[Openstack-operators] Glance authorizing problem.
Magicloud Magiclouds
magicloud.magiclouds at gmail.com
Sun Apr 1 09:30:16 UTC 2012
Alright, following some posts on internet, I `export
OS_AUTH_STRATEGY=keystone`. And now I get another error message:
glance index
Failed to show index. Got error:
Connect error/bad request to Auth service at URL
http://10.9.1.127:5000/v2.0/tokens.
And this URL is valid when using curl -d to test.
On Sun, Apr 1, 2012 at 5:06 PM, Magicloud Magiclouds
<magicloud.magiclouds at gmail.com> wrote:
> When trying glance index, this is what I found in api.log
> 2012-04-01 17:04:03 15932 DEBUG
> [glance.api.middleware.version_negotiation] Processing request: GET
> /v1/images Accept:
> 2012-04-01 17:04:03 15932 DEBUG
> [glance.api.middleware.version_negotiation] Matched versioned URI.
> Version: 1.0
> 2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
> entering AuthProtocol.__call__
> 2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
> Looking for authentication claims in _get_claims
> 2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token] No
> claims provided
> 2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
> Rejecting request - authentication required
> 2012-04-01 17:04:03 15932 DEBUG [eventlet.wsgi.server] 127.0.0.1 -
> - [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
> 0.000980
> 2012-04-01 17:04:03 15932 DEBUG
> [glance.api.middleware.version_negotiation] Processing request: GET
> /v1/images Accept:
> 2012-04-01 17:04:03 15932 DEBUG
> [glance.api.middleware.version_negotiation] Matched versioned URI.
> Version: 1.0
> 2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
> entering AuthProtocol.__call__
> 2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
> Looking for authentication claims in _get_claims
> 2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token] No
> claims provided
> 2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
> Rejecting request - authentication required
> 2012-04-01 17:04:03 15932 DEBUG [eventlet.wsgi.server] 127.0.0.1 -
> - [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
> 0.000840
>
> On Sun, Apr 1, 2012 at 4:22 PM, Magicloud Magiclouds
> <magicloud.magiclouds at gmail.com> wrote:
>> So by token, is it this one "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>> for user glance? Or I should get one for adminUser?
>>
>>> "access": {
>>> "token": {
>>> "expires": "2012-04-02T15:43:56",
>>> "id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>>
>> On Sun, Apr 1, 2012 at 4:08 PM, Pranav Saxena <pranav.saxena at citrix.com> wrote:
>>> Hi ,
>>>
>>> I guess while uploading the image to the glance database , you need to use an authentication token because of keystone service in picture.You can check the keystone database for the authentication token or create one and assign it to the respective tenant. Then you can try out the following command :
>>>
>>> $ glance --verbose add name="My Image" is_public=true < /tmp/ubuntu-lucid.img --host=os-vpx-F2-B6-B4-B4-18-54 --auth_token=999888777666
>>> Added new image with ID: 4
>>> Returned the following metadata for the new image:
>>> checksum => d3e6de1d493e06366c8e4a2e745d35dd
>>> container_format => ovf
>>> created_at => 2011-09-15T10:55:46
>>> deleted => False
>>> deleted_at => None
>>> disk_format => raw
>>> id => 4
>>> is_public => True
>>> location => file:///var/lib/glance/images/4
>>> name => My Image
>>> owner => Administrator
>>> properties => {}
>>> size => 524288000
>>> status => active
>>> updated_at => 2011-09-15T10:56:20
>>> Completed in 34.2059 sec.
>>>
>>> This worked for me.
>>>
>>> Cheers,
>>> Pranav .
>>> Openstack Dev| Citrix R&D
>>> -----Original Message-----
>>> From: openstack-operators-bounces at lists.openstack.org [mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of Magicloud Magiclouds
>>> Sent: Sunday, April 01, 2012 1:32 PM
>>> To: openstack-operators at lists.openstack.org
>>> Subject: Re: [Openstack-operators] Glance authorizing problem.
>>>
>>> Sorry, forgot to mention that all OpenStack components are from Debian testing.
>>>
>>> On Sun, Apr 1, 2012 at 4:00 PM, Magicloud Magiclouds <magicloud.magiclouds at gmail.com> wrote:
>>>> Hi,
>>>> Just following
>>>> http://docs.openstack.org/trunk/openstack-compute/install/content/inde
>>>> x.html to start my journal. And now I am stuck at step "Verifying the
>>>> Image Service Installation".
>>>>
>>>> First of all, $ keystone-manage create_user --tenant-id
>>>> a5865417a9e144f68c4777925cc56033 --name glance --password glance
>>>> worked.
>>>>
>>>> Then $ curl -d '{"auth": {"tenantName": "service",
>>>> "passwordCredentials":{"username": "glance", "password": "glance"}}}'
>>>> -H "Content-type: application/json"
>>>> http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
>>>> % Total % Received % Xferd Average Speed Time Time Time
>>>> Current
>>>> Dload Upload Total Spent Left
>>>> Speed
>>>> 100 514 100 411 100 103 7208 1806 --:--:-- --:--:--
>>>> --:--:-- 7339 {
>>>> "access": {
>>>> "token": {
>>>> "expires": "2012-04-02T15:43:56",
>>>> "id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>>>> "tenant": {
>>>> "id": "a5865417a9e144f68c4777925cc56033",
>>>> "name": "service"
>>>> },
>>>> "tenants": [
>>>> {
>>>> "id": "a5865417a9e144f68c4777925cc56033",
>>>> "name": "service"
>>>> }
>>>> ]
>>>> },
>>>> "user": {
>>>> "id": "77cbea8dae384185a3dc90c80507c5a3",
>>>> "name": "glance",
>>>> "roles": [
>>>> {
>>>> "id": "1",
>>>> "name": "Admin",
>>>> "tenantId": "a5865417a9e144f68c4777925cc56033"
>>>> }
>>>> ]
>>>> }
>>>> }
>>>> }
>>>>
>>>> And $ keystone-manage list_tenants
>>>> +----------------------------------+---------------+---------+
>>>> | ID | Name | Enabled |
>>>> +----------------------------------+---------------+---------+
>>>> | 092135b9f71d4070aaa1202205271936 | openstackDemo | True |
>>>> | a5865417a9e144f68c4777925cc56033 | service | True |
>>>> +----------------------------------+---------------+---------+
>>>>
>>>> In the ini-s, I set:
>>>> [filter:authtoken]
>>>> ...
>>>> admin_tenant_name = service
>>>> admin_user = glance
>>>> admin_password = glance
>>>>
>>>> Now $ glance add name="tty-linux-kernel" disk_format=aki
>>>> container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
>>>> Failed to add image. Got error:
>>>> You are not authorized to complete this action.
>>>> Details: 401 Unauthorized
>>>>
>>>> This server could not verify that you are authorized to access the
>>>> document you requested. Either you supplied the wrong credentials
>>>> (e.g., bad password), or your browser does not understand how to
>>>> supply the credentials required.
>>>>
>>>> Authentication required
>>>> Note: Your image metadata may still be in the registry, but the
>>>> image's status will likely be 'killed'.
>>>>
>>>> What should I do?
>>>> --
>>>> 竹密岂妨流水过
>>>> 山高哪阻野云飞
>>>>
>>>> And for G+, please use magiclouds#gmail.com.
>>>
>>>
>>>
>>> --
>>> 竹密岂妨流水过
>>> 山高哪阻野云飞
>>>
>>> And for G+, please use magiclouds#gmail.com.
>>> _______________________________________________
>>> Openstack-operators mailing list
>>> Openstack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>>
>> --
>> 竹密岂妨流水过
>> 山高哪阻野云飞
>>
>> And for G+, please use magiclouds#gmail.com.
>
>
>
> --
> 竹密岂妨流水过
> 山高哪阻野云飞
>
> And for G+, please use magiclouds#gmail.com.
--
竹密岂妨流水过
山高哪阻野云飞
And for G+, please use magiclouds#gmail.com.
More information about the Openstack-operators
mailing list