[Openstack] Auth issue with glance

Erich Weiler weiler at soe.ucsc.edu
Mon Mar 24 18:43:38 UTC 2014


Hi Y'all,

I'm trying to configure Glance on RedHat RDO Icehouse, but I'm getting 
an auth error when I try to upload an image to it.  On the client I'm 
trying to upload from, I see:

# glance -d image-create --name="CirrOS 0.3.1" --disk-format=qcow2 
--container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
curl -i -X POST -H 'x-image-meta-container_format: bare' -H 
'Transfer-Encoding: chunked' -H 'User-Agent: python-glanceclient' -H 
'x-image-meta-size: 13147648' -H 'x-image-meta-is_public: True' -H 
'X-Auth-Token: <...removed token...>' -H 'Content-Type: 
application/octet-stream' -H 'x-image-meta-disk_format: qcow2' -H 
'x-image-meta-name: CirrOS 0.3.1' -d '<open file '<stdin>', mode 'r' at 
0x7f49edd5d0c0>' https://my-public-server.com:9292/v1/images

HTTP/1.1 500 Internal Server Error
date: Mon, 24 Mar 2014 18:34:03 GMT
content-length: 0
content-type: text/plain
connection: close

Request returned failure status.
HTTPInternalServerError (HTTP 500)

I've launched glance-api in debug mode on the server side, and I see 
this when the above command is run:

2014-03-24 11:36:14.202 14543 DEBUG 
glance.api.middleware.version_negotiation [-] Determining version of 
request: POST /v1/images Accept:  process_request 
/usr/lib/python2.6/site-packages/glance/api/middleware/version_negotiation.py:44
2014-03-24 11:36:14.203 14543 DEBUG 
glance.api.middleware.version_negotiation [-] Using url versioning 
process_request 
/usr/lib/python2.6/site-packages/glance/api/middleware/version_negotiation.py:57
2014-03-24 11:36:14.203 14543 DEBUG 
glance.api.middleware.version_negotiation [-] Matched version: v1 
process_request 
/usr/lib/python2.6/site-packages/glance/api/middleware/version_negotiation.py:69
2014-03-24 11:36:14.204 14543 DEBUG 
glance.api.middleware.version_negotiation [-] new path /v1/images 
process_request 
/usr/lib/python2.6/site-packages/glance/api/middleware/version_negotiation.py:70
2014-03-24 11:36:14.204 14543 DEBUG keystoneclient.middleware.auth_token 
[-] Authenticating user token __call__ 
/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:558
2014-03-24 11:36:14.205 14543 DEBUG keystoneclient.middleware.auth_token 
[-] Removing headers from request environment: 
X-Identity-Status,X-Domain-Id,X-Domain-Name,X-Project-Id,X-Project-Name,X-Project-Domain-Id,X-Project-Domain-Name,X-User-Id,X-User-Name,X-User-Domain-Id,X-User-Domain-Name,X-Roles,X-Service-Catalog,X-User,X-Tenant-Id,X-Tenant-Name,X-Tenant,X-Role 
_remove_auth_headers 
/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:617
2014-03-24 11:36:14.226 14543 INFO urllib3.connectionpool [-] Starting 
new HTTP connection (1): genome-cloud-0-10.kilokluster.ucsc.edu
2014-03-24 11:36:14.339 14543 DEBUG urllib3.connectionpool [-] "POST 
/v2.0/tokens HTTP/1.1" 200 3446 _make_request 
/usr/lib/python2.6/site-packages/urllib3/connectionpool.py:295
2014-03-24 11:36:14.382 14543 INFO urllib3.connectionpool [-] Starting 
new HTTP connection (1): genome-cloud-0-10.kilokluster.ucsc.edu
2014-03-24 11:36:14.422 14543 DEBUG urllib3.connectionpool [-] "GET 
/v2.0/tokens/revoked HTTP/1.1" 200 686 _make_request 
/usr/lib/python2.6/site-packages/urllib3/connectionpool.py:295
2014-03-24 11:36:14.433 14543 INFO urllib3.connectionpool [-] Starting 
new HTTP connection (1): genome-cloud-0-10.kilokluster.ucsc.edu
2014-03-24 11:36:14.439 14543 DEBUG urllib3.connectionpool [-] "GET 
/v2.0/certificates/signing HTTP/1.1" 200 4251 _make_request 
/usr/lib/python2.6/site-packages/urllib3/connectionpool.py:295
2014-03-24 11:36:14.451 14543 INFO urllib3.connectionpool [-] Starting 
new HTTP connection (1): genome-cloud-0-10.kilokluster.ucsc.edu
2014-03-24 11:36:14.455 14543 DEBUG urllib3.connectionpool [-] "GET 
/v2.0/certificates/ca HTTP/1.1" 200 1277 _make_request 
/usr/lib/python2.6/site-packages/urllib3/connectionpool.py:295
2014-03-24 11:36:14.476 14543 DEBUG keystoneclient.middleware.auth_token 
[-] Storing 326d8c391f19d07c9f5a69d40da33f0a token in memcache 
_cache_put 
/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:1061
2014-03-24 11:36:14.477 14543 DEBUG keystoneclient.middleware.auth_token 
[-] Received request from user: f8fdf7f84ad34c439c4075b5e3720211 with 
project_id : f7e61747885045d8b266a161310c0094 and roles: _member_ 
_build_user_headers 
/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py:922
2014-03-24 11:36:14.487 14543 DEBUG routes.middleware [-] Matched POST 
/images __call__ 
/usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/middleware.py:100
2014-03-24 11:36:14.487 14543 DEBUG routes.middleware [-] Route path: 
'/images', defaults: {'action': u'create', 'controller': 
<glance.common.wsgi.Resource object at 0x34c7450>} __call__ 
/usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/middleware.py:102
2014-03-24 11:36:14.487 14543 DEBUG routes.middleware [-] Match dict: 
{'action': u'create', 'controller': <glance.common.wsgi.Resource object 
at 0x34c7450>} __call__ 
/usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/middleware.py:103
2014-03-24 11:36:14.488 14543 DEBUG glance.registry.client.v1.api 
[3f58e73a-6eb0-4747-ab61-e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e3720211 
f7e61747885045d8b266a161310c0094] Adding image metadata... 
add_image_metadata 
/usr/lib/python2.6/site-packages/glance/registry/client/v1/api.py:159
2014-03-24 11:36:14.488 14543 DEBUG glance.common.client 
[3f58e73a-6eb0-4747-ab61-e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e3720211 
f7e61747885045d8b266a161310c0094] Constructed URL: 
http://0.0.0.0:9191/images _construct_url 
/usr/lib/python2.6/site-packages/glance/common/client.py:407
2014-03-24 11:36:14.556 14543 DEBUG glance.common.client 
[3f58e73a-6eb0-4747-ab61-e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e3720211 
f7e61747885045d8b266a161310c0094] Constructed URL: 
http://0.0.0.0:9191/images _construct_url 
/usr/lib/python2.6/site-packages/glance/common/client.py:407
2014-03-24 11:36:14.560 14543 INFO glance.registry.client.v1.client 
[3f58e73a-6eb0-4747-ab61-e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e3720211 
f7e61747885045d8b266a161310c0094] Registry client request POST /images 
raised NotAuthenticated
2014-03-24 11:36:14.564 14543 INFO glance.wsgi.server 
[3f58e73a-6eb0-4747-ab61-e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e3720211 
f7e61747885045d8b266a161310c0094] Traceback (most recent call last):
   File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 382, 
in handle_one_response
     result = self.application(self.environ, start_response)
   File "/usr/lib/python2.6/site-packages/webob/dec.py", line 130, in 
__call__
     resp = self.call_func(req, *args, **self.kwargs)
   File "/usr/lib/python2.6/site-packages/webob/dec.py", line 195, in 
call_func
     return self.func(req, *args, **kwargs)
   File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 
372, in __call__
     response = req.get_response(self.application)
   File "/usr/lib/python2.6/site-packages/webob/request.py", line 1296, 
in send
     application, catch_exc_info=False)
   File "/usr/lib/python2.6/site-packages/webob/request.py", line 1260, 
in call_application
     app_iter = application(self.environ, start_response)
   File 
"/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", 
line 571, in __call__
     return self.app(env, start_response)
   File "/usr/lib/python2.6/site-packages/webob/dec.py", line 130, in 
__call__
     resp = self.call_func(req, *args, **self.kwargs)
   File "/usr/lib/python2.6/site-packages/webob/dec.py", line 195, in 
call_func
     return self.func(req, *args, **kwargs)
   File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 
372, in __call__
     response = req.get_response(self.application)
   File "/usr/lib/python2.6/site-packages/webob/request.py", line 1296, 
in send
     application, catch_exc_info=False)
   File "/usr/lib/python2.6/site-packages/webob/request.py", line 1260, 
in call_application
     app_iter = application(self.environ, start_response)
   File "/usr/lib/python2.6/site-packages/paste/urlmap.py", line 203, in 
__call__
     return app(environ, start_response)
   File "/usr/lib/python2.6/site-packages/webob/dec.py", line 144, in 
__call__
     return resp(environ, start_response)
   File 
"/usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/middleware.py", 
line 131, in __call__
     response = self.app(environ, start_response)
   File "/usr/lib/python2.6/site-packages/webob/dec.py", line 144, in 
__call__
     return resp(environ, start_response)
   File "/usr/lib/python2.6/site-packages/webob/dec.py", line 130, in 
__call__
     resp = self.call_func(req, *args, **self.kwargs)
   File "/usr/lib/python2.6/site-packages/webob/dec.py", line 195, in 
call_func
     return self.func(req, *args, **kwargs)
   File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 
604, in __call__
     request, **action_args)
   File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 
623, in dispatch
     return method(*args, **kwargs)
   File "/usr/lib/python2.6/site-packages/glance/common/utils.py", line 
435, in wrapped
     return func(self, req, *args, **kwargs)
   File "/usr/lib/python2.6/site-packages/glance/api/v1/images.py", line 
781, in create
     image_meta = self._reserve(req, image_meta)
   File "/usr/lib/python2.6/site-packages/glance/api/v1/images.py", line 
514, in _reserve
     image_meta = registry.add_image_metadata(req.context, image_meta)
   File 
"/usr/lib/python2.6/site-packages/glance/registry/client/v1/api.py", 
line 161, in add_image_metadata
     return c.add_image(image_meta)
   File 
"/usr/lib/python2.6/site-packages/glance/registry/client/v1/client.py", 
line 163, in add_image
     res = self.do_request("POST", "/images", body=body, headers=headers)
   File 
"/usr/lib/python2.6/site-packages/glance/registry/client/v1/client.py", 
line 107, in do_request
     **kwargs)
   File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 
65, in wrapped
     return func(self, *args, **kwargs)
   File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 
382, in do_request
     headers=copy.deepcopy(headers))
   File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 
79, in wrapped
     return func(self, method, url, body, headers)
   File "/usr/lib/python2.6/site-packages/glance/common/client.py", line 
523, in _do_request
     raise exception.NotAuthenticated(res.read())
NotAuthenticated: Authentication required


2014-03-24 11:36:14.967 14543 INFO glance.wsgi.server 
[3f58e73a-6eb0-4747-ab61-e8b81fbe55d3 f8fdf7f84ad34c439c4075b5e3720211 
f7e61747885045d8b266a161310c0094] 111.213.225.79,10.1.1.137 - - 
[24/Mar/2014 11:36:14] "POST /v1/images HTTP/1.1" 500 139 0.765716

So I see some Auth errors in that, but I can't tell _what_ kind of Auth 
errors they are.  User auth errors from the user uploading the file? 
Service Auth errors from the glance service trying to auth to keystone? 
  QPID auth errors?

Can anyone see what's wrong?  Then I can better debug where my problem 
is...  I've confirmed the user can auth ok with "keystone token-get'", 
that seems OK, I have the service user in keystone, not sure where it's 
failing...

keystone logs don't really show anything other than:

2014-03-24 11:41:52.420 16503 WARNING keystone.common.wsgi [-] 
Authorization failed. The request you have made requires authentication. 
from 10.1.1.148

Where 10.1.1.148 is the glance-api server on my internal network.

Thanks for any hints!!

-erich




More information about the Openstack mailing list