← Back to team overview

openstack team mailing list archive

Re: glance keystone authentication problem

 

# keystone user-list
+----------------------------------+---------+-------+--------+
|                id                | enabled | email |  name  |
+----------------------------------+---------+-------+--------+
| 76a3cb1e5e7a427d8272838fc0a759fc | True    | None  | nova   |
| a19e7f6975984e7fa6c8774d688d690b | True    | None  | admin  |
| c92f9e064b884d5c8c140c98c4bb5fe2 | True    | None  | swift  |
| ebc043e91a304342ac091854b05a383b | True    | None  | glance |
+----------------------------------+---------+-------+--------+

# glance index
Failed to show index. Got error:
You are not authenticated.
Details: 401 Unauthorized

This server could not verify that you are authorized to access the document
you requested. Either you supplied the wrong credentials (e.g., bad
password), or your browser does not understand how to supply the
credentials required.

 Authentication required


# keystone --os_username=glance --os_password=glance
--os_tenant_name=service --os_auth_url=http://127.0.0.1:35357/v2.0 token-get
'Client' object has no attribute 'service_catalog'


But i am not getting this problem if i specify admin_token and auth_token
in api/registry file

admin_token = 012345SECRET99TOKEN012345
auth_token = 012345SECRET99TOKEN012345

If i add the above two lines, then it started working.

The same case with swift also, "swift stat" command was not working, but if
i add the above two lines, then it started working.

But the openstack documents did not specify to add these lines in glance
and swift config files.

What could be the problem ?

Thanks in advance.

On Sat, May 12, 2012 at 4:24 PM, Dolph Mathews <dolph.mathews@xxxxxxxxx>wrote:

> I think the key is this line:
>
> 2012-05-11 10:03:11 18461     INFO [keystone.middleware.auth_token]
> Keystone rejected admin token {'X-Auth-Token': u'
> 6f220a2e7e324bf4bd7a96040f364316'}, resetting
>
> It looks like your auth_token middleware isn't properly authenticating
> itself with keystone. Verify that you can receive an admin token from the
> admin endpoint using whatever credentials you've configured the auth_token
> middleware to use via [filter:authtoken], (notice I'm using the admin
> endpoint here):
>
> $ keystone --os_username=glance --os_password=glance --os_tenant=service
> --os_auth_url=http://127.0.0.1:35357/v2.0 token-get
>
> I'm guessing this authentication is either failing, or doesn't have the
> necessary admin privileges to validate other tokens? As shake.chen points
> out, user-list will probably fail for this reason.
>
> -Dolph
>
>
> On Sat, May 12, 2012 at 3:03 AM, Shake Chen <shake.chen@xxxxxxxxx> wrote:
>
>> you can check your keystone whether work correctly.
>>
>> keystone user-list
>>
>>
>>
>> On Fri, May 11, 2012 at 12:42 PM, Shashi Kanth Boddula <
>> shashi.bsd@xxxxxxxxx> wrote:
>>
>>> Ubuntu 12.04 Essex.
>>>
>>> # glance index
>>> Failed to show index. Got error:
>>> You are not authenticated.
>>> Details: 401 Unauthorized
>>>
>>> This server could not verify that you are authorized to access the
>>> document you requested. Either you supplied the wrong credentials (e.g.,
>>> bad password), or your browser does not understand how to supply the
>>> credentials required.
>>>
>>>  Authentication required
>>>
>>> # glance --os_username=glance --os_password=glance --os_tenant=service
>>> --os_auth_url=http://127.0.0.1:5000/v2.0 index
>>>
>>> Failed to show index. Got error:
>>> You are not authenticated.
>>> Details: 401 Unauthorized
>>>
>>> This server could not verify that you are authorized to access the
>>> document you requested. Either you supplied the wrong credentials (e.g.,
>>> bad password), or your browser does not understand how to supply the
>>> credentials required.
>>>
>>>  Authentication required
>>>
>>>
>>> ---------------------------------------
>>>
>>> In the keystone log file i see the error bellow.
>>>
>>>
>>> 2012-05-11 10:03:11 18461     INFO [keystone.middleware.auth_token]
>>> Retrying validation
>>> 2012-05-11 10:03:11 18461     INFO [keystone.middleware.auth_token]
>>> Keystone rejected admin token {'X-Auth-Token':
>>> u'6f220a2e7e324bf4bd7a96040f364316'}, resetting
>>> 2012-05-11 10:03:11 18461  WARNING [keystone.middleware.auth_token]
>>> Invalid user token: 238dc305de1e418b8b81bee4f648f984. Keystone response:
>>> {u'error': {u'message': u'The request you have made requires
>>> authentication.', u'code': 401, u'title': u'Not Authorized'}}.
>>> 2012-05-11 10:03:11 18461     INFO [keystone.middleware.auth_token]
>>> Invalid user token - rejecting request
>>>
>>>
>>>
>>> Not understanding where could be the problem.
>>>
>>> glace user is mapped to admin role in the service tenant.
>>>
>>> glance endpoint is created.
>>>
>>> I have specified glance user name, password and the service tenant in
>>> glance-api/registry files, and keystone authentication specified.
>>>
>>>
>>> Anyone tell me what could be the problem?  Thank you.
>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>> Shashi Kanth
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Shake Chen
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>


-- 
Thanks & Regards,
Shashi Kanth

Follow ups

References