again, the nice people on IRC helped.

<dolphm> askstack: you probably also want to pass a --os_tenant_name to keystone, so you get a scoped token?

these two command work together. keystone --os_username swift --os_password verybadpass --os_tenant_name service --os_auth_url http://127.0.0.1:5000/v2.0/ token-get glance -A bb0d49f5f2b74f9085fc67cc9d8f4e02 -I swift -K verybadpass -T service index

however , "glance add" still fails. I am using openstack-glance-2012.1-4.fc16.noarch on Fedora 16.

glance -A bb0d49f5f2b74f9085fc67cc9d8f4e02 -I swift -K verybadpass -T service add name=f16-heos is_public=true disk_format=qcow2 container_format=ovf copy_from=http://berrange.fedorapeople.org/images/2012-02-29/f16-x86_64-openstack-sda.qcow2 Failed to add image. Got error: Data supplied was not valid. Details: 400 Bad Request

The server could not comply with the request since it is either malformed or otherwise incorrect.

Error uploading image: (TypeError): __init__() got an unexpected keyword argument 'auth_version'
Note: Your image metadata may still be in the registry, but the image's status will likely be 'killed'.

Thanks Jay

Fedora has taken all the swift packages out of the yum repo, http://repos.fedorapeople.org/repos/apevec/openstack-preview/ (http://repos.fedorapeople.org/repos/a...) . Maybe they are updating these packages. I will report back when I can install the new rpms.

Fedora still hasn't added swift back to the preview repo yet. I find another source for the swift RPMs, http://mirrors.kernel.org/fedora/updates/testing/17/x86_64/ (http://mirrors.kernel.org/fedora/upda...)

openstack-swift-1.4.8-1.fc17.noarch openstack-swift-proxy-1.4.8-1.fc17.noarch openstack-swift-account-1.4.8-1.fc17.noarch openstack-swift-object-1.4.8-1.fc17.noarch openstack-swift-doc-1.4.8-1.fc17.noarch openstack-swift-container-1.4.8-1.fc17.noarch

After upgrading to these RPMs, I got this error message.

Error uploading image: (ClientException): Auth GET failed: http://127.0.0.1:8080/v1.0/tokens 401 Unauthorized

I found this mail thread, https://lists.launchpad.net/openstack/msg07641.html (https://lists.launchpad.net/openstack...) . I changed /etc/glance/glance-api.conf from swift_store_auth_address = http://127.0.0.1:8080/v1.0/ to swift_store_auth_address = http://127.0.0.1:5000/v2.0/

then I am able to "glance add".

Thanks for everyone's help.

Thanks Jay Pipes, that solved my question.

Stuart I changed "swift_store_key" to "verybadpass" and did some testing.

First, keystone said the token was not found. I tried to get a new token with keystone --os_username swift --os_password verybadpass --os_auth_url http://127.0.0.1:5000/v2.0/ token-get glance -A 1c418960beb34db2ad7ee350fd414e56 -I swift -K verybadpass -T service index

I noticed keystone log says " 'is_admin': False "

So I tried "keystone user-role-add " to add user swift with admin rights to tenant service. but glance didn't get authenticated.

keystone --os_username swift --os_password verybadpass --os_auth_url http://127.0.0.1:5000/v2.0/ token-get glance -A 480ea3441b324a88811e6584a726612b -I swift -K verybadpass -T service index Failed to show index. Got error: You are not authenticated. Details: 401 Unauthorized

***** keystone log ***** SCRIPT_NAME = /v2.0 webob.adhoc_attrs = {'response': <response at="" 0x3d9fd90="" 200="" ok="">} REQUEST_METHOD = GET PATH_INFO = /tokens/480ea3441b324a88811e6584a726612b SERVER_PROTOCOL = HTTP/1.0 HTTP_X_AUTH_TOKEN = b76ca38475704e649f0e4522bdb986f0 eventlet.posthooks = [] SERVER_NAME = 127.0.0.1 REMOTE_ADDR = 127.0.0.1 eventlet.input = <eventlet.wsgi.input object="" at="" 0x3d7d390=""> wsgi.url_scheme = http SERVER_PORT = 35357 wsgi.input = <eventlet.wsgi.input object="" at="" 0x3d7d390=""> HTTP_HOST = 127.0.0.1:35357 wsgi.multithread = True HTTP_ACCEPT = application/json wsgi.version = (1, 0) openstack.context = {'token_id': 'b76ca38475704e649f0e4522bdb986f0', 'is_admin': False} GATEWAY_INTERFACE = CGI/1.1 wsgi.run_once = False wsgi.errors = <open file="" '<stderr="">', mode 'w' at 0x7fc75ac93270> wsgi.multiprocess = False CONTENT_TYPE = application/json HTTP_ACCEPT_ENCODING = identity

***** REQUEST BODY *****

Matched GET /tokens/480ea3441b324a88811e6584a726612b Route path: '{path_info:.}', defaults: {'controller': <keystone.contrib.admin_crud.core.crudextension object="" at="" 0x38566d0="">} Match dict: {'controller': <keystone.contrib.admin_crud.core.crudextension object="" at="" 0x38566d0="">, 'path_info': '/tokens/480ea3441b324a88811e6584a726612b'} Matched GET /tokens/480ea3441b324a88811e6584a726612b Route path: '{path_info:.}', defaults: {'controller': <keystone.service.adminrouter object="" at="" 0x2bc67d0="">} Match dict: {'controller': <keystone.service.adminrouter object="" at="" 0x2bc67d0="">, 'path_info': '/tokens/480ea3441b324a88811e6584a726612b'} Matched GET /tokens/480ea3441b324a88811e6584a726612b Route path: '/tokens/{token_id}', defaults: {'action': u'validate_token', 'controller': <keystone.service.tokencontroller object="" at="" 0x3742e90="">} Match dict: {'action': u'validate_token', 'token_id': u'480ea3441b324a88811e6584a726612b', 'controller': <keystone.service.tokencontroller object="" at="" 0x3742e90="">} arg_dict: {'token_id': u'480ea3441b324a88811e6584a726612b'} enforce admin_required: {'tenant_id': u'c67bdd38c56f4ca0956cf5ca8d47ff41', 'user_id': u'cfe238c7ccd74ccf9586ccbc471c2b50', u'roles': [u'admin']} ***** RESPONSE HEADERS ***** Content-Type = application/json Vary = X-Auth-Token Content-Length = 222

***** RESPONSE BODY ***** {"access": {"token": {"expires": "2012-04-28T16:22:08Z", "id": "480ea3441b324a88811e6584a726612b"}, "user": {"username": "swift", "roles_links": [], "id": "1601e902c4024993a163538869aa99ed", "roles": [], "name": "swift"}}} 127.0.0.1 - - [27/Apr/2012 12:22:44] "GET /v2.0/tokens/480ea3441b324a88811e6584a726612b HTTP/1.1" 200 351 0.014305