Ask Your Question
0

essex: glance and swift intergration question.

asked 2012-04-26 20:07:34 -0500

askstack gravatar image

I have a swift and glance intergration question.

I varified swift was working with: [root@core01 swift]# swift -v -V 2.0 -A http://127.0.0.1:5000/v2.0/ -U service:swift -K verybadpass stat StorageURL: http://127.0.0.1:8080/v1/AUTH_c67bdd38c56f4ca0956cf5ca8d47ff41 (http://127.0.0.1:8080/v1/AUTH_c67bdd3...) Auth Token: 6d844c5299a44ac48aaa7d02af3565d9 Account: AUTH_c67bdd38c56f4ca0956cf5ca8d47ff41 Containers: 1 Objects: 0 Bytes: 0 Accept-Ranges: bytes X-Trans-Id: tx75a4e1ca2465493582aebbf465a95cd1 [root@core01 swift]# swift -v -V 2.0 -A http://127.0.0.1:5000/v2.0/ -U service:swift -K verybadpass list glance:

my glance-api.conf looks like

============ Swift Store Options =============================

swift_store_auth_version = 2 swift_store_auth_address = http://127.0.0.1:8080/v1.0/ swift_store_user = service:swift swift_store_key = a19c602bc5f8c10c47ea swift_store_container = glance swift_store_create_container_on_put = True swift_store_large_object_size = 5120 swift_store_large_object_chunk_size = 200

swift_enable_snet = False

I do not know how to setup "swift_store_key" , so I copied the keystone's admin_token.

[root@core01 ~]# glance --os_auth_token=a19c602bc5f8c10c47ea add name=f16-heos is_public=true disk_format=qcow2 container_format=ovf copy_from=http://berrange.fedorapeople.org/images/2012-02-29/f16-x86_64-openstack-sda.qcow2 Failed to add image. Got error: You are not authenticated. Details: 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

Authentication required
Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.

Any help is greatly appreciated.

edit retag flag offensive close merge delete

7 answers

Sort by ยป oldest newest most voted
0

answered 2012-04-27 18:16:29 -0500

jaypipes gravatar image

Hi! That last error means that the Swift client is old -- it does not include the new auth_version parameter in its constructor. The solution is to install a new version of python-swift package

All the best, -jay

edit flag offensive delete link more
0

answered 2012-04-27 17:04:44 -0500

askstack gravatar image

again, the nice people on IRC helped.

<dolphm> askstack: you probably also want to pass a --os_tenant_name to keystone, so you get a scoped token?

these two command work together. keystone --os_username swift --os_password verybadpass --os_tenant_name service --os_auth_url http://127.0.0.1:5000/v2.0/ token-get glance -A bb0d49f5f2b74f9085fc67cc9d8f4e02 -I swift -K verybadpass -T service index

however , "glance add" still fails. I am using openstack-glance-2012.1-4.fc16.noarch on Fedora 16.

glance -A bb0d49f5f2b74f9085fc67cc9d8f4e02 -I swift -K verybadpass -T service add name=f16-heos is_public=true disk_format=qcow2 container_format=ovf copy_from=http://berrange.fedorapeople.org/images/2012-02-29/f16-x86_64-openstack-sda.qcow2 Failed to add image. Got error: Data supplied was not valid. Details: 400 Bad Request

The server could not comply with the request since it is either malformed or otherwise incorrect.

Error uploading image: (TypeError): __init__() got an unexpected keyword argument 'auth_version'
Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.

edit flag offensive delete link more
0

answered 2012-04-30 13:54:07 -0500

askstack gravatar image

Thanks Jay

Fedora has taken all the swift packages out of the yum repo, http://repos.fedorapeople.org/repos/apevec/openstack-preview/ (http://repos.fedorapeople.org/repos/a...) . Maybe they are updating these packages. I will report back when I can install the new rpms.

edit flag offensive delete link more
0

answered 2012-05-02 13:57:37 -0500

askstack gravatar image

Fedora still hasn't added swift back to the preview repo yet. I find another source for the swift RPMs, http://mirrors.kernel.org/fedora/updates/testing/17/x86_64/ (http://mirrors.kernel.org/fedora/upda...)

openstack-swift-1.4.8-1.fc17.noarch openstack-swift-proxy-1.4.8-1.fc17.noarch openstack-swift-account-1.4.8-1.fc17.noarch openstack-swift-object-1.4.8-1.fc17.noarch openstack-swift-doc-1.4.8-1.fc17.noarch openstack-swift-container-1.4.8-1.fc17.noarch

After upgrading to these RPMs, I got this error message.

Error uploading image: (ClientException): Auth GET failed: http://127.0.0.1:8080/v1.0/tokens 401 Unauthorized

I found this mail thread, https://lists.launchpad.net/openstack/msg07641.html (https://lists.launchpad.net/openstack...) . I changed /etc/glance/glance-api.conf from swift_store_auth_address = http://127.0.0.1:8080/v1.0/ to swift_store_auth_address = http://127.0.0.1:5000/v2.0/

then I am able to "glance add".

Thanks for everyone's help.

edit flag offensive delete link more
0

answered 2012-05-02 13:58:12 -0500

askstack gravatar image

Thanks Jay Pipes, that solved my question.

edit flag offensive delete link more
0

answered 2012-04-27 07:47:36 -0500

Have you tried using the same key as in your swift cli command (ie "verybadpass")?

edit flag offensive delete link more
0

answered 2012-04-27 16:40:29 -0500

askstack gravatar image

Stuart I changed "swift_store_key" to "verybadpass" and did some testing.

First, keystone said the token was not found. I tried to get a new token with keystone --os_username swift --os_password verybadpass --os_auth_url http://127.0.0.1:5000/v2.0/ token-get glance -A 1c418960beb34db2ad7ee350fd414e56 -I swift -K verybadpass -T service index

I noticed keystone log says " 'is_admin': False "

So I tried "keystone user-role-add " to add user swift with admin rights to tenant service. but glance didn't get authenticated.

keystone --os_username swift --os_password verybadpass --os_auth_url http://127.0.0.1:5000/v2.0/ token-get glance -A 480ea3441b324a88811e6584a726612b -I swift -K verybadpass -T service index Failed to show index. Got error: You are not authenticated. Details: 401 Unauthorized

***** keystone log ***** SCRIPT_NAME = /v2.0 webob.adhoc_attrs = {'response': <response at="" 0x3d9fd90="" 200="" ok="">} REQUEST_METHOD = GET PATH_INFO = /tokens/480ea3441b324a88811e6584a726612b SERVER_PROTOCOL = HTTP/1.0 HTTP_X_AUTH_TOKEN = b76ca38475704e649f0e4522bdb986f0 eventlet.posthooks = [] SERVER_NAME = 127.0.0.1 REMOTE_ADDR = 127.0.0.1 eventlet.input = <eventlet.wsgi.input object="" at="" 0x3d7d390=""> wsgi.url_scheme = http SERVER_PORT = 35357 wsgi.input = <eventlet.wsgi.input object="" at="" 0x3d7d390=""> HTTP_HOST = 127.0.0.1:35357 wsgi.multithread = True HTTP_ACCEPT = application/json wsgi.version = (1, 0) openstack.context = {'token_id': 'b76ca38475704e649f0e4522bdb986f0', 'is_admin': False} GATEWAY_INTERFACE = CGI/1.1 wsgi.run_once = False wsgi.errors = <open file="" '<stderr="">', mode 'w' at 0x7fc75ac93270> wsgi.multiprocess = False CONTENT_TYPE = application/json HTTP_ACCEPT_ENCODING = identity

***** REQUEST BODY *****

Matched GET /tokens/480ea3441b324a88811e6584a726612b Route path: '{path_info:.}', defaults: {'controller': <keystone.contrib.admin_crud.core.crudextension object="" at="" 0x38566d0="">} Match dict: {'controller': <keystone.contrib.admin_crud.core.crudextension object="" at="" 0x38566d0="">, 'path_info': '/tokens/480ea3441b324a88811e6584a726612b'} Matched GET /tokens/480ea3441b324a88811e6584a726612b Route path: '{path_info:.}', defaults: {'controller': <keystone.service.adminrouter object="" at="" 0x2bc67d0="">} Match dict: {'controller': <keystone.service.adminrouter object="" at="" 0x2bc67d0="">, 'path_info': '/tokens/480ea3441b324a88811e6584a726612b'} Matched GET /tokens/480ea3441b324a88811e6584a726612b Route path: '/tokens/{token_id}', defaults: {'action': u'validate_token', 'controller': <keystone.service.tokencontroller object="" at="" 0x3742e90="">} Match dict: {'action': u'validate_token', 'token_id': u'480ea3441b324a88811e6584a726612b', 'controller': <keystone.service.tokencontroller object="" at="" 0x3742e90="">} arg_dict: {'token_id': u'480ea3441b324a88811e6584a726612b'} enforce admin_required: {'tenant_id': u'c67bdd38c56f4ca0956cf5ca8d47ff41', 'user_id': u'cfe238c7ccd74ccf9586ccbc471c2b50', u'roles': [u'admin']} ***** RESPONSE HEADERS ***** Content-Type = application/json Vary = X-Auth-Token Content-Length = 222

***** RESPONSE BODY ***** {"access": {"token": {"expires": "2012-04-28T16:22:08Z", "id": "480ea3441b324a88811e6584a726612b"}, "user": {"username": "swift", "roles_links": [], "id": "1601e902c4024993a163538869aa99ed", "roles": [], "name": "swift"}}} 127.0.0.1 - - [27/Apr/2012 12:22:44] "GET /v2.0/tokens/480ea3441b324a88811e6584a726612b HTTP/1.1" 200 351 0.014305

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-04-26 20:07:34 -0500

Seen: 88 times

Last updated: May 02 '12