Ask Your Question
0

Glance Identify Failure.. keystone.middleware on Juno

asked 2014-11-21 17:33:50 -0500

Garysday gravatar image

updated 2014-11-22 00:16:18 -0500

9lives gravatar image

Hi Guys,

I have been trying to install the Juno release, following through the installation guide on docs.openstack.org , I have worked through a few bugs and made it to the glance section; I have completed all the tasks there, however when I try to create an image I get the following error:

root@OpenStackController:/etc/glance# glance image-create --name "cirros-0.3.3-x86_64" --file /tmp/images/cirros-0.3.3-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress [=============================>] 100% Request returned failure status. Invalid OpenStack Identity credentials.

this looks like an issue with keystone.middleware (see log below), but the guide doesn't have anything about this; it's not really a glance issue, more of a keystone auth issue; I have the correct service, tenant, user and role created, but it simply fails to authenticate when i try to create an image... Any ideas on how to fix this issue....

Cheers

Gary

the log from /var/log/glance/api.log shows :

2014-11-22 00:30:16.553 6997 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): 127.0.0.1

2014-11-22 00:30:16.554 6997 WARNING keystoneclient.middleware.auth_token [-] Retrying on HTTP connection exception: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by <class 'socket.error'>: [Errno 111] ECONNREFUSED)

2014-11-22 00:30:17.056 6997 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): 127.0.0.1

2014-11-22 00:30:17.058 6997 WARNING keystoneclient.middleware.auth_token [-] Retrying on HTTP connection 
exception: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by <class 'socket.error'>: [Errno 111] ECONNREFUSED)

2014-11-22 00:30:18.060 6997 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): 127.0.0.1

2014-11-22 00:30:18.061 6997 WARNING keystoneclient.middleware.auth_token [-] Retrying on HTTP connection exception: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by <class 'socket.error'>: [Errno 111] ECONNREFUSED)

2014-11-22 00:30:20.065 6997 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): 127.0.0.1

2014-11-22 00:30:20.066 6997 ERROR keystoneclient.middleware.auth_token [-] HTTP connection exception: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by <class 'socket.error'>: [Errno 111] ECONNREFUSED)

2014-11-22 00:30:20.067 6997 WARNING keystoneclient.middleware.auth_token [-] Authorization failed for token

2014-11-22 00:30:20.068 6997 INFO keystoneclient.middleware.auth_token [-] Invalid user token - deferring reject downstream

2014-11-22 00:30:20.132 6997 INFO glance.wsgi.server [-] 10.1.1.30 - - [22/Nov/2014 00:30:20] "POST /v1/images HTTP/1.1" 401 381 3.581391
edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2014-11-22 00:21:11 -0500

9lives gravatar image

from the log, i guess the port for keystone middleware used in glance is not correct, 35357 is normally for admin api , not pubic api, you might check the keystoneclient middleware configuration in glance it is in the paste-api.ini or glance-api.conf, section [authentication], change the auth_port=35357 to auth_port=5000 and restart glance-api service then try again.

Hope that helps!

Vic

edit flag offensive delete link more

Comments

Hi Vic,

I don't have a section [authentication] in any of the files in my /etc/glance configs ;(

Would it be under [keystone_authtoken] ? [keystone_authtoken]

auth_uri = http://OpenStackController:5000/v2.0

identity_uri = http://OpenStackController:35357

admin_tenant_name = service etc..

Garysday gravatar imageGarysday ( 2014-11-22 00:35:52 -0500 )edit

Actually Vic,

I don't see any middleware sections at all in the glance configuration, I wonder if something changed in Juno ? is it under [filter:authtoken].. the documentation makes it look like the port is 35357 ?

Cheers

G

Garysday gravatar imageGarysday ( 2014-11-22 01:07:01 -0500 )edit

yes you are finding the right section [keystone_authtoken] you can simply change the identify_uri to

identity_uri = http://OpenStackController:5000

and coments out the auth_uri and auth_port , in juno identity_uri will replace the old auth_uri and auth_port Good luck!

9lives gravatar image9lives ( 2014-11-22 05:05:49 -0500 )edit

Hey @9lives, I fixed it by adding in auth_port etc as suggested; now I get http 500, I have checked a bunch of posts, my config looks ok, I verified the service, tenant, user, user-role, epg in keystone all is good. still I see http 500. error log @ http://pastebin.com/F5tCJcW5 any ideas? help :)

Garysday gravatar imageGarysday ( 2014-11-23 15:04:23 -0500 )edit
0

answered 2014-11-22 04:10:11 -0500

dbaxps gravatar image

Make sure your /etc/glance/glance-api.conf has entries :

[keystone_authtoken]
admin_tenant_name=services ( service for Ubuntu )
admin_user=glance
admin_password=xxxxxxxx
auth_port=35357
auth_host=Controller-IP
auth_protocol=http
auth_uri=http://Controller-IP:5000/
[paste_deploy]
flavor=keystone
edit flag offensive delete link more

Comments

I added the individual auth_host/protocol, why does that work but if i change the auth_url to auth_uri = http://OpenStackController:5000 it doesn't.. anyway, I have a further issue now... see next comment (too big to fit into one)

Garysday gravatar imageGarysday ( 2014-11-23 13:35:03 -0500 )edit
1

I've been through some other pages on glance error 500 to no avail, I re-installed glance, reconfigured... still no joy... Full output of the glance log is here, looks like an error posting the image..

http://pastebin.com/F5tCJcW5

btw.. a simple glance image-list also returns http 500 error hmm

Garysday gravatar imageGarysday ( 2014-11-23 13:35:12 -0500 )edit
0

answered 2015-09-01 08:13:46 -0500

hi,

I Think you are not installed openstack-selinux on the controller node. just install yum install openstack-selinux. if you installed this will allow the communication between service.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-11-21 17:33:50 -0500

Seen: 1,393 times

Last updated: Nov 22 '14