← Back to team overview

openstack team mailing list archive

glance: "Invalid Openstack Identity Credentials"

 

Hello all,

I'm working on a deployment script to install and configure my OpenStack
services and I'm getting a strange result with glance.  It's surely a bug
with my script messing up a config file line, but I can't interpret the
glance and keystone logs to track the issue down.  Here's the use case:

1)  Install keystone following the directions in the Grizzly installation
guide for Ubuntu 12.04.
2)  Install glance following the directions in the Grizzly installation
guide for Ubuntu 12.04.
3)  Run glance image-list to see if I can get an empty list.

My result:

=====
glance --os-username=admin --os-password=secrete --os-tenant-name demo
--os-auth-url=http://localhost:5000/v2.0 image-list

Request returned failure status.
Invalid OpenStack Identity credentials.
=====

The glance API log is as follows:

=====
2013-07-18 11:18:24.301 6306 DEBUG
glance.api.middleware.version_negotiation [-] Determining version of
request: GET //v1/images/detail Accept:  process_request
/usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:46
2013-07-18 11:18:24.302 6306 DEBUG
glance.api.middleware.version_negotiation [-] Using url versioning
process_request
/usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:59
2013-07-18 11:18:24.302 6306 DEBUG
glance.api.middleware.version_negotiation [-] Matched version: v1
process_request
/usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:71
2013-07-18 11:18:24.302 6306 DEBUG
glance.api.middleware.version_negotiation [-] new uri /v1/images/detail
process_request
/usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:72
=====

No entries are added to the glance registry log.  If I tweak the password
to make the credentials invalid, I get this:

=====
glance --os-username=admin --os-password=wrong_pw --os-tenant-name demo
--os-auth-url=http://localhost:5000/v2.0 image-list
Unable to communicate with identity service: {"error": {"message": "Invalid
user / password", "code": 401, "title": "Not Authorized"}}. (HTTP 401)
=====

So keystone is definitely looking up my credentials and responding
differently when they match.

Any ideas as to where should I be looking for the issue?

Thanks for your time!

-Matt

Follow ups