Ask Your Question
0

glance 401 unauththorized

asked 2012-07-17 12:25:39 -0600

sncel-2008 gravatar image

I followed http://docs.openstack.org/essex/openstack-compute/install/yum/content/install-glance.html (http://docs.openstack.org/essex/opens...) to get glance installed and configured ,but get erros as follow:

glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://localhost:5000/v2.0 add name="tty-linux-kernel" disk_format=aki container_format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz Uploading image 'tty-linux-kernel' Failed to add image. Got error: The request returned 500 Internal Server Error

The response body: Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 336, in handle_one_response result = self.application(self.environ, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__ resp = self.call_func(req, args, *self.kwargs) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func return self.func(req, args, *kwargs) File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 279, in __call__ response = req.get_response(self.application) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1053, in get_response application, catch_exc_info=False) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1022, in call_application app_iter = application(self.environ, start_response) File "/usr/lib/python2.6/site-packages/keystone/middleware/auth_token.py", line 176, in __call__ return self.app(env, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__ resp = self.call_func(req, args, *self.kwargs) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func return self.func(req, args, *kwargs) File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 279, in __call__ response = req.get_response(self.application) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1053, in get_response application, catch_exc_info=False) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1022, in call_application app_iter = application(self.environ, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 159, in __call__ return resp(environ, start_response) File "/usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/middleware.py", line 131, in __call__ response = self.app(environ, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 159, in __call__ return resp(environ, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__ resp = self.call_func(req, args, *self.kwargs) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func return self.func(req, args, *kwargs) File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 477, in __call__ request, *action_args) File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 494, in dispatch return method(args, *kwargs) File "/usr/lib/python2.6/site-packages/glance/api/v1/images ... (more)

edit retag flag offensive close merge delete

12 answers

Sort by ยป oldest newest most voted
0

answered 2012-07-23 02:35:49 -0600

Thanks to both!!! We still have error to follow your suggestions.

We try your command as below:

======Command1 Request========= root@gplab24:~# curl -d '{"auth":{"passwordCredentials":{"username": "adminUser" ,"password": "secretword"}}}' -H "Content-type: application/json" http://localho st:35357/v2.0/tokens

======Command1 Result ========= {"access": {"token": {"expires": "2012-07-24T03:53:37Z", "id": "18c441aec809476f9747fd1a84d45cd7"}, "serviceCatalog": {}, "user": {"username": "adminUser", "rol es_links": [], "id": "518cacf232e040d1b6d42547047d479b", "roles": [], "name": "a

======Command2 Request ========= root@gplab24:~# glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 index -A 18c441aec809476f9747fd1a84d45cd7 //18c441aec809476f9747fd1a84d45cd7 come from command1 result id

======Command2 Result ========= Failed to show index. Got error: You are not authenticated. Details: 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required. Authentication required

=======user list===========

root@gplab24:~# keystone user-list Expecting authentication method via either a service token, --token or env[SERVICE_TOKEN], or credentials, --os_username or env[OS_USERNAME].

root@gplab24:~# keystone --token 012345SECRET99TOKEN012345 --endpoint http://127.0.0.1:35357/v2.0 user-list +----------------------------------+---------+-------+-----------+ | id | enabled | email | name | +----------------------------------+---------+-------+-----------+ | 29c2d976987745fd9b8439dd4aac4701 | True | None | ec2 | | 518cacf232e040d1b6d42547047d479b | True | None | adminUser | | 7fe5bcbcb98d41f2aa6d371ea2a3157a | True | None | nova | | c567d5959b044db98b1c510e281741b2 | True | None | glance | | f4506084f78d4c81866cac7da07f82f3 | True | None | swift | +----------------------------------+---------+-------+-----------+

=======role list=========== root@gplab24:~# keystone --token 012345SECRET99TOKEN012345 --endpoint http://127.0.0.1:35357/v2.0 role-list +----------------------------------+------------+ | id | name | +----------------------------------+------------+ | 334828fc0a884c048f723c14a0cccf0b | memberRole | | 6a98b8ee20834bafaf7bd2c0580e0b51 | admin | +----------------------------------+------------+

=======service list=========== root@gplab24:~# keystone --token 012345SECRET99TOKEN012345 --endpoint http://127.0.0.1:35357/v2.0 service-list +----------------------------------+----------+--------------+---------------------------+ | id | name | type | description | +----------------------------------+----------+--------------+---------------------------+ | 05b4ff389a9449038dbed881ea6c26e1 | volume | volume | Nova Volume Service | | 0e7bb281ff72441db11020b890cea3f3 | nova | compute | Nova Compute Service | | 10db4791e77c421fb663f8d89151b128 | glance | image | Glance Image Service | | 31f32e4253264e84870a5ad87aa92c5c | ec2 | ec2 | EC2 Compatibility Layer | | 605961e742f44e1dac11f89c3f726751 | keystone | identity | Keystone Identity Service | | 942afb37d92a407b92c2e6ed4fefddfe | swift | object-store | Object Storage Service | +----------------------------------+----------+--------------+---------------------------+

=======endpoint list=========== root@gplab24:~# keystone --token 012345SECRET99TOKEN012345 --endpoint http://127.0.0.1:35357/v2.0 endpoint-list +----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+ | id | region | publicurl | internalurl | adminurl | +----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+ | 5a6e4d90889d428683182d9c1b6a58a6 | RegionOne | http://127.0.0.1:5000/v2.0 | http://127.0.0.1:5000/v2.0 | http://127.0.0.1:35357/v2.0 | | 6f74a335de774df2b59d70423502797f | RegionOne | http://127.0.0.1:9292/v1 | http://127.0.0.1:9292/v1 | http://127.0.0.1:9292/v1 | | b713eea1f0fb4d679a30a0d349b816ac | RegionOne | http://127.0.0.1:8774/v2/%25(tenant_id)s (http://127.0.0.1:8774/v2/%(tenant_id)s) | http://127.0.0.1:8774/v2/%25(tenant_id)s (http://127.0.0.1:8774/v2/%(tenant_id)s) | http://127.0.0.1:8774/v2/%25(tenant_id)s (http://127.0.0.1:8774/v2/%(tenant_id)s) | | b842289d645e42f3aa4031762724db3e | RegionOne | http://127.0.0.1:8888/v1/AUTH_%25(tenant_id)s (http://127.0.0.1:8888/v1/AUTH_%(tenan...) | http://127.0.0.1:8888/v1/AUTH_%25(tenant_id)s (http://127.0.0.1:8888/v1/AUTH_%(tenan...) | http://127.0.0.1:8888/ | | c289df94b93b4d64bf5717014259761d | RegionOne | http://127.0.0.1:8776/v1/%25(tenant_id)s (http://127.0.0.1:8776/v1/%(tenant_id)s) | http://127.0.0.1:8776/v1/%25(tenant_id)s (http://127.0.0 ... (more)

edit flag offensive delete link more
0

answered 2012-07-23 07:24:11 -0600

Thank so much Rain!!! :) Still error result as below :( Also including glance-api.conf/glance-api-paste.ini/glance-registry.conf/glance-registry-paste.ini in line.

======================================================== root@gplab24:/tmp/images# glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 add name="tty-linuxkernel" disk_format=aki container_format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz [100%] 13.9M/s, ETA 0h 0m 0s Uploading image 'tty-linuxkernel' Failed to add image. Got error: You are not authenticated. Details: 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

Authentication required

Note: Your image metadata may still be in the registry, but the image's st[ 0%]

==================glance-api.conf start ======================== [DEFAULT] # Show more verbose log output (sets INFO log level output) verbose = True

            # Show debugging output in logs (sets DEBUG log level output)
            debug = False

            # Which backend store should Glance use by default is not specified
            # in a request to add a new image to Glance? Default: 'file'
            # Available choices are 'file', 'swift', and 's3'
            default_store = file

            # Address to bind the API server
            bind_host = 0.0.0.0
            # Port the bind the API server to
            bind_port = 9292

            # Log to this file. Make sure you do not set the same log
            # file for both the API and registry servers!
            log_file = /var/log/glance/api.log

            # Backlog requests when creating socket
            backlog = 4096

            # Number of Glance API worker processes to start.
            # On machines with more than one CPU increasing this value
            # may improve performance (especially if using SSL with
            # compression turned on). It is typically recommended to set
            # this value to the number of CPUs present on your machine.
            workers = 0

            # Role used to identify an authenticated user as administrator
            #admin_role = admin

            # ================= Syslog Options ============================

            # Send logs to syslog (/dev/log) instead of to file specified
            # by `log_file`
            use_syslog = False

            # Facility to use. If unset defaults to LOG_USER.
            # syslog_log_facility = LOG_LOCAL0

            # ================= SSL Options ===============================

            # Certificate file to use when starting API server securely
            # cert_file = /path/to/certfile

            # Private key file to use when starting API server securely
            # key_file = /path/to/keyfile

            # ================= Security Options ==========================

            # AES key for encrypting store 'location' metadata, including
            # -- if used -- Swift or S3 credentials
            # Should be set to a random string of length 16, 24 or 32 bytes
            # metadata_encryption_key = <16, 24 or 32 char registry metadata key>

            # ============ Registry Options ===============================

            # Address to find the registry server
            registry_host = 0.0.0.0
            # Port the registry server is listening on
            registry_port = 9191

            # What protocol to use when connecting to the registry server?
            # Set to https for secure HTTP communication
            registry_client_protocol = http

            # The path to the key file to use in SSL connections to the
            # registry server, if any. Alternately, you may set the
            # GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file
            # registry_client_key_file = /path/to/key/file

            # The path to the cert file to use in SSL connections to the
            # registry server, if any. Alternately, you may set the
            # GLANCE_CLIENT_CERT_FILE ...
(more)
edit flag offensive delete link more
0

answered 2012-07-19 12:56:21 -0600

s-rain gravatar image

Hello, Please paste your endpoint, rule, user and service list.

Rain

edit flag offensive delete link more
0

answered 2012-07-19 13:19:16 -0600

sncel-2008 gravatar image

keystone user-list +----------------------------------+---------+-------+-----------+ | id | enabled | email | name | +----------------------------------+---------+-------+-----------+ | 1a3104efdd144f46b4a2700ea24c09f7 | True | None | nova | | 4e061f65344746708e4337f79091978a | True | None | adminUser | | 84c27a8f3eb14ab883c6da69c5ddcee8 | True | None | swift | | d2e080c303a449c78434e5243117ef10 | True | None | ec2 | | dba07b40bef44663a01af8f64be5560b | True | None | glance | +----------------------------------+---------+-------+-----------+

keystone role-list +----------------------------------+------------+ | id | name | +----------------------------------+------------+ | 596e152752d54d3bb760dd45708b3fcd | memberRole | | 82f1e7413a3543a28182a429a2d69831 | admin | +----------------------------------+------------+

keystone service-list +----------------------------------+----------+--------------+------------------------------+ | id | name | type | description | +----------------------------------+----------+--------------+------------------------------+ | 176d61580bad46138e853ea808b3a998 | glance | image | Glance Image Service | | 1c9123e1ae5c479caf61600d1dcf6843 | nova | compute | Nova Compute Service | | a9fdb86b060d42e8b62ffe2d1f17eeed | swift | object-store | Swift Object Storage Service | | aaa3cf8be28c4b8db4dbd64b5f84f9f0 | keystone | identity | Keystone Identity Service | | bcaab6a1f0bf4ef093c555b66df9ff58 | ec2 | ec2 | EC2 Compatibility Layer | | fff27d2209e246288d6f07ff2fd5be08 | volume | volume | Nova Volume Service | +----------------------------------+----------+--------------+------------------------------+

keystone endpoint-list +----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+ | id | region | publicurl | internalurl | adminurl | +----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+ | 0101166407924d449845d013caabf95a | RegionOne | http://localhost:5000/v2.0 | http://localhost:5000/v2.0 | http://localhost:35357/v2.0 | | 050ff86ec3c24aec87d93bddc456bfe9 | RegionOne | http://localhost:9292/v1 | http://localhost:9292/v1 | http://localhost:9292/v1 | | 2e03d606e9c9499c935c6448a9e85b60 | RegionOne | http://localhost:8774/v2/%25(tenant_id)s (http://localhost:8774/v2/%(tenant_id)s) | http://localhost:8774/v2/%25(tenant_id)s (http://localhost:8774/v2/%(tenant_id)s) | http://localhost:8774/v2/%25(tenant_id)s (http://localhost:8774/v2/%(tenant_id)s) | | 42e06931d169422db5d5987518c198c8 | RegionOne | http://localhost:8773/services/Cloud | http://localhost:8773/services/Cloud | http://localhost:8773/services/Admin | | 4e5456d5adb5404db44d1ac26111e50d | RegionOne | http://localhost:8776/v1/%25(tenant_id)s (http://localhost:8776/v1/%(tenant_id)s) | http://localhost:8776/v1/%25(tenant_id)s (http://localhost:8776/v1/%(tenant_id)s) | http://localhost:8776/v1/%25(tenant_id)s (http://localhost:8776/v1/%(tenant_id)s) | | e8fa7cc1b4a54af49d553383fa568702 | RegionOne | http://localhost:8888/v1/AUTH_%25(tenant_id)s (http://localhost:8888/v1/AUTH_%(tenan...) | http://localhost:8888/v1/AUTH_%25(tenant_id)s (http://localhost:8888/v1/AUTH_%(tenan...) | http://localhost:8888/v1 | +----------------------------------+-----------+---------------------------------------------+---------------------------------------------+----------------------------------------+

edit flag offensive delete link more
0

answered 2012-07-20 08:53:58 -0600

Hello, is there any result? I have the same issue as yours, looking forward to how to solve it. :)

edit flag offensive delete link more
0

answered 2012-07-20 14:39:50 -0600

jaypipes gravatar image

Joeu, did you also use the CentOS/yum install method?

edit flag offensive delete link more
0

answered 2012-07-20 14:44:52 -0600

jaypipes gravatar image

It looks from the log output that 012345SECRET99TOKEN012345 is not a valid token. If you grab a token using a curl command to Keystone:

curl -d '{"auth":{"passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens

The token will be returned in that request. Try using that token with the -A option to the glance client.

edit flag offensive delete link more
0

answered 2012-07-22 08:31:44 -0600

sncel-2008 gravatar image

Hi,Jay pipes.I follow you sugesstion,but still get the same error. [andy@andy ~]$ curl -d '{"auth":{"passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens {"access": {"token": {"expires": "2012-07-23T08:22:41Z", "id": "5a46facb439643adb3fab9820d14c2e5"}, "serviceCatalog": {}, "user": {"username": "adminUser", "roles_links": [], "id": "4e061f65344746708e4337f79091978a", "roles": [], "name": "adminUser"}}}

glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 index -A 5a46facb439643adb3fab9820d14c2e5 Failed to show index. Got error: The request returned 500 Internal Server Error

The response body: Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 336, in handle_one_response result = self.application(self.environ, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__ resp = self.call_func(req, args, self.kwargs) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func return self.func(req, *args, *kwargs) File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 279, in __call__ response = req.get_response(self.application) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1053, in get_response application, catch_exc_info=False) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1022, in call_application app_iter = application(self.environ, start_response) File "/usr/lib/python2.6/site-packages/keystone/middleware/auth_token.py", line 176, in __call__ return self.app(env, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__ resp = self.call_func(req, args, *self.kwargs) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func return self.func(req, args, *kwargs) File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 279, in __call__ response = req.get_response(self.application) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1053, in get_response application, catch_exc_info=False) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/request.py", line 1022, in call_application app_iter = application(self.environ, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 159, in __call__ return resp(environ, start_response) File "/usr/lib/python2.6/site-packages/Routes-1.12.3-py2.6.egg/routes/middleware.py", line 131, in __call__ response = self.app(environ, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 159, in __call__ return resp(environ, start_response) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 147, in __call__ resp = self.call_func(req, args, *self.kwargs) File "/usr/lib/python2.6/site-packages/WebOb-1.0.8-py2.6.egg/webob/dec.py", line 208, in call_func return self.func(req, args, *kwargs) File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 477, in __call__ request, *action_args) File "/usr/lib/python2.6/site-packages/glance/common/wsgi.py", line 494, in dispatch return ... (more)

edit flag offensive delete link more
0

answered 2012-07-23 06:41:13 -0600

s-rain gravatar image

Hello, Please add "admin_token = ADMIN" in glance-api-paste.ini and glance-registry-paste.ini.

Rain

edit flag offensive delete link more
0

answered 2012-07-23 07:33:49 -0600

Hello,

From my side, solve the issue to add in glance-api-paste.ini and glance-registry-paste.ini as below: admin_token = 012345SECRET99TOKEN012345

root@gplab24:/tmp/images# glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 add name="tty-linuxkernel" disk_format=aki container_format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz ===========================================[100%] 10.4M/s, ETA 0h 0m 0s Added new image with ID: c590e3c3-e281-4c64-bf62-3d8e83c58d58

Thank so much all of you, thanks again. :)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-07-17 12:25:39 -0600

Seen: 174 times

Last updated: Jul 24 '12