[Openstack] glance keystone authentication problem
Shashi Kanth Boddula
shashi.bsd at gmail.com
Sat May 12 17:01:24 UTC 2012
# keystone user-list
+----------------------------------+---------+-------+--------+
| id | enabled | email | name |
+----------------------------------+---------+-------+--------+
| 76a3cb1e5e7a427d8272838fc0a759fc | True | None | nova |
| a19e7f6975984e7fa6c8774d688d690b | True | None | admin |
| c92f9e064b884d5c8c140c98c4bb5fe2 | True | None | swift |
| ebc043e91a304342ac091854b05a383b | True | None | glance |
+----------------------------------+---------+-------+--------+
# glance index
Failed to show index. Got error:
You are not authenticated.
Details: 401 Unauthorized
This server could not verify that you are authorized to access the document
you requested. Either you supplied the wrong credentials (e.g., bad
password), or your browser does not understand how to supply the
credentials required.
Authentication required
# keystone --os_username=glance --os_password=glance
--os_tenant_name=service --os_auth_url=http://127.0.0.1:35357/v2.0 token-get
'Client' object has no attribute 'service_catalog'
But i am not getting this problem if i specify admin_token and auth_token
in api/registry file
admin_token = 012345SECRET99TOKEN012345
auth_token = 012345SECRET99TOKEN012345
If i add the above two lines, then it started working.
The same case with swift also, "swift stat" command was not working, but if
i add the above two lines, then it started working.
But the openstack documents did not specify to add these lines in glance
and swift config files.
What could be the problem ?
Thanks in advance.
On Sat, May 12, 2012 at 4:24 PM, Dolph Mathews <dolph.mathews at gmail.com>wrote:
> I think the key is this line:
>
> 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token]
> Keystone rejected admin token {'X-Auth-Token': u'
> 6f220a2e7e324bf4bd7a96040f364316'}, resetting
>
> It looks like your auth_token middleware isn't properly authenticating
> itself with keystone. Verify that you can receive an admin token from the
> admin endpoint using whatever credentials you've configured the auth_token
> middleware to use via [filter:authtoken], (notice I'm using the admin
> endpoint here):
>
> $ keystone --os_username=glance --os_password=glance --os_tenant=service
> --os_auth_url=http://127.0.0.1:35357/v2.0 token-get
>
> I'm guessing this authentication is either failing, or doesn't have the
> necessary admin privileges to validate other tokens? As shake.chen points
> out, user-list will probably fail for this reason.
>
> -Dolph
>
>
> On Sat, May 12, 2012 at 3:03 AM, Shake Chen <shake.chen at gmail.com> wrote:
>
>> you can check your keystone whether work correctly.
>>
>> keystone user-list
>>
>>
>>
>> On Fri, May 11, 2012 at 12:42 PM, Shashi Kanth Boddula <
>> shashi.bsd at gmail.com> wrote:
>>
>>> Ubuntu 12.04 Essex.
>>>
>>> # glance index
>>> Failed to show index. Got error:
>>> You are not authenticated.
>>> Details: 401 Unauthorized
>>>
>>> This server could not verify that you are authorized to access the
>>> document you requested. Either you supplied the wrong credentials (e.g.,
>>> bad password), or your browser does not understand how to supply the
>>> credentials required.
>>>
>>> Authentication required
>>>
>>> # glance --os_username=glance --os_password=glance --os_tenant=service
>>> --os_auth_url=http://127.0.0.1:5000/v2.0 index
>>>
>>> Failed to show index. Got error:
>>> You are not authenticated.
>>> Details: 401 Unauthorized
>>>
>>> This server could not verify that you are authorized to access the
>>> document you requested. Either you supplied the wrong credentials (e.g.,
>>> bad password), or your browser does not understand how to supply the
>>> credentials required.
>>>
>>> Authentication required
>>>
>>>
>>> ---------------------------------------
>>>
>>> In the keystone log file i see the error bellow.
>>>
>>>
>>> 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token]
>>> Retrying validation
>>> 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token]
>>> Keystone rejected admin token {'X-Auth-Token':
>>> u'6f220a2e7e324bf4bd7a96040f364316'}, resetting
>>> 2012-05-11 10:03:11 18461 WARNING [keystone.middleware.auth_token]
>>> Invalid user token: 238dc305de1e418b8b81bee4f648f984. Keystone response:
>>> {u'error': {u'message': u'The request you have made requires
>>> authentication.', u'code': 401, u'title': u'Not Authorized'}}.
>>> 2012-05-11 10:03:11 18461 INFO [keystone.middleware.auth_token]
>>> Invalid user token - rejecting request
>>>
>>>
>>>
>>> Not understanding where could be the problem.
>>>
>>> glace user is mapped to admin role in the service tenant.
>>>
>>> glance endpoint is created.
>>>
>>> I have specified glance user name, password and the service tenant in
>>> glance-api/registry files, and keystone authentication specified.
>>>
>>>
>>> Anyone tell me what could be the problem? Thank you.
>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>> Shashi Kanth
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to : openstack at lists.launchpad.net
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Shake Chen
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
--
Thanks & Regards,
Shashi Kanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120512/93e2962d/attachment.html>
More information about the Openstack
mailing list