← Back to team overview

openstack team mailing list archive

Glance with Swift backend auth failure using Keystone

 

As one of the last steps in bringing up a multi node OpenStack testbed, I'm trying to integrate a Swift backend with Glance, all of which is using Keystone for authorization. Unfortunately, when trying to upload images using glance I receive and authorization error.  Background, Glance/Keystone are running on node addressed 173.23.181.1.  Swift proxy is running on 173.23.181.2.
When configured with file backend, glance works fine, using Keystone authentication.

Glance storage backend is configured as follows (from glance-api.conf)

# Address where the Swift authentication service lives
swift_store_auth_address = http://173.23.181.2:8080/v1.0

# User to authenticate against the Swift authentication service
swift_store_user = glance:glance

# Auth key for the user authenticating against the
# Swift authentication service
swift_store_key = glance111213141516171819

# Container within the account that the account should use
# for storing images in Swift
swift_store_container = images

For debugging, I've verified that my swift installation is working with Keystone.  For example

root@nova:~/images/ubuntu-11.10# swift -V 2 -A http://173.23.181.1:5000/v2.0 -U glance:glance -K glance stat -v
StorageURL: http://173.23.181.2:8080/v1/AUTH_4
Auth Token: glance111213141516171819
   Account: AUTH_4
Containers: 1
   Objects: 0
     Bytes: 0
Accept-Ranges: bytes
X-Trans-Id: tx0f4a557d0e3046f1a4f8d10180d55e0b

and I'm able to create/delete buckets and files with no problems.  However, when attempting to upload and image file using glance, I receive the following error

root@nova:~/images/ubuntu-11.10# glance -A glance111213141516171819 add name="Ubuntu 11.10 ramdisk" disk_format=ari container_format=ari is_public=true < initrd.img-3.0.0-12-server
Failed to add image. Got error:
400 Bad Request

The server could not comply with the request since it is either malformed or otherwise incorrect.

 Error uploading image: (ClientException): Auth GET failed: http://173.23.181.2:8080/v1.0 401 Unauthorized
Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.

and the output from the log files is shown below:

root@nova:~/images/ubuntu-11.10# more /var/log/glance/api.log
2012-02-13 15:46:55    DEBUG [glance.api.middleware.version_negotiation] Processing request: POST /v1/images Accept:
2012-02-13 15:46:55    DEBUG [glance.api.middleware.version_negotiation] Matched versioned URI. Version: 1.0
2012-02-13 15:46:55    DEBUG [root] HTTP PERF: 0.02184 seconds to GET 173.23.181.1:35357 /v2.0/tokens/glance111213141516171819)
2012-02-13 15:46:55    DEBUG [root] HTTP PERF: 0.01876 seconds to GET 173.23.181.1:35357 /v2.0/tokens/glance111213141516171819)
2012-02-13 15:46:55    DEBUG [routes.middleware] Matched POST /images
2012-02-13 15:46:55    DEBUG [routes.middleware] Route path: '/images', defaults: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x1d9ce50>}
2012-02-13 15:46:55    DEBUG [routes.middleware] Match dict: {'action': u'create', 'controller': <glance.common.wsgi.Resource object at 0x1d9ce50>}
2012-02-13 15:46:55    DEBUG [glance.registry] Adding image metadata...
2012-02-13 15:46:55    DEBUG [glance.registry]      container_format: ari
2012-02-13 15:46:55    DEBUG [glance.registry]           disk_format: ari
2012-02-13 15:46:55    DEBUG [glance.registry]             is_public: True
2012-02-13 15:46:55    DEBUG [glance.registry]              min_disk: 0
2012-02-13 15:46:55    DEBUG [glance.registry]               min_ram: 0
2012-02-13 15:46:55    DEBUG [glance.registry]                  name: Ubuntu 11.10 ramdisk
2012-02-13 15:46:55    DEBUG [glance.registry]                  size: 13638383
2012-02-13 15:46:55    DEBUG [glance.registry]                status: queued
2012-02-13 15:46:55    DEBUG [glance.registry] Returned image metadata from call to RegistryClient.add_image():
2012-02-13 15:46:55    DEBUG [glance.registry]              checksum: None
2012-02-13 15:46:55    DEBUG [glance.registry]      container_format: ari
2012-02-13 15:46:55    DEBUG [glance.registry]            created_at: 2012-02-13T21:46:55
2012-02-13 15:46:55    DEBUG [glance.registry]               deleted: False
2012-02-13 15:46:55    DEBUG [glance.registry]            deleted_at: None
2012-02-13 15:46:55    DEBUG [glance.registry]           disk_format: ari
2012-02-13 15:46:55    DEBUG [glance.registry]                    id: 28
2012-02-13 15:46:55    DEBUG [glance.registry]             is_public: True
2012-02-13 15:46:55    DEBUG [glance.registry]              location: None
2012-02-13 15:46:55    DEBUG [glance.registry]              min_disk: 0
2012-02-13 15:46:55    DEBUG [glance.registry]               min_ram: 0
2012-02-13 15:46:55    DEBUG [glance.registry]                  name: Ubuntu 11.10 ramdisk
2012-02-13 15:46:55    DEBUG [glance.registry]                 owner: 4
2012-02-13 15:46:55    DEBUG [glance.registry]                  size: 13638383
2012-02-13 15:46:55    DEBUG [glance.registry]                status: queued
2012-02-13 15:46:55    DEBUG [glance.registry]            updated_at: None
2012-02-13 15:46:55    DEBUG [glance.api.v1.images] Setting image 28 to status 'saving'
2012-02-13 15:46:55    DEBUG [glance.registry] Updating image metadata for image 28...
2012-02-13 15:46:55    DEBUG [glance.registry]                status: saving
2012-02-13 15:46:55    DEBUG [glance.registry] Returned image metadata from call to RegistryClient.update_image():
2012-02-13 15:46:55    DEBUG [glance.registry]              checksum: None
2012-02-13 15:46:55    DEBUG [glance.registry]      container_format: ari
2012-02-13 15:46:55    DEBUG [glance.registry]            created_at: 2012-02-13T21:46:55
2012-02-13 15:46:55    DEBUG [glance.registry]               deleted: False
2012-02-13 15:46:55    DEBUG [glance.registry]            deleted_at: None
2012-02-13 15:46:55    DEBUG [glance.registry]           disk_format: ari
2012-02-13 15:46:55    DEBUG [glance.registry]                    id: 28
2012-02-13 15:46:55    DEBUG [glance.registry]             is_public: True
2012-02-13 15:46:55    DEBUG [glance.registry]              location: None
2012-02-13 15:46:55    DEBUG [glance.registry]              min_disk: 0
2012-02-13 15:46:55    DEBUG [glance.registry]               min_ram: 0
2012-02-13 15:46:55    DEBUG [glance.registry]                  name: Ubuntu 11.10 ramdisk
2012-02-13 15:46:55    DEBUG [glance.registry]                 owner: 4
2012-02-13 15:46:55    DEBUG [glance.registry]                  size: 13638383
2012-02-13 15:46:55    DEBUG [glance.registry]                status: saving
2012-02-13 15:46:55    DEBUG [glance.registry]            updated_at: 2012-02-13T21:46:55
2012-02-13 15:46:55    DEBUG [glance.api.v1.images] Uploading image data for image 28 to swift store
2012-02-13 15:46:55    DEBUG [glance.store.swift] Creating Swift connection with (auth_address=http://173.23.181.2:8080/v1.0, user=glance:glance, snet=False)
2012-02-13 15:46:55    DEBUG [root] HTTP PERF: 0.00160 seconds to GET 173.23.181.2:8080 /v1.0)
2012-02-13 15:46:56    DEBUG [root] HTTP PERF: 0.00198 seconds to GET 173.23.181.2:8080 /v1.0)
2012-02-13 15:46:56    ERROR [glance.api.v1.images] Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/glance/api/v1/images.py", line 372, in _upload
    image_size)
  File "/usr/lib/python2.7/dist-packages/glance/store/swift.py", line 321, in add
    create_container_if_missing(self.container, swift_conn, self.options)
  File "/usr/lib/python2.7/dist-packages/glance/store/swift.py", line 478, in create_container_if_missing
    swift_conn.head_container(container)
  File "/usr/lib/python2.7/dist-packages/swift/common/client.py", line 822, in head_container
    return self._retry(None, head_container, container)
  File "/usr/lib/python2.7/dist-packages/swift/common/client.py", line 774, in _retry
    self.url, self.token = self.get_auth()
  File "/usr/lib/python2.7/dist-packages/swift/common/client.py", line 762, in get_auth
    return get_auth(self.authurl, self.user, self.key, snet=self.snet)
  File "/usr/lib/python2.7/dist-packages/swift/common/client.py", line 190, in get_auth
    http_reason=resp.reason)
ClientException: Auth GET failed: http://173.23.181.2:8080/v1.0 401 Unauthorized

2012-02-13 15:46:56    DEBUG [glance.registry] Updating image metadata for image 28...
2012-02-13 15:46:56    DEBUG [glance.registry]                status: killed
2012-02-13 15:46:56    DEBUG [glance.registry] Returned image metadata from call to RegistryClient.update_image():
2012-02-13 15:46:56    DEBUG [glance.registry]              checksum: None
2012-02-13 15:46:56    DEBUG [glance.registry]      container_format: ari
2012-02-13 15:46:56    DEBUG [glance.registry]            created_at: 2012-02-13T21:46:55
2012-02-13 15:46:56    DEBUG [glance.registry]               deleted: False
2012-02-13 15:46:56    DEBUG [glance.registry]            deleted_at: None
2012-02-13 15:46:56    DEBUG [glance.registry]           disk_format: ari
2012-02-13 15:46:56    DEBUG [glance.registry]                    id: 28
2012-02-13 15:46:56    DEBUG [glance.registry]             is_public: True
2012-02-13 15:46:56    DEBUG [glance.registry]              location: None
2012-02-13 15:46:56    DEBUG [glance.registry]              min_disk: 0
2012-02-13 15:46:56    DEBUG [glance.registry]               min_ram: 0
2012-02-13 15:46:56    DEBUG [glance.registry]                  name: Ubuntu 11.10 ramdisk
2012-02-13 15:46:56    DEBUG [glance.registry]                 owner: 4
2012-02-13 15:46:56    DEBUG [glance.registry]                  size: 13638383
2012-02-13 15:46:56    DEBUG [glance.registry]                status: killed
2012-02-13 15:46:56    DEBUG [glance.registry]            updated_at: 2012-02-13T21:46:56
2012-02-13 15:46:56    DEBUG [eventlet.wsgi.server] 127.0.0.1 - - [13/Feb/2012 15:46:56] "POST /v1/images HTTP/1.1" 400 351 1.515732

As always, I'm sure this is just a subtle config error on my part.  Note that in my setup, I've created a separate tenant and user (glance) to be used for image storage.  My keystone auth setups use a separate long lived admin token for authentication.  If needed, I can post my configuration files.

Any insight will be appreciated.  Thanks in advance and regards,

Ross