← Back to team overview

openstack team mailing list archive

Re: cannot launch instance via dasboard - glance auth error

 

Hi!

You need to remove the %tenant_id% part from the Glance URI endpoint templates.

Cheers,
-jay

On Thu, Dec 22, 2011 at 6:28 AM, denmat <tu2bgone@xxxxxxxxx> wrote:
> Hi all,
>
> I'm trying to launch an instance via the dashboard with the admin
> account. (I have been following:
> http://keystone.openstack.org/configuringservices.html).
>
> Error: The server has either erred or is incapable of performing the
> requested operation.
>
> (nova.api.openstack.v2): TRACE:   File
> "/usr/lib/python2.7/dist-packages/glance/common/client.py", line 411,
> in _do_request
> (nova.api.openstack.v2): TRACE:     raise exception.NotAuthorized(res.read())
> (nova.api.openstack.v2): TRACE: NotAuthorized: You are not authorized
> to complete this action.
>
> In a previous post I was not able to access the images at all but that
> was fixed with a change of the endpoint templates.
>
> This is how I have set up the keystone endpoints:
>
>   `keystone-manage endpointTemplates add Australia nova \
> http://nova.local:8774/v1.1/%tenant_id% \
> http://nova.local:8774/v1.1/%tenant_id% \
> http://nova.local:8774/v1.1/%tenant_id% \
> 1 1`
>
>    `keystone-manage endpointTemplates add Australia glance \
> http://glance.local:9292/v1.1/%tenant_id% \
> http://glance.local:9292/v1.1/%tenant_id% \
> http://glance.local:9292/v1.1/%tenant_id% \
> 1 1`
>    `keystone-manage endpointTemplates add Australia swift \
> http://swift.local:8080/v1/AUTH_%tenant_id% \
> http://swift.local:8080/v1.0/ \
> http://swift.local:8080/v1/AUTH_%tenant_id% \
> 1 1`
>    `keystone-manage endpointTemplates add Australia keystone \
> http://identity.local:5000/v2.0 \
> http://identity.local:35357/v2.0 \
> http://identity.local:5000/v2.0 \
> 1 1`
>
> Neither the admin or me user can create instances. But the admin user
> could create a volume.
> --------------------------------------------------------
> | Roles                                                |
> --------------------------------------------------------
> | id | name                 | service_id | description |
> --------------------------------------------------------
> | 1  | Admin                | None       | None        |
> | 2  | KeystoneServiceAdmin | None       | None        |
> | 3  | Member               | None       | None        |
> --------------------------------------------------------
> root@au-mel-kvm-3:~/setup# keystone-manage user list admin
> -------------------------------------------------------------------------------------------
> | Users
>                   |
> -------------------------------------------------------------------------------------------
> | id                               | name    | enabled | tenant
>                   |
> -------------------------------------------------------------------------------------------
> | c75e1e8a074822078728c7ea3af9e7382 | admin   | True    |
> 828e80debe314d84823d606c587e867d |
> | 16b403c3811144b5976a740edeb4b868 | demo    | True    |
> ad1efcd098494058b451abaf438a8adb |
> | 67b9b4b622b03e88344e95601b180d6f8 | me | True    |
> 05a72d14b4434a848c07f00544069d20 |
> -------------------------------------------------------------------------------------------
> root@au-mel-kvm-3:~/setup# keystone-manage role grant KeystoneServiceAdmin admin
> SUCCESS: Granted admin the KeystoneServiceAdmin role on None.
> root@au-mel-kvm-3:~/setup# keystone-manage tenant list
> -----------------------------------------------------------
> | Tenants                                                 |
> -----------------------------------------------------------
> | id                               | name       | enabled |
> -----------------------------------------------------------
> | 828e80debe314d84823d606c587e867d | admin      | True    |
> | ad1efcd098494058b451abaf438a8adb | demo       | True    |
> | 7871122791c34cc4b2ec03324f259c7b | developers | True    |
> | 05a72d14b4434a848c07f00544069d20 | SysAdmins  | True    |
> | 6c6672c6bf0a4de08d772dca797a3447 | QA         | True    |
> -----------------------------------------------------------
>
> Does anyone know how I can further investigate this?
>
> Thanks,
> Den
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp


References