On 07/24/2013 10:45 AM, Salvatore Orlando wrote:
Hav you tried checking the credentials that glance uses for
validating tokens with keystone?
They are defined in glance's conf files in the section:
[keystone_authtoken]
signing_dir = /var/cache/glance/api
make sure that the directory
/var/cache/glance/api
exists and has the certificates in it. A good test is to remove the
certifcates and hit the server again, as they are fetched on demand.
If there are no certificates there after another try, either glance
can't talk to Keystone or keystone is not handing out the certificates.
auth_uri = http://127.0.0.1:5000/
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = password
Salvatore
On 18 July 2013 22:16, Matt Davis <mattd5574@xxxxxxxxx
<mailto:mattd5574@xxxxxxxxx>> wrote:
Hello all,
I'm working on a deployment script to install and configure my
OpenStack services and I'm getting a strange result with glance.
It's surely a bug with my script messing up a config file line,
but I can't interpret the glance and keystone logs to track the
issue down. Here's the use case:
1) Install keystone following the directions in the Grizzly
installation guide for Ubuntu 12.04.
2) Install glance following the directions in the Grizzly
installation guide for Ubuntu 12.04.
3) Run glance image-list to see if I can get an empty list.
My result:
=====
glance --os-username=admin --os-password=secrete --os-tenant-name
demo --os-auth-url=http://localhost:5000/v2.0 image-list
Request returned failure status.
Invalid OpenStack Identity credentials.
=====
The glance API log is as follows:
=====
2013-07-18 11:18:24.301 6306 DEBUG
glance.api.middleware.version_negotiation [-] Determining version
of request: GET //v1/images/detail Accept: process_request
/usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:46
2013-07-18 11:18:24.302 6306 DEBUG
glance.api.middleware.version_negotiation [-] Using url
versioning process_request
/usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:59
2013-07-18 11:18:24.302 6306 DEBUG
glance.api.middleware.version_negotiation [-] Matched version: v1
process_request
/usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:71
2013-07-18 11:18:24.302 6306 DEBUG
glance.api.middleware.version_negotiation [-] new uri
/v1/images/detail process_request
/usr/lib/python2.7/dist-packages/glance/api/middleware/version_negotiation.py:72
=====
No entries are added to the glance registry log. If I tweak the
password to make the credentials invalid, I get this:
=====
glance --os-username=admin --os-password=wrong_pw
--os-tenant-name demo --os-auth-url=http://localhost:5000/v2.0
image-list
Unable to communicate with identity service: {"error":
{"message": "Invalid user / password", "code": 401, "title": "Not
Authorized"}}. (HTTP 401)
=====
So keystone is definitely looking up my credentials and
responding differently when they match.
Any ideas as to where should I be looking for the issue?
Thanks for your time!
-Matt
_______________________________________________
Mailing list: https://launchpad.net/~openstack
<https://launchpad.net/%7Eopenstack>
Post to : openstack@xxxxxxxxxxxxxxxxxxx
<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
<https://launchpad.net/%7Eopenstack>
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list:https://launchpad.net/~openstack
Post to :openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe :https://launchpad.net/~openstack
More help :https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
