unable to create new image
Hi,
I've followed the RDO quick start on top of CentOS 7 and I've now moved on to "Running an instance" which is linked at the bottom of the RDO quick start (I need 10 karma points in order to post links, so I apologize that I don't have any).
Step 4 fails for me and a little red box comes up with "Unable to create new image". I also tried just using a local .iso file to the same result.
Being new to this, I'm unsure of how troubleshoot openstack. I've looked in /var/log/horizon/horizon.log, but there isn't much for detail.
2014-11-22 04:04:59,428 18080 WARNING horizon.exceptions Recoverable error: <html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<h1>403 Forbidden</h1>
Access was denied to this resource.<br /><br />
</body>
</html> (HTTP 403)
I also don't see anything in the glance logs. I'm curious where I should be looking for more debugging information and if anyone else as ran into this issue.
Thanks in advance.
UPDATE 2: Through the Identify>Projects interface as the admin user, I added the admin role to the demo user. It's default value is _member_. Then, logging in as the demo user, I was able to create an image. So this must be a permissions issue with the _member_ role?
Is there a way I can see/define what roles can or cannot do? Is there a hole in the quick start documentation? I assume not, since I'm the only one having this issue.
UPDATE 1: I updated the config to enable debug. Here's a snippet of the api.log after I click 'Create Image'. I don't see any errors.
2014-11-25 11:00:26.825 2201 DEBUG glance.api.middleware.version_negotiation [-] Determining version of request: POST /v1/images Accept: */* process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:44
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] Using url versioning process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:57
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] Matched version: v1 process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:69
2014-11-25 11:00:26.826 2201 DEBUG glance.api.middleware.version_negotiation [-] new path /v1/images process_request /usr/lib/python2.7/site-packages/glance/api/middleware/version_negotiation.py:70
2014-11-25 11:00:26.826 2201 DEBUG keystonemiddleware.auth_token [-] Removing headers from request environment: X-Service-Catalog,X-Identity-Status,X-Roles,X-Service-Roles,X-Domain-Name,X-Service-Domain-Name,X-Project-Id,X-Service-Project-Id,X-Project-Domain-Name,X-Service-Project-Domain-Name,X-User-Id,X-Service-User-Id,X-User-Name,X-Service-User-Name,X-Project-Name,X-Service-Project-Name,X-User-Domain-Id,X-Service-User-Domain-Id,X-Domain-Id,X-Service-Domain-Id,X-User-Domain-Name,X-Service-User-Domain-Name,X-Project-Domain-Id,X-Service-Project-Domain-Id,X-Role,X-User,X-Tenant-Name,X-Tenant-Id,X-Tenant _remove_auth_headers /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:780
2014-11-25 11:00:26.826 2201 DEBUG keystonemiddleware.auth_token [-] Authenticating user token __call__ /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py:708
2014-11-25 11:00:26.830 2201 DEBUG keystonemiddleware.auth_token [-] Returning cached token _cache_get /usr/lib/python2.7/site-packages/keystonemiddleware/auth_token.py ...
You could enable the
debug
logging level in/etc/glance/glance-api.conf
. After that it should be possible to grep the glance logs forERROR
orTRACE
. When you post the result of this grep one can help debugging. Perhaps you ran into this: https://bugs.launchpad.net/horizon/+b...I've updated my question with output from the log with debug enabled.