Image Service: Invalid OpenStack Identity credentials
I am trying to properly setup OpenStack on Ubuntu 14.04 (Juno). Following the guide provided by OpenStack, I am currently stuck on Chapter 4, where you http://docs.openstack.org/juno/install-guide/install/apt/content/glance-verify.html (setup and verify the Image Service). I believe that I've set it up properly. I've repeated the steps 4-5 times, however, when I try to verify my installation by uploading an image I get:
root@src-server1:/tmp/images# source ~/admin-openrc.sh
root@src-server1:/tmp/images# keystone token-get
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| expires | 2014-12-28T01:42:58Z |
| id | e4d081bc68de43b1a12a6c51103eb0f7 |
| tenant_id | 44363eba77ca42a9a1bbf22d7fb882f9 |
| user_id | fd2397b348fb4ca3b307f414d53f9b6a |
+-----------+----------------------------------+
root@src-server1:/tmp/images# glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress
[=============================>] 100%
Request returned failure status.
Invalid OpenStack Identity credentials.
I am pretty postiive the credentials I am using are correct for my admin user and my glance user. I've tried dropping the glance user several times, readding the user to the service tenant, and triple-checking the password.
To provide a little more confidence that my glance user's is setup properly, here I can request a token using the credentials from keystone:
root@src-server1:/tmp/images# cat test.rc
export OS_USERNAME=glance
export OS_PASSWORD=abcdefg
export OS_TENANT_NAME=service
export OS_AUTH_URL=http://172.16.0.10:35357/v2.0
root@src-server1:/tmp/images# source test.rc
root@src-server1:/tmp/images# keystone token-get
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| expires | 2014-12-28T17:05:41Z |
| id | e54325f9542640f1a19f123a6c800102 |
| tenant_id | e2eff1ec9bc148ff942ff8c257b56f90 |
| user_id | bbd04f397fd14fbf87c67b8aad8d70ca |
+-----------+----------------------------------+
You can see the user is setup, there is a service tenant, and that the glance user is in the service tenant:
root@src-server1:/tmp/images# keystone --os-tenant-name admin --os-username admin --os-password 12345 --os-auth-url http://172.16.0.10:35357/v2.0 user-list
+----------------------------------+--------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+--------+---------+-------------------+
| fd2397b348fb4ca3b307f414d53f9b6a | admin | True | admin@soroco.com |
| 9693bd6cc59c43e29f9c1e54f1e359c4 | demo | True | george@soroco.com |
| bbd04f397fd14fbf87c67b8aad8d70ca | glance | True | admin@soroco.com |
+----------------------------------+--------+---------+-------------------+
root@src-server1:/tmp/images# keystone --os-tenant-name admin --os-username admin --os-password 12345 --os-auth-url http://172.16.0.10:35357/v2.0 tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 44363eba77ca42a9a1bbf22d7fb882f9 | admin | True |
| 7210a23ec39c48f78d8f9841a232f566 | demo | True |
| e2eff1ec9bc148ff942ff8c257b56f90 | service | True |
+----------------------------------+---------+---------+
root@src-server1:/tmp/images# keystone user-role-add --user=glance --tenant=service --role=admin
Conflict occurred attempting to store role grant. User bbd04f397fd14fbf87c67b8aad8d70ca already has role 464b03e2d4b248d5bde14d59fe633fc6 in tenant e2eff1ec9bc148ff942ff8c257b56f90 (HTTP 409)
I set glance to verbose to try and debug the issue, and I am a little concerned about it trying to create an HTTPS connection, whereas in my config I do not have SSL or HTTPS setup. My URI is HTTP. Could this be the issue? The concerning part of the log:
2014-12-27 16:05:58.438 12984 INFO urllib3.connectionpool [-] Starting new HTTPS connection (1): 127.0.0.1
2014-12-27 16:05:58.447 12984 WARNING keystoneclient.middleware.auth_token [-] Retrying on HTTP connection exception: [Errno 1] _ssl.c:510: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Here, you can see my connection URI in glance-api.conf (and glance-registry.conf), there is no use of https:
[keystone_authtoken]
auth_uri = http://172.16.0.10:5000/v2.0
identity_uri ...