Ask Your Question
0

glance index Failed to show index. Got error: You are not authenticated. Details: 401 Unauthorized This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e

asked 2012-06-15 03:45:25 -0500

thirulic gravatar image

root@selvan:~# glance index Failed to show index. Got error: You are not authenticated. Details: 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

Authentication required

passing the keystone user/password

export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=hastexo export OS_AUTH_URL="http://localhost:5000/v2.0/"

glance-api.conf

[DEFAULT]

Show more verbose log output (sets INFO log level output)

verbose = True

Show debugging output in logs (sets DEBUG log level output)

debug = False

Which backend store should Glance use by default is not specified

in a request to add a new image to Glance? Default: 'file'

Available choices are 'file', 'swift', and 's3'

default_store = file

Address to bind the API server

bind_host = 0.0.0.0

Port the bind the API server to

bind_port = 9292

Log to this file. Make sure you do not set the same log

file for both the API and registry servers!

log_file = /var/log/glance/api.log

Backlog requests when creating socket

backlog = 4096

Number of Glance API worker processes to start.

On machines with more than one CPU increasing this value

may improve performance (especially if using SSL with

compression turned on). It is typically recommended to set

this value to the number of CPUs present on your machine.

workers = 0

Role used to identify an authenticated user as administrator

#admin_role = admin

================= Syslog Options ============================

Send logs to syslog (/dev/log) instead of to file specified

by log_file

use_syslog = False

Facility to use. If unset defaults to LOG_USER.

syslog_log_facility = LOG_LOCAL0

================= SSL Options ===============================

Certificate file to use when starting API server securely

cert_file = /path/to/certfile

Private key file to use when starting API server securely

key_file = /path/to/keyfile

================= Security Options ==========================

AES key for encrypting store 'location' metadata, including

-- if used -- Swift or S3 credentials

Should be set to a random string of length 16, 24 or 32 bytes

metadata_encryption_key = <16, 24 or 32 char registry metadata key>

============ Registry Options ===============================

Address to find the registry server

registry_host = 0.0.0.0

Port the registry server is listening on

registry_port = 9191

What protocol to use when connecting to the registry server?

Set to https for secure HTTP communication

registry_client_protocol = http

The path to the key file to use in SSL connections to the

registry server, if any. Alternately, you may set the

GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file

registry_client_key_file = /path/to/key/file

The path to the cert file to use in SSL connections to the

registry server, if any. Alternately, you may set the

GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file

registry_client_cert_file = /path/to/cert/file

The path to the certifying authority cert file to use in SSL connections

to the registry server, if any. Alternately, you may set the

GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file

registry_client_ca_file = /path/to/ca/file

============ Notification ...

(more)
edit retag flag offensive close merge delete
add a comment

8 answers

Sort by ยป oldest newest most voted
0

answered 2012-09-28 18:49:52 -0500

mukul-j gravatar image

Forgot to mention. I dont see the section that you mentioned above [filter] in my /etc/glance/glance-api.conf file..

BTW, I assume you meant "keystone role-list" above, right ?

edit flag offensive delete link more
add a comment
0

answered 2012-09-28 18:41:33 -0500

mukul-j gravatar image

I am facing similar issue following same instructions as Thiruselvan. First question - I see I have two glance-api.conf on my system. which one do I need to modify ? I am running glance and keystone on the same host.

edit flag offensive delete link more
add a comment
0

answered 2012-06-21 05:54:09 -0500

thirulic gravatar image

Thanks Rain problem solved .

edit flag offensive delete link more
add a comment
0

answered 2012-06-21 02:01:31 -0500

s-rain gravatar image

Hello Thiruselvan, you should execute "glance role-list". Did you execute "keystone user-role-add" ? Maybe tenant, role and user do not combine. Please check again. And try to modify the following info in glance-api.conf.

[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http auth_uri = http://127.0.0.1:5000/
admin_tenant_name = xxxxx admin_user = xxxxx admin_password = xxxxx admin_token = ADMIN

xxxx is physical name, not variable.

PS. Do you install keystone and glance in the same host?

Best, Rain

edit flag offensive delete link more
add a comment
0

answered 2012-06-19 10:52:49 -0500

thirulic gravatar image

Dear Rain,

Tenant List

root@selvan:~# keystone tenant-list +----------------------------------+--------------------+---------+ | id | name | enabled | +----------------------------------+--------------------+---------+ | 78fc9086ae9949ddabc642fca69edb9a | admin | True | | e0f1db21d89846cfa13ded0ff256a1f2 | demo | True | | e8459b87b2af45acb7ab620e280eaac0 | service | True | | fdcbc237a0734163858e6726d360198b | invisible_to_admin | True | +----------------------------------+--------------------+---------+

user-list

root@selvan:~# keystone user-list +----------------------------------+---------+--------------------+--------+ | id | enabled | email | name | +----------------------------------+---------+--------------------+--------+ | 038efe0669a64c7abc98fb04a695336a | True | swift@hastexo.com | swift | | 1e312765ceea4ad6b66e0eefa7b5361d | True | glance@hastexo.com | glance | | 2892caf2ca3b40068dc66ff173a23cc9 | True | nova@hastexo.com | nova | | d3392206967f4a75804de13233a8d531 | True | admin@hastexo.com | admin | | fdcb30c07c1a42acbd3a19525348dc4d | True | demo@hastexo.com | demo | +----------------------------------+---------+--------------------+--------+

role list

root@selvan:~# keystone role list usage: keystone [--os_username <auth-user-name>] [--os_password <auth-password>] [--os_tenant_name <auth-tenant-name>] [--os_tenant_id <tenant-id>] [--os_auth_url <auth-url>] [--os_region_name <region-name>] [--os_identity_api_version <identity-api-version>] [--token <service-token>] [--endpoint <service-endpoint>] [--username <auth-user-name>] [--password <auth-password>] [--tenant_name <tenant-name>] [--auth_url <auth-url>] [--region_name <region-name>] <subcommand> ... keystone: error: argument <subcommand>: invalid choice: 'role' (choose from 'catalog', 'ec2-credentials-create', 'ec2-credentials-delete', 'ec2-credentials-get', 'ec2-credentials-list', 'endpoint-create', 'endpoint-delete', 'endpoint-get', 'endpoint-list', 'role-create', 'role-delete', 'role-get', 'role-list', 'service-create', 'service-delete', 'service-get', 'service-list', 'tenant-create', 'tenant-delete', 'tenant-get', 'tenant-list', 'tenant-update', 'token-get', 'user-create', 'user-delete', 'user-get', 'user-list', 'user-password-update', 'user-role-add', 'user-role-remove', 'user-update', 'discover', 'help')

Regards, Thiruselvan S

edit flag offensive delete link more
add a comment
0

answered 2012-06-19 10:29:48 -0500

s-rain gravatar image

Hello Thiruselvan, The endpoint seems ok. Can you paste tenant list, user list and role list ?

Best, Rain.

edit flag offensive delete link more
add a comment
0

answered 2012-06-18 10:45:17 -0500

thirulic gravatar image

Dear Rain,

export OS_TENANT_NAME=service export OS_USERNAME=glance export OS_PASSWORD=hastexo export OS_AUTH_URL="http://localhost:5000/v2.0/"

Endpoint.sh

#!/bin/sh

Author: Martin Gerhard Loschwitz

(c) 2012 hastexo Professional Services GmbH

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

#

http://www.apache.org/licenses/LICENSE-2.0 (http://www.apache.org/licenses/LICENS...)

#

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

#

On Debian-based systems the full text of the Apache version 2.0

license can be found in `/usr/share/common-licenses/Apache-2.0'.

MySQL definitions

MYSQL_USER=keystone MYSQL_DATABASE=keystone MYSQL_HOST=localhost

other definitions

MASTER=localhost

while getopts "u:D:p:m:K:R:E:S:T:vh" opt; do case $opt in u) MYSQL_USER=$OPTARG ;; D) MYSQL_DATABASE=$OPTARG ;; p) MYSQL_PASSWORD=$OPTARG ;; m) MYSQL_HOST=$OPTARG ;; K) MASTER=$OPTARG ;; R) KEYSTONE_REGION=$OPTARG ;; E) export SERVICE_ENDPOINT=$OPTARG ;; S) SWIFT_MASTER=$OPTARG ;; T) export SERVICE_TOKEN=$OPTARG ;; v) set -x ;; h) cat <<eof usage:="" $0="" [-m="" mysql_hostname]="" [-u="" mysql_username]="" [-d="" mysql_database]="" [-p="" mysql_password]="" [-k="" keystone_master="" ]="" [="" -r="" keystone_region="" ]="" [="" -e="" keystone_endpoint_url="" ]="" [="" -s="" swift_master="" ]="" [="" -t="" keystone_token="" ]<="" p="">

Add -v for verbose mode, -h to display this message. EOF exit 0 ;; \?) echo "Unknown option -$OPTARG" >&2 exit 1 ;; :) echo "Option -$OPTARG requires an argument" >&2 exit 1 ;; esac done

if [ -z "$KEYSTONE_REGION" ]; then echo "Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2 missing_args="true" fi

if [ -z "$SERVICE_TOKEN" ]; then echo "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2 missing_args="true" fi

if [ -z "$SERVICE_ENDPOINT" ]; then echo "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2 missing_args="true" fi

if [ -z "$MYSQL_PASSWORD" ]; then echo "MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable." >&2 missing_args="true" fi

if [ -n "$missing_args" ]; then exit 1 fi

keystone service-create --name nova --type compute --description 'OpenStack Compute Service' keystone service-create --name volume --type volume --description 'OpenStack Volume Service' keystone service-create --name glance --type image --description 'OpenStack Image Service' keystone service-create --name swift --type object-store --description 'OpenStack Storage Service' keystone service-create --name keystone --type identity --description 'OpenStack Identity' keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service'

create_endpoint () { case $1 in compute) keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8774/v2/%(tenant_id)s' --adminurl 'http://'"$MASTER"':8774/v2/%(tenant_id)s' --internalurl 'http://'"$MASTER"':8774/v2/%(tenant_id)s' ;; volume) keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8776/v1/%(tenant_id)s' --adminurl 'http://'"$MASTER"':8776/v1/%(tenant_id)s' --internalurl 'http://'"$MASTER"':8776/v1/%(tenant_id)s' ;; image) keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':9292/v1' --adminurl 'http://'"$MASTER"':9292/v1' --internalurl 'http://'"$MASTER"':9292/v1' ;; object-store ... (more)

edit flag offensive delete link more
add a comment
0

answered 2012-06-18 07:33:00 -0500

s-rain gravatar image

Hello Thiruselvan, Can you paste endpoint, tenant, role, service and user list? Please check if glance endpoint is http://glanceIP:9292/v1 or not.

Best, Rain

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2012-06-15 03:45:25 -0500

Seen: 4,445 times

Last updated: Sep 28 '12

Related questions

Is glance-api not multithreaded?

What is JAX-RS Runtime?

Filter options for v2?

Nova boot from volume

What causes "Invalid project" with glance image-create?

Neutron Vpnaas

Request URL api/glance/images/ - Forbidden 403

Neutron Port Create

install savanna error

Glance + ceph is really slow