Glance with Keystone authentication not working HELP!
Hi Guys,
Using Icehouse and Ubuntu 14.04 HAProxy 192.168.8.2 in front of 2 controllers.
Having issue where user that creates snapshot does not see it. If I make it public, everyone is able to see it. Determined I needed to setup glance to authenticate with keystone. Also ran glance-manage db_sync, and confirmed DB tables populated with images that worked prior to pointing to keystone.
Now getting error :
glance --debug image-list
curl -i -X GET -H 'X-Auth-Token: MIIMUgYJKoZIhvcNAQcCoIIMQzCCDD8CAQExDTALBglghkgBZQMEAgEwggqgBgkqhkiG9w0BBwGgggqRBIIKjXsiYWNjZXNzIjogeyJ0b2tlbiI6IHsiaXNzdWVkX2F0IjogIjIwMTUtMDMtMTFUMTc6MTk6NDkuNjE1OTk1IiwgImV4cGlyZXMiOiAiMjAxNS0wMy0xMVQxODoxOTo0OVoiLCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJkZXNjcmlwdGlvbiI6IG51bGwsICJlbmFibGVkIjogdHJ1ZSwgImlkIjogImE3YWE1ODdmODAyYzQxNGNiY2VmNjljNTY5N2JlMzU4IiwgIm5hbWUiOiAiYWRtaW4ifX0sICJzZXJ2aWNlQ2F0YWxvZyI6IFt7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xOTIuMTY4LjguMjo4Nzc0L3YyL2E3YWE1ODdmODAyYzQxNGNiY2VmNjljNTY5N2JlMzU4IiwgInJlZ2lvbiI6ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzE5Mi4xNjguOC4yOjg3NzQvdjIvYTdhYTU4N2Y4MDJjNDE0Y2JjZWY2OWM1Njk3YmUzNTgiLCAiaWQiOiAiMGViM2M1OTgzODkyNDZmNTg1ZWQyYzg5MTFiMGU2ODMiLCAicHVibGljVVJMIjogImh0dHA6Ly8yNC4yNDYuMTIwLjIzMTo4Nzc0L3YyL2E3YWE1ODdmODAyYzQxNGNiY2VmNjljNTY5N2JlMzU4In1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogImNvbXB1dGUiLCAibmFtZSI6ICJub3ZhIn0sIHsiZW5kcG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzE5Mi4xNjguOC4yOjk2OTYvIiwgInJlZ2lvbiI6ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzE5Mi4xNjguOC4yOjk2OTYvIiwgImlkIjogIjEzZDAxYTBiODhkNjQyYjFhZWJmMDRhYWIzMDc3OWI4IiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMjQuMjQ2LjEyMC4yMzE6OTY5Ni8ifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAibmV0d29yayIsICJuYW1lIjogInF1YW50dW0ifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vMTkyLjE2OC44LjI6OTI5MiIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly8xOTIuMTY4LjguMjo5MjkyIiwgImlkIjogIjBjMmVmY2M0NWRmODQ1ZDM5Zjc3MTIyZmFmOWQ4ZGJmIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMjQuMjQ2LjEyMC4yMzE6OTI5MiJ9XSwgImVuZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJpbWFnZSIsICJuYW1lIjogImdsYW5jZSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xOTIuMTY4LjguMjo4Nzc2L3YxL2E3YWE1ODdmODAyYzQxNGNiY2VmNjljNTY5N2JlMzU4IiwgInJlZ2lvbiI6ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzE5Mi4xNjguOC4yOjg3NzYvdjEvYTdhYTU4N2Y4MDJjNDE0Y2JjZWY2OWM1Njk3YmUzNTgiLCAiaWQiOiAiOTI0ZGFlOWExNmFiNGIyMmEwZWVmNjExMjBkMjgxZjMiLCAicHVibGljVVJMIjogImh0dHA6Ly8yNC4yNDYuMTIwLjIzMTo4Nzc2L3YxL2E3YWE1ODdmODAyYzQxNGNiY2VmNjljNTY5N2JlMzU4In1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogInZvbHVtZSIsICJuYW1lIjogImNpbmRlciJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xOTIuMTY4LjguMjo4NzczL3NlcnZpY2VzL0FkbWluIiwgInJlZ2lvbiI6ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzE5Mi4xNjguOC4yOjg3NzMvc2VydmljZXMvQ2xvdWQiLCAiaWQiOiAiNjE5MGFkNzMzNTM2NGEwZmJkYzg2OWFhY2ZhOWQyOGIiLCAicHVibGljVVJMIjogImh0dHA6Ly8yNC4yNDYuMTIwLjIzMTo4NzczL3NlcnZpY2VzL0Nsb3VkIn1dLCAiZW5kcG9pbnRzX2xpbmtzIjogW10sICJ0eXBlIjogImVjMiIsICJuYW1lIjogImVjMiJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xOTIuMTY4LjguMjo4MDgwLyIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly8xOTIuMTY4LjguMjo4MDgwL3YxL0FVVEhfYTdhYTU4N2Y4MDJjNDE0Y2JjZWY2OWM1Njk3YmUzNTgiLCAiaWQiOiAiNzBkYWIxZTFjNDRhNDI1Yzg3NWI0ZTEwOTZlYjhkOGUiLCAicHVibGljVVJMIjogImh0dHA6Ly8yNC4yNDYuMTIwLjIzMTo4MDgwL3YxL0FVVEhfYTdhYTU4N2Y4MDJjNDE0Y2JjZWY2OWM1Njk3YmUzNTgifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAib2JqZWN0LXN0b3JlIiwgIm5hbWUiOiAic3dpZnQifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vMTkyLjE2OC44LjI6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjogImh0dHA6Ly8xOTIuMTY4LjguMjo1MDAwL3YyLjAiLCAiaWQiOiAiODRlNzQwZGY0YWM1NGQyM2E3OWU4NGU5N2ViMGUxYmQiLCAicHVibGljVVJMIjogImh0dHA6Ly8yNC4yNDYuMTIwLjIzMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9uZSJ9XSwgInVzZXIiOiB7InVzZXJuYW1lIjogImFkbWluIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6ICJjYWQ1ZjNiMGMzZGQ0OWIwYTk0YjY5ZmYxMzdiYjgwNSIsICJyb2xlcyI6IFt7Im5hbWUiOiAiYWRtaW4ifV0sICJuYW1lIjogImFkbWluIn0sICJtZXRhZGF0YSI6IHsiaXNfYWRtaW4iOiAwLCAicm9sZXMiOiBbIjM0YTY3ZDc1YTQzMjQ2NWJiNjFiNTJkYzQ4MzVkMjUyIl19fX0xggGFMIIBgQIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVVbnNldDEOMAwGA1UEBwwFVW5zZXQxDjAMBgNVBAoMBVVuc2V0MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20CAQEwCwYJYIZIAWUDBAIBMA0GCSqGSIb3DQEBAQUABIIBAKYBU0Pi7fjXjvOGo2LoDiKO51MLhy1jzW0yLyQVZBzWmkuvR1Fc9T9BIZ+o3JDmls6JCOZWIX4ZpJJH0sRRZqQd9c3OpCBZhNYN3tHbcQoPtkw-tFAFf4xcG2yZpL1pn3-1ijkzwJVZpbEYoFpr+pzoHB891OfaHvy7WcDYfLDpVLuPjZMnDvvwgte9G+-ci+lODHY3P8O3JRT3CqjlymF548Mm8HpGA56FKp3aojsp59B33uVVfW8WA6qYmsIp0AGN1MCjQgsYJ6I7Fr1JhEshV7Gpsr52A900GTFDRVsOOw8LKd8xo5ejvM+1GsopyGQoLxYD97SjOaC8fegr9Z4=' -H 'Content-Type: application/json' -H 'User-Agent: python-glanceclient' http://24.246.120.231:9292/v1/images/detail?sort_key=name&sort_dir=asc&limit=20
HTTP/1.1 500 Internal Server Error
date: Wed, 11 Mar 2015 17:19:49 GMT
content-length: 0
content-type: text/plain
connection: close
Request returned failure status. HTTPInternalServerError (HTTP 500)
glance-api.conf and glance-registry.conf
connection=mysql://glance:password@192.168.8.2/glance
[keystone_authtoken]
auth_uri = http://192.168.8.2:5000/v2.0
auth_host = 192.168.8.2
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = password
glance-api-paste.ini and glance-registry-paste.ini
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = true
service_host = 192.168.8.2
service_port = 5000
service_protocol = http
auth_host = 192.168.8.2
auth_port = 35357
auth_protocol = http
auth_uri = http://192.168.8.2:5000/v2.0
admin_tenant_name = service
admin_user = glance
admin_password = password
admin_token = token in keystone.conf
glance-api log:
2015-03-10 15:20:45.239 3439 WARNING keystoneclient.middleware.auth_token [-] Unable to find authentication token in headers
2015-03-10 15:20:45.240 3439 DEBUG keystoneclient.middleware.auth_token [-] Headers: {'SERVER_PROTOCOL': 'HTTP/1.0', 'GATEWAY_INTERFACE': 'CGI/1.1', 'wsgi.version': (1, 0), 'SERVER_NAME': '192.168.8.6', 'RAW_PATH_INFO': '/', 'REMOTE_ADDR': '192.168.8.4', 'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7fbb0f9e51e0>, 'wsgi.multiprocess': False, 'SCRIPT_NAME': '', 'SERVER_PORT': '9191', 'wsgi.url_scheme': 'http', 'REMOTE_PORT': '34077', 'wsgi.input': <eventlet.wsgi.Input object at 0x7fbb0a195f50>, 'REQUEST_METHOD': 'OPTIONS', 'PATH_INFO': '/', 'CONTENT_TYPE': 'text/plain', 'wsgi.multithread': True, 'eventlet.input': <eventlet.wsgi.Input object at 0x7fbb0a195f50>, 'eventlet.posthooks': []} _get_user_token_from_header /usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py:647
2015-03-10 15:20:45.240 3439 INFO keystoneclient.middleware.auth_token [-] Invalid user token - rejecting request
2015-03-10 15:20:45.241 3439 INFO glance.wsgi.server [-] 192.168.8.4 - - [10/Mar/2015 15:20:45] "OPTIONS / HTTP/1.0" 401 217 0.001938
glance registry.log
2015-03-10 15:20:31.828 3419 INFO urllib3.connectionpool [-] Starting new HTTP connection (1): 192.168.8.2
2015-03-10 15:20:31.829 3419 DEBUG urllib3.connectionpool [-] Setting read timeout to None _make_request /usr/lib/python2.7/dist-packages/urllib3/connectionpool.py:375
2015-03-10 15:20:31.853 3419 DEBUG urllib3.connectionpool [-] "GET /v2.0/tokens/revoked HTTP/1.1" 200 802 _make_request /usr/lib/python2.7/dist-packages/urllib3/connectionpool.py:415
2015-03-10 15:20:31.875 3419 DEBUG keystoneclient.middleware.auth_token [-] Storing token in cache _cache_put /usr/lib/python2.7/dist-packages/keystoneclient/middleware/auth_token.py:1144
2015-03-10 15:20:31.876 3419 DEBUG keystoneclient.middleware.auth_token [-] Received request from user ...