[Openstack] Glance authentication with Keystone woes...

Jay Pipes jaypipes at gmail.com
Wed Feb 1 00:48:13 UTC 2012


On 01/31/2012 06:28 PM, Lillie Ross-CDSR11 wrote:
> I'm reinstalling the various Openstack services from packages in the
> ManagedIT PPA to pull in the latest Diablo bug fixes. I'm following the
> latest directions in the newly release installation guide as I perform
> these upgrades
> (http://docs.openstack.org/diablo/openstack-compute/install/content/index.html).
>
> However, I'm having trouble getting Glance to authenticate with
> Keystone. All config files have been copied from the examples posted in
> the installation guide (and modified accordingly for my admin token, IP
> addresses, etc.). Regardless, I continually get the following error
> message and stack dump when trying to verify the Glance/Keystone
> integration:
>
> Step 1: Grab a token
>
> # curl -d '{"auth": {"tenantName": "default",
> "passwordCredentials":{"username": "admin", "password": "admin"}}}' -H
> "Content-type: application/json" http://173.23.181.1:35357/v2.0/tokens |
> python -mjson.tool
>
> ...
> "token": {
> "expires": "2012-02-01T15:24:33",
> "id": "fa89fb9a-60d2-4921-b12d-6aee1c177823",
> "tenant": {
> "id": "1",
> "name": "default"
> }
> }

You're going to want to grab a long-lived token (sometimes called a 
service token) to use for the Glance API <-> Glance Registry connection. 
This service token should be used in the glance-registry.conf file.

In glance-registry.conf, you'll see a section looking like this:

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_token = 999888777666

Replace admin_token = 999888777666 with the relevant long-lived service 
token.

Cheers!
-jay


> Step 2: Try a Glance command
>
> # glance details -A fa89fb9a-60d2-4921-b12d-6aee1c177823
> Failed to show details. Got error:
> Internal Server error: Traceback (most recent call last):
> File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in
> handle_one_response
> result = self.application(self.environ, start_response)
> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
> resp = self.call_func(req, *args, **self.kwargs)
> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
> return self.func(req, *args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line 113,
> in __call__
> response = req.get_response(self.application)
> File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in
> get_response
> application, catch_exc_info=False)
> File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in
> call_application
> app_iter = application(self.environ, start_response)
> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
> resp = self.call_func(req, *args, **self.kwargs)
> File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
> return self.func(req, *args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line 110,
> in __call__
> response = self.process_request(req)
> File "/usr/lib/python2.7/dist-packages/glance/common/context.py", line
> 104, in process_request
> raise exception.NotAuthorized()
> NotAuthorized: None
>
>  From the Glance api.log file we see the following (with the traceback
> identical to above removed):
>
> 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation]
> Processing request: GET /v1/images/detail Accept:
> 2012-01-31 17:14:30 DEBUG [glance.api.middleware.version_negotiation]
> Matched versioned URI. Version: 1.0
> 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] Traceback (most recent
> call last):
> ? (traceback removed)
> 2012-01-31 17:14:30 DEBUG [eventlet.wsgi.server] 127.0.0.1 - -
> [31/Jan/2012 17:14:30] "GET /v1/images/detail?limit=10 HTTP/1.1" 500
> 1528 0.001163
>
> This is probably a config blunder on my part, but I've poured over the
> config files numerous times. Regardless, I've attached the glance-api
> and registry conf files.
>
> Any suggestions?
>
> Regards,
> Ross
>
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp




More information about the Openstack mailing list