[Openstack-operators] Glance authorizing problem.
Magicloud Magiclouds
magicloud.magiclouds at gmail.com
Sun Apr 1 09:06:14 UTC 2012
When trying glance index, this is what I found in api.log
2012-04-01 17:04:03 15932 DEBUG
[glance.api.middleware.version_negotiation] Processing request: GET
/v1/images Accept:
2012-04-01 17:04:03 15932 DEBUG
[glance.api.middleware.version_negotiation] Matched versioned URI.
Version: 1.0
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
entering AuthProtocol.__call__
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
Looking for authentication claims in _get_claims
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token] No
claims provided
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
Rejecting request - authentication required
2012-04-01 17:04:03 15932 DEBUG [eventlet.wsgi.server] 127.0.0.1 -
- [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
0.000980
2012-04-01 17:04:03 15932 DEBUG
[glance.api.middleware.version_negotiation] Processing request: GET
/v1/images Accept:
2012-04-01 17:04:03 15932 DEBUG
[glance.api.middleware.version_negotiation] Matched versioned URI.
Version: 1.0
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
entering AuthProtocol.__call__
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
Looking for authentication claims in _get_claims
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token] No
claims provided
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
Rejecting request - authentication required
2012-04-01 17:04:03 15932 DEBUG [eventlet.wsgi.server] 127.0.0.1 -
- [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
0.000840
On Sun, Apr 1, 2012 at 4:22 PM, Magicloud Magiclouds
<magicloud.magiclouds at gmail.com> wrote:
> So by token, is it this one "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
> for user glance? Or I should get one for adminUser?
>
>> "access": {
>> "token": {
>> "expires": "2012-04-02T15:43:56",
>> "id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>
> On Sun, Apr 1, 2012 at 4:08 PM, Pranav Saxena <pranav.saxena at citrix.com> wrote:
>> Hi ,
>>
>> I guess while uploading the image to the glance database , you need to use an authentication token because of keystone service in picture.You can check the keystone database for the authentication token or create one and assign it to the respective tenant. Then you can try out the following command :
>>
>> $ glance --verbose add name="My Image" is_public=true < /tmp/ubuntu-lucid.img --host=os-vpx-F2-B6-B4-B4-18-54 --auth_token=999888777666
>> Added new image with ID: 4
>> Returned the following metadata for the new image:
>> checksum => d3e6de1d493e06366c8e4a2e745d35dd
>> container_format => ovf
>> created_at => 2011-09-15T10:55:46
>> deleted => False
>> deleted_at => None
>> disk_format => raw
>> id => 4
>> is_public => True
>> location => file:///var/lib/glance/images/4
>> name => My Image
>> owner => Administrator
>> properties => {}
>> size => 524288000
>> status => active
>> updated_at => 2011-09-15T10:56:20
>> Completed in 34.2059 sec.
>>
>> This worked for me.
>>
>> Cheers,
>> Pranav .
>> Openstack Dev| Citrix R&D
>> -----Original Message-----
>> From: openstack-operators-bounces at lists.openstack.org [mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of Magicloud Magiclouds
>> Sent: Sunday, April 01, 2012 1:32 PM
>> To: openstack-operators at lists.openstack.org
>> Subject: Re: [Openstack-operators] Glance authorizing problem.
>>
>> Sorry, forgot to mention that all OpenStack components are from Debian testing.
>>
>> On Sun, Apr 1, 2012 at 4:00 PM, Magicloud Magiclouds <magicloud.magiclouds at gmail.com> wrote:
>>> Hi,
>>> Just following
>>> http://docs.openstack.org/trunk/openstack-compute/install/content/inde
>>> x.html to start my journal. And now I am stuck at step "Verifying the
>>> Image Service Installation".
>>>
>>> First of all, $ keystone-manage create_user --tenant-id
>>> a5865417a9e144f68c4777925cc56033 --name glance --password glance
>>> worked.
>>>
>>> Then $ curl -d '{"auth": {"tenantName": "service",
>>> "passwordCredentials":{"username": "glance", "password": "glance"}}}'
>>> -H "Content-type: application/json"
>>> http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
>>> % Total % Received % Xferd Average Speed Time Time Time
>>> Current
>>> Dload Upload Total Spent Left
>>> Speed
>>> 100 514 100 411 100 103 7208 1806 --:--:-- --:--:--
>>> --:--:-- 7339 {
>>> "access": {
>>> "token": {
>>> "expires": "2012-04-02T15:43:56",
>>> "id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>>> "tenant": {
>>> "id": "a5865417a9e144f68c4777925cc56033",
>>> "name": "service"
>>> },
>>> "tenants": [
>>> {
>>> "id": "a5865417a9e144f68c4777925cc56033",
>>> "name": "service"
>>> }
>>> ]
>>> },
>>> "user": {
>>> "id": "77cbea8dae384185a3dc90c80507c5a3",
>>> "name": "glance",
>>> "roles": [
>>> {
>>> "id": "1",
>>> "name": "Admin",
>>> "tenantId": "a5865417a9e144f68c4777925cc56033"
>>> }
>>> ]
>>> }
>>> }
>>> }
>>>
>>> And $ keystone-manage list_tenants
>>> +----------------------------------+---------------+---------+
>>> | ID | Name | Enabled |
>>> +----------------------------------+---------------+---------+
>>> | 092135b9f71d4070aaa1202205271936 | openstackDemo | True |
>>> | a5865417a9e144f68c4777925cc56033 | service | True |
>>> +----------------------------------+---------------+---------+
>>>
>>> In the ini-s, I set:
>>> [filter:authtoken]
>>> ...
>>> admin_tenant_name = service
>>> admin_user = glance
>>> admin_password = glance
>>>
>>> Now $ glance add name="tty-linux-kernel" disk_format=aki
>>> container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
>>> Failed to add image. Got error:
>>> You are not authorized to complete this action.
>>> Details: 401 Unauthorized
>>>
>>> This server could not verify that you are authorized to access the
>>> document you requested. Either you supplied the wrong credentials
>>> (e.g., bad password), or your browser does not understand how to
>>> supply the credentials required.
>>>
>>> Authentication required
>>> Note: Your image metadata may still be in the registry, but the
>>> image's status will likely be 'killed'.
>>>
>>> What should I do?
>>> --
>>> 竹密岂妨流水过
>>> 山高哪阻野云飞
>>>
>>> And for G+, please use magiclouds#gmail.com.
>>
>>
>>
>> --
>> 竹密岂妨流水过
>> 山高哪阻野云飞
>>
>> And for G+, please use magiclouds#gmail.com.
>> _______________________________________________
>> Openstack-operators mailing list
>> Openstack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
--
竹密岂妨流水过
山高哪阻野云飞
And for G+, please use magiclouds#gmail.com.
More information about the Openstack-operators
mailing list