OpenStack Icehouse glance image-list The request you have made requires authentication. (HTTP 401)
I can not figure out what is wrong with authentication when using glance? I have installed keystone which is worknig, but I can not set glance to work.
admin-openrc.sh:
export OS_USERNAME=admin
export OS_PASSWORD=adminpass
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controler:35357/v2.0
When I use keystone I set:
$ export OS_SERVICE_TOKEN=43beada85170163c97e1
$ export OS_SERVICE_ENDPOINT=http://controler:35357/v2.0
and it is working fine. But when I try to run glance command I always get this error or error: Invaild OpenStack Identity credentials.
Users and passwords of mysql are:
root mysqlpass
keystone mysqlpass
glance mysqlpass
I have instaled glance in this order:
$ apt-get install glance python-glanceclient
Set up connection in /etc/glance/glance-api.conf and /etc/glance/glance-registry.conf:
[database]
connection =mysql://glance:mysqlpass@controler/glance
Set up configuration in /etc/glance/glance-api.conf:
[DEFAULT]
...
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = rabbitpass
Set up mysql for glance:
$ mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'mysqlpass';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'mysqlpass';
$glance-manage db_sync
$ keystone user-create --name=glance --pass=glancepass --email=glance@gmail.com
$ keystone user-role-add --user=glance --tenant=service --role=admin
I have made needed configurations in /etc/glance/glance-api.conf and /etc/glance/glance-registry.conf:
[keystone_authtoken]
auth_uri=http://controler:5000/v2.0
auth_host=controler
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glancepass
[paste_deploy]
flavor=keystone
$ keystone service-create --name=glance --type=image --description="OpenStack Image Service"
$ keystone endpoint-create --service-id=23a41691715b4a4581e3ad7e1620977c
--publicurl=http://controller:9292
--internalurl=http://controller:9292
--adminurl=http://controller:9292
$ service glance-registry restart
$ service glance-api restart
$ glance image-list
The request you hacve made requires authentication. (HTTP 401)
$ env | grep OS_
OS_SERVICE_TOKEN=43beda85170163c97e1
OS_TENANT_ENDPOINT=http://controler:35357/v2.0
OS_TENANT_ID=da83c962081f465381e61067481d731a
OS_SERVICE_ENDPOINT=http://controler:9292/v2.0
OS_PASSWORD=adminpass
OS_AUTH_URL=http://controler:35357/v2.0
OS_USERNAME=admin
OS_TENANT_NAME=admin
The request you hacve made requires authentication. (HTTP 401)
Then I have tried with changing with this environment variables ( here isn't all changes, only ones that I remmber):
$ export OS_USERNAME=glance
$ export OS_PASSWORD=glancepass
$ glance image-list
The request you hacve made requires authentication. (HTTP 401)
$ export OS_PASSWORD=mysqlpass
I have also tried with some others OS_TENANT_ID from these:
$ keystone tenant-list
id name enabled
2e2a2d61c8fb4de0932347ca8c6b78b2 admin True
32070f16d71f4c30a2cfca25298e9f59 demo True
da83c962081f465381e61067481d731a service True
And now I am very confused. I wolud like to get answers on these questions: 1. How to solve this issue? 2. Should every sevice (keystone, glance, etc) should have his own SERVICE -openrc.sh But I don't understand then why did I create admin-openrc.sh file? 3. Can someone explains me about atuhnetication for users as admin and demo and for users as services keystone, glance, etc. If services are running when cloud is working these service authentication should work automaticly. What about if I (administrator) want to administrate cloud? What about if I as user want to use cloud? Then how should I athenticate? 4. I have noticed I can't ping google ...
Search this site, read the documentation. Most importantly: check the logs! Sharing the configuration files is important only up to a point. Last: ask one question at the time (FAQ).