Mailing List Archive: OpenStack: Operators

Glance authorizing problem.

Index | Next | Previous | View Threaded

magicloud.magiclouds at gmail

Apr 1, 2012, 1:00 AM

Post #1 of 6 (937 views)
Permalink

Glance authorizing problem.

Hi,
Just following
http://docs.openstack.org/trunk/openstack-compute/install/content/index.html
to start my journal. And now I am stuck at step "Verifying the Image
Service Installation".

First of all, $ keystone-manage create_user --tenant-id
a5865417a9e144f68c4777925cc56033 --name glance --password glance
worked.

Then $ curl -d '{"auth": {"tenantName": "service",
"passwordCredentials":{"username": "glance", "password": "glance"}}}'
-H "Content-type: application/json"
http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 514 100 411 100 103 7208 1806 --:--:-- --:--:-- --:--:-- 7339
{
"access": {
"token": {
"expires": "2012-04-02T15:43:56",
"id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
"tenant": {
"id": "a5865417a9e144f68c4777925cc56033",
"name": "service"
},
"tenants": [
{
"id": "a5865417a9e144f68c4777925cc56033",
"name": "service"
}
]
},
"user": {
"id": "77cbea8dae384185a3dc90c80507c5a3",
"name": "glance",
"roles": [
{
"id": "1",
"name": "Admin",
"tenantId": "a5865417a9e144f68c4777925cc56033"
}
]
}
}
}

And $ keystone-manage list_tenants
+----------------------------------+---------------+---------+
| ID | Name | Enabled |
+----------------------------------+---------------+---------+
| 092135b9f71d4070aaa1202205271936 | openstackDemo | True |
| a5865417a9e144f68c4777925cc56033 | service | True |
+----------------------------------+---------------+---------+

In the ini-s, I set:
[filter:authtoken]
...
admin_tenant_name = service
admin_user = glance
admin_password = glance

Now $ glance add name="tty-linux-kernel" disk_format=aki
container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
Failed to add image. Got error:
You are not authorized to complete this action.
Details: 401 Unauthorized

This server could not verify that you are authorized to access the
document you requested. Either you supplied the wrong credentials
(e.g., bad password), or your browser does not understand how to
supply the credentials required.

Authentication required
Note: Your image metadata may still be in the registry, but the
image's status will likely be 'killed'.

What should I do?
--
???????
???????

And for G+, please use magiclouds#gmail.com.

magicloud.magiclouds at gmail

Apr 1, 2012, 1:02 AM

Post #2 of 6 (929 views)
Permalink

Glance authorizing problem. [In reply to]

Sorry, forgot to mention that all OpenStack components are from Debian testing.

On Sun, Apr 1, 2012 at 4:00 PM, Magicloud Magiclouds
<magicloud.magiclouds at gmail.com> wrote:
> Hi,
> ?Just following
> http://docs.openstack.org/trunk/openstack-compute/install/content/index.html
> to start my journal. And now I am stuck at step "Verifying the Image
> Service Installation".
>
> ?First of all, $ keystone-manage create_user --tenant-id
> a5865417a9e144f68c4777925cc56033 --name glance --password glance
> worked.
>
> ?Then $ curl -d '{"auth": {"tenantName": "service",
> "passwordCredentials":{"username": "glance", "password": "glance"}}}'
> -H "Content-type: application/json"
> http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
> ?% Total ? ?% Received % Xferd ?Average Speed ? Time ? ?Time ? ? Time ?Current
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Dload ?Upload ? Total ? Spent ? ?Left ?Speed
> 100 ? 514 ?100 ? 411 ?100 ? 103 ? 7208 ? 1806 --:--:-- --:--:-- --:--:-- ?7339
> {
> ? ?"access": {
> ? ? ? ?"token": {
> ? ? ? ? ? ?"expires": "2012-04-02T15:43:56",
> ? ? ? ? ? ?"id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
> ? ? ? ? ? ?"tenant": {
> ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
> ? ? ? ? ? ? ? ?"name": "service"
> ? ? ? ? ? ?},
> ? ? ? ? ? ?"tenants": [.
> ? ? ? ? ? ? ? ?{
> ? ? ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
> ? ? ? ? ? ? ? ? ? ?"name": "service"
> ? ? ? ? ? ? ? ?}
> ? ? ? ? ? ?]
> ? ? ? ?},
> ? ? ? ?"user": {
> ? ? ? ? ? ?"id": "77cbea8dae384185a3dc90c80507c5a3",
> ? ? ? ? ? ?"name": "glance",
> ? ? ? ? ? ?"roles": [.
> ? ? ? ? ? ? ? ?{
> ? ? ? ? ? ? ? ? ? ?"id": "1",
> ? ? ? ? ? ? ? ? ? ?"name": "Admin",
> ? ? ? ? ? ? ? ? ? ?"tenantId": "a5865417a9e144f68c4777925cc56033"
> ? ? ? ? ? ? ? ?}
> ? ? ? ? ? ?]
> ? ? ? ?}
> ? ?}
> }
>
> ?And $ keystone-manage list_tenants
> +----------------------------------+---------------+---------+
> | ? ? ? ? ? ? ? ?ID ? ? ? ? ? ? ? ?| ? ? ?Name ? ? | Enabled |
> +----------------------------------+---------------+---------+
> | 092135b9f71d4070aaa1202205271936 | openstackDemo | True ? ?|
> | a5865417a9e144f68c4777925cc56033 | service ? ? ? | True ? ?|
> +----------------------------------+---------------+---------+
>
> ?In the ini-s, I set:
> [filter:authtoken]
> ...
> admin_tenant_name = service
> admin_user = glance
> admin_password = glance
>
> ?Now $ glance add name="tty-linux-kernel" disk_format=aki
> container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
> Failed to add image. Got error:
> You are not authorized to complete this action.
> Details: 401 Unauthorized
>
> This server could not verify that you are authorized to access the
> document you requested. Either you supplied the wrong credentials
> (e.g., bad password), or your browser does not understand how to
> supply the credentials required.
>
> ?Authentication required
> Note: Your image metadata may still be in the registry, but the
> image's status will likely be 'killed'.
>
> ?What should I do?
> --
> ???????
> ???????
>
> And for G+, please use magiclouds#gmail.com.

--
???????
???????

And for G+, please use magiclouds#gmail.com.

pranav.saxena at citrix

Apr 1, 2012, 1:08 AM

Post #3 of 6 (932 views)
Permalink

Glance authorizing problem. [In reply to]

Hi ,

I guess while uploading the image to the glance database , you need to use an authentication token because of keystone service in picture.You can check the keystone database for the authentication token or create one and assign it to the respective tenant. Then you can try out the following command :

$ glance --verbose add name="My Image" is_public=true < /tmp/ubuntu-lucid.img --host=os-vpx-F2-B6-B4-B4-18-54 --auth_token=999888777666
Added new image with ID: 4
Returned the following metadata for the new image:
checksum => d3e6de1d493e06366c8e4a2e745d35dd
container_format => ovf
created_at => 2011-09-15T10:55:46
deleted => False
deleted_at => None
disk_format => raw
id => 4
is_public => True
location => file:///var/lib/glance/images/4
name => My Image
owner => Administrator
properties => {}
size => 524288000
status => active
updated_at => 2011-09-15T10:56:20
Completed in 34.2059 sec.

This worked for me.

Cheers,
Pranav .
Openstack Dev| Citrix R&D
-----Original Message-----
From: openstack-operators-bounces [at] lists [mailto:openstack-operators-bounces [at] lists] On Behalf Of Magicloud Magiclouds
Sent: Sunday, April 01, 2012 1:32 PM
To: openstack-operators at lists.openstack.org
Subject: Re: [Openstack-operators] Glance authorizing problem.

Sorry, forgot to mention that all OpenStack components are from Debian testing.

On Sun, Apr 1, 2012 at 4:00 PM, Magicloud Magiclouds <magicloud.magiclouds at gmail.com> wrote:
> Hi,
> ?Just following
> http://docs.openstack.org/trunk/openstack-compute/install/content/inde
> x.html to start my journal. And now I am stuck at step "Verifying the
> Image Service Installation".
>
> ?First of all, $ keystone-manage create_user --tenant-id
> a5865417a9e144f68c4777925cc56033 --name glance --password glance
> worked.
>
> ?Then $ curl -d '{"auth": {"tenantName": "service",
> "passwordCredentials":{"username": "glance", "password": "glance"}}}'
> -H "Content-type: application/json"
> http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
> ?% Total ? ?% Received % Xferd ?Average Speed ? Time ? ?Time ? ? Time ?
> Current
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Dload ?Upload ? Total ? Spent ? ?Left ?
> Speed
> 100 ? 514 ?100 ? 411 ?100 ? 103 ? 7208 ? 1806 --:--:-- --:--:--
> --:--:-- ?7339 {
> ? ?"access": {
> ? ? ? ?"token": {
> ? ? ? ? ? ?"expires": "2012-04-02T15:43:56",
> ? ? ? ? ? ?"id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
> ? ? ? ? ? ?"tenant": {
> ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
> ? ? ? ? ? ? ? ?"name": "service"
> ? ? ? ? ? ?},
> ? ? ? ? ? ?"tenants": [.
> ? ? ? ? ? ? ? ?{
> ? ? ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
> ? ? ? ? ? ? ? ? ? ?"name": "service"
> ? ? ? ? ? ? ? ?}
> ? ? ? ? ? ?]
> ? ? ? ?},
> ? ? ? ?"user": {
> ? ? ? ? ? ?"id": "77cbea8dae384185a3dc90c80507c5a3",
> ? ? ? ? ? ?"name": "glance",
> ? ? ? ? ? ?"roles": [.
> ? ? ? ? ? ? ? ?{
> ? ? ? ? ? ? ? ? ? ?"id": "1",
> ? ? ? ? ? ? ? ? ? ?"name": "Admin",
> ? ? ? ? ? ? ? ? ? ?"tenantId": "a5865417a9e144f68c4777925cc56033"
> ? ? ? ? ? ? ? ?}
> ? ? ? ? ? ?]
> ? ? ? ?}
> ? ?}
> }
>
> ?And $ keystone-manage list_tenants
> +----------------------------------+---------------+---------+
> | ? ? ? ? ? ? ? ?ID ? ? ? ? ? ? ? ?| ? ? ?Name ? ? | Enabled |
> +----------------------------------+---------------+---------+
> | 092135b9f71d4070aaa1202205271936 | openstackDemo | True ? ?|
> | a5865417a9e144f68c4777925cc56033 | service ? ? ? | True ? ?|
> +----------------------------------+---------------+---------+
>
> ?In the ini-s, I set:
> [filter:authtoken]
> ...
> admin_tenant_name = service
> admin_user = glance
> admin_password = glance
>
> ?Now $ glance add name="tty-linux-kernel" disk_format=aki
> container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
> Failed to add image. Got error:
> You are not authorized to complete this action.
> Details: 401 Unauthorized
>
> This server could not verify that you are authorized to access the
> document you requested. Either you supplied the wrong credentials
> (e.g., bad password), or your browser does not understand how to
> supply the credentials required.
>
> ?Authentication required
> Note: Your image metadata may still be in the registry, but the
> image's status will likely be 'killed'.
>
> ?What should I do?
> --
> ???????
> ???????
>
> And for G+, please use magiclouds#gmail.com.

--
???????
???????

And for G+, please use magiclouds#gmail.com.
_______________________________________________
Openstack-operators mailing list
Openstack-operators at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

magicloud.magiclouds at gmail

Apr 1, 2012, 1:22 AM

Post #4 of 6 (933 views)
Permalink

Glance authorizing problem. [In reply to]

So by token, is it this one "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
for user glance? Or I should get one for adminUser?

> "access": {
> "token": {
> "expires": "2012-04-02T15:43:56",
> "id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",

On Sun, Apr 1, 2012 at 4:08 PM, Pranav Saxena <pranav.saxena at citrix.com> wrote:
> Hi ,
>
> I guess while uploading the image to the glance database , you need to use an authentication token because of keystone service in picture.You can check the keystone database for the authentication token or create one and assign it to the respective tenant. Then you can try out the following command :
>
> $ glance --verbose add name="My Image" is_public=true < /tmp/ubuntu-lucid.img --host=os-vpx-F2-B6-B4-B4-18-54 --auth_token=999888777666
> Added new image with ID: 4
> Returned the following metadata for the new image:
> ? ? ? ? ? ? ? ? ? ? ? checksum => d3e6de1d493e06366c8e4a2e745d35dd
> ? ? ? ? ? ? ? container_format => ovf
> ? ? ? ? ? ? ? ? ? ? created_at => 2011-09-15T10:55:46
> ? ? ? ? ? ? ? ? ? ? ? ?deleted => False
> ? ? ? ? ? ? ? ? ? ? deleted_at => None
> ? ? ? ? ? ? ? ? ? ?disk_format => raw
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? id => 4
> ? ? ? ? ? ? ? ? ? ? ?is_public => True
> ? ? ? ? ? ? ? ? ? ? ? location => file:///var/lib/glance/images/4
> ? ? ? ? ? ? ? ? ? ? ? ? ? name => My Image
> ? ? ? ? ? ? ? ? ? ? ? ? ?owner => Administrator
> ? ? ? ? ? ? ? ? ? ? properties => {}
> ? ? ? ? ? ? ? ? ? ? ? ? ? size => 524288000
> ? ? ? ? ? ? ? ? ? ? ? ? status => active
> ? ? ? ? ? ? ? ? ? ? updated_at => 2011-09-15T10:56:20
> Completed in 34.2059 sec.
>
> This worked for me.
>
> Cheers,
> Pranav .
> Openstack Dev| Citrix R&D
> -----Original Message-----
> From: openstack-operators-bounces at lists.openstack.org [mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of Magicloud Magiclouds
> Sent: Sunday, April 01, 2012 1:32 PM
> To: openstack-operators at lists.openstack.org
> Subject: Re: [Openstack-operators] Glance authorizing problem.
>
> Sorry, forgot to mention that all OpenStack components are from Debian testing.
>
> On Sun, Apr 1, 2012 at 4:00 PM, Magicloud Magiclouds <magicloud.magiclouds at gmail.com> wrote:
>> Hi,
>> ?Just following
>> http://docs.openstack.org/trunk/openstack-compute/install/content/inde
>> x.html to start my journal. And now I am stuck at step "Verifying the
>> Image Service Installation".
>>
>> ?First of all, $ keystone-manage create_user --tenant-id
>> a5865417a9e144f68c4777925cc56033 --name glance --password glance
>> worked.
>>
>> ?Then $ curl -d '{"auth": {"tenantName": "service",
>> "passwordCredentials":{"username": "glance", "password": "glance"}}}'
>> -H "Content-type: application/json"
>> http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
>> ?% Total ? ?% Received % Xferd ?Average Speed ? Time ? ?Time ? ? Time
>> Current
>> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Dload ?Upload ? Total ? Spent ? ?Left
>> Speed
>> 100 ? 514 ?100 ? 411 ?100 ? 103 ? 7208 ? 1806 --:--:-- --:--:--
>> --:--:-- ?7339 {
>> ? ?"access": {
>> ? ? ? ?"token": {
>> ? ? ? ? ? ?"expires": "2012-04-02T15:43:56",
>> ? ? ? ? ? ?"id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>> ? ? ? ? ? ?"tenant": {
>> ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
>> ? ? ? ? ? ? ? ?"name": "service"
>> ? ? ? ? ? ?},
>> ? ? ? ? ? ?"tenants": [.
>> ? ? ? ? ? ? ? ?{
>> ? ? ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
>> ? ? ? ? ? ? ? ? ? ?"name": "service"
>> ? ? ? ? ? ? ? ?}
>> ? ? ? ? ? ?]
>> ? ? ? ?},
>> ? ? ? ?"user": {
>> ? ? ? ? ? ?"id": "77cbea8dae384185a3dc90c80507c5a3",
>> ? ? ? ? ? ?"name": "glance",
>> ? ? ? ? ? ?"roles": [.
>> ? ? ? ? ? ? ? ?{
>> ? ? ? ? ? ? ? ? ? ?"id": "1",
>> ? ? ? ? ? ? ? ? ? ?"name": "Admin",
>> ? ? ? ? ? ? ? ? ? ?"tenantId": "a5865417a9e144f68c4777925cc56033"
>> ? ? ? ? ? ? ? ?}
>> ? ? ? ? ? ?]
>> ? ? ? ?}
>> ? ?}
>> }
>>
>> ?And $ keystone-manage list_tenants
>> +----------------------------------+---------------+---------+
>> | ? ? ? ? ? ? ? ?ID ? ? ? ? ? ? ? ?| ? ? ?Name ? ? | Enabled |
>> +----------------------------------+---------------+---------+
>> | 092135b9f71d4070aaa1202205271936 | openstackDemo | True ? ?|
>> | a5865417a9e144f68c4777925cc56033 | service ? ? ? | True ? ?|
>> +----------------------------------+---------------+---------+
>>
>> ?In the ini-s, I set:
>> [filter:authtoken]
>> ...
>> admin_tenant_name = service
>> admin_user = glance
>> admin_password = glance
>>
>> ?Now $ glance add name="tty-linux-kernel" disk_format=aki
>> container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
>> Failed to add image. Got error:
>> You are not authorized to complete this action.
>> Details: 401 Unauthorized
>>
>> This server could not verify that you are authorized to access the
>> document you requested. Either you supplied the wrong credentials
>> (e.g., bad password), or your browser does not understand how to
>> supply the credentials required.
>>
>> ?Authentication required
>> Note: Your image metadata may still be in the registry, but the
>> image's status will likely be 'killed'.
>>
>> ?What should I do?
>> --
>> ???????
>> ???????
>>
>> And for G+, please use magiclouds#gmail.com.
>
>
>
> --
> ???????
> ???????
>
> And for G+, please use magiclouds#gmail.com.
> _______________________________________________
> Openstack-operators mailing list
> Openstack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

--
???????
???????

And for G+, please use magiclouds#gmail.com.

magicloud.magiclouds at gmail

Apr 1, 2012, 2:06 AM

Post #5 of 6 (937 views)
Permalink

Glance authorizing problem. [In reply to]

When trying glance index, this is what I found in api.log
2012-04-01 17:04:03 15932 DEBUG
[glance.api.middleware.version_negotiation] Processing request: GET
/v1/images Accept:
2012-04-01 17:04:03 15932 DEBUG
[glance.api.middleware.version_negotiation] Matched versioned URI.
Version: 1.0
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
entering AuthProtocol.__call__
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
Looking for authentication claims in _get_claims
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token] No
claims provided
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
Rejecting request - authentication required
2012-04-01 17:04:03 15932 DEBUG [eventlet.wsgi.server] 127.0.0.1 -
- [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
0.000980
2012-04-01 17:04:03 15932 DEBUG
[glance.api.middleware.version_negotiation] Processing request: GET
/v1/images Accept:
2012-04-01 17:04:03 15932 DEBUG
[glance.api.middleware.version_negotiation] Matched versioned URI.
Version: 1.0
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
entering AuthProtocol.__call__
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
Looking for authentication claims in _get_claims
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token] No
claims provided
2012-04-01 17:04:03 15932 DEBUG [keystone.middleware.auth_token]
Rejecting request - authentication required
2012-04-01 17:04:03 15932 DEBUG [eventlet.wsgi.server] 127.0.0.1 -
- [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
0.000840

On Sun, Apr 1, 2012 at 4:22 PM, Magicloud Magiclouds
<magicloud.magiclouds at gmail.com> wrote:
> So by token, is it this one "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
> for user glance? Or I should get one for adminUser?
>
>> ? ?"access": {
>> ? ? ? ?"token": {
>> ? ? ? ? ? ?"expires": "2012-04-02T15:43:56",
>> ? ? ? ? ? ?"id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>
> On Sun, Apr 1, 2012 at 4:08 PM, Pranav Saxena <pranav.saxena at citrix.com> wrote:
>> Hi ,
>>
>> I guess while uploading the image to the glance database , you need to use an authentication token because of keystone service in picture.You can check the keystone database for the authentication token or create one and assign it to the respective tenant. Then you can try out the following command :
>>
>> $ glance --verbose add name="My Image" is_public=true < /tmp/ubuntu-lucid.img --host=os-vpx-F2-B6-B4-B4-18-54 --auth_token=999888777666
>> Added new image with ID: 4
>> Returned the following metadata for the new image:
>> ? ? ? ? ? ? ? ? ? ? ? checksum => d3e6de1d493e06366c8e4a2e745d35dd
>> ? ? ? ? ? ? ? container_format => ovf
>> ? ? ? ? ? ? ? ? ? ? created_at => 2011-09-15T10:55:46
>> ? ? ? ? ? ? ? ? ? ? ? ?deleted => False
>> ? ? ? ? ? ? ? ? ? ? deleted_at => None
>> ? ? ? ? ? ? ? ? ? ?disk_format => raw
>> ? ? ? ? ? ? ? ? ? ? ? ? ? ? id => 4
>> ? ? ? ? ? ? ? ? ? ? ?is_public => True
>> ? ? ? ? ? ? ? ? ? ? ? location => file:///var/lib/glance/images/4
>> ? ? ? ? ? ? ? ? ? ? ? ? ? name => My Image
>> ? ? ? ? ? ? ? ? ? ? ? ? ?owner => Administrator
>> ? ? ? ? ? ? ? ? ? ? properties => {}
>> ? ? ? ? ? ? ? ? ? ? ? ? ? size => 524288000
>> ? ? ? ? ? ? ? ? ? ? ? ? status => active
>> ? ? ? ? ? ? ? ? ? ? updated_at => 2011-09-15T10:56:20
>> Completed in 34.2059 sec.
>>
>> This worked for me.
>>
>> Cheers,
>> Pranav .
>> Openstack Dev| Citrix R&D
>> -----Original Message-----
>> From: openstack-operators-bounces at lists.openstack.org [mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of Magicloud Magiclouds
>> Sent: Sunday, April 01, 2012 1:32 PM
>> To: openstack-operators at lists.openstack.org
>> Subject: Re: [Openstack-operators] Glance authorizing problem.
>>
>> Sorry, forgot to mention that all OpenStack components are from Debian testing.
>>
>> On Sun, Apr 1, 2012 at 4:00 PM, Magicloud Magiclouds <magicloud.magiclouds at gmail.com> wrote:
>>> Hi,
>>> ?Just following
>>> http://docs.openstack.org/trunk/openstack-compute/install/content/inde
>>> x.html to start my journal. And now I am stuck at step "Verifying the
>>> Image Service Installation".
>>>
>>> ?First of all, $ keystone-manage create_user --tenant-id
>>> a5865417a9e144f68c4777925cc56033 --name glance --password glance
>>> worked.
>>>
>>> ?Then $ curl -d '{"auth": {"tenantName": "service",
>>> "passwordCredentials":{"username": "glance", "password": "glance"}}}'
>>> -H "Content-type: application/json"
>>> http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
>>> ?% Total ? ?% Received % Xferd ?Average Speed ? Time ? ?Time ? ? Time
>>> Current
>>> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Dload ?Upload ? Total ? Spent ? ?Left
>>> Speed
>>> 100 ? 514 ?100 ? 411 ?100 ? 103 ? 7208 ? 1806 --:--:-- --:--:--
>>> --:--:-- ?7339 {
>>> ? ?"access": {
>>> ? ? ? ?"token": {
>>> ? ? ? ? ? ?"expires": "2012-04-02T15:43:56",
>>> ? ? ? ? ? ?"id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>>> ? ? ? ? ? ?"tenant": {
>>> ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
>>> ? ? ? ? ? ? ? ?"name": "service"
>>> ? ? ? ? ? ?},
>>> ? ? ? ? ? ?"tenants": [.
>>> ? ? ? ? ? ? ? ?{
>>> ? ? ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
>>> ? ? ? ? ? ? ? ? ? ?"name": "service"
>>> ? ? ? ? ? ? ? ?}
>>> ? ? ? ? ? ?]
>>> ? ? ? ?},
>>> ? ? ? ?"user": {
>>> ? ? ? ? ? ?"id": "77cbea8dae384185a3dc90c80507c5a3",
>>> ? ? ? ? ? ?"name": "glance",
>>> ? ? ? ? ? ?"roles": [.
>>> ? ? ? ? ? ? ? ?{
>>> ? ? ? ? ? ? ? ? ? ?"id": "1",
>>> ? ? ? ? ? ? ? ? ? ?"name": "Admin",
>>> ? ? ? ? ? ? ? ? ? ?"tenantId": "a5865417a9e144f68c4777925cc56033"
>>> ? ? ? ? ? ? ? ?}
>>> ? ? ? ? ? ?]
>>> ? ? ? ?}
>>> ? ?}
>>> }
>>>
>>> ?And $ keystone-manage list_tenants
>>> +----------------------------------+---------------+---------+
>>> | ? ? ? ? ? ? ? ?ID ? ? ? ? ? ? ? ?| ? ? ?Name ? ? | Enabled |
>>> +----------------------------------+---------------+---------+
>>> | 092135b9f71d4070aaa1202205271936 | openstackDemo | True ? ?|
>>> | a5865417a9e144f68c4777925cc56033 | service ? ? ? | True ? ?|
>>> +----------------------------------+---------------+---------+
>>>
>>> ?In the ini-s, I set:
>>> [filter:authtoken]
>>> ...
>>> admin_tenant_name = service
>>> admin_user = glance
>>> admin_password = glance
>>>
>>> ?Now $ glance add name="tty-linux-kernel" disk_format=aki
>>> container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
>>> Failed to add image. Got error:
>>> You are not authorized to complete this action.
>>> Details: 401 Unauthorized
>>>
>>> This server could not verify that you are authorized to access the
>>> document you requested. Either you supplied the wrong credentials
>>> (e.g., bad password), or your browser does not understand how to
>>> supply the credentials required.
>>>
>>> ?Authentication required
>>> Note: Your image metadata may still be in the registry, but the
>>> image's status will likely be 'killed'.
>>>
>>> ?What should I do?
>>> --
>>> ???????
>>> ???????
>>>
>>> And for G+, please use magiclouds#gmail.com.
>>
>>
>>
>> --
>> ???????
>> ???????
>>
>> And for G+, please use magiclouds#gmail.com.
>> _______________________________________________
>> Openstack-operators mailing list
>> Openstack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
> --
> ???????
> ???????
>
> And for G+, please use magiclouds#gmail.com.

--
???????
???????

And for G+, please use magiclouds#gmail.com.

magicloud.magiclouds at gmail

Apr 1, 2012, 2:30 AM

Post #6 of 6 (959 views)
Permalink

Glance authorizing problem. [In reply to]

Alright, following some posts on internet, I `export
OS_AUTH_STRATEGY=keystone`. And now I get another error message:
glance index
Failed to show index. Got error:
Connect error/bad request to Auth service at URL
http://10.9.1.127:5000/v2.0/tokens.

And this URL is valid when using curl -d to test.

On Sun, Apr 1, 2012 at 5:06 PM, Magicloud Magiclouds
<magicloud.magiclouds at gmail.com> wrote:
> When trying glance index, this is what I found in api.log
> 2012-04-01 17:04:03 15932 ? ?DEBUG
> [glance.api.middleware.version_negotiation] Processing request: GET
> /v1/images Accept:
> 2012-04-01 17:04:03 15932 ? ?DEBUG
> [glance.api.middleware.version_negotiation] Matched versioned URI.
> Version: 1.0
> 2012-04-01 17:04:03 15932 ? ?DEBUG [keystone.middleware.auth_token]
> entering AuthProtocol.__call__
> 2012-04-01 17:04:03 15932 ? ?DEBUG [keystone.middleware.auth_token]
> Looking for authentication claims in _get_claims
> 2012-04-01 17:04:03 15932 ? ?DEBUG [keystone.middleware.auth_token] No
> claims provided
> 2012-04-01 17:04:03 15932 ? ?DEBUG [keystone.middleware.auth_token]
> Rejecting request - authentication required
> 2012-04-01 17:04:03 15932 ? ?DEBUG [eventlet.wsgi.server] 127.0.0.1 -
> - [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
> 0.000980
> 2012-04-01 17:04:03 15932 ? ?DEBUG
> [glance.api.middleware.version_negotiation] Processing request: GET
> /v1/images Accept:
> 2012-04-01 17:04:03 15932 ? ?DEBUG
> [glance.api.middleware.version_negotiation] Matched versioned URI.
> Version: 1.0
> 2012-04-01 17:04:03 15932 ? ?DEBUG [keystone.middleware.auth_token]
> entering AuthProtocol.__call__
> 2012-04-01 17:04:03 15932 ? ?DEBUG [keystone.middleware.auth_token]
> Looking for authentication claims in _get_claims
> 2012-04-01 17:04:03 15932 ? ?DEBUG [keystone.middleware.auth_token] No
> claims provided
> 2012-04-01 17:04:03 15932 ? ?DEBUG [keystone.middleware.auth_token]
> Rejecting request - authentication required
> 2012-04-01 17:04:03 15932 ? ?DEBUG [eventlet.wsgi.server] 127.0.0.1 -
> - [01/Apr/2012 17:04:03] "GET /v1/images?limit=10 HTTP/1.1" 401 467
> 0.000840
>
> On Sun, Apr 1, 2012 at 4:22 PM, Magicloud Magiclouds
> <magicloud.magiclouds at gmail.com> wrote:
>> So by token, is it this one "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>> for user glance? Or I should get one for adminUser?
>>
>>> ? ?"access": {
>>> ? ? ? ?"token": {
>>> ? ? ? ? ? ?"expires": "2012-04-02T15:43:56",
>>> ? ? ? ? ? ?"id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>>
>> On Sun, Apr 1, 2012 at 4:08 PM, Pranav Saxena <pranav.saxena at citrix.com> wrote:
>>> Hi ,
>>>
>>> I guess while uploading the image to the glance database , you need to use an authentication token because of keystone service in picture.You can check the keystone database for the authentication token or create one and assign it to the respective tenant. Then you can try out the following command :
>>>
>>> $ glance --verbose add name="My Image" is_public=true < /tmp/ubuntu-lucid.img --host=os-vpx-F2-B6-B4-B4-18-54 --auth_token=999888777666
>>> Added new image with ID: 4
>>> Returned the following metadata for the new image:
>>> ? ? ? ? ? ? ? ? ? ? ? checksum => d3e6de1d493e06366c8e4a2e745d35dd
>>> ? ? ? ? ? ? ? container_format => ovf
>>> ? ? ? ? ? ? ? ? ? ? created_at => 2011-09-15T10:55:46
>>> ? ? ? ? ? ? ? ? ? ? ? ?deleted => False
>>> ? ? ? ? ? ? ? ? ? ? deleted_at => None
>>> ? ? ? ? ? ? ? ? ? ?disk_format => raw
>>> ? ? ? ? ? ? ? ? ? ? ? ? ? ? id => 4
>>> ? ? ? ? ? ? ? ? ? ? ?is_public => True
>>> ? ? ? ? ? ? ? ? ? ? ? location => file:///var/lib/glance/images/4
>>> ? ? ? ? ? ? ? ? ? ? ? ? ? name => My Image
>>> ? ? ? ? ? ? ? ? ? ? ? ? ?owner => Administrator
>>> ? ? ? ? ? ? ? ? ? ? properties => {}
>>> ? ? ? ? ? ? ? ? ? ? ? ? ? size => 524288000
>>> ? ? ? ? ? ? ? ? ? ? ? ? status => active
>>> ? ? ? ? ? ? ? ? ? ? updated_at => 2011-09-15T10:56:20
>>> Completed in 34.2059 sec.
>>>
>>> This worked for me.
>>>
>>> Cheers,
>>> Pranav .
>>> Openstack Dev| Citrix R&D
>>> -----Original Message-----
>>> From: openstack-operators-bounces at lists.openstack.org [mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of Magicloud Magiclouds
>>> Sent: Sunday, April 01, 2012 1:32 PM
>>> To: openstack-operators at lists.openstack.org
>>> Subject: Re: [Openstack-operators] Glance authorizing problem.
>>>
>>> Sorry, forgot to mention that all OpenStack components are from Debian testing.
>>>
>>> On Sun, Apr 1, 2012 at 4:00 PM, Magicloud Magiclouds <magicloud.magiclouds at gmail.com> wrote:
>>>> Hi,
>>>> ?Just following
>>>> http://docs.openstack.org/trunk/openstack-compute/install/content/inde
>>>> x.html to start my journal. And now I am stuck at step "Verifying the
>>>> Image Service Installation".
>>>>
>>>> ?First of all, $ keystone-manage create_user --tenant-id
>>>> a5865417a9e144f68c4777925cc56033 --name glance --password glance
>>>> worked.
>>>>
>>>> ?Then $ curl -d '{"auth": {"tenantName": "service",
>>>> "passwordCredentials":{"username": "glance", "password": "glance"}}}'
>>>> -H "Content-type: application/json"
>>>> http://10.9.1.127:35357/v2.0/tokens | python -mjson.tool
>>>> ?% Total ? ?% Received % Xferd ?Average Speed ? Time ? ?Time ? ? Time
>>>> Current
>>>> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Dload ?Upload ? Total ? Spent ? ?Left
>>>> Speed
>>>> 100 ? 514 ?100 ? 411 ?100 ? 103 ? 7208 ? 1806 --:--:-- --:--:--
>>>> --:--:-- ?7339 {
>>>> ? ?"access": {
>>>> ? ? ? ?"token": {
>>>> ? ? ? ? ? ?"expires": "2012-04-02T15:43:56",
>>>> ? ? ? ? ? ?"id": "d69fd23e-fe23-45e1-9dd7-dc581fec593d",
>>>> ? ? ? ? ? ?"tenant": {
>>>> ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
>>>> ? ? ? ? ? ? ? ?"name": "service"
>>>> ? ? ? ? ? ?},
>>>> ? ? ? ? ? ?"tenants": [.
>>>> ? ? ? ? ? ? ? ?{
>>>> ? ? ? ? ? ? ? ? ? ?"id": "a5865417a9e144f68c4777925cc56033",
>>>> ? ? ? ? ? ? ? ? ? ?"name": "service"
>>>> ? ? ? ? ? ? ? ?}
>>>> ? ? ? ? ? ?]
>>>> ? ? ? ?},
>>>> ? ? ? ?"user": {
>>>> ? ? ? ? ? ?"id": "77cbea8dae384185a3dc90c80507c5a3",
>>>> ? ? ? ? ? ?"name": "glance",
>>>> ? ? ? ? ? ?"roles": [.
>>>> ? ? ? ? ? ? ? ?{
>>>> ? ? ? ? ? ? ? ? ? ?"id": "1",
>>>> ? ? ? ? ? ? ? ? ? ?"name": "Admin",
>>>> ? ? ? ? ? ? ? ? ? ?"tenantId": "a5865417a9e144f68c4777925cc56033"
>>>> ? ? ? ? ? ? ? ?}
>>>> ? ? ? ? ? ?]
>>>> ? ? ? ?}
>>>> ? ?}
>>>> }
>>>>
>>>> ?And $ keystone-manage list_tenants
>>>> +----------------------------------+---------------+---------+
>>>> | ? ? ? ? ? ? ? ?ID ? ? ? ? ? ? ? ?| ? ? ?Name ? ? | Enabled |
>>>> +----------------------------------+---------------+---------+
>>>> | 092135b9f71d4070aaa1202205271936 | openstackDemo | True ? ?|
>>>> | a5865417a9e144f68c4777925cc56033 | service ? ? ? | True ? ?|
>>>> +----------------------------------+---------------+---------+
>>>>
>>>> ?In the ini-s, I set:
>>>> [filter:authtoken]
>>>> ...
>>>> admin_tenant_name = service
>>>> admin_user = glance
>>>> admin_password = glance
>>>>
>>>> ?Now $ glance add name="tty-linux-kernel" disk_format=aki
>>>> container_format=aki <ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
>>>> Failed to add image. Got error:
>>>> You are not authorized to complete this action.
>>>> Details: 401 Unauthorized
>>>>
>>>> This server could not verify that you are authorized to access the
>>>> document you requested. Either you supplied the wrong credentials
>>>> (e.g., bad password), or your browser does not understand how to
>>>> supply the credentials required.
>>>>
>>>> ?Authentication required
>>>> Note: Your image metadata may still be in the registry, but the
>>>> image's status will likely be 'killed'.
>>>>
>>>> ?What should I do?
>>>> --
>>>> ???????
>>>> ???????
>>>>
>>>> And for G+, please use magiclouds#gmail.com.
>>>
>>>
>>>
>>> --
>>> ???????
>>> ???????
>>>
>>> And for G+, please use magiclouds#gmail.com.
>>> _______________________________________________
>>> Openstack-operators mailing list
>>> Openstack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>>
>> --
>> ???????
>> ???????
>>
>> And for G+, please use magiclouds#gmail.com.
>
>
>
> --
> ???????
> ???????
>
> And for G+, please use magiclouds#gmail.com.

--
???????
???????

And for G+, please use magiclouds#gmail.com.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads