x-image-meta-disk_format: qcow2' -H 'x-image-meta-name: CirrOS 0.3.1' -d '<open file '<stdin>', mode 'r' at 0x7f49edd5d0c0>' <a href="https://my-public-server.com:9292/v1/images" target="_blank">https://my-public-server.com:<u></u>9292/v1/images</a><br>
<br>
HTTP/1.1 500 Internal Server Error<br>
date: Mon, 24 Mar 2014 18:34:03 GMT<br>
content-length: 0<br>
content-type: text/plain<br>
connection: close<br>
<br>
Request returned failure status.<br>
HTTPInternalServerError (HTTP 500)<br>
<br>
I've launched glance-api in debug mode on the server side, and I see this when the above command is run:<br>
<br>
2014-03-24 11:36:14.202 14543 DEBUG glance.api.middleware.version_<u></u>negotiation [-] Determining version of request: POST /v1/images Accept: process_request /usr/lib/python2.6/site-<u></u>packages/glance/api/<u></u>middleware/version_<u></u>negotiation.py:44<br>
2014-03-24 11:36:14.203 14543 DEBUG glance.api.middleware.version_<u></u>negotiation [-] Using url versioning process_request /usr/lib/python2.6/site-<u></u>packages/glance/api/<u></u>middleware/version_<u></u>negotiation.py:57<br>
2014-03-24 11:36:14.203 14543 DEBUG glance.api.middleware.version_<u></u>negotiation [-] Matched version: v1 process_request /usr/lib/python2.6/site-<u></u>packages/glance/api/<u></u>middleware/version_<u></u>negotiation.py:69<br>
2014-03-24 11:36:14.204 14543 DEBUG glance.api.middleware.version_<u></u>negotiation [-] new path /v1/images process_request /usr/lib/python2.6/site-<u></u>packages/glance/api/<u></u>middleware/version_<u></u>negotiation.py:70<br>
2014-03-24 11:36:14.204 14543 DEBUG keystoneclient.middleware.<u></u>auth_token [-] Authenticating user token __call__ /usr/lib/python2.6/site-<u></u>packages/keystoneclient/<u></u>middleware/auth_token.py:558<br>
2014-03-24 11:36:14.205 14543 DEBUG keystoneclient.middleware.<u></u>auth_token [-] Removing headers from request environment: X-Identity-Status,X-Domain-Id,<u></u>X-Domain-Name,X-Project-Id,X-<u></u>Project-Name,X-Project-Domain-<u></u>Id,X-Project-Domain-Name,X-<u></u>User-Id,X-User-Name,X-User-<u></u>Domain-Id,X-User-Domain-Name,<u></u>X-Roles,X-Service-Catalog,X-<u></u>User,X-Tenant-Id,X-Tenant-<u></u>Name,X-Tenant,X-Role _remove_auth_headers /usr/lib/python2.6/site-<u></u>packages/keystoneclient/<u></u>middleware/auth_token.py:617<br>
2014-03-24 11:36:14.226 14543 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): <a href="http://genome-cloud-0-10.kilokluster.ucsc.edu" target="_blank">genome-cloud-0-10.kilokluster.<u></u>ucsc.edu</a><br>
2014-03-24 11:36:14.339 14543 DEBUG urllib3.connectionpool [-] "POST /v2.0/tokens HTTP/1.1" 200 3446 _make_request /usr/lib/python2.6/site-<u></u>packages/urllib3/<u></u>connectionpool.py:295<br>
2014-03-24 11:36:14.382 14543 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): <a href="http://genome-cloud-0-10.kilokluster.ucsc.edu" target="_blank">genome-cloud-0-10.kilokluster.<u></u>ucsc.edu</a><br>
2014-03-24 11:36:14.422 14543 DEBUG urllib3.connectionpool [-] "GET /v2.0/tokens/revoked HTTP/1.1" 200 686 _make_request /usr/lib/python2.6/site-<u></u>packages/urllib3/<u></u>connectionpool.py:295<br>
2014-03-24 11:36:14.433 14543 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): <a href="http://genome-cloud-0-10.kilokluster.ucsc.edu" target="_blank">genome-cloud-0-10.kilokluster.<u></u>ucsc.edu</a><br>
2014-03-24 11:36:14.439 14543 DEBUG urllib3.connectionpool [-] "GET /v2.0/certificates/signing HTTP/1.1" 200 4251 _make_request /usr/lib/python2.6/site-<u></u>packages/urllib3/<u></u>connectionpool.py:295<br>
2014-03-24 11:36:14.451 14543 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): <a href="http://genome-cloud-0-10.kilokluster.ucsc.edu" target="_blank">genome-cloud-0-10.kilokluster.<u></u>ucsc.edu</a><br>
2014-03-24 11:36:14.455 14543 DEBUG urllib3.connectionpool [-] "GET /v2.0/certificates/ca HTTP/1.1" 200 1277 _make_request /usr/lib/python2.6/site-<u></u>packages/urllib3/<u></u>connectionpool.py:295<br>
2014-03-24 11:36:14.476 14543 DEBUG keystoneclient.middleware.<u></u>auth_token [-] Storing 326d8c391f19d07c9f5a69d40da33f<u></u>0a token in memcache _cache_put /usr/lib/python2.6/site-<u></u>packages/keystoneclient/<u></u>middleware/auth_token.py:1061<br>
2014-03-24 11:36:14.477 14543 DEBUG keystoneclient.middleware.<u></u>auth_token [-] Received request from user: f8fdf7f84ad34c439c4075b5e37202<u></u>11 with project_id : f7e61747885045d8b266a161310c00<u></u>94 and roles: _member_ _build_user_headers /usr/lib/python2.6/site-<u></u>packages/keystoneclient/<u></u>middleware/auth_token.py:922<br>
2014-03-24 11:36:14.487 14543 DEBUG routes.middleware [-] Matched POST /images __call__ /usr/lib/python2.6/site-<u></u>packages/Routes-1.12.3-py2.6.<u></u>egg/routes/middleware.py:100<br>
2014-03-24 11:36:14.487 14543 DEBUG routes.middleware [-] Route path: '/images', defaults: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x34c7450>} __call__ /usr/lib/python2.6/site-<u></u>packages/Routes-1.12.3-py2.6.<u></u>egg/routes/middleware.py:102<br>
2014-03-24 11:36:14.487 14543 DEBUG routes.middleware [-] Match dict: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x34c7450>} __call__ /usr/lib/python2.6/site-<u></u>packages/Routes-1.12.3-py2.6.<u></u>egg/routes/middleware.py:103<br>
2014-03-24 11:36:14.488 14543 DEBUG glance.registry.client.v1.api [3f58e73a-6eb0-4747-ab61-<u></u>e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e37202<u></u>11 f7e61747885045d8b266a161310c00<u></u>94] Adding image metadata... add_image_metadata /usr/lib/python2.6/site-<u></u>packages/glance/registry/<u></u>client/v1/api.py:159<br>
2014-03-24 11:36:14.488 14543 DEBUG glance.common.client [3f58e73a-6eb0-4747-ab61-<u></u>e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e37202<u></u>11 f7e61747885045d8b266a161310c00<u></u>94] Constructed URL: <a href="http://0.0.0.0:9191/images" target="_blank">http://0.0.0.0:9191/images</a> _construct_url /usr/lib/python2.6/site-<u></u>packages/glance/common/client.<u></u>py:407<br>
2014-03-24 11:36:14.556 14543 DEBUG glance.common.client [3f58e73a-6eb0-4747-ab61-<u></u>e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e37202<u></u>11 f7e61747885045d8b266a161310c00<u></u>94] Constructed URL: <a href="http://0.0.0.0:9191/images" target="_blank">http://0.0.0.0:9191/images</a> _construct_url /usr/lib/python2.6/site-<u></u>packages/glance/common/client.<u></u>py:407<br>
2014-03-24 11:36:14.560 14543 INFO glance.registry.client.v1.<u></u>client [3f58e73a-6eb0-4747-ab61-<u></u>e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e37202<u></u>11 f7e61747885045d8b266a161310c00<u></u>94] Registry client request POST /images raised NotAuthenticated<br>
2014-03-24 11:36:14.564 14543 INFO glance.wsgi.server [3f58e73a-6eb0-4747-ab61-<u></u>e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e37202<u></u>11 f7e61747885045d8b266a161310c00<u></u>94] Traceback (most recent call last):<br>
File "/usr/lib/python2.6/site-<u></u>packages/eventlet/wsgi.py", line 382, in handle_one_response<br>
result = self.application(self.environ, start_response)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/dec.py", line 130, in __call__<br>
resp = self.call_func(req, *args, **self.kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/dec.py", line 195, in call_func<br>
return self.func(req, *args, **kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/common/wsgi.<u></u>py", line 372, in __call__<br>
response = req.get_response(self.<u></u>application)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/request.py", line 1296, in send<br>
application, catch_exc_info=False)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/request.py", line 1260, in call_application<br>
app_iter = application(self.environ, start_response)<br>
File "/usr/lib/python2.6/site-<u></u>packages/keystoneclient/<u></u>middleware/auth_token.py", line 571, in __call__<br>
return self.app(env, start_response)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/dec.py", line 130, in __call__<br>
resp = self.call_func(req, *args, **self.kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/dec.py", line 195, in call_func<br>
return self.func(req, *args, **kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/common/wsgi.<u></u>py", line 372, in __call__<br>
response = req.get_response(self.<u></u>application)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/request.py", line 1296, in send<br>
application, catch_exc_info=False)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/request.py", line 1260, in call_application<br>
app_iter = application(self.environ, start_response)<br>
File "/usr/lib/python2.6/site-<u></u>packages/paste/urlmap.py", line 203, in __call__<br>
return app(environ, start_response)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/dec.py", line 144, in __call__<br>
return resp(environ, start_response)<br>
File "/usr/lib/python2.6/site-<u></u>packages/Routes-1.12.3-py2.6.<u></u>egg/routes/middleware.py", line 131, in __call__<br>
response = self.app(environ, start_response)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/dec.py", line 144, in __call__<br>
return resp(environ, start_response)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/dec.py", line 130, in __call__<br>
resp = self.call_func(req, *args, **self.kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/webob/dec.py", line 195, in call_func<br>
return self.func(req, *args, **kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/common/wsgi.<u></u>py", line 604, in __call__<br>
request, **action_args)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/common/wsgi.<u></u>py", line 623, in dispatch<br>
return method(*args, **kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/common/utils.<u></u>py", line 435, in wrapped<br>
return func(self, req, *args, **kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/api/v1/images.<u></u>py", line 781, in create<br>
image_meta = self._reserve(req, image_meta)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/api/v1/images.<u></u>py", line 514, in _reserve<br>
image_meta = registry.add_image_metadata(<u></u>req.context, image_meta)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/registry/<u></u>client/v1/api.py", line 161, in add_image_metadata<br>
return c.add_image(image_meta)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/registry/<u></u>client/v1/client.py", line 163, in add_image<br>
res = self.do_request("POST", "/images", body=body, headers=headers)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/registry/<u></u>client/v1/client.py", line 107, in do_request<br>
**kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/common/client.<u></u>py", line 65, in wrapped<br>
return func(self, *args, **kwargs)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/common/client.<u></u>py", line 382, in do_request<br>
headers=copy.deepcopy(headers)<u></u>)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/common/client.<u></u>py", line 79, in wrapped<br>
return func(self, method, url, body, headers)<br>
File "/usr/lib/python2.6/site-<u></u>packages/glance/common/client.<u></u>py", line 523, in _do_request<br>
raise exception.NotAuthenticated(<u></u>res.read())<br>
NotAuthenticated: Authentication required<br>
<br>
<br>
2014-03-24 11:36:14.967 14543 INFO glance.wsgi.server [3f58e73a-6eb0-4747-ab61-<u></u>e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e37202<u></u>11 f7e61747885045d8b266a161310c00<u></u>94] 111.213.225.79,10.1.1.137 - - [24/Mar/2014 11:36:14] "POST /v1/images HTTP/1.1" 500 139 0.765716<br>
<br>
So I see some Auth errors in that, but I can't tell _what_ kind of Auth errors they are. User auth errors from the user uploading the file? Service Auth errors from the glance service trying to auth to keystone? QPID auth errors?<br>
<br>
Can anyone see what's wrong? Then I can better debug where my problem is... I've confirmed the user can auth ok with "keystone token-get'", that seems OK, I have the service user in keystone, not sure where it's failing...<br>
<br>
keystone logs don't really show anything other than:<br>
<br>
2014-03-24 11:41:52.420 16503 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 10.1.1.148<br>
<br>
Where 10.1.1.148 is the glance-api server on my internal network.<br>
<br>
Thanks for any hints!!<br>
<br>
-erich<br>
<br>
______________________________<u></u>_________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack</a><br>
</blockquote></div><br></div>