[openstack-dev] [Glance][Solum] Using os-auth-token and os-image-url with glance client

Devdatta Kulkarni devdatta.kulkarni at RACKSPACE.COM
Fri Sep 25 22:49:17 UTC 2015


Steve,


Similar to other OpenStack services, Solum client uses the provided/configured username and password of a user to get a token, and sends it to Solum API service in a http header. On the API side, we use keystonemiddleware to validate the token. Upon successful authentication, we store information which we get back from keystone (project-id, username, and token) and use it to instantiate other services' python clients to interact with them (glance, swift, neutron, heat).


Let us know if there is a better approach for enabling inter-service interactions.


Thanks,

Devdatta


________________________________
From: Steve Martinelli <stevemar at ca.ibm.com>
Sent: Thursday, September 24, 2015 9:01 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Glance][Solum] Using os-auth-token and os-image-url with glance client


I can't speak to the glance client changes, but this seems like an awkward design.

If you don't know the end user's name and password, then how are you getting the token? Is it the admin token? Why not create a service account and use keystonemiddleware?

Thanks,

Steve Martinelli
OpenStack Keystone Core

[Inactive hide details for Devdatta Kulkarni ---2015/09/24 06:44:57 PM---Hi, Glance team, In Solum, we use Glance to store Docke]Devdatta Kulkarni ---2015/09/24 06:44:57 PM---Hi, Glance team, In Solum, we use Glance to store Docker images that we create for applications. We

From: Devdatta Kulkarni <devdatta.kulkarni at RACKSPACE.COM>
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
Date: 2015/09/24 06:44 PM
Subject: [openstack-dev] [Glance][Solum] Using os-auth-token and os-image-url with glance client

________________________________



Hi, Glance team,

In Solum, we use Glance to store Docker images that we create for applications. We use Glance client internally to upload these images. Till recently, 'glance image-create' with only token has been
working for us (in devstack). Today, I started noticing that glance image-create with just token is not working anymore. It is also not working when os-auth-token and os-image-url are passed in. According to documentation (http://docs.openstack.org/developer/python-glanceclient/), passing token and image-url should work. The client, which I have installed from master, is asking username (and password, if username is specified).

Solum does not have access to end-user's password. So we need the ability to interact with Glance without providing password, as it has been working till recently.

I investigated the issue a bit and have filed a bug with my findings.
https://bugs.launchpad.net/python-glanceclient/+bug/1499540

Can someone help with resolving this issue.

Regards,
Devdatta__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150925/be588c77/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: graycol.gif
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150925/be588c77/attachment.gif>


More information about the OpenStack-dev mailing list